2022 Release Notes
Last modified on May 8, 2024
January 2022
New
- Bulk Operations Functionality in the Admin UI. Added support for bulk operations on users, allowing you to do the following:
- Select up to 25 users at a time.
- Set roles and permission level.
- Remove users from all roles.
- Azure Key Vault Secret Store Integration. Released Azure Key Vault, enabling you to integrate Key Vault with StrongDM and use the Secret Store integration to connect to resources.
Updated
- SSH Self-connections. Updated the way that SSH self-connections are tracked. Executing
ssh
within an existing connection is now treated as an SSH session for the purpose of Admin UI replays. Previously, these were tracked as non-interactive replays.
Fixed
- Program Hangups on Termination. Fixed a bug in the CLI where if the program failed to flush its audit log messages on termination it would hang forever. This process now terminates after 5 seconds.
- Enhanced Disconnect Response. Changed the response of the
sdm disconnect
CLI command to more clearly highlight always-connected resource types. - Downgrade NLA Connections Flag Displaying Incorrectly. Fixed a bug where the “Downgrade NLA Connections” flag did not correctly appear in the CLI when creating an RDP server.
February 2022
New
- Access Overhaul Generally Available. Released Access Overhaul features. If you are interested in any of the following features, please contact your Customer Success Manager:
- Bulk operations functionality on users in the Admin UI
- Ability to search and filter users based on temporary access, role membership, status, type, permission level, and tags
- Ability to search and filter roles based on role name and tags
- Multi-role membership
- Access rules
- IdP user provisioning
- Secret Stores Generally Available. Released the following Secret Store integrations: AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, and HashiCorp Vault.
- MongoDB Support. Added MongoDB 5.0 support.
- Auto Renewal of Vault Tokens. Added support for periodic automatic renewal of HashiCorp Vault tokens. The rate at which tokens are renewed is controlled using the
LEASE_RENEWAL_TTL
environment variable.
Updated
- Activities Logs Icons. Added new icons to the Admin UI’s Activities logs table.
- Improved Security. Increased the hashing algorithm work factor to improve security standards.
- Cloned Datasources and Tags. Updated cloning functionality so that cloning a datasource also clones its tags, both in the CLI and the Admin UI.
- Improved Temporary Access Tab in Admin UI. Updated the Temporary Access tab in the Admin UI’s User Details page to be a paginated table.
- Faster Temporary Access Grants. Enhanced the Grant Temporary Access action on the Admin UI’s Users page to open a modal directly rather than redirect to the User Details page.
- Visible Resources. Updated the Temporary Access modal in the Admin UI to show only resource categories that have existing resources present.
- Improved SSH Config File Generation. Improved how
sdm ssh config
handles multiple resources with the same hostname. - Secret Store Assignments. Changed the way that certain resources can be assigned to secret stores. Resource types that do not use credential fields (Neptune, Memcached, HTTP (no auth), and Raw TCP) no longer can be assigned a secret store, even if the disable StrongDM secret store setting is enabled. Existing instances of these resources with secret stores continue to work. At least one secret store must be configured before the disable StrongDM secret store option can be enabled.
Fixed
- Team Leaders Adding Users to Role. Fixed a bug where users with the Team Leader permission level could not add users to their role.
- Activate Port Forwarding Per Server. Fixed a bug so the activate SSH port forwarding for all servers option in the Admin UI now works as expected.
- SSH Connections to Non-StrongDM SSH Resources. Fixed a bug where users could attempt to run the
sdm ssh
command to connect to non-StrongDM SSH resources. - Resource Management in the Admin UI. Fixed a bug where resources could not have their type changed via the Admin UI.
March 2022
New
- OneLogin SCIM Provisioning. Added OneLogin as an official SCIM provisioning provider option.
- HashiCorp Vault AppRole Generally Available. Released the AppRole authentication method for the Vault Secret Store integration. It is not yet present in the SDKs.
- SDK v2 Generally Available. Released version 2 of all SDKs to support access rules.
Updated
- Faster Load Time on Users Page. Improved the load time for Team Leaders on the Users page of the Admin UI.
- Display of Role Assignments. Improved the display of roles in the Admin UI when a user is assigned to a large number of roles.
- New Permission for Admin Tokens. Enabled admin tokens to be granted the Control Panel:View Settings permission.
- Filter and Scroll Web Logs. Updated the Web Logs page in the Admin UI to support filters and scroll pagination.
- Admin UI URLs. Standardized URLs in the Admin UI to match the name and/or section of the page in focus.
- Remove Button. Changed the Remove example resources button into an explanation card that also includes the Remove button.
- Wider SSH Replays. Made the SSH Replays modal in the Admin UI wider in order to handle wider SSH sessions.
- Healthchecks upon Connection. Added support for healthchecks on connect rather than at creation.
- More Info Printed for
sdm config
. Updated thesdm config
CLI command to print organization ID and user ID information about the logged-in user.
Fixed
- Error When Deleting User in Admin UI. Fixed an issue where deleting an account from the Users page of the Admin UI showed an error until the page was refreshed.
- 409 Showing Incorrect Error Message. Fixed the 409 Conflict error message to include the correct server message in the Admin UI.
- Generic SCIM Provider Not Displaying. Added Generic as a SCIM provider option in the Admin UI’s Provisioning settings.
- Users Page Showing Parent Admins. Fixed a bug where “Admin, Parent” Users would appear on a child organization’s Users page in the Admin UI.
- Tag Values Not Accepting Commas. Fixed the way that the Admin UI handles tag values, so that you can use commas in tag values.
- Long Emails Not Validating on Login. Fixed email validation on login to the Admin UI for very long domains.
- Welcome Screen Taking Too Long to Load. Fixed a bug where the Welcome screen of the Admin UI hung up in the loading state.
- Resources Not Sorted Alphabetically. Fixed a bug where the resource type list in the Admin UI was no longer alphabetically sorted.
- Incorrect Role Hover Styling. Corrected the hover styling on role rows in the Set Roles modal of the Admin UI for all browsers.
- Deleted Resources Still Counted as Resources. Fixed a bug where deleted resources were included in the resource count in the Admin UI.
- Private Keys Not Being Validated. Fixed a bug in the Admin UI where the Private Key field was not being validated on resources of the SSH (Customer Managed Key) type.
- Incorrect Tooltip Formatting. Fixed tooltip formatting in the Admin UI.
- Broken Date Format. Fixed a bug where the date format was broken in Firefox.
- Port Numbers Not Showing. Fixed a bug where port numbers did not appear in category headers when port overrides were disabled.
- Read-Only Public Keys. Ensured that the public key field is read-only on SSH read-only certificates.
- Some Users Loading SCIM Info Without Permission. Prevented an error where database administrators and users could attempt to load SCIM information they were not permitted to load.
- SCIM Token Rotation Now Updates Timestamps. Fixed an issue so that rotating a SCIM token updates the created at, last activity at, and heartbeat timestamps.
- CLI Not Showing Commands or Listing Certain Instances. Fixed a bug where the CLI would not show some commands for or fail to list Azure Key Vault secret store instances.
- GUI Crash When Pruning Logs. Fixed a crash in the GUI related to pruning very old log files.
- Access Rule Assignment Fixed an issue where the SDKs only allowed up to 9, not 10, access rules to be assigned to a role.
April 2022
New
- Cloud Support Generally Available. Released support for Azure and GCP Clouds.
- New Datasource Types Generally Available. Released Db2i, Db2 LUW, PostgreSQL (mTLS), and Teradata datasource types.
- Audit Clouds in the CLI. Added the
sdm audit cloud
CLI command. - Run Terraform in the CLI. Added the
sdm terraform
CLI command, allowing admins to run Terraform operations with their current login information.
Updated
- Password (path) Field. Changed the Password (path) field name attribute to credentialPath to make Admin UI pages more friendly with password managers.
- SSH Replays. Made SSH replays in the Admin UI fit better to handle terminal sessions of all sizes.
- RDP Replays. Ensured that RDP replays can be played back in the Admin UI in web browsers.
- Secret Stores. Improved the user experience for Secret Store integrations.
- Elasticsearch Username Field. Made the Username field optional when creating or updating Elasticsearch resources in the Admin UI.
- Admin UI Gateways. Updated the Gateways page of the Admin UI to be more usable.
- User Last Names. Added support for single-character last names in the Admin UI.
- Role Deletion Timeouts. Increased the timeout for role deletion operations in the Admin UI to support larger numbers of users.
- Deleted Tokens in Activities. Changed the way Activity logs display deleted API or SCIM tokens.
- Healthcheck Indicator Icon. Changed the Admin UI and GUI icon that indicates when a datasource is not yet healthchecked.
- PostgreSQL (mTLS) in the GUI. Grouped PostgreSQL (mTLS) resources under the appropriate Database type header in the GUI.
- sdm audit. Made the order of fields returned by
sdm audit ... -j
more consistent with the results of other commands in the CLI. - SCIM Provisioning. Implemented SCIM firewalls on provisioning endpoints for Okta and Azure AD.
- TLS Certificate Rotation. Updated TLS certificates so they are rotated about two weeks before they expire.
Fixed
- Optional Secret Store Fields. Fixed a bug to allow secret stores to be added in the Admin UI with empty values for optional fields, such as Namespace or CA Certificate Path.
- Tooltips. Fixed a bug where, when using the Admin UI, tooltips caused memory leak warnings.
- Resource Tags. Fixed a bug that occurred when viewing and updating tags on servers, websites, and clusters in the Admin UI.
- Temporary Access Start Time. Fixed a bug in the Admin UI’s Temporary Access modal where selecting a date in the calendar would not set the start time to any earlier than now.
- Duplicate Tags. Fixed a bug where bulk-adding roles to multiple users in the Admin UI caused duplicate tags to show up in the view.
- Static Access Rules. Fixed a bug where static access rules could not be edited.
- Gateway/Relay Deletion in Two Browsers. Fixed a bug where deleting a gateway or relay in the Admin UI while the same page was open in another web browser did not throw a null access error.
- Server Edits. Fixed a bug in the Admin UI where changing the resource type was no longer permissible for servers in Edit mode.
- Role Assignments. Fixed a bug where resources could not be added to a role if the previous resource was deleted.
- Relays. Fixed a bug in relays where they were not receiving broadcasts.
- GCP CLI Commands. Fixed a bug where certain GCP commands in the CLI could not be performed even though the service account had the required permissions.
- sdm audit. Fixed a bug where the
sdm audit
CLI command failed when trying to reference deleted roles.
May 2022
Updated
- Tooltips and Tables. Improved the way tooltips and tables are rendered in the Admin UI.
- Healthcheck Icons. Made UI improvements to healthcheck icons.
- Configurable Port Overrides. Enabled port overrides to be configured for SSH resources in SDKs.
- Snowflake Setup. Updated Snowflake configuration in the Admin UI to no longer require certain fields.
- Tags. Made general improvements to the resource tags in the Admin UI.
- Search and Filter Error Messages. Improved error messages for invalid searches with filters in the Admin UI.
- Error Pages. Updated the illustrations shown on some error pages in the Admin UI.
- Behavior When Reaching Rate Limits. Updated the SDKs and Terraform provider to sleep by default when they exceed their rate limits until their rate limit has reset. This feature can be disabled by the client.
Fixed
- Logout Upon Refresh. Fixed bugs with refresh behavior in the Admin UI.
- Display of Connected Resources. Fixed a bug where a relay’s connected resources did not appear in the Admin UI.
- Accounts Search Results Behavior. Fixed a bug in the Accounts tags drop-down filter in the Admin UI, where if the account had no roles at all, the “empty” text suggested that there were no results for the search.
- “Last Healthcheck at” Information. Fixed a bug where some resource healthchecks displayed didn’t update the date and time of the last healthcheck in the Admin UI.
- Clouds Documentation Link. Fixed the link to documentation from the Admin UI Clouds page.
- TCP Resource Types Not Being Cloned. Fixed a bug where legacy TCP resource types were unable to be cloned in the Admin UI.
- RDP File Transfers Causing Gateway Crashes. Fixed a bug where some RDP file transfers could crash gateways.
- Port Overrides Not Being Specified. Fixed a bug where certain valid ports were not allowed to be specified for port override.
- SSH Directory Not Being Created. Fixed a bug where the
~/.ssh
directory was not created if it was missing when running thesdm ssh config
command in the CLI.
June 2022
New
- Remote Identities Generally Available. Released Remote Identities, a new feature that enables your organization’s users to authenticate to SSH or Kubernetes resources using their own individual identifier rather than a leased credential. See section Remote Identities to learn more.
Updated
- Terraform Version Number. Noted Terraform version 0.13 as the minimum supported version on the Admin UI Downloads page.
- User Management Metadata URL Field Name. Changed the IDP Metadata URL field name to Metadata URL on the User Management page of the Admin UI.
- SCIM Update Activities. Changed the wording of SCIM Update activities in Admin UI activity logs.
- sdm ssh grep. Removed the
sdm ssh grep
subcommand from the CLI. - sdm doctor Displays Max FD. Updated the
sdm doctor
CLI command to display Max FD count. - Admin Token Auth Expiration. Updated admin token authentications so they expire 24 hours after creating a new admin token.
- Error Message for Invalid API Keys. Improved the error message reported when the key pair being used was invalid when API login failed for a known reason.
- Azure CLI Support. Added support for some previously unsupported calls from Azure CLI version 2.29.0.
- SSH Cert Server Key Type Parameter. Added the Key Type parameter to SSH certificate-based servers for generating SSH keys of type RSA with 2048/4096 bits, ECDSA with 256/384/521 elliptic curve sizes, or ED25519. The Key Type parameter is supported in the SDKs.
Fixed
- Delete Action for Selected Users in Admin UI. Fixed a bug in the Admin UI Users page where deleting a selected account via the Action menu button no longer considered the deleted row selected, and the “1 selected” pop-up remained after the user was deleted in the Admin UI.
- SSO Setting Updates. Fixed a bug in which updating the client secret SSO setting in the Admin UI did not take effect on the server.
- Cached Data Not Cleared Upon Logout. Fixed a bug where cached data on the API & Admin Tokens page of the Admin UI was not cleared after user logout.
- Admin UI URL Upon Logout. Fixed a bug where upon user logout, the Admin UI URL redirected to
/login
instead of/app/login
. - Port Overrides Link. Fixed a bug where the Port Overrides hyperlink for cluster resources in the Admin UI was broken.
- Tags Not Displaying on Gateway Details. Fixed an issue where tags on the gateway and relay Details tab in the Admin UI were no longer displayed.
- Add Cloud Form Submission. Fixed the Add Cloud form in the Admin UI to prevent submission of the form when required fields were not filled.
- Static Access Rule Counts. Fixed a bug where static access rule counts in the Admin UI were no longer cached.
- Website Certificate Generation Button. Fixed a bug where the website certificate generation button in the Admin UI did not show if certificates did not exist.
- Team Leaders Unable to Add Roles to Users. Fixed a bug where users with the Team Leader permission level could not add a role to users if they had the same role.
- Timeout Issue for Tags Assigned to Dynamic Access Rules. Changed dynamic rule tag queries to match resource drop-down tag queries to avoid timeout issues. Assigning a tag to a dynamic access rule previously failed if queries took longer than 200 ms.
- CLI Commands Failing Without SDM_HOME. Fixed an issue where all CLI commands failed if the
SDM_HOME
directory did not already exist. - MFA Unlock. Fixed an issue that caused MFA unlock to fail.
- Docker Containers Not Accepting Traffic. Fixed a bug where Docker containers with the StrongDM client did not accept traffic on exposed ports.
- RDP File Transfers Crashing Gateways. Fixed a bug where certain file transfers via RDP crashed gateways or relays.
- Hostname Not Updated in Ruby SDK. Fixed a port override-related issue when updating SSH via the Ruby SDK, which caused the hostname not to be updated.
- Port Override Error. Fixed an SDK error that caused attempts to update SSH resources to result in a port override error.
- Missing Delete User Functionality on Parent Org. Fixed an issue where the delete user functionality on a parent organization’s Administrators page was missing.
- Parent Admin Accounts Showing in Child Org. Fixed a CLI bug where Parent Admin accounts were displayed in a child organization.
- Admins of Parent Orgs Unable to Edit User Details. Fixed a bug where root admins could not edit name and email address on a parent organization’s Administrators page.
Remote Identities
Remote Identities enable your organization’s users to authenticate to SSH or Kubernetes resources using their own individual identifier rather than a leased credential.
A Remote Identity is like a username, profile, or alias that is unique to an individual user or service account. When logging in to a server via an SSH client, for example, you typically log in with credentials that are not shared with anyone else. Moreover, your individual activities are written to the resource’s native logs under your username.
A leased credential is shared across multiple users and service accounts. In a StrongDM organization that uses the leased credential method of authentication, all users authenticate with the same leased credential in order to access the resources that have been granted to their assigned role(s). Individual activities are written to the organization’s logs.
Leased credentials are still the default way to access SSH or Kubernetes resources, but they are no longer the only way. Now you have the flexibility to authenticate to SSH or Kubernetes resources with either leased credentials or Remote Identities.
The option to authenticate with Remote Identities is available for the following resource types only:
- SSH (Certificate Based) server
- AKS cluster
- AKS (Service Account) cluster
- Elastic Kubernetes Service cluster
- Elastic Kubernetes Service (Service Account) cluster
- Google Kubernetes Engine cluster
- Kubernetes cluster
- Kubernetes (Service Account) cluster
Admin UI
The Remote Identities release includes the following changes to the Admin UI:
- The Settings tab of users and service accounts now includes the optional Remote Identity field. You can enter any string that is not already in use. One Remote Identity is allowed per user.
- Server and cluster tables have a new Authentication column displaying either Leased Credentials (default) or Remote Identities. These are now filterable values for servers and clusters.
- When adding an SSH (Certificate Based) server or a Kubernetes cluster, the configuration dialog has a new Authentication property to set either Leased Credential or Remote Identities.
- When Authentication is set to Remote Identities, the Healthcheck Username field displays. The Healthcheck Username is used to verify StrongDM’s connection to the target resource.
- Activity logs now show the following Remote Identity activities:
- Remote identity created
- Remote identity deleted
- Remote identity updated
CLI
The Remote Identities release adds the following CLI commands:
sdm admin remote-identities create
sdm admin remote-identities delete
sdm admin remote-identities groups
sdm admin remote-identities list
sdm admin remote-identities update
To the sdm admin servers add ssh-cert
and sdm admin clusters
Add, Clone, and Update commands, we added the following options:
--remote-identity-group-id
--remote-identity-group-name
--remote-identity-healthcheck-username
In addition, this release adds the ability to see Remote Identity audit data via the following commands:
sdm audit ssh
sdm audit k8s
sdm audit users
The -j
flag (for JSON) is supported in all cases.
SDKs and Terraform
This release adds Remote Identity support in the SDKs and Terraform.
July 2022
New
- Ping Identity SSO. Added SAML support for Ping Identity single sign-on.
- Reinstate Suspended Users From the CLI. Added the CLI command
sdm admin users reinstate
, which reinstates suspended users.
Updated
- Updated Text on Users Page. Improved the user experience when the Admin UI Users page is loading.
- Updated UX on Users Page. Added an improved indicator for when tables load data in the Admin UI.
- Secret Store Disabling Validation. Included an additional validation related to disabling secret stores.
- Resources Search Results Display. Improved the formatting of query results in the Admin UI.
- Updated Clusters Form. Improved the UX design of the Add cluster form in the Admin UI.
- Additional Non-StrongDM Secret Store Validation. Added client-side validation in the Admin UI to require secret store information when the Enforce non-StrongDM secret store setting is enabled.
- Admin UI Login. Made minor UX updates to the authentication page that allows access to the Admin UI.
- Improved Download Page. Redesigned the Admin UI’s Download & Install page for a better user experience.
- Detailed Error Logs for Gateway/Relay Misconfiguration. Added more error logs for when a gateway or relay has local logging configured incorrectly.
Fixed
- Port Selection Correction. Fixed a bug where a Snowflake datasource (created via Terraform) selected the incorrect ports for gateway-to-resource connections.
- Failed Trial Account Creation. Fixed a bug that caused certain trial accounts not to be created.
- API Signature Header Vulnerability. Security updates in the API.
- Cloud Connection Command Issue. Fixed a bug where
sdm connect -all
would error if already connected to a cloud resource. - Resources Displaying as Disconnected. Fixed a bug where
sdm ready myResource
would present that a resource was not connected even if it had been connected prior to thesdm ready
command being entered. - EKS CA-Handling Issue. Fixed a bug with Certificate Authority handling that caused a UX bug in the Admin UI for EKS clusters.
- Duplicate Cluster Names. Fixed a bug that allowed the entry of duplicate cluster names in the Admin UI.
- Successful Response Code for Incorrect Credential. Fixed a bug in the SCIM API where HTTP response code “200” would be returned instead of “401” when attemping to use a StrongDM “Admin Token” as an “Authorization: Bearer” token.
- No Indication That Resource is Already Connected. Fixed a bug that caused
sdm connect -v
not to print when already connected to the target resource.
August 2022
New
- Vault Support for Azure Datasources. Added Vault support for authenticating Azure MySQL and Azure MariaDB datasources.
- OneLogin SAML SSO New Features. Added support for OneLogin SAML SSO using the StrongDM app in the OneLogin marketplace.
- Monitoring and Observability New Features. Added Prometheus-style metrics endpoint functionality for relays and gateways to report on health and performance.
Updated
- Quay Repository Links. Updated Quay repository links on the Admin UI Downloads page to be more specific.
- Security Improvements. Made several security updates.
- SDK Updates. Removed deprecated functionality from the SDKs.
- Guided Tour and Favicons. Improved text displayed in the Admin UI guided tour and updated the Admin UI to use new StrongDM favicons.
- Password Reset Status. Made improvements to better indicate status on the password reset page.
- Login and Authentication Layout. Improved the layout of the login and authentication page.
- Port Field Validation. Added additional validation to port fields in the Admin UI.
- OIDC SSO Target Validation. Added validation logic to require OIDC SSO targets to be responsive.
- SSH Host Key Fingerprint. Improved reliability of SSH host key fingerprint.
- Menu-loading Icons. Improved the display of menu-loading icons in the Admin UI.
- Images and Illustrations. Updated illustrations for user-facing messages in the application.
- sdm audit roles Command. Updated the
sdm audit roles
command to rely on access rules string field rather than legacy access rules. - SCIM API Additions. Added support for userName patch structure in the SCIM API.
- Search by Tag Upgrades. Improved search functionality for tags with spaces in the Admin UI.
- Other Tag Improvements. Made improvements to ensure we no longer display unused tags in the Admin UI.
- Activity Logs. Updated the Activity logs to use the name of the SCIM provider when SCIM actions are performed.
Fixed
- Secret Stores and Website Creation. Fixed an issue related to website resource creation failing after changing secret store types.
- Additional Website Creation. Fixed an issue where failed website resource creation prevented users from creating additional websites.
- Child Organization Logins. Fixed an issue preventing admins in a parent organization from logging in to a child organization.
- Calendar Formatting. Fixed calendar formatting to be consistent across all environments.
- Optional Ports. Fixed an issue that made optional ports in datasources required.
- Website and Port Override Visibility. Fixed an issue that prevented DBAs from viewing website and port overrides in the Admin UI.
- Port Overrides. Fixed an issue with calculating new ports that prevented port overrides from being enabled.
- Cloud Type Display. Fixed an issue related to displaying cloud types on the Port Overrides page in the Admin UI.
- Secret Store Help Text. Fixed the secret store help text to reference the relevant category for a resource.
- Secret Store Dropdown Options. Fixed duplicated options in the Secret Store dropdown menu.
- sdm ready Errors. Fixed an issue causing an incorrect error with the
sdm ready
command. - Session Timeout and Login Flow. Fixed an issue in the Admin UI where a session timeout did not properly restart the login flow.
- Unresponsive Datasources Page. Fixed an issue causing the Datasources page to become unresponsive in the Admin UI.
- Unresponsive Admin UI. Fixed an issue causing the Admin UI to become unresponsive when searching for tags under dynamic access rules for roles.
- SSH Sessions. Fixed an issue that allowed SSH replays to keep downloading after the replay window was closed in the Admin UI.
- Routing and Port Overrides. Fixed an issue related to routing and the Port Overrides page in the Admin UI.
- Blank Page Display. Fixed blank page displays during logins.
- Curl Download Options. Fixed curl download options for the Linux binary in the Admin UI.
- Shutting Down Services. Fixed an issue related to services properly shutting down when logging is unavailable.
- Temporary Access. Fixed an issue that prevented granting temporary access via the CLI with the
-force
flag.
September 2022
New
- Admin UI Version Endpoint. Made the Admin UI version number available via the
/version
endpoint. - MongoDB 6.0 Server Support. Added support for MongoDB 6.0 servers.
- Custom HTTP Header Support for Websites. Added support for including custom HTTP headers for websites.
Updated
- Healthcheck Progress in Admin UI. Updated the way in-progress healthchecks display in the Admin UI.
- SCIM Provider Activities in Logs. Updated Activity logs to more clearly indicate the actions taken by the configured SCIM provider.
Fixed
- sdm status Header. Fixed the CLI
sdm status
header to bePORT_OVERRIDE
instead ofPORT
. - Website Updates in Admin UI. Fixed an issue that prevented users from updating legacy websites in the Admin UI.
- Windows Service Accounts. Fixed an issue that prevented Windows service accounts from viewing or connecting to resources after installation.
- Temporary Access Error. Fixed an issue that caused an error when using the CLI to grant temporary access with the
--force
or-f
option. - Security Fixes. For more details, please see our Security Advisories page.
- JSON Filtering by Name. Fixed a CLI issue that prevented service accounts from filtering JSON properly by name.
- Deletion of Resources in Use. Fixed an issue within the StrongDM app server by optimizing the deletion of resources that are in active use by many users.
- sdm audit Issue. Fixed an issue that caused the
sdm audit
CLI command to hang unless the-f
or--follow
option was used. - Password Reset Error for MFA Configurations. Fixed an Admin UI issue related to the password reset flow that returned an error for certain multi-factor authentication (MFA) configurations.
- Resources Added to Role Not Displaying in Desktop App. Fixed an issue where resources added to a role via dynamic access rules did not always show up in the desktop app.
- Unhealthy SSH CA Servers. Fixed an issue that caused SSH CA servers to be unhealthy.
October 2022
New
- Oracle Datasource Types Generally Available. Made Oracle datasource types generally available.
- Secret Store Filter for Resources. Added the ability to filter resources in the Admin UI according to secret store ID or name.
- Cloned Resource Name Change. Added the option to change the name of the clone when cloning a new resource.
- Gateway Environment Variable. Added the
SDM_MAINTENANCE_WINDOW_START
environment variable for configuring a gateway maintenance window, which is the equivalent of thesdm relay
CLI flag--maintenance-window-start
.
Updated
- sdm login. Updated the CLI so that if users attempt to use the
sdm login
command on a gateway or relay (as they normally do on a client), they are presented with a more useful error. - Remote Identities Headers for Kubernetes Resources. Enhanced Remote Identities for Kubernetes resources to pass a username header and group header.
Fixed
- sdm doctor. Fixed an issue in which the
sdm doctor
CLI command incorrectly reportednetwork unreachable
. - sdm update. Fixed an issue in order to expose the
sdm update
CLI command in thesdm --help
text. - CLI Crash. Fixed an issue that caused the CLI to crash when run as a user on Oracle Linux 8 on ARM.
- API Issue. Fixed an issue that caused an intermittent
RPC "connection closed before server preface received"
error in the API. - Gateway Certificate Rotation. Fixed an issue to improve how and when gateway certificates are rotated and the speed at which clients pick up the rotated certificate.
- Unlock State. Fixed an issue in which the web version of the unlock message and the desktop app’s unlock message did not match when unlocking StrongDM from either place.
- Security Fixes. For more details, please see our Security Advisories page.
November 15, 2022
New
- Azure Database for MySQL. Added Azure Database for MySQL datasource type.
Updated
- Gateway and Relay Logs. Updated gateways and relays to not generate excess logs when they fail to fetch a secret store credential.
- User Impersonation Mode for Kubernetes. Updated Kubernetes User Impersonation mode to allow colon characters (
:
) in associated user role names to be preserved in the group names forwarded to the Kubernetes endpoint. Previously colons were stripped. - Display of Resource Titles. Updated how word wrap is handled in the Admin UI, so resource titles are easier to read.
Fixed
- API Issue. Fixed an issue that was causing an intermittent
RPC "connection closed before server preface received"
error in the API. - Windows Service Installer. Fixed an issue that happened when the Windows service installer attempted to find and use
powershell.exe
. - Returned ID for SCIM User Provisioning. Fixed an issue where the wrong ID was returned for the groups subfield when querying SCIM users.
- Multiplatform Container Images. Made the StrongDM Docker Service Client Container and Docker Gateway Container images multiplatform, now supporting both AMD64 and ARM64 architectures.
November 30, 2022
New
- Google Provisioning. Added Google as an official provisioning provider option.
- CyberArk Conjur and PAM Secret Stores. Added CyberArk Conjur and CyberArk PAM as Secret Store options, enabling you to continue to manage secrets with CyberArk and use those secrets to connect to resources via StrongDM.
Updated
- Email Entry UX in Admin UI. Updated the Admin UI login page to not prematurely mark the email field as invalid when the user begins typing.
- Updated Redis Support. Updated Redis support to allow explicit usernames for use with ACL (a feature introduced in Redis 6). Additionally, it is now an option to explicitly require TLS to interact with a Redis server.
- Improved CLI Connection Stability. Updated the handling of connection state to better differentiate between server restarts and network connection loss.
- Updated Session Timeout Descriptions. Clarified the descriptions of session timeouts in the Admin UI settings.
Fixed
- Admin UI Image Loading. Fixed an issue where some Admin UI images failed to load.
- Incorrect Response With Invalid Filters. Fixed an issue where the use of an invalid filter in the CLI resulted in a response that indicated a successful connection, rather than a “No resources match this filter” response.
- Blank Activities Page. Fixed an issue where a high volume of activities could delay or halt the loading of the contents of the Activities page in the Admin UI.
- Safari Display Issue. Fixed an issue for Safari users of the Admin UI where the arrow in the search input bar was located in the wrong place on the page on first load.
December 15, 2022
Updated
- Gateway Restarts. Changed gateway restart behavior so that gateways restart only in cases where it is required.
Fixed
- SDK Identity Provider Constant Values. Fixed inconsistencies in the values returned by the account or role’s
ManagedBy
field through the API. - Azure AD Provisioning Sync. Fixed an issue with Azure AD provisioning sync in which Azure AD group name changes were not carried forward as role name changes in StrongDM.
December 31, 2022
Fixed
- CLI Command Response for Filter Argument Values. Fixed the
--filter
option of thesdm admin datasources list
CLI command so that a parse error is returned when a required argument value is not supplied (for example,sdm admin datasources list --filter name:
returns an error), and so that the command executes when an optional argument value isn’t supplied (for example,sdm admin datasources list --filter tag:foo=
executes). - Service Account Login. Fixed an issue that caused service accounts running on Windows to stop and restart continuously after several seconds.