BeyondInsight and Password Safe 25.3.0.1996 (On-Premises only)
5 days ago
Important informationThis update is for On-Premises customers only. Fixes have been automatically applied to all 25.3 Password Safe Cloud deployments.
March 2, 2026
For a list of supported platforms for the latest version of BeyondInsight and Password Safe, see Supported Platforms.
🆕 New features
This is a maintenance release. There are no new features.
✨ Enhancements
This is a maintenance release. There are no new enhancements.
🛠️ Issues resolved
| Product Area | Description | Resolution |
|---|---|---|
| SCIM API | Incorrect application of BeyondInsight password complexity checks may cause AD user creation via SCIM API to fail with 500 Internal Server Error. | Updated the internal logic to correct the application of the BeyondInsight password complexity checks. |
| API | Downloading file secrets using the API produces a bad file for binary formats. | Corrected the internal handling of binary data in the download API. |
| API | API registrations requiring a client certificate fail to authenticate with the error Failed to authenticate due to one or more authentication rules. | Restored successful client certificate-based API authentication. |
| Smart Groups | When you use the Workgroup filter to create a new Quick Rule, it may not include all items expected. | Corrected the selection process to ensure that all expected items are included. |
| Upgrade | Certain data points in existing environments (duplicate entries in Event Table Monitor, Smart Rules or Smart Rule criteria or actions with Xen or Risk in the names) could potentially cause a problem with the database upgrade process. | Made the database upgrade process more robust by adding additional safeguards around steps that remove or deactivate deprecated functionality. |
| Password Safe | Following upgrade to BIPS 25.3.0.1965, in some environments, a certificate validation error may be encountered during Password Release/Session activities in the JIT workflow. | Updated the code to fallback appropriately if the certificate name mismatch occurs. |
📝 Requirements
- Direct upgrades to 25.3 are supported from BeyondInsight versions 23.3 or later releases.
- BeyondInsight 25.3.0 supports SQL Server 2016 SP2 or higher.
🗒️ Notes
- This release is available by download for BeyondTrust customers (https://beyondtrustcorp.service-now.com/csm) and by using the BeyondTrust BT Updater.
- The MD5 signature is: e8974ceb5add993202ac2cf3f2f2cf2f
- The SHA-1 signature is: 5887755578bfb1e060fd2224d90b28af6db9ecaf
- The SHA-256 signature is: 234912005a5a433a77362abb7e62fb65efb9de99f73a95220c1da7d23b4be3e5
