DocumentationRelease Notes
Release Notes

BT Updater Server 2.0.4 release notes

November 25, 2025

🆕 New features

There are no new features with this release.

🛠️ Issues resolved

DescriptionResolution
Previous logging did not provide sufficient detail for effective monitoring and troubleshooting.Improved server-side application logging to provide increase monitoring and telemetry.

Workforce Passwords Browser Extension 25.3.0.1 release notes

November 25, 2025

🆕 New features

Workforce Passwords updated to latest Shield specifications

We’ve given the Workforce Passwords UI a fresh new look! Built with the latest design system, it gives you a more consistent, modern, and accessible experience. It ensures the interface aligns with the rest of the product, making it easier to navigate, more intuitive to use, and better suited for accessibility standards.

Autofill Credentials

Autofill just got easier! You can now turn it on right from the client side. Plus, admins on servers 25.3+ can choose who gets access. To check it out:

  • In Chrome: Right-click on the browser extension and select Options.
  • In Firefox: Right-click on the browser extension, select Managed Extensions, and select the Options tab.
  • In Edge: Right-click on the browser extension and select in Extension Options.

Chrome example:

New Autofill pop-up

Heads up! We’ve added a quick pop-up to let you know that autofill is now turned off by default. Don’t worry, you’re still in control. Workforce Passwords 25.3.0.1 introduces a brand-new setting that lets you choose whether login info autofills when pages load. Want it back on? Just go to your browser extension’s Options menu (if your admin gives the thumbs-up) and flip the switch!







Generate a password when creating a credential

We’ve made setting passwords simpler and smarter! Our new Set Password header includes a handy toggle that lets you choose between Manual Input or Auto Generate. Want a secure password fast? Switch to Auto Generate, pick a Password Policy, and click Generate Password to instantly create a password that meets your organization’s rules. You can even tweak it afterward if you’d like! If no password policies are enabled, no worries. You can still set one manually. Simple, flexible, and secure!












🛠️ Issues resolved

🔧 Workforce Passwords

DescriptionResolution
Prevent Clickjacking for Autofill Buttons. Clickjacking is a malicious technique that deceives users into clicking on something different from what they see, typically by placing an invisible or disguised page over a legitimate one.Used popover API to ensure credential lists always appear on top, helping prevent unwanted overlays and reduce the chance of deceptive clicks. Updated the extension to limit style changes by using tools that watch for and block unauthorized modifications.
Issue on all pages where a field with an associated Workforce Passwords icon resided. Issue: icons move out of positions when browser is zoomed out.Icons on the login screen remain properly aligned and displayed, even when the browser is zoomed out.
When creating a new credential, fields/buttons are sometimes blank and the popup is unresponsive.All fields and buttons load correctly when creating a new credential, and the popup remains fully responsive and interactive.
The default folder for a secret is sometimes incorrectly set to a subfolder within the Personal Folder, instead of defaulting to the main Personal Folder as intended.New secrets now correctly default to the main Personal Folder, rather than any subfolder within it.
Error when copying credentials to clipboard results in 'undefined'.Copying to clipboard no longer results in an 'undefined' error.

📝 Requirements

Requires BeyondTrust Password Safe version 23.2.0 or later release.

🗒️ Notes

This release is available in:

Password Safe Mobile app 1.2.1 release notes

November 20, 2025

To support enterprise users who need secure access on the go, Password Safe is introducing a mobile app for both Apple iOS and Android.

🆕 New features

  • This is a maintenance release. There are no new features.

🛠️ Issues resolved

IssueResolution
When you try to sign in to PS Cloud using SAML authentication, you may receive the following error message; SAML Authentication Error. Failed to Sign In with SAMLThe SAML error message no longer appears and works as expected.

📝 Requirements

  • Password Safe 25.1 or later

Password Safe Cloud Resource Broker 25.1.0.1939 release notes

October 30, 2025

ℹ️

You can download this release from your Password Safe Cloud portal by navigating to Configuration > Resource Zones and clicking Download Installer.

🆕 New features

This is a maintenance release. There are no new features.

✨ Enhancements

This is a maintenance release. There are no enhancements.

🛠️ Issues resolved

No issues are resolved in this release.

📝 Requirements

  • We recommend a restart after this update.

🗒️ Notes

  • Direct upgrades to 25.1.0.1939 are supported from all previous versions.
  • This release bundles version 25.2.0.1971 of the BeyondTrust Discovery Agent. View the Discovery Agent 25.2.0.1971 release notes.
  • .NET hosting bundle v8.0.21 is included.
  • Session Monitoring Agent (pbsmd) is updated to 25.1.43.
  • Enhanced Session Monitoring Agent (pbpsmon) 25.1.38 is included.
  • PS Automate build 16357480509 is included.

⚙️ Signatures

  • The MD5 signature is: 3B96D7B7CC35C8273C7AE39A840E44FD
  • The SHA-1 signature is: 0783550EA0CB5DAAC7B0A540DFEDBE077E5DD4E6
  • The SHA-256 signature is: DBE8959CE71AA1E389CD22A3AFE8B976CF8BB6331C2B68912750BB1E76F328DF

Password Safe Cloud Resource Broker 25.2.0.1939 release notes

October 30, 2025

ℹ️

You can download this release from your Password Safe Cloud portal by navigating to Configuration > Resource Zones and clicking Download Installer.

🆕 New features

This is a maintenance release. There are no new features.

✨ Enhancements

This is a maintenance release. There are no enhancements.

🛠️ Issues resolved

No issues are resolved in this release.

📝 Requirements

  • We recommend a restart after this update.

🗒️ Notes

  • Direct upgrades to 25.2.0.1939 are supported from all previous versions.
  • This release bundles version 25.2.0.1971 of the BeyondTrust Discovery Agent. View the Discovery Agent 25.2.0.1971release notes.
  • .NET hosting bundle v8.0.21 is included.
  • Session Monitoring Agent (pbsmd) is updated to 25.1.44.
  • Enhanced Session Monitoring Agent (pbpsmon) 25.1.43 is included.
  • PS Automate build 16357480509 is included.

⚙️ Signatures

  • The MD5 signature is: 3A643E070DF3612C07CA0F6BFDD89668
  • The SHA-1 signature is: 35FFFCE58962B1CDB75286B5F784699BBB0E81FC
  • The SHA-256 signature is: 772110CF28E2A147865D0ACA5D4FD57855B1C2FD8E09830249C173535C7FA8C3

BeyondTrust Discovery Agent 25.2.0.1791 release notes

October 9, 2025

ℹ️

This release is available by download from the BeyondTrust Client Portal.

🆕 New features

Additional Kerberos support

Added support for Kerberos only environments by creating connections using the hostname instead of IP address.

Improved enumeration of MSSQL Databases

Improved support for enumerating MSSQL DB on ports not included in the scan/target port list.

Additional logic for scanners Added logic to make sure the scanner doesn't restart a running scan until we geta valid CP packet. This is needed to account for version dependent features.
Ability to report SSH Key Added the ability to report back SSH keys for Windows Users. This Supports OpenSSH on Windows.
Refinement to Phoenix.Core.log files Eliminated the excess Phoenix.Core.log file. The contents of that log are now in the Phoenix.Service.log.
Restrict execution of DLL and EXE files Restricted the execution of DLLs and EXEs via the Remote Agent to signed executables.

✨ Enhancements

With this release, we've added the following enhancements to the BeyondTrust Discovery Agent:

  • Removed unnecessary logfile warnings for MSSQL SID formatting.
  • Resolved issue where IOS XR OS information was missing.
  • Added support for long running SSH commands.
  • Improved SSH prompt detection.
  • Resolved the issue where a user enumeration would fail if the registry value was not a properly formatted SID.
  • Fixed a Checkpoint Gaia user enumeration parsing error

🛠️ Issues resolved

DescriptionResolution
Unnecessary logfile warnings for unexpected DB columnsRemoved unnecessary logfile warnings
Windows PowerShell doesn't properly send the command line options for btdiscovery.cmd to the program.Windows PowerShell commands work correctly.
There is an issue running the Discovery Agent with .NET Hosting 8.0.1.Either downgrade to 8.0.0 or upgrade to 8.0.2 or greater.
When you attempt to use Sybase authentication with IPv6, it does not authenticate.Sybase authentication is not supported for IPv6.
When you try to use MySQL9 on Linux, the connection does not validate.MySQL 9 on Linux enumeration is not supported at that time.

📝 Requirements

  • There is a product dependency on having the .NET 8 Hosting package installed.
  • OAuth authorization is dependent on having BI version 24.2.0
  • The Central Policy message to retrieve all scheduled scans is dependent on BI version 24.3.0 and higher.
  • Support for SSH Session encryption using the SHA1 cipher is removed. SHA256 or higher should be used.
  • Support for DSA encryption as an SSH authentication cipher has been removed.

⚙️ Signatures

  • The MD5 signature is: 9db142657e6431ef7fc3d00fdc6e9911
  • The SHA-1 signature is: 1b95664c97922e68cb4bb3ecbddd5537a33b1b2d
  • The SHA-256 signature is: c6b65d38011dea3f8cd979c880531b4d61d854feb227d46998c76fda1d609dac

⏰ Deprecation notice

Support for Windows 8 and Server 2012 as a scanner host is deprecated.

Password Safe Cloud Resource Broker 25.2.0.1936 release notes

October 8, 2025

ℹ️

You can download this release from your Password Safe Cloud portal by navigating to Configuration > Resource Zones and clicking Download Installer.

🆕 New features

This is a maintenance release. There are no new features.

✨ Enhancements

This is a maintenance release. There are no enhancements.

🛠️ Issues resolved

No issues are resolved in this release.

📝 Requirements

  • We recommend a restart after this update.

🗒️ Notes

  • Direct upgrades to 25.2.0.1936 are supported from all previous versions.
  • This release bundles version 25.1.0.1704 of the BeyondTrust Discovery Agent. View the Discovery Agent 25.1.0.1704 release notes.
  • .NET hosting bundle v8.0.20 is included.
  • Session Monitoring Agent (pbsmd) is updated to 25.1.44.
  • Enhanced Session Monitoring Agent (pbpsmon) 25.1.43 is included.
  • PS Automate build 16357480509 is included.

⚙️ Signatures

  • The MD5 signature is: 6A7BDC9ED6FD09FC63133B49166BD095
  • The SHA-1 signature is: 808093AA342C740F9D0069EE20207B35719C27B4
  • The SHA-256 signature is: DEB158663F5BC9CA023F54A1937259CB8F38F754F1C558DF377F18D78526DA65

Password Safe Cloud Resource Broker 25.1.0.1936 release notes

October 8, 2025

ℹ️

You can download this release from your Password Safe Cloud portal by navigating to Configuration > Resource Zones and clicking Download Installer.

🆕 New features

This is a maintenance release, and there are no new features.

✨ Enhancements

This is a maintenance release, and there are no enhancements.

🛠️ Issues resolved

No issues are resolved in this release.

📝 Requirements

  • We recommend a restart after this update.

🗒️ Notes

  • Direct upgrades to 25.1.0.1936 are supported from all previous versions.
  • This release bundles version 25.1.0.1704 of the BeyondTrust Discovery Agent. View the Discovery Agent 25.1.0.1704 release notes.
  • .NET hosting bundle v8.0.20 is included.
  • Session Monitoring Agent (pbsmd) is updated to 25.1.43.
  • Enhanced Session Monitoring Agent (pbpsmon) 25.1.38 is included.
  • PS Automate build 16357480509 is included.

⚙️ Signatures

  • The MD5 signature is: 4C5AC0DD72980BAECA121BBB55CFD8DF
  • The SHA-1 signature is: 70289306F850E279701E5E3BFD4DEE903E4EC44F
  • The SHA-256 signature is: 97F42EE620D55D73C157491989BE2145F09A7069CDF8CA8BCBD12F703D0579F7

Password Safe Mobile App 1.2.0 for Android and iOS release notes

October 9, 2025

To support enterprise users who need secure access on the go, Password Safe is introducing a mobile app for both Apple iOS and Android.

🆕 New features

  • Added support for SAML single sign-on.

📝 Requirements

  • Password Safe 25.1 or later

PS Cloud Resource Broker 25.2.0.1935 release notes

September 11, 2025

ℹ️

You can download this release from your Password Safe Cloud portal by navigating to Configuration > Resource Zones and clicking Download Installer.

🆕 New features

This is a maintenance release. There are no new features.

✨ Enhancements

This is a maintenance release. There are no enhancements.

🛠️ Issues resolved

No issues are resolved in this release.

📝 Requirements

  • We recommend a restart after this update.

🗒️ Notes

  • Direct upgrades to 25.2.0.1935 are supported from all previous versions.
  • This release bundles version 25.1.0.1704 of the BeyondTrust Discovery Agent. View the Discovery Agent 25.1.0.1704 release notes.
  • .NET hosting bundle v8.0.16 is included.
  • Session Monitoring Agent (pbsmd) is updated to 25.1.44.
  • Enhanced Session Monitoring Agent (pbpsmon) 25.1.43 is included.
  • PS Automate build 16357480509 is included.

⚙️ Signatures

  • The MD5 signature is: D83A2B3CFDAEE7B192BF0638DF351215
  • The SHA-1 signature is: B37A46A4D7EA448B3D79BB3D238B1FD25535DCC2
  • The SHA-256 signature is: 42D4848B7FDD74586009B8560C5DE6B4EEC1E2DAEC3BCFAFEE2D0891F01B4DF4

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.