June 3, 2025

ℹ️

This release is available by download from the BeyondTrust Client Portal.

🆕 New features

Retry option for RPC service

You can now use Retry to see if your RPC service is running when you're executing a BTDiscovery.cmd client command.

Runtime option in the port scan

Use the new runtime option to allow for additional ports in your port scan.

✨ Enhancements

With this release, we've added the following enhancements to the BeyondTrust Discovery Agent:

• support for reporting Windows Server 2025
• multiple SSH channels are enabled (for Posix targets only)
• improved scanning credential selection by eliminating credentials that don't apply to the target
• improved performance by moving DCOM Enumeration to the remote agent extension
• support for Check Point network devices
• improved scan results by not enumerating Domain Users in groups when the job setting for EnumerateDomainUsers is disabled

🛠️ Issues resolved

📝 Requirements

• There is a product dependency on having the .NET 8 Hosting package installed.
• OAuth authorization is dependent on having BI version 24.2.0.
• The new Central Policy message to retrieve all scheduled scans is dependent on BI version 24.3.0 and later.
• A reboot of the system may be required.
• SSH Session encryption using the SHA1 cipher is deprecated. SHA256 or higher should be used.
• Deprecate DSA encryption as an SSH authentication cipher.

⚙️ Signatures

• The MD5 signature is 38b53b4d08f551dc05175921b5233f8d
• The SHA-1 signature is 1a5fb5bdca31e87e66136b2294a8c79bea8eeb64
• The SHA256 signature is 31d291cd493d097d0db2c04804407cf77da485025ae8695ef2b9162870cf40f0

⏰ Deprecation notice

Support for Windows 8 and Server 2012 as a scanner host is deprecated.

May 1, 2025

Issues resolved

April 30, 2025

Requirements

• We recommend a restart after this update.

New features and enhancements

• There are no new features or enhancements.

Issues resolved

• Resolved an issue where Password Safe Plugins were not adhering to Managed System timeout setting.

Notes

• Direct upgrades to 24.3.0.1902 are supported from all previous versions.
• This release bundles version 24.3.0.1576 of the BeyondTrust Discovery Agent. View the Discovery Agent 24.3.0.1576 release notes.
• .NET hosting bundle v8.0.11 is included.
• Session Monitoring Agent (pbsmd) 24.3.18 is included.
• Enhanced Session Monitoring Agent (pbpsmon) 24.3.17 is included.
• PS Automate build 12239790337 is included.
• BeyondTrust customers can download this release from their Password Safe Cloud portal by navigating to Configuration > Resource Zones and clicking Download Installer.
• The MD5 signature is: 9F5AB94868FA7FDE51F310E39F78B848
• The SHA-1 signature is: C6CEE92AD30E060B280BE9E9136F11398348A4A7
• The SHA-256 signature is: E158B7507ABD4F4EED1F9A99B2D89B78A21D8C88C5FE350D5FBA2B98DE483ADE

April 10, 2025

Requirements

• .NET 4.7.2 or later
• IIS to be enabled on host

Issues resolved

March 5, 2025

Requirements

• We recommend a restart after this update.

New features and enhancements

• There are no new features or enhancements.

Issues resolved

• Resolved an issue with RDP sessions not working when spanning 3 monitors. RDP sessions now work as intended when spanning 3 monitors.

Notes

• Direct upgrades to 24.3.0.1900 are supported from all previous versions.
• This release bundles version 24.3.0.1576 of the BeyondTrust Discovery Agent. View the Discovery Agent 24.3.0.1576 release notes.
• .NET hosting bundle v8.0.11 is included.
• Session Monitoring Agent (pbsmd) has been updated to 24.3.18.
• Enhanced Session Monitoring Agent (pbpsmon) has been updated to 24.3.18.
• PS Automate has been updated to build 12239790337.
• BeyondTrust customers can download this release from their Password Safe Cloud portal by navigating to Configuration > Resource Zones and clicking Download Installer.
• The MD5 signature is: 7B519B614D635DCC0A8ED3014D81D1C9
• The SHA-1 signature is: 1FF50AA330F81011EACAD97235FAEF72AF972B29
• The SHA-256 signature is: 23F924450A46EF43E711A3E2C0F98E737366542C09BD68BDF8BD7C30458B3632

⚠️

This build replaces the previous BeyondInsight and Password Safe 24.3.0 release build with important fixes.

February 3, 2025

ℹ️

Note

For a list of supported platforms for the latest version of BeyondInsight and Password Safe, see Supported Platforms.

Enhancements

New fields added to Password Safe API Guide:

• GET ManagedAccounts - added AccountDescription : string to the response body
• GET Sessions and GET Sessions/{id}/ - added to the response body:
  • ApplicationID : int
  • RequestID : int
  • SessionType : int

Issues resolved

Notes

• Direct upgrades to 24.3.0.1237 are supported from BeyondInsight versions 23.1 or later releases.
• BeyondInsight 24.3.0.1237 supports SQL Server 2016 SP2 or higher.
• This release is available by download for BeyondTrust customers (https://beyondtrustcorp.service-now.com/csm) and by using the BeyondTrust BT Updater.
• The MD5 signature is: XXXXX
• The SHA-256 signature is: 26746f925a10b3c09f79cc90fb4139cecfc8e028efe79d9d38fb67cac41a17a3

January 27, 2025

Requirements

• .NET 8.0.0 or later (available through BT Updater via Supporting Software SUPI subscription)
• SUPI 3.3 (available through BT Updater)

Before proceeding with the installation, we strongly recommend a system reboot as certain system dependencies may need to be reset before applying this update.

New features and enhancements

Added IPv6 support

• The 4.4 image requires firewall rules to add IPv6 to the local policy.
• The Active side’s address is now registered on the passive side during the “initial set up steps”.
• IPv6 support is now live in the U-Series Appliance, enabling future software development for Password Safe. This update ensures seamless compatibility with both IPv4 and IPv6 environments, including individual or hybrid setups. Other products must also support IPv6 before it can be fully utilized.
• The High Availability page allows the user to select an IPv6 address from the list on the partner initialization page.

Improved password creation and validation

• Local Policy - Password minimum length is 15 char, unless using the BI Password policy and it is less than 15.
• Local Policy - Password minimum length is 16, unless using the BI Password policy.
• Password Policy - BI Admin API returns all required information.

Deployment API v2

• Customers and partners can now use new AutomaticDeplopyment endpoints to configure IPSettings, both IPv4 and IPv6.
• Using the quartz schedule options for the backup service, the api model is maintained for backward compatibility. V2 includes the proper field structure for the backup schedules.

SUPI engine

• Enhancements were made to the SUPI engine to support modernization changes to .Net updates. This change extends the SUPI engine to manage third party dependencies installed on the Appliance. Frameworks will be modified in future monthly security updates.

• Appliance software now works without NT AUTHORITY/SYSTEM having SQL sysadmin privileges.

Issues resolved

• Issues resolved where packages that would be skipped were kept until packages are processed. Superseded packages are now removed when a new package is received which will provide more accurate space and time requirements.
• Resolved an issue where the NEXT button on the IPSettings ConfigWizard step only respected changes to selected adaptors. The NEXT button now respects changes to multiple adaptors.
• Resolved an issue where the password for beyondtrust_user met complexity rules but was not accepted.
• Resolved an issue where SQL Server Database Password could be updated from API without any restrictions and rules.

Notes:

• Security Management Appliance Installer is dependent on BeyondInsight 24.1.
• Security Management Appliance package in BT Updater is dependent on BeyondInsight 24.1.
• This update is available through BT Updater or as a manual installer from the download tool.

January 30, 2025

Requirements

• We recommend a restart after this update.

New features and enhancements

• There are no new features or enhancements.

Issues resolved

• Resolved an ORA-28040 error when connecting to oracle instances. Updated underlying oracle.manageddataaccess library that is used by the oracle plugin.
• PS Automate downloads Chrome driver when using Microsoft Edge.

Notes

• Direct upgrades to 24.3.0.1899 are supported from all previous versions.
• This release bundles version 24.3.0.1576 of the BeyondTrust Discovery Agent. View the Discovery Agent 24.3.0.1576 release notes.
• .NET hosting bundle v8.0.11 is included.
• Session Monitoring Agent (pbsmd) has been updated to 24.3.17.
• Enhanced Session Monitoring Agent (pbpsmon) has been updated to 24.3.17.
• PS Automate has been updated to build 12239790337.
• BeyondTrust customers can download this release from their Password Safe Cloud portal by navigating to Configuration > Resource Zones and clicking Download Installer.
• The MD5 signature is: 786FFACB589D925348AC128D27E28792
• The SHA-1 signature is: 0411223233299CC791FD79884052C8B506C39667
• The SHA-256 signature is: 522D5BBD562B8570DEEF6FCD47F7AF3CA819318FF64787700CB89A63D0CCDC9E

January 30, 2025

Requirements

• We recommend a restart after this update.

New features and enhancements

• There are no new features or enhancements.

Issues resolved

• Resolved an ORA-28040 error when connecting to oracle instances. Updated underlying oracle.manageddataaccess library that is used by the oracle plugin.

Notes

• Direct upgrades to 24.2.0.1873 are supported from all previous versions.
• This release bundles version 24.2.0.1501 of the BeyondTrust Discovery Agent. Corresponding release notes are available here: Discovery Agent 24.2.0.1501 Release Notes
• .NET hosting bundle v8.0.8 is included.
• Session Monitoring Agent (pbsmd) has been updated to 24.2.45.
• Enhanced Session Monitoring Agent (pbpsmon) has been updated to 24.2.45.
• PS Automate has been updated to build 10925527552.
• BeyondTrust customers can download this release from their Password Safe Cloud portal by navigating to Configuration > Resource Zones and clicking Download Installer.
• The MD5 signature is: 8DA263D4202A4BBFB97C690F1B7A0384
• The SHA-1 signature is: 6C729D8AA12091ABEBF115D2505D2FF234B1523F
• The SHA-256 signature is: 8F2E012120D5C1182E6E44736812256C2DE11130986696A0E50DB62AE83CE30F

December 20, 2024

Requirements:

Requires BeyondTrust Password Safe version 24.3.0 or later release.

New features and enhancements:

• Updated Python API sample (v5.10.3).
• Updated Platform SDK to support Password Safe 24.3.
• Bash API script now properly supports Database managed systems.
• Resolved issue in PS Automate where Chrome & Edge browsers do not properly launch with newer (v128+) of browser.
• Checksums:
  • Enhanced Session Utility
    • pbpsmon-24.3.16.msi
      • SHA256: 6fe34851b3e2a77504a205497aba0852f50e36df569ee096f61d0daeebf9a946
    • pbpsmon-24.3.16.exe
      • SHA256: 0a4777019a0b4761e6307e1568a354b30925b9d902a739e5138b0d97638fdc6f
  • Secrets Cache
    • beyondtrust-secrets-cache-24.3.16-x64.exe
      • SHA256: 099d6c523c518d6bc3a8def73f4721b72e8269b08096cdc5549f72119c4a2f69
    • beyondtrust-secrets-cache-24.3.16-1.el9.x86_64.rpm
      • SHA256: dafee3a4b161bce0a1472b4d2f0aa8cb7ac9192c7210296a4a0e54b8a98a3907
    • beyondtrust-secrets-cache-24.3.16-1.el8.x86_64.rpm
      • SHA256: 28a77b3d82417e241422d086c1284b91474b0bbef1178a762ab42f85118de846

Notes:

• The SHA-256 signature is: 1652b570b519dca63bb3bd1c148a815ac9928fe3b64213b513f365b5f440d8df
• This release is available to download for BeyondTrust customers at https://beyondtrustsecurity.force.com/customer/login