Release Notes

This page provides public release notes for StrongDM software features, updates, and fixes. You may search the release notes by version number, software type, and/or text. For older release notes not shown on this page, please see the Archive.

Versioning Information

For all software, StrongDM currently increments versions as follows:

  • n.0-100.0 for each release (such as 32.97.0, 32.98.0, 32.99.0, 33.0.0)
  • a.b.1 for patch releases (such as 32.97.1)
  • Non-listed versions are internal (numbers missing from the sequence, such as 32.97.0, 32.98.0, 33.2.0, 33.3.0)
Release Notes Atom Feeds

To see all releases (including those that have no public notes) see the Atom feed for each software:

DateSoftwareVersionDescription
2024-06-18CLI42.96.0This release adds support for Mongo 7 and Mongo 8 (tested with RC8).
2024-06-18CLI42.95.0This change adds support to parse ALTER DEFAULT PRIVILEGES statements as actions for Postgres resources.
2024-06-18Server89.4.0This change adds support to parse ALTER DEFAULT PRIVILEGES statements as actions for Postgres resources.
2024-06-17CLI42.93.0This release adds the ability to configure the following cluster type resources for discovery to the CLI, SDKs and the SDM Terraform Provider: Kubernetes, KubernetesServiceAccount, AKS, AKSServiceAccount, AmazonEKS, AmazonEKSInstanceProfile, GoogleGKE. The feature is not yet Generally Available and may not be available to your organization yet.
2024-06-17Server89.3.0This release adds the ability to configure the following cluster type resources for discovery to the CLI, SDKs and the SDM Terraform Provider: Kubernetes, KubernetesServiceAccount, AKS, AKSServiceAccount, AmazonEKS, AmazonEKSInstanceProfile, GoogleGKE. The feature is not yet Generally Available and may not be available to your organization yet.
2024-06-17Terraform10.4.0This release adds the ability to configure the following cluster type resources for discovery to the CLI, SDKs and the SDM Terraform Provider: Kubernetes, KubernetesServiceAccount, AKS, AKSServiceAccount, AmazonEKS, AmazonEKSInstanceProfile, GoogleGKE. The feature is not yet Generally Available and may not be available to your organization yet.
2024-06-17Go SDK9.4.0This release adds the ability to configure the following cluster type resources for discovery to the CLI, SDKs and the SDM Terraform Provider: Kubernetes, KubernetesServiceAccount, AKS, AKSServiceAccount, AmazonEKS, AmazonEKSInstanceProfile, GoogleGKE. The feature is not yet Generally Available and may not be available to your organization yet.
2024-06-17Python SDK9.4.0This release adds the ability to configure the following cluster type resources for discovery to the CLI, SDKs and the SDM Terraform Provider: Kubernetes, KubernetesServiceAccount, AKS, AKSServiceAccount, AmazonEKS, AmazonEKSInstanceProfile, GoogleGKE. The feature is not yet Generally Available and may not be available to your organization yet.
2024-06-17Ruby SDK9.4.0This release adds the ability to configure the following cluster type resources for discovery to the CLI, SDKs and the SDM Terraform Provider: Kubernetes, KubernetesServiceAccount, AKS, AKSServiceAccount, AmazonEKS, AmazonEKSInstanceProfile, GoogleGKE. The feature is not yet Generally Available and may not be available to your organization yet.
2024-06-17Terraform10.3.0This release changes the Remote Identity references to Identity Alias in the header and JSON keys for sdm audit queries, and for Log Sync.
2024-06-17CLI42.92.0This release changes the Remote Identity references to Identity Alias in the header and JSON keys for sdm audit queries, and for Log Sync.
2024-06-17Server89.1.0This release changes the Remote Identity references to Identity Alias in the header and JSON keys for sdm audit queries, and for Log Sync.
2024-06-17Python SDK9.3.0This release changes the Remote Identity references to Identity Alias in the header and JSON keys for sdm audit queries, and for Log Sync.
2024-06-17Ruby SDK9.3.0This release changes the Remote Identity references to Identity Alias in the header and JSON keys for sdm audit queries, and for Log Sync.
2024-06-17Go SDK9.3.0This release changes the Remote Identity references to Identity Alias in the header and JSON keys for sdm audit queries, and for Log Sync.
2024-06-17CLI42.90.0This release renames the Remote Identity activities to Identity Alias and Identity Sets. This release also renames the Remote Identities header to Identity Aliases for sdm audit users and sdm audit queries.
2024-06-17CLI42.91.0This release updates some CLI commands to now show the correct default value (instead of 0) for the --page-limit option.
2024-06-17Server89.0.0This release renames the Remote Identity activities to Identity Alias and Identity Sets. This release also renames the Remote Identities header to Identity Aliases for sdm audit users and sdm audit queries.
2024-06-17Terraform10.2.0This release renames the Remote Identity activities to Identity Alias and Identity Sets. This release also renames the Remote Identities header to Identity Aliases for sdm audit users and sdm audit queries.
2024-06-17Python SDK9.2.0This release renames the Remote Identity activities to Identity Alias and Identity Sets. This release also renames the Remote Identities header to Identity Aliases for sdm audit users and sdm audit queries.
2024-06-17Ruby SDK9.2.0This release renames the Remote Identity activities to Identity Alias and Identity Sets. This release also renames the Remote Identities header to Identity Aliases for sdm audit users and sdm audit queries.
2024-06-17Go SDK9.2.0This release renames the Remote Identity activities to Identity Alias and Identity Sets. This release also renames the Remote Identities header to Identity Aliases for sdm audit users and sdm audit queries.
2024-06-14CLI42.81.0This change causes nodes to restart if they detect they have lost their authentication state, so they can either restore it or sever themselves from the network and cut idle traffic if they cannot (because they were remotely deleted, for example).
2024-06-14Server88.91.0This release implements a default behavior to forbid self-approvals in the workflow settings. Existing configurations will be unaffected.
2024-06-13Server88.85.0This change resolves a bug where deleted nodes would not be notified of their deletion, causing them to continue to fruitlessly send requests to a StrongDM control plane until they were manually cut off.
2024-06-12Server88.72.0This release allows Resources to be filtered by identityEnabled and identitySetID "identityEnabled" has a Boolean value and indicates if a resource is configured to use an Identity Alias on connection. "identitySetID" has a string value, and is the specific Identity Set that the resource is configured to use. Filtering by remoteIdentityEnabled is still supported but is deprecated.
2024-06-11CLI42.69.0This change reveals the sdm admin network subtree for working with peering groups.
2024-06-11CLI42.66.0This PR adds support for special JSON functions and the IS JSON clause to the SQL actions parser.
2024-06-11Server88.68.0This PR adds support for special JSON functions and the IS JSON clause to the SQL actions parser.
2024-06-11CLI42.61.0This changeset supports DROP DATABASE, DROP CAST, DROP TRANSFORM, and DROP OPERATOR CLASS in the PostgreSQL action parser.
2024-06-11Server88.64.0This changeset supports DROP DATABASE, DROP CAST, DROP TRANSFORM, and DROP OPERATOR CLASS in the PostgreSQL action parser.
2024-06-11CLI42.59.0This changeset adds action parsing support for SQL MERGE statements.
2024-06-11Server88.63.0This changeset adds action parsing support for SQL MERGE statements.
2024-06-11CLI42.58.0This change adds support for UESCAPE clauses in PostgreSQL query parsing.
2024-06-11Server88.62.0This change adds support for UESCAPE clauses in PostgreSQL query parsing.
2024-06-10CLI42.57.0This PR augments SQL parsing to correctly handle cases around type copying in function creation and some forms of type casting.
2024-06-10Server88.57.0This PR augments SQL parsing to correctly handle cases around type copying in function creation and some forms of type casting.
2024-06-10CLI42.54.0This release augments the Postgres policy action parser to understand more edge cases of the Postgres grammar.
2024-06-10Server88.46.0This release adds Microsoft Defender as a supported Device Trust provider.
2024-06-06Server88.24.0This release fixes a bug preventing configured Okta MFA settings from appearing in the Admin UI.
2024-06-06Server88.23.0This release updates the error message received when a user is not enrolled in Okta MFA, for clarity.
2024-06-05Server88.22.0This release changes the behavior of the 'default' Identity Set. New organizations will no longer have a 'default' Identity Set automatically created. 'default' Identity Sets will also be able to be deleted.
2024-06-03Server88.4.0SCIM requests can now include a list of identity aliases to be assigned to a user.
2024-06-03Server88.3.0This change deprecates some older forms of creating healthchecks. Specifically, when gateways come online after being offline for over 60 seconds, they would formerly enqueue a healthcheck for every resource at that time; this has been removed. In addition, legacy clients used a less efficient mechanism for healthchecking resources on sdm connect; this has been removed. All CLI versions released within the last year, or greater than 38.13.0, will see no change in behavior here. Newer clients will (still) efficiently healthcheck resources on sdm connect, for any unhealthy resource, and this in combination with manual checks, checks on resource updates, and periodic automatic checks will keep gaps from causing access problems. Switching to explicit routing is also recommended for users with large, complicated networks.
2024-05-29CLI42.34.0This release adds the Identity Set Create, Update, and Delete commands to the CLI and SDKs. It also changes sdm admin identities create to take in a required identity-set-id or identity-set-name, instead of creating all Identity Aliases with the default Identity Set.
2024-05-29Server87.78.0This release adds the Identity Set Create, Update, and Delete commands to the CLI and SDKs. It also changes sdm admin identities create to take in a required identity-set-id or identity-set-name, instead of creating all Identity Aliases with the default Identity Set.
2024-05-29Java SDK9.1.0This release adds the Identity Set Create, Update, and Delete commands to the CLI and SDKs. It also changes sdm admin identities create to take in a required identity-set-id or identity-set-name, instead of creating all Identity Aliases with the default Identity Set.
2024-05-29Terraform10.1.0This release adds the Identity Set Create, Update, and Delete commands to the CLI and SDKs. It also changes sdm admin identities create to take in a required identity-set-id or identity-set-name, instead of creating all Identity Aliases with the default Identity Set.
2024-05-29Python SDK9.1.0This release adds the Identity Set Create, Update, and Delete commands to the CLI and SDKs. It also changes sdm admin identities create to take in a required identity-set-id or identity-set-name, instead of creating all Identity Aliases with the default Identity Set.
2024-05-29Go SDK9.1.0This release adds the Identity Set Create, Update, and Delete commands to the CLI and SDKs. It also changes sdm admin identities create to take in a required identity-set-id or identity-set-name, instead of creating all Identity Aliases with the default Identity Set.
2024-05-29Ruby SDK9.1.0This release adds the Identity Set Create, Update, and Delete commands to the CLI and SDKs. It also changes sdm admin identities create to take in a required identity-set-id or identity-set-name, instead of creating all Identity Aliases with the default Identity Set.
2024-05-29Server87.74.0This release addresses a race condition in native login that could cause the user to be redirected to the login page when they should not be.
2024-05-22CLI42.26.0This release renames sdm admin remote-identities to sdm admin identities, the sdm admin remote-identities tree is deprecated. Similarly for SDKs, the old Remote Identity and Remote Identity Group surfaces have been deprecated and renamed to Identity Alias and Identity Set. For Drivers, the RemoteIdentityHealthcheckUsername and RemoteIdentityGroupId have been renamed to IdentityAliasHealthcheckUsername and IdentitySetId. When creating resources using the CLI, the user would need to use identityAliasHealthcheckUsername and identitySetId, instead of remoteIdentityHealthcheckUsername and remoteIdentityGroupId as the JSON keys.
2024-05-22Server87.53.0This release renames sdm admin remote-identities to sdm admin identities, the sdm admin remote-identities tree is deprecated. Similarly for SDKs, the old Remote Identity and Remote Identity Group surfaces have been deprecated and renamed to Identity Alias and Identity Set. For Drivers, the RemoteIdentityHealthcheckUsername and RemoteIdentityGroupId have been renamed to IdentityAliasHealthcheckUsername and IdentitySetId. When creating resources using the CLI, the user would need to use identityAliasHealthcheckUsername and identitySetId, instead of remoteIdentityHealthcheckUsername and remoteIdentityGroupId as the JSON keys.
2024-05-22Java SDK9.0.0This release renames sdm admin remote-identities to sdm admin identities, the sdm admin remote-identities tree is deprecated. Similarly for SDKs, the old Remote Identity and Remote Identity Group surfaces have been deprecated and renamed to Identity Alias and Identity Set. For Drivers, the RemoteIdentityHealthcheckUsername and RemoteIdentityGroupId have been renamed to IdentityAliasHealthcheckUsername and IdentitySetId. When creating resources using the CLI, the user would need to use identityAliasHealthcheckUsername and identitySetId, instead of remoteIdentityHealthcheckUsername and remoteIdentityGroupId as the JSON keys.
2024-05-22Terraform10.0.0This release renames sdm admin remote-identities to sdm admin identities, the sdm admin remote-identities tree is deprecated. Similarly for SDKs, the old Remote Identity and Remote Identity Group surfaces have been deprecated and renamed to Identity Alias and Identity Set. For Drivers, the RemoteIdentityHealthcheckUsername and RemoteIdentityGroupId have been renamed to IdentityAliasHealthcheckUsername and IdentitySetId. When creating resources using the CLI, the user would need to use identityAliasHealthcheckUsername and identitySetId, instead of remoteIdentityHealthcheckUsername and remoteIdentityGroupId as the JSON keys.
2024-05-22Python SDK9.0.0This release renames sdm admin remote-identities to sdm admin identities, the sdm admin remote-identities tree is deprecated. Similarly for SDKs, the old Remote Identity and Remote Identity Group surfaces have been deprecated and renamed to Identity Alias and Identity Set. For Drivers, the RemoteIdentityHealthcheckUsername and RemoteIdentityGroupId have been renamed to IdentityAliasHealthcheckUsername and IdentitySetId. When creating resources using the CLI, the user would need to use identityAliasHealthcheckUsername and identitySetId, instead of remoteIdentityHealthcheckUsername and remoteIdentityGroupId as the JSON keys.
2024-05-22Ruby SDK9.0.0This release renames sdm admin remote-identities to sdm admin identities, the sdm admin remote-identities tree is deprecated. Similarly for SDKs, the old Remote Identity and Remote Identity Group surfaces have been deprecated and renamed to Identity Alias and Identity Set. For Drivers, the RemoteIdentityHealthcheckUsername and RemoteIdentityGroupId have been renamed to IdentityAliasHealthcheckUsername and IdentitySetId. When creating resources using the CLI, the user would need to use identityAliasHealthcheckUsername and identitySetId, instead of remoteIdentityHealthcheckUsername and remoteIdentityGroupId as the JSON keys.
2024-05-22Go SDK9.0.0This release renames sdm admin remote-identities to sdm admin identities, the sdm admin remote-identities tree is deprecated. Similarly for SDKs, the old Remote Identity and Remote Identity Group surfaces have been deprecated and renamed to Identity Alias and Identity Set. For Drivers, the RemoteIdentityHealthcheckUsername and RemoteIdentityGroupId have been renamed to IdentityAliasHealthcheckUsername and IdentitySetId. When creating resources using the CLI, the user would need to use identityAliasHealthcheckUsername and identitySetId, instead of remoteIdentityHealthcheckUsername and remoteIdentityGroupId as the JSON keys.
2024-05-20Java SDK8.4.0Added support for Hashicorp Vault AWS IAM and EC2 authentication methods for use as a secret store.
2024-05-20Python SDK8.4.0Added support for Hashicorp Vault AWS IAM and EC2 authentication methods for use as a secret store.
2024-05-20Go SDK8.4.0Added support for Hashicorp Vault AWS IAM and EC2 authentication methods for use as a secret store.
2024-05-20Ruby SDK8.4.0Added support for Hashicorp Vault AWS IAM and EC2 authentication methods for use as a secret store.
2024-05-20Desktop App21.71.0Added support for Hashicorp Vault AWS IAM and EC2 authentication methods for use as a secret store.
2024-05-20CLI42.25.0Added support for Hashicorp Vault AWS IAM and EC2 authentication methods for use as a secret store.
2024-05-20Server87.49.0Added support for Hashicorp Vault AWS IAM and EC2 authentication methods for use as a secret store.
2024-05-17Server87.44.0This release updates the display and visibility of the Log Stream Admin UI component based on payment tier.
2024-05-16Server87.32.0When using the Context-Based Policy feature, the default "Global Access" policy shown in the Policy Library in the Admin UI can now be modified or deleted. Modifying or deleting this policy may prevent users with pre-assigned role or temporary account grants from accessing resources, as access to resources must be permitted by both grants and by policy. In addition, when using the Context-Based Policy feature, the policy editor in the Admin UI can now be used to create permit policies without specifying a location, device trust, or user requirements. Such policies can be used to permit access to resources in conjunction with existing role and account grants.
2024-05-16Server87.30.0This release fixes an issue where queries logged for context-based policy were not populating the source and client IP address fields in the query. The source and client IP address information was still present in the authorization data included with the logged query.
2024-05-15Server87.25.0This release fixes a bug where SCIM token rotation would not present a new token to copy.
2024-05-13Server87.13.0This release fixes a bug related to opening app.strongdm.com from the desktop app and fixes a bug related to SSO logins.
2024-05-13CLI42.9.0sdm install now supports the --domain flag, which allows you to instruct the client or relay to connect to a StrongDM control plane other than strongdm.com. For example, customers using GovCloud should connect to strongdm-gov.com.
2024-05-13Server87.8.0This release adds the ability to reference Identity Aliases and Identity Sets in the context of policies. It also adds Identity Set as an entity (that is, StrongDM::IdentitySet). Example usage: 
@justify("Please provide justification")
permit (
 principal,
 action in [StrongDM::Action::"dial"],
 resource == StrongDM::Resource::"rs-25599cd76579dac5"
) when {
 context.identityAlias.username == "ssh_superuser" && 
 context.identitySet == StrongDM::IdentitySet::"is-111111111111"
};

2024-05-09Server86.98.0Added support for a new certificate authority integration: Keyfactor EJBCA SSH CA
2024-05-09Java SDK8.3.0Added support for a new certificate authority integration: Keyfactor EJBCA SSH CA
2024-05-09Terraform9.3.0Added support for a new certificate authority integration: Keyfactor EJBCA SSH CA
2024-05-09Ruby SDK8.3.0Added support for a new certificate authority integration: Keyfactor EJBCA SSH CA
2024-05-09Python SDK8.3.0Added support for a new certificate authority integration: Keyfactor EJBCA SSH CA
2024-05-09Go SDK8.3.0Added support for a new certificate authority integration: Keyfactor EJBCA SSH CA
2024-05-09CLI42.4.0This release addresses the following third party CVEs: CVE-2024-28180
2024-05-09Server86.97.0This release addresses the following third party CVEs: CVE-2024-28180
2024-05-08Server86.91.0This release resolves a bug where timed out Admin UI sessions would not redirect users back to the login screen.
2024-05-08CLI41.98.0This release removes the client key password environment variable field for configuration of Keyfactor RDP CAs.
2024-05-08Server86.86.0This release removes the client key password environment variable field for configuration of Keyfactor RDP CAs.
2024-05-06Server86.79.0This release adds a page in the Admin UI that informs users that they are logging out prior to showing the login screen.
2024-05-06Server86.76.0This release addresses the following third party CVEs: CVE-2024-33883
2024-05-06CLI41.94.0This release changes the Request Access form in the integration for Slack so that the duration component now allows times that are less than 1 hour.
2024-05-06Server86.75.0This release changes the Request Access form in the integration for Slack so that the duration component now allows times that are less than 1 hour.
2024-05-02Server86.64.0This release fixes a bug in the rendering of the query panel for policy logs, where it would take some time to fill the screen on large displays.
2024-05-02Server86.62.0Fixes a bug in integration with Slack where non-approvers could mark channel-based request as approved, which would result in no actual access to the resource since they are not approvers.
2024-04-30Server86.55.0This release fixes a bug in the rendering of routes via sdm admin network topology.
2024-04-30CLI41.82.0The FIPS-compliant variant of our linux CLI binary is now compatible with glibc versions as old as 2.27. This does not affect normal, non-FIPS-compliant linux binaries.
2024-04-30Server86.48.0The Download & Install page on the Admin UI now directs Docker users to public.ecr.aws/strongdm instead of quay.io/sdmrepo. quay.io will continue to be supported.
2024-04-25Java SDK8.1.0This release adds support for the Keyfactor EJBCA Certificate authority type.
2024-04-25Terraform9.1.0This release adds support for the Keyfactor EJBCA Certificate authority type.
2024-04-25Python SDK8.1.0This release adds support for the Keyfactor EJBCA Certificate authority type.
2024-04-25Go SDK8.1.0This release adds support for the Keyfactor EJBCA Certificate authority type.
2024-04-25Ruby SDK8.1.0This release adds support for the Keyfactor EJBCA Certificate authority type.
2024-04-23CLI41.70.0This release addresses the following third party CVEs: CVE-2023-45288
2024-04-23Server86.25.0This release addresses the following third party CVEs: CVE-2023-45288
2024-04-23Server86.23.0This release adds the Remote Identity group ID (i.e. ig-123) field to the resource filters.
2024-04-23CLI41.67.0This release adds support for a new third party certificate authority: Keyfactor for RDP.
2024-04-23Server86.22.0This release adds support for a new third party certificate authority: Keyfactor for RDP.
2024-04-23Desktop App21.69.0This release updates the installers to provide better support for managed installations where the SDM user may be a standard user, not an administrator. To allow auto-updates to work without requiring an administrator, the SDM application is now installed by default into the user's program directory ($HOME/Applications on macOS and $PROFILE/AppData/Local/Programs on Windows). The Windows and macOS installers both provide a way for an administrator to install the application on behalf of a standard user and both install the latest StrongDM Virtual Network Adapter when the installation is performed with administrator privileges.
2024-04-22CLI41.64.0This release enhances proxied HTTP requests for website resources to now include the X-Forwarded-Proto header indicating the protocol scheme (HTTP or HTTPS). Some HTTP servers may relay on this header being present.
2024-04-22CLI41.63.0This release enables the ability to refer to a resource by name when requesting access via the CLI (sdm access to <resource name>). This release also fixes a bug where the requested resource IDs would not populate in the sdm access requests command.
2024-04-22Server86.20.0This release enables the ability to refer to a resource by name when requesting access via the CLI (sdm access to <resource name>). This release also fixes a bug where the requested resource IDs would not populate in the sdm access requests command.
2024-04-22CLI41.62.0This release augments logging for the Snowsight driver to include any UUIDs that are found in responses when connection attempts fail. Snowsight documentation indicates that these may be used to query the LOGIN_HISTORY or LOGIN_HISTORY_BY_USER views to get more details about the error.
2024-04-22Server86.17.0This release augments logging for the Snowsight driver to include any UUIDs that are found in responses when connection attempts fail. Snowsight documentation indicates that these may be used to query the LOGIN_HISTORY or LOGIN_HISTORY_BY_USER views to get more details about the error.
2024-04-18Server86.5.0This release addresses the following third party CVEs: CVE-2024-29041,CVE-2024-28863
2024-04-17Server86.2.0This release fixes a bug that caused the minimum CrowdStrike score not to appear correctly in the Admin UI.
2024-04-15CLI41.52.0This release fixes a bug with context-based policy where justification and MFA prompts may no longer appear through the desktop app when logging back in to the client after a log out or session expiration.
2024-04-15Server85.95.0This release fixes a bug with context-based policy where justification and MFA prompts may no longer appear through the desktop app when logging back in to the client after a log out or session expiration.
2024-04-12Terraform9.0.0This release adds the ability to query tokens on the sdm_account resource type in the StrongDM Terraform provider.
2024-04-09Server85.88.0This release refactors Slack token refreshes to be more tolerant of Slack outages.
2024-04-09Server85.87.0This release includes the following changes: - Write operations are limited to Create and Delete operations for API keys and tokens. Furthermore, Update is valid for changing the name of these token types, but no other fields are allowed to be updated. - Read operations support all token types (API Key, Admin Token, SCIM Token, and ServiceNow Tokens) in addition to the existing users and service account types. Note that the default behavior of the List operation on all accounts without any filters on account type will now return token types in addition to the users and service account types. - API keys and admin tokens now can be attached with permissions to create new tokens. The permissions on the tokens created must be a subset of the permissions that the parent token has.
2024-04-09Java SDK8.0.0This release includes the following changes: - Write operations are limited to Create and Delete operations for API keys and tokens. Furthermore, Update is valid for changing the name of these token types, but no other fields are allowed to be updated. - Read operations support all token types (API Key, Admin Token, SCIM Token, and ServiceNow Tokens) in addition to the existing users and service account types. Note that the default behavior of the List operation on all accounts without any filters on account type will now return token types in addition to the users and service account types. - API keys and admin tokens now can be attached with permissions to create new tokens. The permissions on the tokens created must be a subset of the permissions that the parent token has.
2024-04-09Python SDK8.0.0This release includes the following changes: - Write operations are limited to Create and Delete operations for API keys and tokens. Furthermore, Update is valid for changing the name of these token types, but no other fields are allowed to be updated. - Read operations support all token types (API Key, Admin Token, SCIM Token, and ServiceNow Tokens) in addition to the existing users and service account types. Note that the default behavior of the List operation on all accounts without any filters on account type will now return token types in addition to the users and service account types. - API keys and admin tokens now can be attached with permissions to create new tokens. The permissions on the tokens created must be a subset of the permissions that the parent token has.
2024-04-09Ruby SDK8.0.0This release includes the following changes: - Write operations are limited to Create and Delete operations for API keys and tokens. Furthermore, Update is valid for changing the name of these token types, but no other fields are allowed to be updated. - Read operations support all token types (API Key, Admin Token, SCIM Token, and ServiceNow Tokens) in addition to the existing users and service account types. Note that the default behavior of the List operation on all accounts without any filters on account type will now return token types in addition to the users and service account types. - API keys and admin tokens now can be attached with permissions to create new tokens. The permissions on the tokens created must be a subset of the permissions that the parent token has.
2024-04-09Go SDK8.0.0This release includes the following changes: - Write operations are limited to Create and Delete operations for API keys and tokens. Furthermore, Update is valid for changing the name of these token types, but no other fields are allowed to be updated. - Read operations support all token types (API Key, Admin Token, SCIM Token, and ServiceNow Tokens) in addition to the existing users and service account types. Note that the default behavior of the List operation on all accounts without any filters on account type will now return token types in addition to the users and service account types. - API keys and admin tokens now can be attached with permissions to create new tokens. The permissions on the tokens created must be a subset of the permissions that the parent token has.
2024-04-09Server85.86.0This release fixes a regression where user agents weren't being populated for requests originating from Slack requests or anonymous HTTP requests.
2024-04-02Desktop App21.65.0This release fixes a bug where failing MFA during login would require quitting the application to re-attempt login.
2024-03-26Server85.70.0This release fixes some broken documentation links in the Admin UI.
2024-03-26Server85.68.0This release fixes a bug where retrieving large replays through the API could fail with a resource exhausted error due to exceeding maximum GRPC message size limits.
2024-03-26Python SDK7.1.1This release fixes a bug where retrieving large replays through the API could fail with a resource exhausted error due to exceeding maximum GRPC message size limits.
2024-03-25Server85.64.0This release adds a new Default Service Account Enforcement setting in the Admin UI Device Trust security settings in the Settings > Security page and a matching Service Account level setting in the Access > Users > Service Account > Settings page. The new settings allow for setting the default Device Trust enforcement policy for service accounts to be either required or exempt at the organization level, and also to set an overriding setting on individual service accounts. The effective Device Trust state is now shown for service accounts on the Access > Users page in the Device Trust column.
2024-03-21Server85.63.0This release fixes an issue that could cause a manual approval flow to be converted to an automatic one that would fail to save.
2024-03-21Server85.62.0This release fixes an issue where automatic approval workflows couldn't be saved unless an approver was selected.
2024-03-21Server85.61.0This release reduces the number of error emails that may be sent due to Device Trust provider issues. In addition, a "resolved" email will now be sent when the issue is no longer present.
2024-03-19Server85.59.0This release fixes an issue where only the first 25 Approval Workflows would list in the Admin UI.
2024-03-19Server85.58.0This release fixes an issue where the MFA screen did not take up the whole screen in the desktop app.
2024-03-19Server85.56.0Third Party Certificate Authorities are generally available, including AWS Private CA RDP, Active Directory Certificate Services, GCP Certificate Authority Service RDP, HashiCorp Vault SSH, HashiCorp Vault SSH (AppRole), HashiCorp Vault SSH (Token), HashiCorp Vault RDP, HashiCorp Vault RDP (AppRole), HashiCorp Vault RDP (Token) Each third party Certificate Authority has a details page which includes Diagnostics, Settings, and Resources (if resources have been applied).
2024-03-19Server85.55.0If an access request is automatically denied due to there being no approvers on the bound workflow a reason is added to indicate why the request was denied.
2024-03-18Server85.53.0This release fixes an issue where the IP Allowlist settings page could not be accessed even with the feature enabled.
2024-03-18Desktop App21.64.0The installer for Windows (EXE file) and macOS (PKG file) have been changed. When the installer is run by a privileged user (run as Administrator on Windows; with sudo or as root on macOS), the installation also includes a virtual networking component. The installer now provides a way for an administrator to install the application for the use of specified standard user that makes auto-updates work properly for that end user. To do this on Windows, run the installer as Administrator with an extra --SDMUSER=<OtherUserName> on the command line. On MacOS, run the command HOME=/Users/<OtherUserName> sudo installer -pkg <SDMInstaller.pkg> -target /. Standard (non-admin) users can still run the installer. When executed without admin, the installer acts as it did before. It installs the SDM application to a per-user location and does not install the virtual networking component.
2024-03-15CLI41.34.0This release fixes an issue with AWS resources where where retrieving objects through S3 with certain special characters in the object key could fail with a signature error.
2024-03-15Desktop App21.63.0This release addresses the following third party CVEs: CVE-2024-24786,CVE-2024-27303
2024-03-15CLI41.33.0This release addresses the following third party CVEs: CVE-2024-24786,CVE-2024-27303
2024-03-15Server85.49.0This release addresses the following third party CVEs: CVE-2024-24786,CVE-2024-27303
2024-03-15CLI41.32.0This release adds the Issued Certificate TTL Minutes field, as a required field, to the Certificate Authorities configurations for AWS Private CA, Google Certificate Authority Service and HashiCorp Vault SSH and PKI. This field allows for the specification of the lifetime of the requested certificate. This release also marks the Certificate Authority category Secret Stores as stable.
2024-03-15Server85.48.0This release adds the Issued Certificate TTL Minutes field, as a required field, to the Certificate Authorities configurations for AWS Private CA, Google Certificate Authority Service and HashiCorp Vault SSH and PKI. This field allows for the specification of the lifetime of the requested certificate. This release also marks the Certificate Authority category Secret Stores as stable.
2024-03-15Java SDK7.1.0This release adds the Issued Certificate TTL Minutes field, as a required field, to the Certificate Authorities configurations for AWS Private CA, Google Certificate Authority Service and HashiCorp Vault SSH and PKI. This field allows for the specification of the lifetime of the requested certificate. This release also marks the Certificate Authority category Secret Stores as stable.
2024-03-15Terraform8.1.0This release adds the Issued Certificate TTL Minutes field, as a required field, to the Certificate Authorities configurations for AWS Private CA, Google Certificate Authority Service and HashiCorp Vault SSH and PKI. This field allows for the specification of the lifetime of the requested certificate. This release also marks the Certificate Authority category Secret Stores as stable.
2024-03-15Python SDK7.1.0This release adds the Issued Certificate TTL Minutes field, as a required field, to the Certificate Authorities configurations for AWS Private CA, Google Certificate Authority Service and HashiCorp Vault SSH and PKI. This field allows for the specification of the lifetime of the requested certificate. This release also marks the Certificate Authority category Secret Stores as stable.
2024-03-15Ruby SDK7.1.0This release adds the Issued Certificate TTL Minutes field, as a required field, to the Certificate Authorities configurations for AWS Private CA, Google Certificate Authority Service and HashiCorp Vault SSH and PKI. This field allows for the specification of the lifetime of the requested certificate. This release also marks the Certificate Authority category Secret Stores as stable.
2024-03-15Go SDK7.1.0This release adds the Issued Certificate TTL Minutes field, as a required field, to the Certificate Authorities configurations for AWS Private CA, Google Certificate Authority Service and HashiCorp Vault SSH and PKI. This field allows for the specification of the lifetime of the requested certificate. This release also marks the Certificate Authority category Secret Stores as stable.
2024-03-15CLI41.31.0This release adds the ability to modify user permission levels via the SDKs.
2024-03-15Server85.46.0This release adds the ability to modify user permission levels via the SDKs.
2024-03-15Terraform8.0.0This release adds the ability to modify user permission levels via the SDKs.
2024-03-15Java SDK7.0.0This release adds the ability to modify user permission levels via the SDKs.
2024-03-15Python SDK7.0.0This release adds the ability to modify user permission levels via the SDKs.
2024-03-15Go SDK7.0.0This release adds the ability to modify user permission levels via the SDKs.
2024-03-15Ruby SDK7.0.0This release adds the ability to modify user permission levels via the SDKs.
2024-03-15Server85.43.0This release replaces Support chat links during organization trials with documentation links.
2024-03-14Server85.39.0This release changes the Admin UI Access Workflows page's table header checkbox to show an indeterminate state when some but not all rows have been selected.
2024-03-12Server85.35.0This release makes approval workflows unable to be saved unless an approver is selected.
2024-03-12Server85.33.0This release updates the Device Trust settings in the Admin UI with more flexible controls globally and per user.
2024-03-08CLI41.26.0This release sets the TTL for issued certificates using certain third-party CAs to a lower default TTL of 5 minutes.
2024-03-08Server85.24.0This release makes new Policy features available to Enterprise customers in the Admin UI. These features allow admins to require MFA or text justifications or to require approval workflows to be followed for some access. Policies can consider conditions such as the geographic location of the user and the device trust score of the user's machine when making access decisions.
2024-03-08CLI41.25.0This change hides the account field returned by sdm ready by default, replacing it with account_info, a new object containing more specific information about the logged in account. This also adds the -v or verbose flag to sdm ready which restores this deprecated field temporarily, and adds additional fields as well.
2024-03-07Server85.21.0This release fixes a bug where access workflows did not save when unlinking a manual approval flow.
2024-03-07Server85.19.0In this release, the default value of the Access filter in the Access Catalog has been changed from "Any" to "Available", so that the default results will now be restricted to resources that are currently available for the user to request.
2024-03-06Server85.18.0This release modifies the presentation of user and global settings for device trust in the Admin UI.
2024-03-05Server85.15.0This adds an Access component to the Catalog Search form in the Slack app. The default value for the Access filter is still "Available", but users now have the option to change it.
2024-03-04Server85.10.0This release adds Approval Workflows permissions and Approval Workflows audit permissions for API token creation and admin token creation.
2024-03-04Terraform7.7.0This release adds support for managing approval workflows. Using the SDKs/CLI, users can now Create, Update, List, Get, and Delete approval workflows. Users can also Create, List, Get, and Delete approval workflow steps and approval workflow approvers.
2024-03-04Ruby SDK6.9.0This release adds support for managing approval workflows. Using the SDKs/CLI, users can now Create, Update, List, Get, and Delete approval workflows. Users can also Create, List, Get, and Delete approval workflow steps and approval workflow approvers.
2024-03-04Python SDK6.9.0This release adds support for managing approval workflows. Using the SDKs/CLI, users can now Create, Update, List, Get, and Delete approval workflows. Users can also Create, List, Get, and Delete approval workflow steps and approval workflow approvers.
2024-03-04Java SDK6.9.0This release adds support for managing approval workflows. Using the SDKs/CLI, users can now Create, Update, List, Get, and Delete approval workflows. Users can also Create, List, Get, and Delete approval workflow steps and approval workflow approvers.
2024-03-04Go SDK6.9.0This release adds support for managing approval workflows. Using the SDKs/CLI, users can now Create, Update, List, Get, and Delete approval workflows. Users can also Create, List, Get, and Delete approval workflow steps and approval workflow approvers.
2024-03-04Server85.7.0This release adds the ability to create, update, and delete Approval Workflows.
2024-03-04Terraform7.6.0This change adds Approval Workflows and related verticals.
2024-03-04Java SDK6.8.0This change adds Approval Workflows and related verticals.
2024-03-04Python SDK6.8.0This change adds Approval Workflows and related verticals.
2024-03-04Go SDK6.8.0This change adds Approval Workflows and related verticals.
2024-03-04Ruby SDK6.8.0This change adds Approval Workflows and related verticals.
2024-03-04Server85.4.0This release adds a link to the settings page on the access workflows page of the Admin UI.
2024-03-02Server85.3.0This release fixes an issue where the resource catalog might appear empty when fetched in ServiceNow.
2024-03-01CLI41.20.0The release fixes a bug where the SourceIP field of queries as returned in the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries incorrectly included a port number in addition to an IP. Queries created since this fix will contain only an IP address in the SourceIP field. In addition, this release adds a new ClientIP field to the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries. This is the public-facing IP address that the client that performed a query used to authenticate with the StrongDM servers. This may differ from the SourceIP which is the IP address the client used to connect to the gateway through which the query was performed. These IP addresses may differ when the gateways are on a different network, such as behind a VPN. Lastly, this release adds the --extended option to the sdm audit k8s|rdp|ssh CLI commands, which includes some additional extended fields in the query output.
2024-03-01Server85.2.0The release fixes a bug where the SourceIP field of queries as returned in the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries incorrectly included a port number in addition to an IP. Queries created since this fix will contain only an IP address in the SourceIP field. In addition, this release adds a new ClientIP field to the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries. This is the public-facing IP address that the client that performed a query used to authenticate with the StrongDM servers. This may differ from the SourceIP which is the IP address the client used to connect to the gateway through which the query was performed. These IP addresses may differ when the gateways are on a different network, such as behind a VPN. Lastly, this release adds the --extended option to the sdm audit k8s|rdp|ssh CLI commands, which includes some additional extended fields in the query output.
2024-03-01Java SDK6.7.1The release fixes a bug where the SourceIP field of queries as returned in the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries incorrectly included a port number in addition to an IP. Queries created since this fix will contain only an IP address in the SourceIP field. In addition, this release adds a new ClientIP field to the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries. This is the public-facing IP address that the client that performed a query used to authenticate with the StrongDM servers. This may differ from the SourceIP which is the IP address the client used to connect to the gateway through which the query was performed. These IP addresses may differ when the gateways are on a different network, such as behind a VPN. Lastly, this release adds the --extended option to the sdm audit k8s|rdp|ssh CLI commands, which includes some additional extended fields in the query output.
2024-03-01Python SDK6.7.1The release fixes a bug where the SourceIP field of queries as returned in the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries incorrectly included a port number in addition to an IP. Queries created since this fix will contain only an IP address in the SourceIP field. In addition, this release adds a new ClientIP field to the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries. This is the public-facing IP address that the client that performed a query used to authenticate with the StrongDM servers. This may differ from the SourceIP which is the IP address the client used to connect to the gateway through which the query was performed. These IP addresses may differ when the gateways are on a different network, such as behind a VPN. Lastly, this release adds the --extended option to the sdm audit k8s|rdp|ssh CLI commands, which includes some additional extended fields in the query output.
2024-03-01Go SDK6.7.1The release fixes a bug where the SourceIP field of queries as returned in the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries incorrectly included a port number in addition to an IP. Queries created since this fix will contain only an IP address in the SourceIP field. In addition, this release adds a new ClientIP field to the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries. This is the public-facing IP address that the client that performed a query used to authenticate with the StrongDM servers. This may differ from the SourceIP which is the IP address the client used to connect to the gateway through which the query was performed. These IP addresses may differ when the gateways are on a different network, such as behind a VPN. Lastly, this release adds the --extended option to the sdm audit k8s|rdp|ssh CLI commands, which includes some additional extended fields in the query output.
2024-03-01Ruby SDK6.7.1The release fixes a bug where the SourceIP field of queries as returned in the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries incorrectly included a port number in addition to an IP. Queries created since this fix will contain only an IP address in the SourceIP field. In addition, this release adds a new ClientIP field to the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries. This is the public-facing IP address that the client that performed a query used to authenticate with the StrongDM servers. This may differ from the SourceIP which is the IP address the client used to connect to the gateway through which the query was performed. These IP addresses may differ when the gateways are on a different network, such as behind a VPN. Lastly, this release adds the --extended option to the sdm audit k8s|rdp|ssh CLI commands, which includes some additional extended fields in the query output.
2024-03-01Server85.0.0This release fixes an issue that caused the Request Access page and its tabs not to load properly in the Admin UI.
2024-03-01Server84.98.0This change adds a notification email sent to organization admins for non-transient Device Trust API failures.
2024-02-29Server84.93.0This release fixes an issue with dynamic access rules on access workflows, where they couldn't be updated under certain conditions.
2024-02-28Server84.88.0This release introduces a change to the file format and path location of replay data stored to Amazon S3 with Log Stream enabled, to improve the performance of storing that data. Replay data is no longer stored under individual objects (one object per chunk), but is instead aggregated so that multiple chunks from different replays may be stored in the same object, up to a limit of 1000 entries or 100 MB per object. Replay data from Log Stream is now stored similarly to activity and query data. Specifically: * The path under which replays are stored in S3 changes from <prefix>/replays/YYYY/MM/DD/HH/MM/<queryUUID>/<chunkID>.json to <prefix>/replays/YYYY/MM/DD/HH/MM/<randomUUID>.json. * The content of each JSON object changes from a single chunk per object ({"formatVersion":"v1.0.0", "chunkID":"1" ...}) to N chunks separated by new lines (that is, in JSON lines format, as with queries and activities).
2024-02-28Server84.87.0This changeset clarifies text for access workflows and approval workflows throughout the Admin UI.
2024-02-28Terraform7.5.0This change introduces the new AWS Private CA X.509 Certificate secret store. This secret store is marked as unstable and, as such, is not available for general use yet.
2024-02-27CLI41.18.0This change introduces the new AWS Private CA X.509 Certificate secret store. This secret store is marked as unstable and, as such, is not available for general use yet.
2024-02-27Java SDK6.7.0This change introduces the new AWS Private CA X.509 Certificate secret store. This secret store is marked as unstable and, as such, is not available for general use yet.
2024-02-27Python SDK6.7.0This change introduces the new AWS Private CA X.509 Certificate secret store. This secret store is marked as unstable and, as such, is not available for general use yet.
2024-02-27Go SDK6.7.0This change introduces the new AWS Private CA X.509 Certificate secret store. This secret store is marked as unstable and, as such, is not available for general use yet.
2024-02-27Ruby SDK6.7.0This change introduces the new AWS Private CA X.509 Certificate secret store. This secret store is marked as unstable and, as such, is not available for general use yet.
2024-02-27Server84.75.0This change reports a mocked version of a legacy variable to CLI versions older than 37.0.0 (released February 14, 2023). This variable was removed on February 24, 2024. The absence of this variable could cause the CLI to fail to respect port overrides on new connections.
2024-02-26Java SDK6.6.0This release adds the approval flow ID field to access workflows.
2024-02-26Go SDK6.6.0This release adds the approval flow ID field to access workflows.
2024-02-26Python SDK6.6.0This release adds the approval flow ID field to access workflows.
2024-02-26Ruby SDK6.6.0This release adds the approval flow ID field to access workflows.
2024-02-26Desktop App21.58.0Installer behavior has changed to allow silent installations on macOS and Windows and for installations to include updates to Virtual Networking Mode. On macOS, all PKG installers always require admin privilege, always install StrongDM in /Applications (but are owned by the end user so that update-in-place can still work), and always install the Virtual Networking Mode helper application. If macOS users want to install the desktop app without Virtual Networking Mode, they should use the DMG distribution. For a silent installation, macOS users should run the installer command line tool with the PKG file as a command line argument. On Windows, the EXE installers now install Virtual Networking Mode whenever the installer runs as Administrator. If the EXE installer is run as a non-administrator, StrongDM gets installed, but Virtual Networking Mode is not installed or updated. If Windows users want to install the desktop app without Virtual Networking Mode, they should run the installer as a non-administrator. Note that the EXE installers on Windows can be executed from the Command Prompt, and the installation will be in silent mode if the /S flag is used with the command.
2024-02-23Server84.67.0This release adds the Update Admins scope to API keys. This is a sensitive scope that allows your key to update admin users.
2024-02-23CLI41.15.0This change removes some deprecated capabilities around disabling port overrides. In particular, some CLI commands under sdm admin ports have been removed.
2024-02-23Server84.63.0This release updates the StrongDM app for Slack with improved tag search functionality that matches the way tag searching works in the Admin UI.
2024-02-23CLI41.14.0This change adds the --download option to the sdm replay rdp CLI command, which allows users to download formatted query logs from StrongDM and immediately render an MP4 from them. Previously, the logs had to be manually retrieved from a relay's logs directory. This does not currently support user-encrypted RDP logs.
2024-02-22Server84.61.0This release fixes a bug that caused resources assigned to peering groups to sometimes incorrectly show as reachable from nodes not in the resource's peering group on the Resources tab of the Admin UI Network > Relays page, the Admin UI Network > Gateways page, and the output of the sdm admin relays list in the CLI. In addition, this release fixes a bug that caused resources shown on the Resources tab of those Admin UI pages not to be ordered by name.
2024-02-22Server84.55.0This release adds support for all filters documented by the CLI help text for sdm admin resources list --filters-help.
2024-02-22CLI41.10.0This release adds support for all filters documented by the CLI help text for sdm admin resources list --filters-help.
2024-02-21Server84.53.0This change fixes a bug in device trust calculations which would prevent assessment storage from CrowdStrike for a CrowdStrike account with over 500 agents.
2024-02-21Server84.51.0User names will no longer prevent creation of service accounts with the same name.
2024-02-20CLI41.8.0This release introduces the GCP Certificate Authority Service, which is not yet available for general use.
2024-02-20Terraform7.3.0This release introduces the GCP Certificate Authority Service, which is not yet available for general use.
2024-02-20Server84.42.0This release introduces the GCP Certificate Authority Service, which is not yet available for general use.
2024-02-20Java SDK6.5.0This release introduces the GCP Certificate Authority Service, which is not yet available for general use.
2024-02-20Go SDK6.5.0This release introduces the GCP Certificate Authority Service, which is not yet available for general use.
2024-02-20Python SDK6.5.0This release introduces the GCP Certificate Authority Service, which is not yet available for general use.
2024-02-20Ruby SDK6.5.0This release introduces the GCP Certificate Authority Service, which is not yet available for general use.
2024-02-20Server84.40.0This release fixes an issue where access requests which were automatically approved would not show the correct approved timestamp when viewing the request details page in the Admin UI.
2024-02-20Server84.38.0This release fixes an issue where activities would not live feed into the Admin UI page on initial load.
2024-02-16Server84.36.0This release fixes an issue where the access requests page of the Admin UI would not load in some instances.
2024-02-16CLI41.6.0This release fixes an issue with the CLI where the sdm doctor -v command did not return any output.
2024-02-12Server84.6.0This release fixes the access details text shown on the Admin UI Request Access page to not reference a reason if there is none.
2024-02-09Server84.2.0This release fixes a bug that caused the /sdm access to command in the StrongDM integration for Slack not to work for non-admin users.
2024-02-09Ruby SDK6.4.0This release adds the new resource type, RDP (Certificate Based) server, which supports Remote Identities.
2024-02-09Java SDK6.4.0This release adds the new resource type, RDP (Certificate Based) server, which supports Remote Identities.
2024-02-09Terraform7.2.0This release adds the new resource type, RDP (Certificate Based) server, which supports Remote Identities.
2024-02-09Python SDK6.4.0This release adds the new resource type, RDP (Certificate Based) server, which supports Remote Identities.
2024-02-09Go SDK6.4.0This release adds the new resource type, RDP (Certificate Based) server, which supports Remote Identities.
2024-02-08Server83.93.0This release adds the Request timeout duration setting to the Settings > Workflows page of the Admin UI.
2024-02-07Server83.83.0The StrongDM integration for Slack has been updated to a new version. This version offers: - Channel-based approvals - Multiple-resource requests - Easier request/resource filtering - UI/UX improvements
2024-02-07Server83.79.0Creating an access request with a reason now has max length validation that matches the server.
2024-02-05Server83.59.0This release adds the Certificate Authority field to the RDP (Certificate Based) and SSH (Certificate Based) resource forms, allowing users to select a desired Certificate Authority (default is Strong CA). Strong CA is the StrongDM RDP Certificate Authority or StrongDM SSH Certificate Authority, depending on the selected server type. Strong CA is selected by default and is always the default, even if the Allow Credentials to be Stored with StrongDM option is set in the Admin UI > Settings > Security. Strong CA may be managed in the Admin UI > Network > Certificate Authorities.
2024-02-03Server83.52.0This release fixes a bug when running the sdm audit queries and related CLI commands, where including a filter using the query field to filter by query content would return an error that the filter was invalid.
2024-02-02Server83.49.0This release changes the application of the security setting "Allow Credentials to be Stored with StrongDM." Certificate-based resources, such as SSH (Certificate Based) and RDP (Certificate Based), may be created without assigning a secret store, even if the "Allow Credentials to be Stored with StrongDM" security setting is set to "No."
2024-02-01Server83.43.0This release adjusts the text in the enterprise banner at the top of workflow related pages to no longer reference Reports Library but rather Access Workflows.
2024-02-01CLI40.89.0This PR adds secret stores that will request signed x509 certificates from the PKI configured in the secret store. The initially supported PKI is HashiCorp Vault PKI. This new secret store is marked unstable and, as such, is not available for use yet.
2024-02-01Server83.40.0This PR adds secret stores that will request signed x509 certificates from the PKI configured in the secret store. The initially supported PKI is HashiCorp Vault PKI. This new secret store is marked unstable and, as such, is not available for use yet.
2024-01-31Server83.34.0This release removes the option to select suspended users as approvers for access workflows.
2024-01-31Java SDK6.3.2This release upgrades the GRPC dependency of the Java SDK to version 1.59.1. This version of the GRPC library fixes an incompatibility with newer versions of the Netty library, which may prevent the SDK from working with frameworks such as recent versions of Spring Boot.
2024-01-31Server83.32.0This release adjusts the logout condition for SentinelOne Device Trust. Previously devices would be logged out if SentinelOne reported them as not live, but testing revealed this value was not being consistently reported; live agents would sometimes be marked offline, causing random logouts. The replacement for this condition requires that a device is offline for 15 minutes before that results in an automatic logout.
2024-01-30Server83.24.0This release allows new certificates to be created for both SSH and RDP without immediately making them active. You can create a certificate, add it to your infrastructure, and then make it active in StrongDM. This enables the certificate rotation process to happen without downtime due to the delay from adding a new certificate. Additionally, previous certificates may be reactivated as a rollback option until they are removed. Certificate Authorities can be managed in the new Network > Certificate Authorities section of the Admin UI.
2024-01-29Desktop App21.54.0This release restores the missing Connect All menu item to the desktop app menu.
2024-01-29Server83.9.0This release fixes an issue where some organizations could not see reports in the Reports Library.
2024-01-26Server83.4.0This release marks the standing access report as no longer in beta.
2024-01-26Server83.3.0This release fixes a bug in filter functionality for the Access Workflows dashboard.
2024-01-25Java SDK6.3.0This release adds an SDK vertical to request checks for and retrieve the healthiness of the connections between nodes and secret stores.
2024-01-25Go SDK6.3.0This release adds an SDK vertical to request checks for and retrieve the healthiness of the connections between nodes and secret stores.
2024-01-25Python SDK6.3.0This release adds an SDK vertical to request checks for and retrieve the healthiness of the connections between nodes and secret stores.
2024-01-25Ruby SDK6.3.0This release adds an SDK vertical to request checks for and retrieve the healthiness of the connections between nodes and secret stores.
2024-01-25Server82.90.0Add pkg and msi installers to the downloads page
2024-01-25Server82.89.0This release fixes a bug where in rare cases a valid authentication with an admin token or API key would return an unauthenticated error.
2024-01-25Server82.88.0Slack tokens are no longer revoked after a failed refresh attempt.
2024-01-25Server82.87.0Update the default filter on the Standing Access Dashboard.
2024-01-25Server82.86.0This release augments resource update validation in the case when the secret store of the resource is modified. See also Server 82.80.0.
2024-01-24CLI40.78.0This release allows the Secret Store field on resources to be updated after creation. When transitioning from using a non-Strong Vault secret store to any other, or vice versa, all sensitive credential field values (those hidden in the AdminUI) are reset to ensure they are not exposed in plaintext. The Terraform Provider still recreates resources when their secret store is updated to ensure it doesn't lose track of its state because of the reset sensitive fields.
2024-01-24Server82.80.0This release allows the Secret Store field on resources to be updated after creation. When transitioning from using a non-Strong Vault secret store to any other, or vice versa, all sensitive credential field values (those hidden in the AdminUI) are reset to ensure they are not exposed in plaintext. The Terraform Provider still recreates resources when their secret store is updated to ensure it doesn't lose track of its state because of the reset sensitive fields.
2024-01-23Server82.75.0This release fixes a broken banner link for StrongDM email alerts.
2024-01-23Server82.74.0This release fixes a condition where authentications could take up to several seconds before they were available to use after logging in.
2024-01-23Server82.73.0This change fixes the filter parameters for the Approvers list in the Access Workflows dashboard.
2024-01-23Server82.70.0This release overhauls the presentation of Reports Library dashboards.
2024-01-22Server82.68.0This change fixes a bug with a deprecated authentication mode used by clients beneath 33.17.0, where those authentications were frequently revoked without reason.
2024-01-19Java SDK6.2.1This change removes some unimplemented snapshot APIs.
2024-01-19Python SDK6.2.1This change removes some unimplemented snapshot APIs.
2024-01-19Ruby SDK6.2.1This change removes some unimplemented snapshot APIs.
2024-01-19Go SDK6.2.1This change removes some unimplemented snapshot APIs.
2024-01-18CLI40.73.0This release fixes an issue that prevented successful authentication for SSH certificate-based resources that had Secret Store IDs set.
2024-01-18CLI40.59.1This release fixes an issue that prevented successful authentication for SSH certificate-based resources that had Secret Store IDs set.
2024-01-18Server82.54.0Added a checkbox in the Admin UI to allow requesters to approve their own requests when they meet the approval criteria for the associated workflow.
2024-01-16Java SDK6.2.0This release updates the SDKs to enable retrieving configured RDP CAs.
2024-01-16CLI40.67.0This release adds the 'sdm admin rdp view-ca' CLI command to retrieve the CA used for certificate-based RDP connections.
2024-01-16Python SDK6.2.0This release updates the SDKs to enable retrieving configured RDP CAs.
2024-01-16Go SDK6.2.0This release updates the SDKs to enable retrieving configured RDP CAs.
2024-01-16Ruby SDK6.2.0This release updates the SDKs to enable retrieving configured RDP CAs.
2024-01-16Terraform7.1.0This release updates the SDKs to enable retrieving configured RDP CAs.
2024-01-12Server82.35.0This release modifies the behavior of the integration with Slack, including help text and welcome message frequency changes.
2024-01-12Server82.30.0This release restores the presence of some missing release notes from the /release-notes endpoint.
2024-01-11CLI40.63.0This release renames the columns of CSV query output to be more consistent between query categories. It also adds three new fields for features in development.
2024-01-11CLI40.61.0This release adds a new, non-stable server type: SSH (Cert Based with User Provisioning). This new server type is in closed beta and not available at this time.
2024-01-09CLI40.57.0This release deprecates the sdm admin ssh rotate-ca command. The correct way to rotate SSH CA is through the credential management area in the Admin UI.
2024-01-09Server82.11.0Admins can now set a fixed duration for access requests on the Workflows settings page of the Admin UI.
2024-01-08CLI40.55.0This release updates the permissions checked when calling sdm ssh resource-name, fixing a recent regression which prevented user-level accounts from executing this action.
2024-01-08CLI40.54.0This release fixes an issue that prevented connections to certain resources with an "unable to load credential type for db type" error. This error is resolved.
2024-01-08Python SDK6.1.0This release adds a Healthcheck verb to the SDKs and the sdm admin <resource-category> CLI trees. From the CLI, one may request a healthcheck via a resource's ID or its name. Note admin tokens are not able to request checks by name if they lack the permission to list resources, as they will not be able to look up the resource.
2024-01-08CLI40.51.0This release adds a Healthcheck verb to the SDKs and the sdm admin <resource-category> CLI trees. From the CLI, one may request a healthcheck via a resource's ID or its name. Note admin tokens are not able to request checks by name if they lack the permission to list resources, as they will not be able to look up the resource.
2024-01-08Java SDK6.1.0This release adds a Healthcheck verb to the SDKs and the sdm admin <resource-category> CLI trees. From the CLI, one may request a healthcheck via a resource's ID or its name. Note admin tokens are not able to request checks by name if they lack the permission to list resources, as they will not be able to look up the resource.
2024-01-08Go SDK6.1.0This release adds a Healthcheck verb to the SDKs and the sdm admin <resource-category> CLI trees. From the CLI, one may request a healthcheck via a resource's ID or its name. Note admin tokens are not able to request checks by name if they lack the permission to list resources, as they will not be able to look up the resource.
2024-01-08Ruby SDK6.1.0This release adds a Healthcheck verb to the SDKs and the sdm admin <resource-category> CLI trees. From the CLI, one may request a healthcheck via a resource's ID or its name. Note admin tokens are not able to request checks by name if they lack the permission to list resources, as they will not be able to look up the resource.
2024-01-05Server82.2.0This changeset adds support for IDP initiated logins for SAML, if enabled within one's StrongDM SSO configuration.
2024-01-04Admin UI86.20.0This release makes some minor bug fixes for filters within dashboards.
2024-01-04Ruby SDK6.0.1This release unlocks the gemspec for the strongdm ruby SDK expanding openssl from ~> 3.1.0 to ~> 3.1.
2024-01-03Admin UI86.19.0This release adjusts and improves the user experience for filters within dashboards.
2024-01-02Server81.81.0This release adds a feature to alert organization admins for when the StrongDM RDP CA is close to expiring. It will send alert emails for the following stages: 30 days before expiration, 2 weeks before expiration, 1 week before expiration, 2 days before expiration, 1 day before expiration, and 2 days after expiration.
2023-12-22CLI40.46.0This release fixes a regression in the CLI that prevented listing resources with the sdm admin datasources|servers|... list commands with an admin token that had resources list permission but not resource locks list permission. The commands now function when run without resource lock list permission by omitting resource lock status information.
2023-12-21Go SDK6.0.1This release includes documentation updates.
2023-12-20Admin UI86.14.0In this release, the Workflows settings page of the Admin UI now allows admins to forbid users from setting a custom duration on requests. Instead, admins can define a fixed duration.
2023-12-19Server81.61.0This change modifies query storage logic to be more tolerant of queries that may be awaiting processing from recently deleted gateways or relays.
2023-12-13Admin UI86.10.0This release adds a validation error in the Admin UI if a duplicate ServiceNow URL is configured.
2023-12-13Admin UI86.9.0This release internally simplifies the flow for requesting RDP replays in the Admin UI, removing possible failure modes.
2023-12-12Server81.44.0Quotas have been enforced on all customers in order to prevent usage by one customer from impacting StrongDM's availability for other customers. If you see an error due to a quota being exceeded, please submit a request to StrongDM Support to have your quota increased.
2023-12-12Admin UI86.7.0This release fixes a bug where the revoke option was presented for access requests that can't be revoked.
2023-12-12Server81.40.0This release modifies the format of the content in access request emails to refer to request duration.
2023-12-12Admin UI86.6.0This release fixes typos in the integrations page.
2023-12-11Admin UI86.3.0This release allows non-enterprise users to see reports in a limited manner.
2023-12-11Admin UI86.1.0This release fixes a bug which prevented the creation of some RDP resource types with specific settings selected.
2023-12-08Server81.30.0This release expands the time range of valid RDP queries to request replays for in the Admin UI. This range looked back 4500 replays historically, but recent changes brought this limit down to 200. This release expands it to search all historical queries up to an organization's complete query retention range.
2023-12-08Java SDK6.0.0This release renames approver_id to account_id and adds role_id to the workflow approver vertical.
2023-12-08Python SDK6.0.0This release renames approver_id to account_id and adds role_id to the workflow approver vertical.
2023-12-08Ruby SDK6.0.0This release renames approver_id to account_id and adds role_id to the workflow approver vertical.
2023-12-08Go SDK6.0.0This release renames approver_id to account_id and adds role_id to the workflow approver vertical.
2023-12-07CLI40.28.0This release adds roles to the CLI interface for workflow approvers, renaming the 'approver-id' flag to 'account-id' in the process.
2023-12-07CLI40.27.0There was in issue with the SDM client Docker image starting at version 40.8.0 that prevented it from running properly. This issue has now been fixed.
2023-12-06Admin UI85.98.0This release adjusts the presentation of the auditor report dashboard.
2023-12-06Admin UI85.97.0When making an access request users can now specify a start date and time.
2023-12-05Admin UI85.96.0This change migrates some secret stores to be Enterprise bundle features.
2023-12-05Admin UI85.95.0This change reveals the Admin UI version number at the bottom of the navigation sidebar.
2023-12-04CLI40.24.0The RDP cert-based driver now supports DRDYNVC, which should allow the driver to support more environments.
2023-12-01Admin UI85.91.0This change adds cards on the Admin UI's Integrations page for existing integrations, such as secret stores and logging options.
2023-11-30Server80.82.0StrongDM now enforces a limit of 1,000 resources per organization for new customers. Customers who require more than this should submit a request to StrongDM Support to get their quota increased. Existing customers have been assigned enough quota to at least double their current resource count.
2023-11-28Server80.65.0This release modifies an error message displayed on one OIDC login error, to more clearly point to the cause of the problem; when a POST to an OIDC server to verify that they did send us a login request occurs, if the response is lacking a token, it usually implies that the configured client secret is invalid, or expired.
2023-11-28Server80.64.0Fixed an issue where the CLI command sdm access to executed with only a duration would immediately time out.
2023-11-28Server80.61.0This change restores the ability to provide a start from time for access requests.
2023-11-27CLI40.20.0This change modifies the proxy used by sdm aws commands to include http:// in the HTTPS_PROXY variable, which otherwise can cause some programs like terraform modules in TF 1.6.3 to reject the variable for the lack of a schema.
2023-11-22Admin UI85.90.0This change enables the use of Roles to define workflow approvers.
2023-11-21CLI40.19.0This release resolves an issue where some relays hosted in AWS, using AWS secret stores, but without permission to use IMDSv2, could panic due to an updated AWS Go SDK version introduced in CLI version 40.2.0.
2023-11-20Admin UI85.87.0This release allows users of the Auditor permission level to interact with access requests as Users, if they belong to the appropriate roles.
2023-11-17Admin UI85.85.0This release adjusts the presentation of queries in the Admin UI to address bugs where replays would not show as replayable.
2023-11-17Server80.50.0This release adjusts the presentation of queries in the Admin UI to address bugs where replays would not show as replayable.
2023-11-17Server80.47.0This release fixes a an issue where, since server version 80.41.0, it would take a manual refresh of the Admin UI for live, complete replays to present as replayable.
2023-11-16Server80.44.0This release increases the limit of workflows that an organization can have from 25 to 50.
2023-11-16Admin UI85.80.0This release enables viewing older historical queries in the Admin UI. Previously this view was limited to between 30 and 4500 results, depending on resource category. Now, using date filters, the same query range that can be viewed by users of any given organization can be viewed by those users in the Admin UI as well.
2023-11-15Admin UI85.77.0This change prevents auditors from being able to see access request approval and reject buttons even if they are selected as an approver.
2023-11-09Terraform6.0.6This release makes the resource types Aurora PostgreSQL (IAM) and RDS PostgreSQL (IAM) generally available.
2023-11-09Admin UI85.72.0This release augments the access request workflow modal to respect organization-wide workflow settings for maximum durations.
2023-11-09Java SDK5.0.5This release makes the resource types Aurora PostgreSQL (IAM) and RDS PostgreSQL (IAM) generally available.
2023-11-09Admin UI85.71.0This release makes the resource types Aurora PostgreSQL (IAM) and RDS PostgreSQL (IAM) generally available.
2023-11-09Python SDK5.0.5This release makes the resource types Aurora PostgreSQL (IAM) and RDS PostgreSQL (IAM) generally available.
2023-11-09Ruby SDK5.0.5This release makes the resource types Aurora PostgreSQL (IAM) and RDS PostgreSQL (IAM) generally available.
2023-11-09Go SDK5.0.5This release makes the resource types Aurora PostgreSQL (IAM) and RDS PostgreSQL (IAM) generally available.
2023-11-09Server80.16.0This release makes the resource types Aurora PostgreSQL (IAM) and RDS PostgreSQL (IAM) generally available.
2023-11-08Server80.12.0This release fixes a bug causing '/sdm access catalog' to not display if it contained resources with more than 6 tags.
2023-11-08Admin UI85.70.0Notification settings have been added to the Settings > Workflows page which allows you to enable/disable the sending of email notifications. This does not affect Slack notifications (if using the Slack integration).
2023-11-08Admin UI85.69.0This release adjusts the display of duration text in Access Requests.
2023-11-08Admin UI85.68.0This release adjusts the display of revoked access request details.
2023-11-08Admin UI85.67.0This release fixes a bug where the Access Requests page sometimes displayed blank timestamps.
2023-11-08CLI40.8.0This release upgrades the 'rdpreplay' Docker image to be based on Ubuntu 22.04.
2023-11-07Admin UI85.65.0This release adds a workflow settings page to the Admin UI. This page currently only has one setting, allowing admins to specify the maximum duration access may be requested for.
2023-11-06Admin UI85.64.0This release changes the Access Request form to base requests on total duration instead of a 'valid until' time.
2023-11-06CLI40.4.0This release fixes a rare edge case in idle timeout calculation, where if a user sent over one query per second for the entire duration of their idle timeout, the idle timeout would never be reset and it would log them out as if they had sent no queries.
2023-11-02CLI40.1.0This release fixes a bug in sdm audit users, restoring visibility into service accounts via this command.
2023-11-02Admin UI85.61.0This release adds the ability to view and change a user's External ID in the Admin UI.
2023-11-02Terraform6.0.5This release specifies the weight fields of the Workflows domain as computed in the SDM Terraform Provider. When a computed field is not provided in the configuration, Terraform will not try to update the computed value to null in subsequent execution plans.
2023-11-01Admin UI85.60.0This release fixes an issue where the Member CID field was not optional as described when setting up the CrowdStrike provider in Device Posture settings.
2023-11-01Terraform6.0.4This release fixes a bug in the API in which the creation and deletion of WorkflowRoles were not concurrency safe. The bug affected the SDM Terraform provider and any other API consumer that tried to do concurrent creation and deletion of WorkflowRoles.
2023-11-01Server79.87.0This release fixes a bug in the API in which the creation and deletion of WorkflowRoles were not concurrency safe. The bug affected the SDM Terraform provider and any other API consumer that tried to do concurrent creation and deletion of WorkflowRoles.
Top