We apologize for the email you may have received notifying you of the availability of these release notes. This release is not yet available.
Thank you for your understanding.
We apologize for the email you may have received notifying you of the availability of these release notes. This release is not yet available.
Thank you for your understanding.
Expected release date: June 3, 2025
Requirements
- .NET 4.7.2 or later
- IIS to be enabled on host
New features
No new features.
Enhancements
Enhanced "Reboot Recommended" process (reboot and retry)
When installing a product for a subscription that runs an installer, and the installer requires a pending reboot:
- Case 1: Auto Reboot is OFF
- The subscription is not marked as published.
- The machine does not reboot automatically.
- The activity log shows: "update deferred (reboot needed)".
- Once the user manually reboots the machine and it starts back up, it automatically tries to publish the subscription again.
- Case 2: Auto Reboot is ON
- The subscription is not marked as published.
- The machine automatically reboots.
- The activity log shows: "update deferred (reboot needed)"
- After the reboot, it automatically tries to publish the subscription again.
Improve user feedback when a reboot is recommended:
- Added notifications to inform user that reboot is recommended.
- Added a banner to inform user that reboot is recommended.
Enhanced "Reboot Needed" process
When installing a product for a subscription that runs an installer, and any of the following system settings indicate a reboot is pending:
- A reboot is required by Windows Update.
- A reboot is pending from Component-Based Servicing.
- A system update is scheduled on boot.
- There are pending file rename operations.
Then:
- The updater sets a global reboot flag.
- The Updater UI displays a banner message saying "Reboot recommended".
- After the machine is rebooted, the global reboot flag is resets the banner disappears.
Prevent installs if reboot requested (including deferred reboots)
The system uses the installer’s recommended reboot exit code as a natural signal to pause.
When the installer returns this code:
- The updater knows a reboot is required and does not mark the install as complete.
- The installation automatically retries after the machine is rebooted.
- If the user clicks "Update Now" before rebooting, the installer may return the same reboot recommended code again, since the reboot still hasn’t occurred.
Issues resolved
| Description | Resolution |
|---|---|
| Exception logs are generated in root c:\ drive without cleanup. | Logs are now being stored in the usual Updater log area. |
| Dependent package versions are not listed in the web interface. | Dependent package versions are now listed in the web user interface. |
| Login page does not display properly in dark mode. | Login page changed to identify dark mode. |
| Package (*.pkg) not delivered by Updater and placed on an Enterprise Updater can cause child nodes to crash. | Package files are deleted if they are invalid. |
| Dark Mode Background colors are incorrect. | Dark mode colors fixed. |
| No feedback given to user if an invalid file is downloaded. | An icon shows for invalid files. |
Expected release date: June 3, 2025
Requirements:
- There is a product dependency on having the .NET 8 Hosting package installed.
- OAuth authorization is dependent on having BI version 24.2.0.
- The new Central Policy message to retrieve all scheduled scans is dependent on BI version 24.3.0 and later.
- A reboot of the system may be required.
New features and enhancements:
- Added support for reporting Windows Server 2025.
- Enabled multiple SSH channels for Posix targets only.
- Improved scanning credential selection by eliminating credentials which don't apply to the target.
- Improved performance by moving DCOM Enumeration to the remote agent extension.
- Added a retry when checking to see if the RPC service is running when executing a BTDiscovery.cmd client command.
- Added a runtime option to allow for additional ports in the port scan.
- Added support for Check Point network devices.
- Improved scan results by not enumerating Domain Users in groups when the job setting for EnumerateDomainUsers is disabled.
Issues resolved:
- Resolved an remote command timeout issue by sending the command timeout to the remote agent when starting a new session.
- Resolved a bug when using SUDO elevation when the "-k" option is not supported.
- Resolved a parsing bug which caused Linux Scheduled Task enumeration to fail.
- Resolved the password expired value so that it reports "not expired" when no data is found.
- Resolved the IPv6 connection strings for Oracle, MongoDB, Terradata, and MySQL
- Resolved a bug in the handling of MySQL data which resulted in a failure in event processing.
- Resolved bug where the debug log level was not working for the Remote Agent service.
- Resolved false positive on SSH and MongoDB credential access which was incorrectly reporting the credential access succeeded.
- Resolved a condition in which a nonexistent MSSQL instance was reported.
- Resolved a bug in which the SSH connection timeout runtime option was not being used causing early timeouts.
- Resolved a bug where targets were incorrectly identified as DCs.
Notes:
- SSH Session encryption using the SHA1 cipher is deprecated. SHA256 or higher should be used.
- Support for Windows 8 and Server 2012 as a scanner host is deprecated.
- This release is available by download from the BeyondTrust Client Portal.
- Deprecate DSA encryption as an SSH authentication cipher.
- The MD5 signature is: 38b53b4d08f551dc05175921b5233f8d
- The SHA-1 signature is: 1a5fb5bdca31e87e66136b2294a8c79bea8eeb64
- The SHA256 signature is: 31d291cd493d097d0db2c04804407cf77da485025ae8695ef2b9162870cf40f0
May 1, 2025
Issues resolved
| Description | Resolution |
|---|---|
| Remove unnecessary verbiage in https://productupdates.beyondtrust.com/: Click here to view Incapsula's IP addresses that you will need to allow through your firewall. | Verbiage removed |
| While subscriptions are locked, the associate package does not download. | Incorrect locking handling removed. |
| When looking at the Offline tool to create an offline package, BeyondInsight 24.3 is not shown in the list for downloads. Able to be downloaded from Updater. | Fixed filtering for the Offline tool. |
| Changes in the backend caused packages in QA mode to show as Live. SUPI packages that are shown as live are downloadable in Updater. | Fixed filtering. |
| When accessing Client Subscriptions under BeyondInsight, the 24.3 release is not displayed. | Incorrect locking handling removed. |
| BT Updater version 3.4.1.1743 cannot download the locked Appliance Management version unless it is the latest version 4.3.3. | Incorrect locking handling removed. |
April 30, 2025
Requirements
- We recommend a restart after this update.
New features and enhancements
- There are no new features or enhancements.
Issues resolved
- Resolved an issue where Password Safe Plugins were not adhering to Managed System timeout setting.
Notes
- Direct upgrades to 24.3.0.1902 are supported from all previous versions.
- This release bundles version 24.3.0.1576 of the BeyondTrust Discovery Agent. View the Discovery Agent 24.3.0.1576 release notes.
- .NET hosting bundle v8.0.11 is included.
- Session Monitoring Agent (pbsmd) 24.3.18 is included.
- Enhanced Session Monitoring Agent (pbpsmon) 24.3.17 is included.
- PS Automate build 12239790337 is included.
- BeyondTrust customers can download this release from their Password Safe Cloud portal by navigating to Configuration > Resource Zones and clicking Download Installer.
- The MD5 signature is: 9F5AB94868FA7FDE51F310E39F78B848
- The SHA-1 signature is: C6CEE92AD30E060B280BE9E9136F11398348A4A7
- The SHA-256 signature is: E158B7507ABD4F4EED1F9A99B2D89B78A21D8C88C5FE350D5FBA2B98DE483ADE
April 10, 2025
Requirements
- .NET 4.7.2 or later
- IIS to be enabled on host
Issues resolved
| Description | Resolution |
|---|---|
| Package download size is exceeding the expected size. | Improved the management of download threads, ensuring that only one download for a specific package occurs at a time. Also addressed a defect in the resumption of interrupted downloads to prevent downloads from exceeding the expected size. |
| Package download percentage switches between progress on two different threads. | Improved the management of download threads, ensuring that only one download for a specific package occurs at a time. |
| Packages that fail validation check are copied into the cache folder. | Fixed handling of invalid files so they are not copied to the cache folder and cannot be downloaded by downstream Appliances. |
March 5, 2025
Requirements
- We recommend a restart after this update.
New features and enhancements
- There are no new features or enhancements.
Issues resolved
- Resolved an issue with RDP sessions not working when spanning 3 monitors. RDP sessions now work as intended when spanning 3 monitors.
Notes
- Direct upgrades to 24.3.0.1900 are supported from all previous versions.
- This release bundles version 24.3.0.1576 of the BeyondTrust Discovery Agent. View the Discovery Agent 24.3.0.1576 release notes.
- .NET hosting bundle v8.0.11 is included.
- Session Monitoring Agent (pbsmd) has been updated to 24.3.18.
- Enhanced Session Monitoring Agent (pbpsmon) has been updated to 24.3.18.
- PS Automate has been updated to build 12239790337.
- BeyondTrust customers can download this release from their Password Safe Cloud portal by navigating to Configuration > Resource Zones and clicking Download Installer.
- The MD5 signature is: 7B519B614D635DCC0A8ED3014D81D1C9
- The SHA-1 signature is: 1FF50AA330F81011EACAD97235FAEF72AF972B29
- The SHA-256 signature is: 23F924450A46EF43E711A3E2C0F98E737366542C09BD68BDF8BD7C30458B3632
This build replaces the previous BeyondInsight and Password Safe 24.3.0 release build with important fixes.
February 3, 2025
Note
For a list of supported platforms for the latest version of BeyondInsight and Password Safe, see Supported Platforms.
Enhancements
New fields added to Password Safe API Guide:
- GET ManagedAccounts - added AccountDescription : string to the response body
- GET Sessions and GET Sessions/{id}/ - added to the response body:
- ApplicationID : int
- RequestID : int
- SessionType : int
Issues resolved
| Product Area | Description | Resolution |
|---|---|---|
| Secrets Safe | A failure occurred when a user who is in multiple groups attempted to create or edit a secret because all of the user groups did not have the Secret Safe Read and Create permissions | Now, when a user is in multiple groups, if at least one of those groups has the Secret Safe Read and Create permissions, the secret creation is successful. |
| PS Automate | When downloading the msedge driver for Microsoft Edge from the PS Automate build, a Chrome driver downloads. | When downloading the msedge driver for Microsoft Edge from PS Automate, the correct msedge driver downloads as expected. We also updated the enhancedsessionutility download from the website. |
| Smart Rules | When attempting to upgrade to 24.3.0, if there are deprecated Smart Rules, the upgrade failed and did not remove any references to deprecated Smart Rules that were assigned to user groups. | This issue is resolved. Now, when you attempt to upgrade to 24.3.0 using this build, the failure does not occur and references to deprecated Smart Rules are removed from user groups as expected. |
Notes
- Direct upgrades to 24.3.0.1237 are supported from BeyondInsight versions 23.1 or later releases.
- BeyondInsight 24.3.0.1237 supports SQL Server 2016 SP2 or higher.
- This release is available by download for BeyondTrust customers (https://beyondtrustcorp.service-now.com/csm) and by using the BeyondTrust BT Updater.
- The MD5 signature is: XXXXX
- The SHA-256 signature is: 26746f925a10b3c09f79cc90fb4139cecfc8e028efe79d9d38fb67cac41a17a3
January 30, 2025
Requirements
- We recommend a restart after this update.
New features and enhancements
- There are no new features or enhancements.
Issues resolved
- Resolved an ORA-28040 error when connecting to oracle instances. Updated underlying oracle.manageddataaccess library that is used by the oracle plugin.
- PS Automate downloads Chrome driver when using Microsoft Edge.
Notes
- Direct upgrades to 24.3.0.1899 are supported from all previous versions.
- This release bundles version 24.3.0.1576 of the BeyondTrust Discovery Agent. View the Discovery Agent 24.3.0.1576 release notes.
- .NET hosting bundle v8.0.11 is included.
- Session Monitoring Agent (pbsmd) has been updated to 24.3.17.
- Enhanced Session Monitoring Agent (pbpsmon) has been updated to 24.3.17.
- PS Automate has been updated to build 12239790337.
- BeyondTrust customers can download this release from their Password Safe Cloud portal by navigating to Configuration > Resource Zones and clicking Download Installer.
- The MD5 signature is: 786FFACB589D925348AC128D27E28792
- The SHA-1 signature is: 0411223233299CC791FD79884052C8B506C39667
- The SHA-256 signature is: 522D5BBD562B8570DEEF6FCD47F7AF3CA819318FF64787700CB89A63D0CCDC9E
