BeyondInsight for Unix and Linux 26.1.2
May 26th, 2026
🛠️ Issues resolved
| Product Area | Description | Resolution |
|---|---|---|
| API | File path handling in the API has been improved for greater robustness. | File path handling now applies more comprehensive validation to reject invalid path formats, including encoded variants. |
| API | File path handling during ISO file extraction has been improved. | ISO file extraction now applies the same file path validation used by other extraction operations, ensuring files are written only to designated locations. |
| API | Legacy encryption key management has been updated to follow current security best practices. | Legacy encryption keys are no longer stored in source code and are now managed exclusively through secure configuration channels. |
| API | Processing of SIEM search query terms has been improved. | Search terms are now correctly escaped before being passed to the Splunk SPL context. |
| API | Input handling for the log search endpoint has been improved. | Query and sort parameters for the log search endpoint are now validated before being forwarded to the backend. |
| API | Sensitive credential handling in debug logging has been improved. | The Password Safe API key is no longer included in any log entries. |
| API | Input handling for SSH delegation commands has been improved. | Usernames used in SSH delegation commands are now validated before use. |
| API | Input handling for the event log download endpoint has been improved. | The file path parameter for event log downloads is now validated and sanitized before use. |
| API | Stability of the managed hosts endpoint has been improved. | The managed hosts endpoint now validates filter input and returns an appropriate error response for malformed requests. |
| Authentication | Stability of session token handling has been improved. | Session token handling now uses safer type checking to prevent unexpected errors. |
| Authentication | Sensitive data handling in application logging has been improved. | Password reset tokens are no longer written to application logs. |
| Authentication | Session cleanup behavior on logout has been improved. | The application now unconditionally removes the session token from local storage on logout, regardless of whether the server-side call succeeds. |
| Authentication | Token validation in SaaS authentication has been improved. | The SaaS authentication middleware now validates token expiration and rejects expired tokens. |
| Authentication | Stability of authorization processing during concurrent operations has been improved in on-premises deployments. | The authorization store is now protected with thread-safe synchronization to prevent issues during concurrent admin operations. |
| Authentication | Stability of SaaS authentication under concurrent load has been improved. | The authentication token cache now uses thread-safe access patterns to prevent errors during concurrent requests. |
| Authentication | Input handling for directory service search operations has been improved. | Search terms are now correctly escaped for all supported directory service types, consistent across Active Directory and non-Active Directory configurations. |
| Authentication | Password verification has been updated to follow current security best practices. | Password hash comparisons now use a constant-time comparison function. |
| Authentication | MFA enforcement for Directory Service users in MFA-enabled groups has been corrected. | MFA is now correctly applied to Directory Service users in MFA-enabled groups, and group membership is preserved following successful authentication. |
| Authentication | A login issue affecting Active Directory users on on-premises deployments has been resolved. | Active Directory group membership lookup during on-premises authentication has been corrected, allowing AD users to log in successfully. |
| Authentication | An error encountered when adding an authentication service to an Active Directory group has been resolved. | Authentication services can now be successfully added to Active Directory groups. |
| Configuration | The error notification displayed when uninstalling EPM on a license server with dependent hosts has been corrected. | The notification now correctly indicates that uninstallation cannot proceed while dependent hosts remain registered to the license server. |
| Configuration | Performance and stability of directory path validation on the deployment settings page has been improved. | The directory path validation logic has been updated to prevent potential browser performance issues with certain inputs. |
| Configuration | Stability of PAM reauth role configuration processing has been improved. | Custom user values in PAM reauth configuration are now treated as literal strings, preventing potential browser performance issues. |
| Configuration | A configuration issue with TLS certificate verification for the Splunk HEC health check has been corrected. | The TLS certificate verification setting for the Splunk HEC health check now behaves as expected when enabled or disabled. |
| Configuration | The Remote Groups configuration page has been updated to display only supported options. | Authentication Services has been removed from the Remote Groups configuration page, as it is not a supported configuration for Remote Groups. |
| Configuration | Layout display issues in the first-run wizard at narrow screen widths have been corrected. | All containers in the first-run wizard now remain within their card boundaries at all supported screen widths. |
| Configuration | An error encountered when assigning a Solr Indexing Server to a host has been resolved. | The Solr Indexing Server assignment process has been corrected, allowing host assignment to complete successfully. |
| Configuration | An error encountered when restoring an RBP policy backup on a UVM installation has been resolved. | RBP policy restoration now completes successfully on UVM installations. |
| Session Monitoring | An issue on the Audit Search & Replay page where clearing the date filter resulted in no records being displayed has been resolved. | Clearing the date filter on the Audit Search & Replay page now displays all available records by default. |
| Upgrade | A dependency version mismatch in the front-end build has been resolved. | The angular-eslint dependency has been updated to version 20 to align with the Angular major version. |
| Upgrade | The Go runtime has been updated to incorporate the latest available improvements. | The Go runtime has been updated to the latest version across all service repositories. |
