If a session was terminated, the following message appeared in the session details view of the "Search" page, under "Monitoring Info > Verdict" field: "Terminated by a content policy". The same message was also found in the "Advanced Search recording.verdict" filter suggestion list, next to the value "ACCEPT_TERMINATED" in brackets. The problem with this text was that it was misleading because a session can be terminated not only by a content policy but also by the user.
The "ACCEPT_TERMINATED" recording.verdict message has been fixed to "Terminated by user or content policy". This message now reflects that not only the content policy but also the user can terminate a session. |
340185 |
When generating a report that included the "Four eyes authorizers" subchapter, if there were sessions without four-eyes authorizers, the value pie chart displayed "-1".
Similarly, in "Top 10 username/four-eyes authorizer ..." subchapters if the username was unknown, "-1" represented the value.
Since "-1" is not an intuitive value to represent unknown data, it has been replaced with "n/a". |
340215 |
Previously, it was possible to change the name of the predefined PCI-DSS report to another via the SPS REST API with a PUT request.
This issue has been fixed, because this is not intended behavior. After the fix, if a user wants to change the name of a predefined report via the SPS REST API, the user gets a "Predefined report name cannot be changed" error message. All PCI-DSS reports with a name different from "PCI-DSS" are renamed automatically during firmware upgrade to "PCI-DSS". |
340428 |
The warning icon on the analytics tab was green.
This issue has been fixed. |
340478 |
Text input fields are sometimes too short for SSH algorithms and TLS Cipher strings.
When specifying algorithms on the "SSH Control/Settings" page, the text input fields did not allow to enter texts longer than 150 characters. On the "MSSQL", "RDP", "Telnet" and "VNC Control/Settings" page, the "Cipher strength" field was also affected by the same limitation.
This issue has been fixed. The limit has been raised to 512 characters for SSH algorithms and to 4096 characters for TLS Cipher strings. |
340518 |
Online player encoding settings page was unreadable in dark mode.
Online player dark mode colors have been fixed on the encoding page. |
340524 |
When using a valid Lucene query between brackets, the logic operators were validated as incorrect and the query was marked as invalid.
This issue has been fixed. |
340525 |
In trust stores, when users started to drag and drop something to the certificate upload field, a little overlay appeared on the text field. If the users changed their minds and did not drop the file there, then this overlay stuck. The same problem came up in "Audit keystore > Add new key" (upload-key component).
Drag and drop is no longer stuck in a drag state for certification upload and key upload when the drag event leaves the page or is dropped on the wrong target. |
340528 |
RDP connections may fail after installing the January 11, 2022 Windows update.
After installing the January 11, 2022 Windows update or later Windows updates containing protections for CVE-2022-21857, RDP connections failed if the following conditions were true:
- There were multiple domains (for example domain A and B) with a trust relationship.
- The RDP connection was transparent or SPS acted as a Remote Desktop Gateway.
- NTLM authentication was configured with "Require domain membership" enabled.
- SPS was in domain A.
- The target server and user were in domain B.
In these cases the following line was displayed in the system log: "DC refused user authentication;"
The issue is fixed now. The NTLM authentication process has been improved to work with the new security checks. |
340538 |
When trying to generate video and screenshot files over the REST API to an MSSQL session using the /api/audit/sessions/<session-id>/screenshots/_generate and /api/audit/sessions/<session-id>/video/_generate endpoints, respectively, the indexer accepted the job, instead of notifying the users that generating screenshot and video files are not supported by the MSSQL session.
This has been fixed. Now, when users try to generate a screenshot or video for an MSSQL session over REST API, they receive a 400 ContentGenerationNotSupported error on REST API. |
340553 |
Large number of gateway authentications might cause all connections to terminate.
In some cases, after a very large number of gateway authentication, all connections of the affected protocol could terminate due to a double-free issue. In these cases, a core file was also generated, and a stackdump was written to the system log. The issue primarily affected HTTP connections, and, to a smaller degree, RDP connections where SPS was acting as a Remote Desktop Gateway. This issue has been fixed. |
340554 |
When creating or editing a trust store, the UI let users to add the same URLs more than once.
This issue has been fixed. When creating or editing a trust store, a validation process now prevents adding the same crl_url more than once. |
340566 |
When trying to sort sessions on SPS UI under the Search page by analytics score related fields (host login, login time, keystroke, mouse or window title), if none of the sessions had data for the selected analytics field, the REST API of SPS mistakenly returned 400 NotParsableQuery error referring to that the received search query is invalid.
This has been fixed now and sorting should not fail if data is not available for the analytics score related fields. |
340583 |
Trying to generate a Report from the SPS REST API with an ISO-8061 date format that correctly does not have a month part in the start or the end date field, returns an error.
When sending a request to the SPS report generating API endpoint (/api/reports) with a valid ISO 8061 date format in the start or the end date field parameter, SPS responds with an error message if one of the date fields contains a date that does not have a month part. As a result of this, the report generation does not start.
This has been fixed, users can specify the date in the start and end date fields in the SPS REST API in all previous formats and also in ISO 8061 formats. This was achieved by introducing an ISO date parser and keeping the old date parser too. Now SPS successfully performs the report generation between the desired dates. |
340592 |
Users trying to generate a Report from the SPS REST API with an ISO-8061 date format containing week numbers in the start or the end date field (for example 2022-W37-1) got an error message.
When sending a request to the report generating API endpoint (/api/reports) with a valid ISO 8061 date format containing week numbers in the start or the end date field parameter, SPS responded with a 400 "InvalidDate" error. As a result of this, the report generation did not start.
This has been fixed, now the users can specify the date in the start and end date fields in the SPS REST API in all previous formats and also in ISO 8061 formats. The fix included introducing an ISO date parser and keeping the old date parser too. SPS now successfully performs the report generation between the desired dates. |
340607 |
When users tried to search for a session in the audit trail which was not indexed using an indexing policy with "full_indexing" enabled, a misleading error message was shown.
Previously, multiple reasons could lead to this scenario (for example indexing was in progress) and there was only a general error message to handle them. This has been changed and a message specific to the cause of error is shown. |
340613 |
On the "Create & Manage Reports" page, when creating or editing a content-based subchapter, the "Connection policy" and the "Channel policy" fields are changed to drop-down, selectable menus. |
340616 |
The order of the analytic cards on "Analytics summary" page could change randomly.
This issue has been fixed. The order of the analytic cards always follow the same structure. |
340620 |
When the user tries to download an archived session audit trail on central search deployment, the download could fail because SPS could not find the audit trail and the user gets an error message when opening a new tab in the browser.
Trying to download an archived audit trail from SPS in central search deployment gave back an error message when opening a new tab in the browser. This was due to SPS trying to obtain the audit trail file through the local Content Service of the central search node, but it did not succeed because the given audit trail was only available through the Content Service of the minion node on which the given session was recorded.
This issue has been fixed. When the user tries to download an archived trail from the central search node, SPS contacts the Content Service of the minion node on which the session was recorded. |
340626 |
When creating content-based subchapters under "Reporting > Create & Manage Reports > View & edit subchapters > Content-based" subchapters tab with "Connection policy" filter for a protocol, if the connection policy filter was not a valid connection policy ID, the SPS REST API responded with an internal error, despite the error being a user error.
This has been fixed, and now, if the specified connection policy filter is not a valid connection policy ID, the SPS REST API responds with a 400 "Bad Request" error. |
340627 |
Permission error when attempting to start manual backup, restore, or archive operation with per-connection-policy permission.
When a user who had read and write/perform permission for only a few select connection policies within a protocol (but not all connection policies of that protocol) attempted to manually start the backup, restore, or archive operations for such a connection policy, the operation failed to start and a permission error was shown saying "Permission error / Access denied to object; object='/config/scb//connections/connection[@id = '...']', access='write'".
This issue has been fixed. Now users can start the backup, restore, and archive operations for all connection policies for which they had been granted the read and write/perform permission. |
380785 |
The footer of the "About" sidesheet panel was displayed incorrectly in dark mode.
While the color of the default text switched to white, the footer of the sidesheet background remained white, causing a visibility issue.
This issue has been fixed. |
386175 |
When the user tried to create and add a search-based subchapter to a report with an invalid query from the "Search" page and corrected the invalid query at the end of the saving process, the UI included the new subchapter twice in the selected report.
This issue has been fixed. |
387233 |
The cleanup policy sidesheet action row is updated to match the expected style. |
387363 |
Indexer policy field allowed to use the Next button even when no indexer policy value was selected.
Indexer policy field now requires an indexer policy value to be set when indexing is enabled in Quick Connection Setup. |
387412 |
Users could save the X.509 editing page, when the "Status" was "Enabled" but they did not select any trust store.
Fixed the missing 'required' validation on the "X.509 login method form > Trust store field".
Now users cannot submit the form without a trust store selected. |
387447 |
"HTTP Control Settings" page did not show the name of the "Error template".
This issue has been fixed. |
387687 |
RDP logon could cause all connections to terminate.
In some rare cases, a domain user successfully logging into a domain joined RDP server via SPS could cause all RDP connections to terminate. In this case, a core file was also generated. This issue mainly affected transparent connections, or connections where SPS was acting as an RD Gateway, and where the server was behaving in a specific incorrect way during SPNEGO-based NLA authentication.
This has been fixed, the non-standard server behavior is now handled gracefully, and the affected connections will now pass. |
388421 |
Some SSH host keys were not listed.
If the SSH target servers used "ecdsa-sha2-nistp384" or "ecdsa-sha2-nistp521" host keys, then those keys were not displayed under "SSH Control > Server" host keys. This error has been fixed.
As a consequence, the key types above are also supported on the /api/ssh-host-keys endpoint of the REST API. |
388635 |
Protocols TLS 1.0 and 1.1 are removed from indexer service. Only TLS 1.2 or newer protocol versions are supported on the TCP port of the external indexer. |
389039 |
When editing an AD/LDAP server in the case of an already specified Trust store under "User & Access Control > Login Options > Manage AD/LDAP servers", although it was possible to select "Certificate" with "None" status, an error occurred while committing the changes.
This issue has been fixed. You can save and commit your changes when editing AD/LDAP servers. |
400763 |
Even though the '_' character is allowed in an FQDN on the REST API, users could not set a server with this name using the web UI.
FQDN validations have been fixed on the UI. |
400765 |
Misleading error message displayed when MSSQL inband target server does not exist.
In MSSQL connections, using inband target selection, when the DNS name resolution of the target server hostname failed, a misleading login error message, "Gateway authentication failed", was displayed in the MSSQL client. In this case, a traceback was also written to the system log.
These errors have been fixed, and the error message has been updated to reflect that name resolution has failed. |
404204 |
Audit trails and events of Citrix ICA connections may have incorrect dates.
The channels in ICA audit trails recorded on affected SPS versions may appear to be recorded in the future, specifically at, or after 2035-10-29T06:32:22 (UTC). Since audit trails also serve as a basis for audit events, the dates and times shown on the Search interface are also incorrect for the affected sessions.
Digitally signed timestamps created by Time Stamping Authorities, when this feature is enabled for the audit trail, are not affected.
Also, only the records indicating the start of a new channel have wrong timestamps in the audit trail. The actual audited traffic, such as keystrokes, mouse events or graphical content, internally have correct timestamps, but due to an automatic time correction during indexing, those events are also displayed with incorrectly adjusted dates and times.
The audit trail recording error has been fixed, SPS now writes correct times in the audit trail when opening new channels. Existing audit trails recorded with an affected SPS, however, will still show incorrect dates and times. |
405227 |
The RAID status is not displayed after the installation.
Previously, at the end of the installation of Safeguard 4000, the RAID sync status was not displayed. This issue has been corrected. |
407479 |
Icons disappeared from policy editing pages for all users, except for local administrators, even if users had "read and write/perform" permissions.
On the web user interface, icons, such as addition and deletion of rows, and so on, disappeared from most of the policy editing pages for all users, except for the local administrator, even if the user had "read and write/perform" permission for the particular page. This has been fixed, now the icons do appear again for all users who have the necessary access permissions for editing policies or configuration. |
410511 |
Connecting to a remote SSH server through SPS using agent authentication can cause SSH connections to terminate.
When the relayed authentication method was set to 'Public key' with 'Agent' selected for an SSH Authentication policy and users had multiple keys in their SSH agent with at least one RSA key, connecting to a remote SSH server through SPS could cause all SSH connections to terminate.
In this case, a core file was generated and a backtrace was written to the system log.
This issue has been fixed, authenticating with an SSH agent containing multiple keys is possible again. |
412260 |
Data migration failed on hardware installations.
Previously, data migration failed on the hardware installations, because the stopped core firmware caused the target machines to be in secondary state, which prevented the data to be copied to the target machines. This issue has been fixed. Now, on all hardware, data migration ensures that the target machines are in primary state. |
412397 |