|
When adding a subchapter to a report, the 'Restbased Subchapters' group is now properly named 'Search-based Subchapters'. |
447621 |
|
Fixed the DNS resolution timeout problem.
Previously, when SPS tried to resolve a domain name and the DNS server was unresponsive, SPS waited for too long to time out. This has been fixed, and now the timeouts are correctly enforced when resolving domain names. |
418170 |
|
Fixed authentication can be blocked by other users issue.
SPS worked in a way that the authentication and authorization attempts of a user could possibly block the authentication of other users. This limitation did not cause problems while the authentication or authorization were performed nearly instantaneously. However, if the process was waiting for the slow response of a remote AD/LDAP or RADIUS server, then every authentication request of other users was blocked too. This was especially noticeable when the remote server was overloaded or when it was waiting for some interaction with the user (for example, MFA), and in this case, users might have experienced slow page load times or authentication timeout errors.
This issue was fixed, and now the authentication attempts are performed concurrently. Note that although remote resource consumption manifests in parallel authentication requests, these can still be slow when the remote resources are overloaded. |
420845 |
|
When editing a previously committed RADIUS login option, the RADIUS server's edit, add, or delete functionality now triggers the Save button of the login options sidesheet. |
432762 |
|
Long-running background jobs could trigger an xcbInitSystemUnitFailed alert due to an automatic service restart by the internal message queue. The restart is handled gracefully by the runner of the background jobs, but the monitoring system will display the xcbInitSystemUnitFailed alerts.
The unwanted service restart issue has been fixed. |
438684 |
|
Fixed RDP crashing during server authentication if the SPNEGO response contains only an error code.
The server responded with a vendor-specific error code (HResult 80090302: unsupported function) only in the SPNEGO response, which format was not expected by SPS.
This has been fixed, and SPS now properly handles such responses. |
439931 |
|
The SSH Control > Options page only allowed uploading or deleting the Kerberos keytab for the local administrator, even when other users were granted write and perform access to this page.
This has been fixed, and now all users with the proper access permissions can upload and delete the keytab. |
442599 |
|
Double-clicking the No policy button on the preview cleanup policy page now properly inverts the selection, even if only one policy is added. |
447020 |
|
When trying to commit changes that included the deletion of a subchapter that is referenced in a report either under Reporting > Create & Manage Reports or via the REST API, SPS displayed an error with an ambiguous error message: "The referenced subchapter 'subchapter-id' does not exist.".
This has been fixed so that when deleting a subchapter, SPS checks whether the subchapter is referenced in a report, and if so, it will immediately display an error with a meaningful error message indicating that the subchapter is referenced in a report and that it should be unreferenced first. |
393727 |
|
Fixed the Remote Desktop Gateway packet overload can cause an out-of-memory crash issue.
If the RDP proxy acts as a Desktop Gateway, it caches packets temporarily when the client is unable to consume them. In cases of heavy and permanent packet loads, this cache could increase until the resource limit is reached.
This has been fixed, and the buffer is now involved in the flow control decision. |
340013 |
|
A strict hostname check was ignored for certificates protecting HTTP, MSSQL, Telnet, and VNC connections.
When using HTTP, MSSQL, Telnet, and VNC connections with TLS server-side certificate validation enabled and only accepting certificates authenticated by a trusted CA list with the Strict hostname check option enabled, the previous versions of SPS did not validate whether the common name field of the server certificate contained the server's IP address or domain name.
This has been fixed, and SPS now correctly enforces the Strict hostname check option. |
340142 |
|
There were only 3 time ranges previously:
-
Hour: if the time range was shorter than / equal to a day.
-
Day: if the time range was shorter than / equal to 30 days.
-
Month: if the time range was longer than 30 days.
A new time range (week) has been introduced, and the time period distributions have changed to the following:
-
Hour: if the time range is shorter than / equal to a day.
-
Day: if the time range is shorter than / equal to 14 days.
-
Week: if the time range is shorter than / equal to 12 weeks.
-
Month: if the time range is longer than 14 weeks.
Columns containing 0 items are also presented. |
340221 |
|
Typing spaces and HTML tags to the quick search input no longer breaks the suggestion layout text. |
431674 |
|
By fixing the issue, if we encounter an issue while creating a new SAML2 login method, we display a more specific error message instead of a generic one. |
427645 |
|
When creating or editing an audit data cleanup policy, the sidesheets show the backend validation for the query field properly. |
427772 |
|
When you create a new audit data cleanup policy, it will be selected in the page preview automatically. |
427963 |
|
CSRF protection for the SPS REST API was optional. With this fix, SPS will force CSRF protection if the User-Agent refers to a browser. |
428406 |
|
Due to an error during plugin API check, plugins with two-digit plugin API versions (for example, 1.7) could not be uploaded. The version check is fixed and the two-digit API version can be used from now on. |
441702 |
|
On the analytics page of a session, all window title chips/pills were displayed in green. This is fixed and now each of them is displayed in the corresponding color to represent the user behavior correctly. |
446474 |
|
When generating a report that includes content subchapters either from the SPS UI or via the SPS REST API, if approximately more than 1000 sessions matched the content query, report generation could fail.
When generating reports that include content subchapters, Reporting collects sessions that match the content query. For each session, a QR code image is generated in temporary files that are embedded in the generated PDF file. Unfortunately, file descriptors had not been closed properly for these temporary files. As a result, if there were so many sessions matching the content query that the number of open file descriptors exceeded the operation system's limit, report generation failed and the following backtrace was written in the /var/log/messages log file: "ERROR OSError: [Errno 24] Too many open files.".
This issue has been fixed by making sure that file descriptors are properly closed. |
431434 |
|
When the user used the Automatically update session data on the Sessions page toggle, the Save button was not working on the User preferences UI.
This issue has been fixed. |
432800 |
|
When the SPS appliance was run as an Azure virtual machine, the boot firmware became tainted while upgrading to version 7.4. This necessitated applying a hotfix before further upgrades could be performed.
This issue has been fixed. |
437840 |
