Chat now with support
Chat with Support

One Identity Safeguard for Privileged Sessions 7.4 - Release Notes

Deprecated features

Apache lucene database

In SPS 7.0 LTS, One Identity modified the search for screen content in session data to use the Elasticsearch database only. The Apache lucene database support is phased out, but the query language remained lucene-like.

After the switch to the Elasticsearch database, you will be able to access content stored in an Apache lucene database only if you regenerate the content with the reindex tool. For more information, see Regenerate content stored in lucene indices.

Due to the removal of lucene indices, users are not able to search for content in lucene indices with the content request parameter on the /api/audit/sessions and /api/audit/sessions/stats endpoints.

For more information, see and .

Additionally, in Reporting, statistics subchapters that included the audit_content filter will not work. Alternatively, you can use Search-based subchapters with the screen.content filter to create statistic reports from connection metadata that included a specific content in the audit trail.

For more information, see .

Content search option deprecation

On the Search page, the Content search option has been deprecated.

Advanced statistics

Creating statistics from custom queries using the Reporting > View & edit subchapters > Advanced statistics page has been deprecated. The /api/configuration/reporting/custom_subchapters REST API endpoint has also been deprecated.

During the upgrade process, existing advanced statistics subchapters and their references are removed from the SPS configuration. Additionally, advanced statistics ACLs assigned to user groups are also removed from the SPS configuration. Note that if a user group only had the advanced statistics ACL assigned under Users & Access Control > Appliance Access, the whole ACL entry is removed during the upgrade process.

Alternatively, you can use search-based subchapters to query connection metadata. For more information, see .

Resolved issues

The following is a list of issues addressed in this release.

Table 1: General resolved issues in release 7.4
Resolved Issue Issue ID

The local SSH of SPS and the root password of the local SSH of SPS could be configured on the REST API in sealed mode.

The configuration issue is solved and local SSH and root password cannot be configured in sealed mode.

340251

When the user only added or deleted a certificate to a trust store, these actions did not enable the Save button. This issue has been fixed.

340419

Missing name validation for creating or editing LDAP servers.

A unique name validator has added to LDAP server name field to help the user choose an unused one.

340503

Added an Enter key handler to LDAP server shared secret dialog.

340505

When there was an exact match in the list, it could happen that the result was displayed at the end of the list, which means the user was not able to see it immediately if the list was too large and scrollable. This issue has been fixed.

340507

User Preferences -> Search page settings -> Automatic refresh toggle did not affect the Search page background data refreshing. This issue has been fixed.

340519

EU data house is available for starling, but the UI showed that it is not yet supported. This issue has been fixed.

340520

When you create a report for a fixed time frame or a custom time frame, the page shows you the redirection suggestion popup instead of auto redirecting, and it does not redirect you now if there is an error during a custom time framed report creation.

340540

From now on, the online video player will stop when the user presses the forward seek button. This was implemented to make going forward the same as going backwards in the videos.

340542

Fixed the too short NLA authorization information caching interval.

NLA authorization information was cached for 10 seconds before invalidated which made it difficult to check server certificate manually. Pending authorization information is now available for 1 minute to reuse.

340569

The "read the release notes" link on the "About" side sheet led to an old page. This link is now fixed and navigates the user to the correct page.

386176

The query of a content based subchapter no longer excepts unpaired double quotes in search words, since it causes an internal error. This fact is also represented in the REST schema of the content subchapter endpoint.

387790

Fixed this issue: Adding or updating Cleanup Policies on slower network caused issues of the saving workflow.

388585

Fixed this issue: Login page local login modal backdrop displayed incorrectly on slow internet.

392712

Now it is possible to remove bind DN value in LDAP management.

403955

Fixing required space calculation in upgrade precheck.

Until now the upgrade precheck process did not calculate the required space properly. Now this problem has been fixed.

406696

The Time Stamping extended key usage of the TSA certificate was not validated on the REST API.

The configuration validation is extended with Time Stamping extended key usage check on the REST API, too.

410460

Early disconnections might cause all RDP connections to terminate when RDG is configured.

When SPS was configured to act as a Remote Desktop Gateway and the client disconnected in the early stages of the connection, all RDP connections could be terminated.

In this case a core file was generated and a backtrace was written to the system log alongside with the following line: "Timer expired; description='I/O timeout'". This issue is fixed now.

411111

The following bug in SPS prior to 7.3.0 was only possible via the SPS REST API. If a user sent a POST request to the following endpoint https://SPS_IP/api/configuration/reporting/restbased_subchapters and created a restbased_subchapter that contained a field with a date type in its "fields" value list.

As of SPS 7.3.0, the bug could also be triggered on the SPS UI, under the Reporting > Create & Manage Reports menu item, if a user created a Search-Based subchapter that contained a column that was of type date by pressing the View & edit subchapters button. The bug could be found in the generated report if a field of a date type in a session in the report did not have a value, and instead of the expected "n/a", a blank text ("") was displayed.

This has been fixed so that if a report contains a search-based subchapter (referred as REST-based subchapter on the REST API) that contains a session field of type date and the generated report includes a session that does not contain a value for that date field, the report will contain "n/a" for the field value.

412721

During a firmware upgrade or when importing an older configuration bundle, a computationally expensive validation rule was evaluated multiple times. With sufficiently complex confiugration, this could make the process run long enough to exceed the maximum execution time of the server side request handler of the web user interface, making the operation fail. This expensive validation is now performed only once, so that validating a complex configuration during a firmware upgrade or a configurtion import will not exceed the execution time limit.

413675

In Windows Azure environment the SPS console could report failed network services due to an interaction between its networking setup and the Azure guest agent. The SPS networking system was enhanced to tolerate such external changes.

414452

When SPP and SPS are linked together, SPS needs to maintain an up-to-date list of the members of the SPP cluster. This list was periodically queried, but only from the primary node of the SPP cluster.

This has been changed so that when the primary SPP node is unreachable for SPS, then SPS will attempt to query the SPP cluster members from the other nodes of the SPP cluster, based on the last known set of SPP cluster members.

414457

When the user created a new custom report, the actions were available behind the "Create report" button before the changes were committed on the Reporting -> Create and Manage Reports UI. This issue has been fixed.

416981

RDP connections initiated on Mac OS with Microsoft Remote Desktop App 10.8.2 or later failed.

Microsoft Remote Desktop App 10.8.2 enabled a new undocumented protocol feature which was not handled by SPS, causing RDP connections to fail.

This has been fixed, SPS now properly recognizes and disables this feature.

417054

When an SPS instance was first launched in AWS EC2, the bootstrap system could occasionally fail. In this case the customer would experience Connection Refused indefinitely when they tried to connect to the freshly provisioned instance via HTTPS. This unreliability was fixed to stabilize the bootstrap procedure.

421194

Documentation links in the upgrade notes were not resolvable.

When the upgrade notes of a specific firmware version was displayed, the links to the Upgrade Guide and the Release Notes were incorrect. The documentation site was updated to provide contents for the past versions as well.

422264

Pagination range was incorrect on the last page when it had 10.000 or more sessions. This issue has been fixed.

422663

Fixed to be able to build baselines for more than 10,000 users.

424024

Added cleanup to all RabbitMQ dead letter queues.

424300

RDP protocol negotiation on Windows 11 with Remote Desktop 10.0.22621 fails.

In Windows 11 version 22H2, RDP protocol negotiation has been changed, and now it allows skipping the initial channel join messages. This was not handled by SPS, causing RDP connections fail to start.

This has been fixed, SPS now supports RDP channel join skipping.

425560

When creating a new content subchapter on SPS UI under Reporting > Create & Manage Reports and the user had content subchapters using a protocol connection policy filter without having access to the particular protocol's Connections menupoint, SPS returned a "403 Forbidden: The client is not authorized to access the given resource." error. Furthermore, when the user wanted to create a new conctent subchapter with a protocol connection policy filter, SPS also responded with the previous error and the subchapter could not be created.

This issue has been fixed so the protocol connection policy filter works as expected without access to protocol Connections menupoints.

425741

Cleanup caused errors if no cleanup policy was set. Thia issue has been fixed.

431686

Table 2: Resolved Common Vulnerabilities and Exposures (CVE) in release 7.4
Resolved Issue Issue ID

avahi:

CVE-2017-6519

 

CVE-2018-1000845

 

CVE-2021-3502

 

CVE-2023-1981

bind9:

CVE-2020-8616

 

CVE-2020-8617

 

CVE-2020-8618

 

CVE-2020-8619

 

CVE-2020-8625

 

CVE-2021-25214

 

CVE-2021-25215

 

CVE-2021-25216

 

CVE-2021-25219

 

CVE-2021-25220

 

CVE-2022-0396

 

CVE-2022-0635

 

CVE-2022-0667

 

CVE-2022-1183

 

CVE-2022-2795

 

CVE-2022-2881

 

CVE-2022-2906

 

CVE-2022-3080

 

CVE-2022-3094

 

CVE-2022-3736

 

CVE-2022-38178

 

CVE-2022-3924

 

CVE-2023-2828

 

CVE-2023-2911

bind9-libs:

CVE-2020-8622

 

CVE-2020-8624

 

CVE-2020-8625

bubblewrap:

CVE-2020-5291

busybox:

CVE-2018-1000500

cairo:

CVE-2020-35492

cifs-utils:

CVE-2020-14342

 

CVE-2021-20208

cpio:

CVE-2021-38185

cryptsetup:

CVE-2020-14382

 

CVE-2021-4122

cups:

CVE-2019-8842

 

CVE-2020-10001

 

CVE-2020-3898

 

CVE-2023-32324

 

CVE-2023-34241

curl:

CVE-2020-8169

 

CVE-2020-8177

 

CVE-2020-8231

 

CVE-2020-8284

 

CVE-2020-8285

 

CVE-2020-8286

 

CVE-2021-22876

 

CVE-2021-22890

 

CVE-2021-22898

 

CVE-2021-22924

 

CVE-2022-27774

 

CVE-2022-27780

 

CVE-2022-32205

 

CVE-2022-32207

 

CVE-2022-42915

 

CVE-2022-42916

 

CVE-2022-43551

 

CVE-2023-23914

 

CVE-2023-23915

 

CVE-2023-23916

 

CVE-2023-27534

 

CVE-2023-28321

 

CVE-2023-28322

db5.3:

CVE-2019-8457

dbus:

CVE-2019-12749

 

CVE-2020-12049

erlang:

CVE-2020-35733

 

CVE-2022-37026

expat:

CVE-2013-0340

 

CVE-2021-45960

 

CVE-2021-46143

 

CVE-2022-22822

 

CVE-2022-22823

 

CVE-2022-22824

 

CVE-2022-22825

 

CVE-2022-22826

 

CVE-2022-22827

 

CVE-2022-23852

 

CVE-2022-23990

 

CVE-2022-25235

 

CVE-2022-25236

 

CVE-2022-25313

 

CVE-2022-25314

 

CVE-2022-25315

ffmpeg:

CVE-2020-13904

 

CVE-2020-14212

 

CVE-2020-21041

 

CVE-2020-22015

 

CVE-2020-22019

 

CVE-2020-22021

 

CVE-2020-22033

 

CVE-2020-35964

 

CVE-2020-35965

freerdp2:

CVE-2017-2834

 

CVE-2017-2835

 

CVE-2017-2836

 

CVE-2017-2837

 

CVE-2017-2838

 

CVE-2017-2839

 

CVE-2019-17177

 

CVE-2020-11095

 

CVE-2020-11096

 

CVE-2020-11097

 

CVE-2020-11098

 

CVE-2020-11099

 

CVE-2020-15103

 

CVE-2020-4030

 

CVE-2020-4031

 

CVE-2020-4032

 

CVE-2020-4033

 

CVE-2021-41159

 

CVE-2021-41160

 

CVE-2022-24883

 

CVE-2022-39282

 

CVE-2022-39283

 

CVE-2022-39316

 

CVE-2022-39317

 

CVE-2022-39318

 

CVE-2022-39319

 

CVE-2022-39320

 

CVE-2022-39347

freetype:

CVE-2020-15999

fribidi:

CVE-2022-25310

glib2.0:

CVE-2012-3524

 

CVE-2021-27218

 

CVE-2021-27219

 

CVE-2021-28153

 

CVE-2023-24593

 

CVE-2023-25180

 

CVE-2023-29499

 

CVE-2023-32611

 

CVE-2023-32636

 

CVE-2023-32643

 

CVE-2023-32665

glibc:

CVE-2016-10228

 

CVE-2019-25013

 

CVE-2020-1751

 

CVE-2020-1752

 

CVE-2020-27618

 

CVE-2020-29562

 

CVE-2020-6096

 

CVE-2021-27645

 

CVE-2021-3326

 

CVE-2021-33574

gmp:

CVE-2021-43618

gnuplot:

CVE-2021-44917

gnutls28:

CVE-2020-11501

 

CVE-2020-13777

 

CVE-2020-24659

 

CVE-2021-20231

 

CVE-2021-20232

grub2:

CVE-2020-10713

 

CVE-2020-14308

 

CVE-2020-14309

 

CVE-2020-14310

 

CVE-2020-14311

 

CVE-2020-14372

 

CVE-2020-15706

 

CVE-2020-15707

 

CVE-2020-25632

 

CVE-2020-25647

 

CVE-2020-27749

 

CVE-2020-27779

 

CVE-2021-20225

 

CVE-2021-20233

gzip:

CVE-2010-0001

icu:

CVE-2021-30535

ipmitool:

CVE-2020-5208

isc-dhcp:

CVE-2021-25217

json-c:

CVE-2020-12762

klibc:

CVE-2021-31870

 

CVE-2021-31871

 

CVE-2021-31872

 

CVE-2021-31873

krb5:

CVE-2020-28196

 

CVE-2021-36222

 

CVE-2021-37750

lcms2:

CVE-2018-16435

ldb:

CVE-2020-10730

 

CVE-2020-27840

 

CVE-2021-20277

less:

CVE-2022-46663

libcap2:

CVE-2023-2602

 

CVE-2023-2603

libdbi-perl:

CVE-2014-10401

libgcrypt20:

CVE-2021-3345

 

CVE-2021-33560

libgd2:

CVE-2021-40145

libnfsidmap:

CVE-2008-4552

 

CVE-2011-1749

 

CVE-2019-3689

libonig:

CVE-2019-13224

 

CVE-2019-13225

libsepol:

CVE-2021-36084

 

CVE-2021-36085

 

CVE-2021-36086

 

CVE-2021-36087

libssh:

CVE-2020-16135

 

CVE-2020-1730

 

CVE-2021-3634

 

CVE-2023-1667

 

CVE-2023-2283

libssh2:

CVE-2019-13115

 

CVE-2019-17498

 

CVE-2019-3855

 

CVE-2019-3856

 

CVE-2019-3857

 

CVE-2019-3858

 

CVE-2019-3859

 

CVE-2019-3860

 

CVE-2019-3861

 

CVE-2019-3862

 

CVE-2019-3863

libuv1:

CVE-2021-22918

libwebp:

CVE-2018-25009

 

CVE-2018-25010

 

CVE-2018-25011

 

CVE-2018-25013

 

CVE-2018-25014

 

CVE-2020-36328

 

CVE-2020-36329

 

CVE-2020-36330

 

CVE-2020-36331

 

CVE-2020-36332

libx11:

CVE-2020-14344

 

CVE-2021-31535

 

CVE-2023-3138

libxml2:

CVE-2020-24977

 

CVE-2021-3516

 

CVE-2021-3517

 

CVE-2021-3518

 

CVE-2021-3537

 

CVE-2021-3541

 

CVE-2022-23308

linux:

CVE-2018-6559

 

CVE-2019-16089

 

CVE-2020-11935

 

CVE-2020-16119

 

CVE-2021-1052

 

CVE-2021-1053

 

CVE-2021-26401

 

CVE-2021-33655

 

CVE-2021-4155

 

CVE-2022-0001

 

CVE-2022-0185

 

CVE-2022-0435

 

CVE-2022-0516

 

CVE-2022-1015

 

CVE-2022-1016

 

CVE-2022-20369

 

CVE-2022-22942

 

CVE-2022-23222

 

CVE-2022-23960

 

CVE-2022-24122

 

CVE-2022-25636

 

CVE-2022-2585

 

CVE-2022-2586

 

CVE-2022-2588

 

CVE-2022-26490

 

CVE-2022-2663

 

CVE-2022-29581

 

CVE-2022-29900

 

CVE-2022-29901

 

CVE-2022-3061

 

CVE-2022-34918

 

CVE-2022-3524

 

CVE-2022-3564

 

CVE-2022-3565

 

CVE-2022-3566

 

CVE-2022-3567

 

CVE-2022-3594

 

CVE-2022-3621

 

CVE-2022-36946

 

CVE-2022-41218

 

CVE-2022-4139

 

CVE-2022-42703

 

CVE-2022-42719

 

CVE-2022-42722

 

CVE-2022-4378

 

CVE-2022-43945

 

CVE-2022-47940

 

CVE-2023-0045

 

CVE-2023-0179

 

CVE-2023-0266

 

CVE-2023-0461

 

CVE-2023-1075

 

CVE-2023-1118

 

CVE-2023-1380

 

CVE-2023-1670

 

CVE-2023-1859

 

CVE-2023-1872

 

CVE-2023-23559

 

CVE-2023-2612

 

CVE-2023-30456

 

CVE-2023-3090

 

CVE-2023-31248

 

CVE-2023-31436

 

CVE-2023-32233

 

CVE-2023-3389

 

CVE-2023-3390

 

CVE-2023-3439

 

CVE-2023-35001

logrotate:

CVE-2022-1348

lxml:

CVE-2021-28957

lz4:

CVE-2021-3520

mc:

CVE-2021-36370

multipath-tools:

CVE-2022-41974

ncurses:

CVE-2022-29458

 

CVE-2023-29491

net-snmp:

CVE-2019-20892

 

CVE-2020-15861

 

CVE-2020-15862

netkit-ftp:

CVE-2004-1294

 

CVE-2014-8517

nettle:

CVE-2021-20305

 

CVE-2021-3580

nfs-utils:

CVE-2019-3689

nginx:

CVE-2018-16843

 

CVE-2018-16844

 

CVE-2018-16845

 

CVE-2019-20372

 

CVE-2019-9511

 

CVE-2019-9513

 

CVE-2019-9516

 

CVE-2020-11724

 

CVE-2021-23017

nss:

CVE-2020-12399

 

CVE-2020-12402

 

CVE-2021-43527

ntp:

CVE-2019-8936

open-vm-tools:

CVE-2022-31676

 

CVE-2023-20867

openjdk-17:

CVE-2023-22006

 

CVE-2023-22036

 

CVE-2023-22041

 

CVE-2023-22044

 

CVE-2023-22045

 

CVE-2023-22049

 

CVE-2023-25193

openldap:

CVE-2020-12243

 

CVE-2020-25692

 

CVE-2020-25709

 

CVE-2020-25710

 

CVE-2020-36221

 

CVE-2020-36222

 

CVE-2020-36223

 

CVE-2020-36224

 

CVE-2020-36225

 

CVE-2020-36226

 

CVE-2020-36227

 

CVE-2020-36228

 

CVE-2020-36229

 

CVE-2020-36230

 

CVE-2021-27212

 

CVE-2022-29155

openssh:

CVE-2021-28041

 

CVE-2021-41617

 

CVE-2023-38408

openssl:

CVE-2020-1967

 

CVE-2020-1971

 

CVE-2021-23840

 

CVE-2021-23841

 

CVE-2021-3449

 

CVE-2021-3450

 

CVE-2022-1343

 

CVE-2022-1434

 

CVE-2022-1473

 

CVE-2022-2068

 

CVE-2022-3358

 

CVE-2022-3602

 

CVE-2022-3996

 

CVE-2022-4203

 

CVE-2022-4304

 

CVE-2023-0216

 

CVE-2023-0217

 

CVE-2023-0401

 

CVE-2023-1255

 

CVE-2023-2650

p11-kit:

CVE-2020-29361

 

CVE-2020-29362

 

CVE-2020-29363

pcre3:

CVE-2020-14155

perl:

CVE-2020-10543

 

CVE-2020-10878

 

CVE-2020-12723

 

CVE-2021-36770

 

CVE-2023-31484

php-pear:

CVE-2020-36193

pillow:

CVE-2021-25287

 

CVE-2021-25288

 

CVE-2021-25289

 

CVE-2021-25290

 

CVE-2021-25291

 

CVE-2021-25292

 

CVE-2021-25293

 

CVE-2021-27921

 

CVE-2021-27922

 

CVE-2021-27923

 

CVE-2021-28675

 

CVE-2021-28676

 

CVE-2021-28677

 

CVE-2021-28678

 

CVE-2021-34552

postgresql-12:

CVE-2023-2454

 

CVE-2023-2455

postgresql-common:

CVE-2019-3466

protobuf:

CVE-2021-22569

putty:

CVE-2020-14002

 

CVE-2021-36367

pyjwt:

CVE-2022-29217

python-babel:

CVE-2021-20095

python-bleach:

CVE-2020-6817

 

CVE-2021-23980

python-cryptography:

CVE-2020-25659

 

CVE-2020-36242

python-oauthlib:

CVE-2022-36087

python-urllib3:

CVE-2021-28363

 

CVE-2021-33503

python2.7:

CVE-2019-20907

 

CVE-2020-8492

 

CVE-2021-3177

pyyaml:

CVE-2020-14343

qtbase-opensource-src:

CVE-2015-9541

 

CVE-2020-13962

 

CVE-2020-17507

 

CVE-2022-25255

redis:

CVE-2021-29477

 

CVE-2021-29478

 

CVE-2021-32625

 

CVE-2021-32626

 

CVE-2021-32627

 

CVE-2021-32628

 

CVE-2021-32672

 

CVE-2021-32675

 

CVE-2021-32687

 

CVE-2021-32761

 

CVE-2021-32762

 

CVE-2021-41099

requests:

CVE-2023-32681

rsync:

CVE-2016-9840

 

CVE-2016-9841

 

CVE-2016-9842

 

CVE-2016-9843

 

CVE-2020-14387

samba:

CVE-2020-10700

 

CVE-2020-10704

 

CVE-2020-10730

 

CVE-2020-10745

 

CVE-2020-10760

 

CVE-2020-14303

 

CVE-2020-14318

 

CVE-2020-14323

 

CVE-2020-14383

 

CVE-2020-1472

 

CVE-2021-20254

 

CVE-2022-2031

 

CVE-2022-2127

 

CVE-2022-32742

 

CVE-2022-32744

 

CVE-2022-32745

 

CVE-2022-32746

 

CVE-2022-37966

 

CVE-2022-37967

 

CVE-2022-38023

 

CVE-2023-34966

 

CVE-2023-34967

 

CVE-2023-34968

screen:

CVE-2020-9366

 

CVE-2021-26937

sqlite3:

CVE-2020-11655

 

CVE-2020-11656

 

CVE-2020-13871

 

CVE-2021-36690

sqlparse:

CVE-2021-32839

strongswan:

CVE-2021-45079

sudo:

CVE-2005-4890

 

CVE-2021-23239

 

CVE-2021-3156

 

CVE-2022-33070

 

CVE-2023-27320

sysstat:

CVE-2023-33204

systemd:

CVE-2020-13529

 

CVE-2021-33910

 

CVE-2021-3997

tar:

CVE-2006-6097

tcpdump:

CVE-2020-8037

tiff:

CVE-2011-0192

 

CVE-2022-0561

 

CVE-2022-0562

 

CVE-2022-0865

 

CVE-2022-0891

 

CVE-2022-0907

 

CVE-2022-0908

 

CVE-2022-0909

 

CVE-2022-0924

 

CVE-2022-22844

 

CVE-2022-48281

 

CVE-2023-25433

 

CVE-2023-26965

 

CVE-2023-26966

 

CVE-2023-2908

 

CVE-2023-3316

 

CVE-2023-3618

 

CVE-2023-38288

 

CVE-2023-38289

util-linux:

CVE-2021-37600

 

CVE-2021-3995

 

CVE-2021-3996

vim:

CVE-2021-3770

 

CVE-2021-3778

 

CVE-2021-3796

 

CVE-2021-3875

 

CVE-2021-3927

 

CVE-2021-3928

 

CVE-2021-3968

 

CVE-2021-3973

 

CVE-2021-3974

 

CVE-2021-3984

 

CVE-2021-4136

 

CVE-2022-0128

 

CVE-2022-0156

 

CVE-2022-0158

 

CVE-2022-0393

 

CVE-2022-0407

 

CVE-2022-0696

 

CVE-2022-1420

 

CVE-2022-2182

 

CVE-2022-2208

 

CVE-2022-2210

 

CVE-2022-2231

 

CVE-2022-2257

 

CVE-2022-2264

 

CVE-2022-2284

 

CVE-2022-2285

 

CVE-2022-2286

 

CVE-2022-2287

 

CVE-2022-2289

 

CVE-2022-2522

 

CVE-2022-2580

 

CVE-2022-2598

 

CVE-2022-2816

 

CVE-2022-2817

 

CVE-2022-2819

 

CVE-2022-2862

 

CVE-2022-2874

 

CVE-2022-2889

 

CVE-2022-2982

 

CVE-2022-3016

 

CVE-2022-3037

 

CVE-2022-3099

 

CVE-2022-3134

 

CVE-2022-3153

 

CVE-2023-0051

 

CVE-2023-2426

 

CVE-2023-2609

 

CVE-2023-2610

zeromq3:

CVE-2020-15166

Known issues

The following is a list of issues, including those attributed to third-party products, known to exist at the time of release.

Table 3: General known issues
Known Issue

The api/audit/sessions endpoint cannot return fields of complex objects nested in lists.

When the api/audit/sessions endpoint receives a query where the fields parameter is provided with list type fields, then these fields will be missing from the response, for example: vault.reviewed.* and vault.approved.*.

Search-based subchapters present some data as missing, regardless of their actual status.

When trying to create a report with subchapters that include the fields listed below, n/a will be presented in the report for these fields, even if data is stored in the database for those fields.

Known affected fields:

  • Reviewed user id

  • Reviewed user name

  • Reviewed domain name

  • Reviewed user display name

  • Reviewed client ip address

  • Reviewed comment

  • Reviewed timestamp

  • Approved user id

  • Approved user name

  • Approved domain name

  • Approved user display name

  • Approved client ip address

  • Approved comment

  • Approved timestamp

Caution:

After upgrading to version 7.0 LTS, SPS requires a new license. To avoid possible downtimes due to certain features not being available, before starting the upgrade, ensure that you have a valid SPS license for 7.0 LTS.

Upgrade as follows:

  1. Perform the upgrade to 7.0 LTS with your current license.

  2. Update your SPS license to 7.0 LTS.

For a new SPS license for 7.0 LTS, contact our Licensing Team.

TLS version 1.3 is not supported when using the inWebo, Okta or One Identity Starling 2FA plugins. To ensure that TLS 1.2 is used by SPS during negotiation, specify the minimum and maximum TLS version as follows:

  • For the minimum TLS version, select TLS version 1.2.

  • For the maximum TLS version, select TLS version 1.3.

For more information, see .

The accuracy of replaying audit trails in Asian languages (Traditional Chinese, Korean) has been enhanced. Due to this change, when upgrading SPS to version 6.11.0, all your sessions will be reindexed, and while reindexing is in progress, your sessions on the Search interface are incomplete. For this reason, plan your upgrade to SPS 6.11.0 accordingly.

Report generation may fail if a report subchapter references a connection policy that has been deleted previously.

SPS can create reports giving detailed information about connections of every connection policy. For this, the user can add connection subchapters in the Report Configuration Wizard, under Reporting > Create & Manage Reports.

For a successful report generation, the referenced connection policy must exist on the appliance. However, when deleting a connection policy that is referenced as a connection subchapter, the user is not warned that the report subchapter must be removed, otherwise the subsequent report generation will fail.

This affects scheduled report generation as well.

Table 4: General known issues
Known Issue Issue ID

External indexer disconnected due to certificates expiry.

You are only affected by this issue if you have enabled external indexing while running SPS version 6.0.4 or 6.4.0 or later where the external indexer certificates were created with a limit of 800 days.

To resolve this issue, see External indexer disconnected due to certificates expiry (4368875) (oneidentity.com).

PAM-16883

System requirements

Before installing SPS 7.4, ensure that your system meets the following minimum hardware and software requirements.

The One Identity Safeguard for Privileged Sessions Appliance is built specifically for use only with the One Identity Safeguard for Privileged Sessions software that is already installed and ready for immediate use. It comes hardened to ensure the system is secure at the hardware, operating system, and software levels.

For the requirements about installing One Identity Safeguard for Privileged Sessions as a virtual appliance, see one of the following documents:

NOTE: When setting up a virtual environment, carefully consider the configuration aspects such as CPU, memory availability, I/O subsystem, and network infrastructure to ensure the virtual layer has the necessary resources available. Please consult One Identity's Product Support Policies for more information on environment virtualization.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating