August 24, 2023

Requirements:

• This BeyondTrust Password Safe Integration for ServiceNow 23.2.1 has been certified for production release.
• Requires Password Safe 22.2 or later.

ℹ️

Note

For more information, please see Supported Platforms.

New features and enhancements:

• New custom username field - added the ability to utilize a configurable custom field for username.

Issues resolved:

• Resolved a bug which prevented dialogs from rendering in workspace views. The dialog windows now display in both standard and workspace views as was originally intended.

Notes:

• This version of the Password Safe ServiceNow integration has passed technical and marketing reviews as part of the ServiceNow certification process.
• This integration supports upgrades from any prior release.
• Published to the ServiceNow Store and listed as BeyondTrust Password Safe Integration.
• Certified against ServiceNow San Diego, Tokyo, Utah, and Vancouver releases.
• Certified for GA.
• The SHA-256 signature is: d052fb53cd2836727ab4b976bb49343d77232a0c8037073c23d157498cd6ff79

July 17, 2023

New features and enhancements:

This is a maintenance release. There are no new features to note.

Issues resolved:

• Resolved issue where UserAudits PAPI - NULL AppAudit->UserName field caused Error 500.

Known issues:

None.

Notes:

• Direct upgrades to this version are supported from all previous versions.
• This release is available for download by BeyondTrust customers from the Configuration > Resource Zones > Download Installer of their Password Safe Cloud portal.
• This release bundles version 23.1.2 of the BeyondTrust Discovery Scanner. Corresponding release notes are available here: https://www.beyondtrust.com/docs/release-notes/beyondinsight-password-safe/discovery-agent/discovery-agent-23-1-2.htm.
• The MD5 signature is: AD8768299D6112139D2EFA56992AB6BE
• The SHA-1 signature is: CB7182C946FB589529D22998246142817EA621B0
• The SHA-256 signature is: 0A117DEF9ACE7F55360E2CD3710537DD7074240612E4AA29163E5BB6A57D5DCB

July 17, 2023

Requirements:

• Requires version 23.1.2.1276 or higher of the BeyondTrust Discovery Agent.

New features and enhancements:

This is a maintenance release. There are no new features to note.

Issues resolved:

• When editing Scheduled Scan Detailed Discovery Options, the UI now displays a value in the Deploy Local Scan Service dropdown, which accurately reflects the value that was originally set upon scan creation.
• When editing Scheduled Scan Discovery Options, the UI now displays a value for the Limit Accounts Returned option, which reflects the value that was originally set upon scan creation.
• Registry Monitoring events now show up on the report, and are normalized to the database.
• When customizing the options for a Detailed Discovery Scan in the Scan Wizard, no validation error occurs if entering more than 100 users in the Limit Accounts Returned option.
• Smart Rule filtering now applies correctly on the Domain Linked Accounts grid when a Smart Rule contains an asset Smart Group selection criteria filter.
• Updated the SSH Session Manual Commands screen to be consistent with prior versions.
• Logfiles are now being properly generated for the Secrets Safe service.
• The Manage Ownership screen in Secrets Safe now assigns ownership of a secret to a Team. When assigning ownership when the Team contained a large number of members, there are no longer graphical issues.
• You can now successfully check out a managed account when the access policy has Multi-Day Checkout enabled and there is a time zone difference between the client and server.
• Resolved a grid row details issue (Asset > Advanced Details > Users). The SSH Key Count field will no longer be zero if there are SSH keys that exist for that user.
• Global keystroke search from the Completed Sessions grid has been restored. Additionally, Quick Filter search has been added to the Active Sessions and Completed Sessions grid.
• A password mismatch email is no longer sent upon a test of a functional account if the managed system is unreachable.
• The PUT Addresses/{id} API no longer creates a new address, but instead updates the existing entry.
• Unnecessary Smart Rule processing log system entries are no longer written to the database when no changes are applied.
• SSH session is now successful when there is an access policy with a location restriction using an X-Forwarded-For entry.
• An access policy configured as recurring daily on weekdays only no longer permits a request to occur on a weekend day.

Known issues:

There are no new known issues in this release.

ℹ️

Note

Issues discovered after release can be found within our product Knowledge Base.

Notes:

• Direct upgrades to 23.1.1 are supported from BeyondInsight versions 21.2 or higher.
• This release is available by download for BeyondTrust customers (https://beyondtrustcorp.service-now.com/csm) and by using the BeyondTrust BT Updater.
• The MD5 signature is: f28ff31a500600ed759e63f8de1b7c93
• The SHA-1 signature is: 43aa7e88ecba534a92d25f6499681ac8d7819eaf
• The SHA-256 signature is: 6d04703fcc51805efe739bdd33c44a75681a19f1b882ed56945be006fa4ca73f

July 11, 2023

Requirements

• Requires .NET 4.7.2 or later.

New features and enhancements:

• The grid on the main page is now wider.
• Added progress indicator for loading release panel.
• Changed default release notes version display.
• Chevron now collapses the Client Subscription details card.

Issues resolved:

• Lock now always locks the correct version on the Subscription page.
• There is no longer an error in the browser dev tools when selecting release notes.
• Resolved issue in which a Javascript error displayed when selecting subscription.
• Clicking on subscriptions lock now locks the version you are selecting rather than the latest version.
• BeyondInsight Release Notes now load when release notes menu item is clicked.
• Removed the multi-select ability on the Subscriptions page because there were no multi-select options.
• Retry button for a failed install was re-added to the web UI.

Known issues:

• The clear cache pop-up confirmation continues to be displayed after the login session ends.
• For settings through API, a password can be changed to contain one character.
• For settings through API, an email address can be changed against the format rules.

Notes:

• This update is available via BT Updater.

July 6, 2023

New features and enhancements:

This is a maintenance release. There are no new features to note.

Notes:

• Direct upgrades to this version are supported from all previous versions.
• This release is available for download by BeyondTrust customers from the Configuration > Resource Zones > Download Installer of their Password Safe Cloud portal.
• This release bundles version 23.1.2 of the BeyondTrust Discovery Scanner. Corresponding release notes are available here: https://www.beyondtrust.com/docs/release-notes/beyondinsight-password-safe/discovery-agent/discovery-agent-23-1-2.htm.
• The MD5 signature is: D45487D6E1FCFD686C59D009FA47C509
• The SHA-1 signature is: 536FF5BDF86BAB4DE55846DD491B67E237055C92
• The SHA-256 signature is: 9EF7A954ADEEF1D49282D6057EE54A5F06B8D22246A645145A6AE392A0152C80

June 29, 2023

New features and enhancements:

• Switch to CLI mode when authenticating to a Junos device bash prompt.
• Improved Junos device enumeration with different account levels.
• Reduced the number of times the runtime options file is read and written in the log file.
• The remote agent is disabled if an I/O error is received.
• Removed logging of some well-known, non-error exceptions.
• Handles multiple path configurations for AuthorizedKeys.

Issues resolved:

• Resolved error in AIX user enumeration where number of returned users exceeded the configured max users.
• Resolved error where domain commands were not timing out or were timing out too early.
• Resolved an exception in parsing scheduled task data.
• Resolved error retrieving the AuthorizedKeys path in default Ubuntu.

Known issues:

• The installation dialogs have string substitution errors.
• Certain special characters in a MongoDB password cause the connection string to be improperly formatted and the connection fails. Workaround: For this release, avoid using special characters in the MongoDB password.

Notes:

• Direct upgrades to this version are supported from versions 20.1.0 and later.
• This release is available by download from the BeyondTrust Client Portal at https://beyondtrustcorp.service-now.com/csm.
• There is a product dependency on having the .NET 6 Hosting package installed.
• The MD5 signature is: 4f535b119f28222c713bed247f7d413e
• The SHA-1 signature is: 6bdfe8e421792a13ad870d7e579963eb01caa8b2
• The SHA256 signature is: bea0c0adee3579e998bae42b8a672e5232be6dd1e5ab91e0079bec086929e4c3

June 27, 2023

Requirements:

• This BeyondTrust Password Safe Integration for ServiceNow 23.1.3 has been certified for production release.
• Requires Password Safe 22.2 or later.

ℹ️

Note

For more information, please see Supported Platforms.

Key Features:

This new integration allows a ServiceNow user with access to privileged accounts managed by BeyondTrust Password Safe to access those accounts from the context of an approved change management ticket.  The initial release of the integration supports:

• Security / criteria checks before any access is allowed (e.g., no impersonation, approved ticket, ticket assigned to the current user, etc.).
• The ability to initiate an RDP or SSH session directly from ServiceNow and utilize approved access to a managed account.
• The ability to retrieve the password for a managed account to allow access via other external tools or methods.
• The ability to target specific task types such as Incident, Change Request, Problem, etc.
• The use of a MID server for access to Password Safe environments that may not be publicly accessible.
• Workflows that are supported in both classic and workspace views.

Notes:

• This version of the Password Safe ServiceNow integration has passed technical and marketing reviews as part of the ServiceNow certification process.
• This integration supports upgrades from any prior release.
• Published to the ServiceNow Store listed as BeyondTrust Password Safe Integration.
• Certified against ServiceNow San Diego, Tokyo, and Utah releases.
• Certified for GA.

June 15, 2023

New features and enhancements:

• Convert to batch mode writes for storing events to the local database.
• Changed the default terminal type to dumb for SSH connections.
• Added collection of PBUL when not installed via package manager.
• No longer store the credentials in the scanner local database if the BI communications are capable of sending credentials on demand.
• Converted the third party SSH engine to Rebex.
• Added collection of Linux target role.
• Moved the configuration setting of LogCPMessages from the registry to the PhoenixConfig.json file.
• Optimized the credential test loop so that credentials aren't retried.
• Add collection of PuTTY keys for domain users who have logged onto the target.
• Cleaned up DCOM output to remove extraneous characters.
• Add support for Arista EOS devices.
• Finished support for Juniper (Junos) devices by adding support for User enumeration.
• Optimized the order of SSH credentials to prefer non-elevated credentials first.
• Added support for Palo Alto devices.
• Improved Fortinet device support.
• Added additional scan abort checks to allow for scan to abort in a timely fashion.
• Added additional optional timeouts to assist in resolving hung scans.
• Added a timeout for getting the remote system time.
• Added a timeout to deploying the remote agent.

Issues resolved:

• Resolved issue in which database credentials without ports weren't using the default port.
• Resolved issue in which the job option for enumerate database value wasn't set correctly.
• Resolved issues in which group enumeration wasn't occurring due to unsupported SidUseTypes.
• Fixed the collection of PuTTY keys for windows users.
• Resolved issue which caused early aborts for scheduled scans.
• Resolved issue which caused exceptions in IPTarget.Dispose().
• Resolved issue which allowed a DB credential to be tried on a target it wasn't configured for.
• Resolved an exception that occurred when a target had no IPv4 address returned by the DNS query.
• Resolved issue in which domain users had expired passwords.
• Resolved an issue allowing domain commands to be sent after it was determined not to allow further domain commands.
• Resolved error which caused a failure when expanding IP ranges.

Known issues:

• The installation dialogs have string substitution errors.
• Certain special characters in a MongoDB password will cause the connection string to be improperly formatted and the connection will fail. For this release, avoid using special characters in the MongoDB password.

Notes:

• Direct upgrades to this version are supported from versions 20.1.0 and later.
• This release is available by download from the BeyondTrust Client Portal at https://beyondtrustcorp.service-now.com/csm.
• There is a product dependency on having the .NET 6 Hosting package installed.
• The MD5 signature is: 06690809d81889207fa2e384da7778d9
• The SHA-1 signature is: 213598e140d15dcd833a864445de43f6276ed251
• The SHA256 signature is: 5bbe32f038e981c2f43ab9fd45af81e915d3678b6d2025ebb38dd8df7b6f9ddf

June 1, 2023

Issues resolved:

• Registry keys used by the resource broker have been configured with more restrictive ACL.
• Resource Broker Details now displays version numbers that matches the installed version.
• Removed server header from management service.
• Improved cleanup process for orphaned management service tokens.
• Improved state management around resource broker upgrade UI in the portal.

Notes:

• Direct upgrades to this version are supported from all previous versions.
• This release is available for download by BeyondTrust customers from the Configuration > Resource Zones > Download Installer of their Password Safe Cloud portal.
• This release bundles version 23.1.0.1223 of the BeyondTrust Discovery Scanner. Corresponding release notes are available here: https://www.beyondtrust.com/docs/release-notes/beyondinsight-password-safe/discovery-agent/discovery-agent-23-1-0.htm.
• The MD5 signature is: BB32BFA84CBA817CEB64DAA71F517DBD
• The SHA-1 signature is: 35C973A2AEAFEFAA0BF28EBD25018B7DBAB382FA
• The SHA-256 signature is: 22AB265BE8A9D697FA00EE3DAE0C79757A9EF3D88F4FD6D83DB9BB6DBDDCA356

June 1, 2023

New features and enhancements:

• Convert to batch mode writes for storing events to the local database.
• Changed the default terminal type to dumb for SSH connections.
• Added collection of PBUL when not installed via package manager.
• No longer store the credentials in the scanner local database if the BI communications are capable of sending credentials on demand.
• Converted the third party SSH engine to Rebex.
• Added collection of Linux target role.
• Moved the configuration setting of LogCPMessages from the registry to the PhoenixConfig.json file.
• Optimized the credential test loop so that credentials aren't retried.
• Add collection of PuTTY keys for domain users who have logged onto the target.
• Cleaned up DCOM output to remove extraneous characters.
• Add support for Arista EOS devices.
• Finished support for Juniper (Junos) devices by adding support for User enumeration.
• Optimized the order of SSH credentials to prefer non-elevated credentials first.
• Added support for Palo Alto devices.
• Improved Fortinet device support.
• Added additional scan abort checks to allow for scan to abort in a timely fashion.
• Added additional optional timeouts to assist in resolving hung scans.
• Added a timeout for getting the remote system time.
• Added a timeout to deploying the remote agent.

Issues resolved:

• Resolved issue in which database credentials without ports weren't using the default port.
• Resolved issue in which the job option for enumerate database value wasn't set correctly.
• Resolved issues in which group enumeration wasn't occurring due to unsupported SidUseTypes.
• Fixed the collection of PuTTY keys for windows users.
• Resolved issue which caused early aborts for scheduled scans.
• Resolved issue which caused exceptions in IPTarget.Dispose().
• Resolved issue which allowed a DB credential to be tried on a target it wasn't configured for.
• Resolved an exception that occurred when a target had no IPv4 address returned by the DNS query.
• Resolved issue in which domain users had expired passwords.
• Resolved an issue allowing domain commands to be sent after it was determined not to allow further domain commands.
• Resolved error which caused a failure when expanding IP ranges.

Known issues:

• The installation dialogs have string substitution errors.
• Certain special characters in a MongoDB password will cause the connection string to be improperly formatted and the connection will fail. For this release, avoid using special characters in the MongoDB password.

Notes:

• Direct upgrades to this version are supported from versions 20.1.0 and later.
• This release is available by download from the BeyondTrust Client Portal at https://beyondtrustcorp.service-now.com/csm.
• The MD5 signature is: 63a3030a39062b51c3c7218cf6933980
• The SHA-1 signature is: 457c6580385be518d9e895fe693b4ae4879e7b89
• The SHA256 signature is: b9f7da37eaa01604eba47be4326bdaaddda1a89ddaa38390bcf259e46e716cdd