DocumentationRelease Notes
Release Notes

BT Updater 3.5 release notes

June 3, 2025

🆕 New features

There are no new features with this release.

✨ Enhancements

Enhanced "Reboot Recommended" process (reboot and retry)

When installing a product for a subscription that runs an installer, and the installer requires a pending reboot:

  • Case 1: Auto Reboot is OFF
    • The subscription is not marked as published.
    • The machine does not reboot automatically.
    • The activity log shows: "update deferred (reboot needed)".
    • Once the user manually reboots the machine and it starts back up, it automatically tries to publish the subscription again.
  • Case 2: Auto Reboot is ON
    • The subscription is not marked as published.
    • The machine automatically reboots.
    • The activity log shows: "update deferred (reboot needed)"
    • After the reboot, it automatically tries to publish the subscription again.

Improve user feedback when a reboot is recommended:

  • Added notifications to inform user that reboot is recommended.
  • Added a banner to inform user that reboot is recommended.

Enhanced "Reboot Needed" process

When installing a product for a subscription that runs an installer, and any of the following system settings indicate a reboot is pending:

  • A reboot is required by Windows Update.
  • A reboot is pending from Component-Based Servicing.
  • A system update is scheduled on boot.
  • There are pending file rename operations.

Then:

  • The updater sets a global reboot flag.
  • The Updater UI displays a banner message saying "Reboot recommended".
  • After the machine is rebooted, the global reboot flag is resets the banner disappears.
Prevent installs if reboot requested (including deferred reboots)

The system uses the installer’s recommended reboot exit code as a natural signal to pause.

When the installer returns this code:

  • The updater knows a reboot is required and does not mark the install as complete.
  • The installation automatically retries after the machine is rebooted.
  • If the user clicks "Update Now" before rebooting, the installer may return the same reboot recommended code again, since the reboot still hasn’t occurred.

🛠️ Issues resolved

DescriptionResolution
Exception logs are generated in root c:\ drive without cleanup.Logs are now being stored in the usual Updater log area.
Dependent package versions are not listed in the web interface.Dependent package versions are now listed in the web user interface.
Login page does not display properly in dark mode.Login page changed to identify dark mode.
Package (*.pkg) not delivered by Updater and placed on an Enterprise Updater can cause child nodes to crash.Package files are deleted if they are invalid.
Dark Mode Background colors are incorrect.Dark mode colors fixed.
No feedback given to user if an invalid file is downloaded.An icon shows for invalid files.

📝 Requirements

  • .NET 4.7.2 or later
  • IIS to be enabled on host

BeyondTrust Discovery Agent 25.1.0.1704 release notes

June 3, 2025

ℹ️

This release is available by download from the BeyondTrust Client Portal.

🆕 New features

Retry option for RPC service

You can now use Retry to see if your RPC service is running when you're executing a BTDiscovery.cmd client command.

Runtime option in the port scan

Use the new runtime option to allow for additional ports in your port scan.

✨ Enhancements

With this release, we've added the following enhancements to the BeyondTrust Discovery Agent:

  • support for reporting Windows Server 2025
  • multiple SSH channels are enabled (for Posix targets only)
  • improved scanning credential selection by eliminating credentials that don't apply to the target
  • improved performance by moving DCOM Enumeration to the remote agent extension
  • support for Check Point network devices
  • improved scan results by not enumerating Domain Users in groups when the job setting for EnumerateDomainUsers is disabled

🛠️ Issues resolved

DescriptionResolution
Remote command timeout issueResolved by sending the command timeout to the remote agent when starting a new session.
A bug occurs when using SUDO elevation when the "-k" option is not supported.Resolved. Bug no longer occurs.
A parsing bug occurs which causes Linux Scheduled Task enumeration to fail.Resolved. Bug no longer occurs.
Expired password issue when no data found.When no data is found in the password expired value it reports "not expired".
Issue with IPv6 connection strings for Oracle, MongoDB, Terradata, and MySQLResolved. No longer issue with connections strings.
A bug occurs in the handling of MySQL data which results in a failure in event processing.Resolved. Bug no longer occurs.
A bug occurs where the debug log level is not working for the Remote Agent service.Resolved. Bug no longer occurs.
A false positive occurs on SSH and MongoDB credential access which is incorrectly reporting the credential access succeeded.Resolved. False positive no longer occurs.
A condition occurs where a nonexistent MSSQL instance was reported.Resolved. Condition no longer occurs.
A bug occurs when the SSH connection timeout runtime option is not being used, causing early timeouts.Resolved. Early timeouts no longer occur.
A bug occurs where targets are incorrectly identified as DCs.Resolved. Targets are no longer incorrectly identified.

📝 Requirements

  • There is a product dependency on having the .NET 8 Hosting package installed.
  • OAuth authorization is dependent on having BI version 24.2.0.
  • The new Central Policy message to retrieve all scheduled scans is dependent on BI version 24.3.0 and later.
  • A reboot of the system may be required.
  • SSH Session encryption using the SHA1 cipher is deprecated. SHA256 or higher should be used.
  • Deprecate DSA encryption as an SSH authentication cipher.

⚙️ Signatures

  • The MD5 signature is 38b53b4d08f551dc05175921b5233f8d
  • The SHA-1 signature is 1a5fb5bdca31e87e66136b2294a8c79bea8eeb64
  • The SHA256 signature is 31d291cd493d097d0db2c04804407cf77da485025ae8695ef2b9162870cf40f0

⏰ Deprecation notice

Support for Windows 8 and Server 2012 as a scanner host is deprecated.

BT Updater Server Release Notes 2.0.1

May 1, 2025

Issues resolved

DescriptionResolution
Remove unnecessary verbiage in https://productupdates.beyondtrust.com/: Click here to view Incapsula's IP addresses that you will need to allow through your firewall.Verbiage removed
While subscriptions are locked, the associate package does not download.Incorrect locking handling removed.
When looking at the Offline tool to create an offline package, BeyondInsight 24.3 is not shown in the list for downloads. Able to be downloaded from Updater.Fixed filtering for the Offline tool.
Changes in the backend caused packages in QA mode to show as Live. SUPI packages that are shown as live are downloadable in Updater.Fixed filtering.
When accessing Client Subscriptions under BeyondInsight, the 24.3 release is not displayed.Incorrect locking handling removed.
BT Updater version 3.4.1.1743 cannot download the locked Appliance Management version unless it is the latest version 4.3.3.Incorrect locking handling removed.

Password Safe Cloud Resource Broker 24.3.0.1902 release notes

April 30, 2025

Requirements

  • We recommend a restart after this update.

New features and enhancements

  • There are no new features or enhancements.

Issues resolved

  • Resolved an issue where Password Safe Plugins were not adhering to Managed System timeout setting.

Notes

  • Direct upgrades to 24.3.0.1902 are supported from all previous versions.
  • This release bundles version 24.3.0.1576 of the BeyondTrust Discovery Agent. View the Discovery Agent 24.3.0.1576 release notes.
  • .NET hosting bundle v8.0.11 is included.
  • Session Monitoring Agent (pbsmd) 24.3.18 is included.
  • Enhanced Session Monitoring Agent (pbpsmon) 24.3.17 is included.
  • PS Automate build 12239790337 is included.
  • BeyondTrust customers can download this release from their Password Safe Cloud portal by navigating to Configuration > Resource Zones and clicking Download Installer.
  • The MD5 signature is: 9F5AB94868FA7FDE51F310E39F78B848
  • The SHA-1 signature is: C6CEE92AD30E060B280BE9E9136F11398348A4A7
  • The SHA-256 signature is: E158B7507ABD4F4EED1F9A99B2D89B78A21D8C88C5FE350D5FBA2B98DE483ADE

BT Updater 3.4.2 Release Notes

April 10, 2025

Requirements

  • .NET 4.7.2 or later
  • IIS to be enabled on host

Issues resolved

DescriptionResolution
Package download size is exceeding the expected size.Improved the management of download threads, ensuring that only one download for a specific package occurs at a time.

Also addressed a defect in the resumption of interrupted downloads to prevent downloads from exceeding the expected size.
Package download percentage switches between progress on two different threads.Improved the management of download threads, ensuring that only one download for a specific package occurs at a time.
Packages that fail validation check are copied into the cache folder.Fixed handling of invalid files so they are not copied to the cache folder and cannot be downloaded by downstream Appliances.

Password Safe Cloud Resource Broker 24.3.0.1900 release notes

March 5, 2025

Requirements

  • We recommend a restart after this update.

New features and enhancements

  • There are no new features or enhancements.

Issues resolved

  • Resolved an issue with RDP sessions not working when spanning 3 monitors. RDP sessions now work as intended when spanning 3 monitors.

Notes

  • Direct upgrades to 24.3.0.1900 are supported from all previous versions.
  • This release bundles version 24.3.0.1576 of the BeyondTrust Discovery Agent. View the Discovery Agent 24.3.0.1576 release notes.
  • .NET hosting bundle v8.0.11 is included.
  • Session Monitoring Agent (pbsmd) has been updated to 24.3.18.
  • Enhanced Session Monitoring Agent (pbpsmon) has been updated to 24.3.18.
  • PS Automate has been updated to build 12239790337.
  • BeyondTrust customers can download this release from their Password Safe Cloud portal by navigating to Configuration > Resource Zones and clicking Download Installer.
  • The MD5 signature is: 7B519B614D635DCC0A8ED3014D81D1C9
  • The SHA-1 signature is: 1FF50AA330F81011EACAD97235FAEF72AF972B29
  • The SHA-256 signature is: 23F924450A46EF43E711A3E2C0F98E737366542C09BD68BDF8BD7C30458B3632

BeyondInsight and Password Safe 24.3.0.1237 (On-Premises only)

⚠️

This build replaces the previous BeyondInsight and Password Safe 24.3.0 release build with important fixes.

February 3, 2025

ℹ️

Note

For a list of supported platforms for the latest version of BeyondInsight and Password Safe, see Supported Platforms.

Enhancements

New fields added to Password Safe API Guide:

Issues resolved

Product AreaDescriptionResolution
Secrets SafeA failure occurred when a user who is in multiple groups attempted to create or edit a secret because all of the user groups did not have the Secret Safe Read and Create permissionsNow, when a user is in multiple groups, if at least one of those groups has the Secret Safe Read and Create permissions, the secret creation is successful.
PS AutomateWhen downloading the msedge driver for Microsoft Edge from the PS Automate build, a Chrome driver downloads.When downloading the msedge driver for Microsoft Edge from PS Automate, the correct msedge driver downloads as expected. We also updated the enhancedsessionutility download from the website.
Smart RulesWhen attempting to upgrade to 24.3.0, if there are deprecated Smart Rules, the upgrade failed and did not remove any references to deprecated Smart Rules that were assigned to user groups.This issue is resolved. Now, when you attempt to upgrade to 24.3.0 using this build, the failure does not occur and references to deprecated Smart Rules are removed from user groups as expected.

Notes

  • Direct upgrades to 24.3.0.1237 are supported from BeyondInsight versions 23.1 or later releases.
  • BeyondInsight 24.3.0.1237 supports SQL Server 2016 SP2 or higher.
  • This release is available by download for BeyondTrust customers (https://beyondtrustcorp.service-now.com/csm) and by using the BeyondTrust BT Updater.
  • The MD5 signature is: XXXXX
  • The SHA-256 signature is: 26746f925a10b3c09f79cc90fb4139cecfc8e028efe79d9d38fb67cac41a17a3

U-Series Appliance 4.4 Release Notes

January 27, 2025

Requirements

  • .NET 8.0.0 or later (available through BT Updater via Supporting Software SUPI subscription)
  • SUPI 3.3 (available through BT Updater)

Before proceeding with the installation, we strongly recommend a system reboot as certain system dependencies may need to be reset before applying this update.

New features and enhancements

Added IPv6 support
  • The 4.4 image requires firewall rules to add IPv6 to the local policy.
  • The Active side’s address is now registered on the passive side during the “initial set up steps”.
  • IPv6 support is now live in the U-Series Appliance, enabling future software development for Password Safe. This update ensures seamless compatibility with both IPv4 and IPv6 environments, including individual or hybrid setups. Other products must also support IPv6 before it can be fully utilized.
  • The High Availability page allows the user to select an IPv6 address from the list on the partner initialization page.
Improved password creation and validation
  • Local Policy - Password minimum length is 15 char, unless using the BI Password policy and it is less than 15.
  • Local Policy - Password minimum length is 16, unless using the BI Password policy.
  • Password Policy - BI Admin API returns all required information.
Deployment API v2
  • Customers and partners can now use new AutomaticDeplopyment endpoints to configure IPSettings, both IPv4 and IPv6.
  • Using the quartz schedule options for the backup service, the api model is maintained for backward compatibility. V2 includes the proper field structure for the backup schedules.
SUPI engine
  • Enhancements were made to the SUPI engine to support modernization changes to .Net updates. This change extends the SUPI engine to manage third party dependencies installed on the Appliance. Frameworks will be modified in future monthly security updates.
  • Appliance software now works without NT AUTHORITY/SYSTEM having SQL sysadmin privileges.

Issues resolved

  • Issues resolved where packages that would be skipped were kept until packages are processed. Superseded packages are now removed when a new package is received which will provide more accurate space and time requirements.
  • Resolved an issue where the NEXT button on the IPSettings ConfigWizard step only respected changes to selected adaptors. The NEXT button now respects changes to multiple adaptors.
  • Resolved an issue where the password for beyondtrust_user met complexity rules but was not accepted.
  • Resolved an issue where SQL Server Database Password could be updated from API without any restrictions and rules.

Notes:

  • Security Management Appliance Installer is dependent on BeyondInsight 24.1.
  • Security Management Appliance package in BT Updater is dependent on BeyondInsight 24.1.
  • This update is available through BT Updater or as a manual installer from the download tool.

Password Safe Cloud Resource Broker 24.3.0.1899 release notes

January 30, 2025

Requirements

  • We recommend a restart after this update.

New features and enhancements

  • There are no new features or enhancements.

Issues resolved

  • Resolved an ORA-28040 error when connecting to oracle instances. Updated underlying oracle.manageddataaccess library that is used by the oracle plugin.
  • PS Automate downloads Chrome driver when using Microsoft Edge.

Notes

  • Direct upgrades to 24.3.0.1899 are supported from all previous versions.
  • This release bundles version 24.3.0.1576 of the BeyondTrust Discovery Agent. View the Discovery Agent 24.3.0.1576 release notes.
  • .NET hosting bundle v8.0.11 is included.
  • Session Monitoring Agent (pbsmd) has been updated to 24.3.17.
  • Enhanced Session Monitoring Agent (pbpsmon) has been updated to 24.3.17.
  • PS Automate has been updated to build 12239790337.
  • BeyondTrust customers can download this release from their Password Safe Cloud portal by navigating to Configuration > Resource Zones and clicking Download Installer.
  • The MD5 signature is: 786FFACB589D925348AC128D27E28792
  • The SHA-1 signature is: 0411223233299CC791FD79884052C8B506C39667
  • The SHA-256 signature is: 522D5BBD562B8570DEEF6FCD47F7AF3CA819318FF64787700CB89A63D0CCDC9E

Password Safe Cloud Resource Broker 24.2.0.1873 release notes

January 30, 2025

Requirements

  • We recommend a restart after this update.

New features and enhancements

  • There are no new features or enhancements.

Issues resolved

  • Resolved an ORA-28040 error when connecting to oracle instances. Updated underlying oracle.manageddataaccess library that is used by the oracle plugin.

Notes

  • Direct upgrades to 24.2.0.1873 are supported from all previous versions.
  • This release bundles version 24.2.0.1501 of the BeyondTrust Discovery Agent. Corresponding release notes are available here: Discovery Agent 24.2.0.1501 Release Notes
  • .NET hosting bundle v8.0.8 is included.
  • Session Monitoring Agent (pbsmd) has been updated to 24.2.45.
  • Enhanced Session Monitoring Agent (pbpsmon) has been updated to 24.2.45.
  • PS Automate has been updated to build 10925527552.
  • BeyondTrust customers can download this release from their Password Safe Cloud portal by navigating to Configuration > Resource Zones and clicking Download Installer.
  • The MD5 signature is: 8DA263D4202A4BBFB97C690F1B7A0384
  • The SHA-1 signature is: 6C729D8AA12091ABEBF115D2505D2FF234B1523F
  • The SHA-256 signature is: 8F2E012120D5C1182E6E44736812256C2DE11130986696A0E50DB62AE83CE30F

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.