2023 Release Notes

Last modified on May 23, 2023

May 15, 2023

Updated

  • SDKs. Updated the SDKs to include a new CreatedAt field for the StrongDM API’s AccountResources domain object. Using the new field requires updating to the latest SDKs.
  • Admin UI Icons. Improved the Admin UI user experience by changing emojis to icons for healthchecks on gateways, relays, and resources; Settings page buttons; and some warning messages.
  • Display of Last Healthcheck. Made the Admin UI’s “Last checked” field for resource healthchecks more accurate by changing the field to return Never instead of a timestamp such as 01 01 001 at 12:00 AM UTC or similar if the resource had no recorded healthchecks.
  • Certificate Expiration Time. Changed the certificates used by the SSH Certificate-based resource type to have a validity of 24 hours (up from 3 minutes).
  • Reports Library CSV Export. Added suboptions to the Reports Library CSV export option to allow all report rows to be exported as CSV, or only filtered report rows.
  • Dock Icon for macOS. Made the desktop app dock icon hidden on macOS.
  • Activity Messages for Unknown Users. Changed the format of activity messages for unknown or support actors to show “StrongDM System Action” if there’s no Actor ID, or “Unknown User” for unknown users.
  • Activities Information. Added all actor information to activities on creation.

Fixed

  • Resource Audit Data. Fixed an issue where renaming a resource right after creating the resource sometimes caused audit records to be written with the old name of the resource.
  • Replay Storage. Fixed an issue that could potentially cause a silent failure to save replays.
  • Queries Permission Requirements. Fixed an issue with permissions checks for sdm audit queries so that API requests for queries restricted by query category to only SSH or Kubernetes queries now only require SSH audit permission, and API requests for queries restricted by query category to only non-SSH or Kubernetes queries now only require Queries audit permissions. Requests for queries in all categories (including requests that do not specify any category filter) require both permissions.
  • Cloned Resource Audit Records. Fixed an issue that caused two audit records to be written for a resource that was cloned from inside the resource configuration page and renamed soon after.
  • Query Row Error. Fixed an issue that caused queries with no next rows to incorrectly return an error saying there are no rows.
  • SQL Server. Fixed issues and limitations with the Microsoft SQL Server resource type to prevent untracked queries and parsing errors.
  • MFA Validation. Fixed an issue that caused MFA settings in the Admin UI not to validate correctly.
  • Desktop App Auto Update. Fixed an issue that caused the desktop app to become unstable when trying to automatically update when the user was logging in.
  • CLI Help Text. Fixed an issue where help text and command options were missing for sdm admin kubernetes clone and sdm admin kubernetes add CLI commands.

April 30, 2023

New

  • AWS Management Console Generally Available. Released AWS Management Console as a cloud resource type.
  • Email Daily Quota System. Improved StrongDM’s email-sending layer by adding a daily quota system that restricts the number of emails that can be sent to new users (for example, when inviting users to the organization or resetting user passwords). This change helps to prevent misbehaving automation or other extenuating circumstances from degrading email services, and it should have no impact on your normal operations.

Updated

  • Least Privilege Report Options. Added report options to the Least Privilege report that allow you to generate a report that shows access grants that haven’t been used in a custom number of days, within a 1- to 90-day range.
  • Reports Library Tag Selector. Updated the Admin UI Reports Library to disable the ability to select duplicate keys to filter by in the Tags dropdown menu. For example, if you have made the selection to filter by env=prod, you can’t select env=dev at the same time.
  • Sensitive Resources Report Display in Admin UI. Updated the Sensitive Resources report in the Admin UI to display sensitive resources that have no access grants as single rows and also allow filtering to these rows using the Has no Access Grants filter under the user dropdown.
  • Reports Display of Resources. Updated the Sensitive Resources and Sensitive Resources Recent Grants reports in the Admin UI to display resources with the resource tags that were assigned to them at the time the report was generated (as opposed to the current resource tags).
  • sdm update. Updated the sdm update command to take no update actions when the user is logged out. If logged out, the command now prints You are not logged in. No update actions will be taken until you log in.
  • Timeout Option for CLI Commands. Updated most sdm admin and sdm audit CLI commands to include a --timeout option that allows users to set the timeout value to up to a maximum of 5 minutes, as opposed to the default 30 seconds.
  • SDK Version. Updated the SDKs to version 3.12.0, which adds a new Capture field that contains capture details for SSH, Kubernetes, and RDP queries. This update is useful because clients do not have to interpret the capture JSON otherwise returned in the query response in order to obtain those details.
  • Secret Store Path Fields in SDKs and Terraform. Updated the SDKs and Terraform provider to expose secret store paths/keys. This update applies to all StrongDM SDKs and does not require a client-side interaction for the new behavior to take effect. For the Terraform provider, a manual update of the client’s library version is required for the new fields to be present, and it primarily affects the import of resources into Terraform.
  • IDs Returned When Listing Queries. Updated the StrongDM API to return useful IDs (for example, n-12345) instead of UUIDs for the EgressNodeID field when listing queries.
  • Cloud HTTP Proxy Support and New Fields. Updated cloud resources to have HTTP proxy support, and added new fields Subdomain, Bind-Interface, and PortOverride to all cloud types in the SDKs and CLI.

Fixed

  • User Email Link to Docs. Fixed a broken link to desktop app documentation in the email sent to new users.
  • Speed of Operations During Report Generation. Fixed an issue that caused some StrongDM operations to be slow while reports in the Admin UI were generating.
  • Reports Displaying Deleted Resources. Fixed an issue that caused the Sensitive Resources and Sensitive Resources Recent Grants reports to be able to display resources that had been deleted within the last 90 days of the report. Now the reports only display resources that were not deleted at the time the report was generated.
  • Reports Library Tags Filter. Fixed an issue that caused the resource tags filter in the Admin UI Reports Library to filter on all tags instead of the selected tag(s).
  • Admin UI Usability in Chrome. Fixed an issue in order to prevent the Admin UI from scrolling in Chrome when adding resources.
  • HTTP Subdomain Validation on Clouds. Fixed an issue in order to prevent bad subdomains from reaching the server, by adding client-side HTTP subdomain validation on cloud resources.
  • SSH and Kubernetes Command Query Display. Fixed an issue that caused queries for SSH and Kubernetes commands to display incorrectly in sdm audit ssh or sdm audit kubernetes CLI output and the Admin UI logs if they contained newline and tab characters.
  • SQL Server Query Tracker. Fixed an issue in the query tracker for the SQL Server resource where responses to RPC requests may not have been correctly processed and which prevented those responses from being recorded correctly (and possibly subsequent traffic on the connection). This issue only occurred in connections that have requested the optional column encryption feature to be enabled.
  • RDP. Fixed an issue that prevented new RDP connections from being established from macOS Microsoft Remote Desktop clients starting with version 10.8.2.

April 15, 2023

New

  • Azure MySQL Generally Available. Released the Azure MySQL datasource type.

Updated

  • Elasticsearch Password Field. Updated the Elasticsearch datasource type to have an optional Password field.
  • Reports Library Refresh Frequency. Updated the Admin UI Reports Library to retry generating failed reports every minute instead of every 24 hours.
  • Terraform Provider Resources. Added the Elastic Kubernetes Service (instance profile - User Impersonation) cluster type to the Terraform provider resources.

Fixed

  • Google-Provisioned User Suspensions. Fixed an issue that arose due to differences in how Google and StrongDM handle suspended users, in which a user that was suspended in Google but was still a member of a group(s) continued to be assigned to the corresponding role(s) in StrongDM.
  • Report Export CSV Button. Fixed an issue in the Reports Library that allowed reports that failed to generate to be exported.
  • Response to Invalid Report Filter Query. Fixed an issue in the Reports Library where entering in an invalid filter query or a filter query that returned no results caused the Admin UI to say the report was not found instead of “No search results match the query.”
  • SQL Server. Fixed a potential issue with relays when using SQL Server resources running Microsoft SQL Server 2016 or later, which could cause an out-of-memory error when a client requests column encryption to be enabled.

March 31, 2023

New

  • Advanced Insights. Released Advanced Insights, the new reporting and auditing bundle that helps protect the business with the Audit API and Reports Library.
    • The Audit API extends the auditing and logging capabilities of the SDKs and CLI. If enabled for your organization, it allows you to programmatically extract the history of what happened in your organization, view full snapshots, view shells for all replays, view SSH session data and watch sessions play live, look at queries as they come in, and more.
    • The Reports Library provides admins with in-depth analysis of access grants to resources. Four new reports allow you to quickly understand how your most critical resources are used, see which roles are over-privileged or underutilized, and keep tabs on your most sensitive resources.
  • Strong Vault. Released Strong Vault, StrongDM’s native vault where you can store secrets, keys, and credentials for authenticating users to your resources.

Updated

  • Read-Only Remote Identity Field. Changed the Remote Identity field in the Admin UI to be read-only if the user was created with SCIM integration, in order to prevent SCIM from overwriting the Remote Identity username when the user is SCIM-managed.
  • MongoDB Query Parsing. Updated the way that data is parsed into MongoDB queries in order to include significantly more information.
  • SSH Key Types. Added supported SSH key types to the SDKs.
  • StrongDM for Linux. Updated the Linux package to include a --home parameter that can be used to override the default install config directory for Linux-installed clients and nodes.
  • Node Activities. Added a new activity entity type for nodes and added the node entity to node activities in the SDKs.
  • Activity Actor Name. Updated activities without an associated actor to display “StrongDM System Action” as the actor name instead of “Unknown User ()” in the sdm audit activities CLI output and the API responses when using the SDKs.
  • EKS Instance Profile With User Impersonation. Updated the Elastic Kubernetes Service (instance profile - User Impersonation) cluster types to allow Kubernetes Remote Identities to pass user roles in the Impersonate-Group header.

Fixed

  • Kubernetes Event Tracker. Fixed an issue in the Kubernetes resource’s event tracker that could potentially lead to out-of-memory errors on relays with kubectl port-forward and kubectl exec commands. In addition, fixed an issue that could potentially cause excessive log spam of StartQuery called after CompleteQuery and CompleteQuery called after CompleteQuery errors when using kubectl port-forward.
  • Service Account Auto-Connect. Fixed an issue that caused service account auto-connect to break service account logins.
  • Okta-Managed User Suspension. Fixed an issue where Okta-managed users were not suspended when unassigned from the StrongDM app within Okta.
  • MSSQL Healthchecks. Fixed an issue that caused MSSQL healthchecks to fail.
  • Password Reset Panel Display. Fixed an issue where the password reset panel was not shown to root admins in parent organizations.
  • SSO Login From CLI. Fixed an issue where SSO login via the CLI didn’t open two tabs in the web browser.

March 15, 2023

New

  • Direct SSO Links. Added the option to create organization-specific login links that automatically direct the user to the configured SSO provider.

Updated

  • Update Automatic Port Allocation. Updated the automatic port allocation for port overrides to start at 10000 and to skip default ports in the range.
  • Update Secret Store Field Requirements. Updated the Server CA (path) field to be optional when using secret stores for cluster resources.
  • Added Fields for sdm audit activities. Updated the fields shown when running sdm audit activities to include four more fields: actor first name, actor last name, actor email, and actor external ID.

Fixed

  • Error Handling for sdm login. Fixed an issue in the CLI where sdm login failures failed silently instead of returning an error.
  • Log File Creation at Installation. Fixed an issue in the CLI where sdm install created log files with the wrong extension.
  • HTTP Error Pages. Fixed an issue with website resources where rendering error pages or interacting with them did not work as intended.

February 28, 2023

New

  • Delinea Secret Server. Made Delinea Secret Server generally available. This new Secret Store integration helps you to protect your business by making it easy to use StrongDM while storing all types of secrets, such as passwords, credentials, and SSH keys, in a centralized digital password vault.

Updated

  • Gateway Form. Updated the Admin UI’s gateway configuration form by including a link to documentation and omitting the word “publicly” from the help text.
  • SSO Settings. Updated the Admin UI settings to allow organizations to choose to disable single sign-on (SSO) relogin attempts.
  • Resource Count Display. Updated Admin UI resource tables so that the total number of resources shown in the header updates based on Admin UI changes made in other web browsers.

Fixed

  • Desktop App Documentation Link. Fixed an issue in the desktop app where the link to documentation had the wrong URL.
  • Download & Install Page. Fixed an issue where the desktop app was missing from the StrongDM packages on the Admin UI Download & Install page.
  • Desktop App for Windows. Fixed an issue in order to prevent runaway memory leaks in the desktop app for Windows.
  • Audit Record Expiration. Fixed an issue that could cause audit records to be incorrectly expired and potentially result in some duplicate audit records being present for February 28, 2023.

February 15, 2023

Updated

  • EKS Instance Profile. Added the EKS Instance Profile cluster resource to the SDKs and Terraform provider.
  • EKS Server CA. Updated the certificate validation process to return an error if the retrieved Server CA certificate for EKS resource types is an empty string.
  • Login Flow. Implemented additional security measures in the login flow. When logging into the desktop app with SSO enabled, the user is now presented with an interstitial StrongDM page to confirm that the login attempt is intentional. For more information, see the StrongDM Security Advisory.
  • Terraform RDP Ports. Made RDP ports optional in Terraform. If ports are not provided, they are replaced with a default value.
  • Members Search. Changed the search behavior on the Admin UI’s Roles > Members tab so that searching for accounts assigned to a role now searches according to the full name and email rather than by first name only.
  • sdm admin ssh Help Text. Updated the help text and descriptions of the sdm admin ssh CLI command to clarify that it supports only public key SSH servers and not other types of SSH servers (for example, certificate-based or customer-managed key).

Fixed

  • Temporary Access Timezone. Fixed an issue that caused the current time for a specified time zone to display incorrectly when creating a temporary access grant.
  • Activities Filter. Fixed an issue in which the Admin UI Activities log date filter didn’t allow for single-digit month or day values.
  • Zscaler. Fixed an issue that caused network issues to occur in some cases when using StrongDM alongside Zscaler.
  • SSH Connections Not Closing. Fixed an issue that sometimes caused SSH connections to be unable to disconnect when using the desktop app.
  • Desktop App Memory Leak. Fixed an issue that caused the desktop app to experience a memory leak under certain circumstances.
  • Client Stability. Fixed an issue that, in some cases, caused StrongDM clients in the “logged out” state to see high CPU usage.

January 31, 2023

New

  • User Insights Generally Available. Increased admin productivity by providing them with metrics about their organization’s StrongDM seat usage. The new metrics—Active Seats, Inactive Seats, and Billable Seats—are displayed to StrongDM admins in the Admin UI.
  • EKS Instance Profile Generally Available. Released the Elastic Kubernetes Service (instance profile) cluster type resource to all customers.

Updated

  • Resource Tag Wildcard Options. Added support for an additional wildcard option when filtering by resource tags. A blank key in the key=value tag format treats the key as a wildcard (for example, =foo is treated as *=foo).
  • Login Screens for Password Managers. Updated login-related screens to work better with 1Password and Google Password Manager.

Fixed

  • Double Refresh. Fixed an issue in which refreshing the Admin UI Users page in the web browser resulted in the page being refreshed twice.
  • User Invitation in Admin UI. Fixed an issue that caused flashing error messages when inviting new users from within the Admin UI.
  • Install sdm in PATH on Windows. Fixed an issue with the desktop app Install sdm in PATH option that destructively updated the user’s PATH variable on Windows machines.
  • Website Resource Healthchecks. Fixed an issue that caused healthchecks to produce a timeout error for a website resource using a reverse proxy.
  • sdm doctor. Fixed an issue that caused the sdm doctor -v CLI command to report an incorrect latency of zero for all gateways.

January 15, 2023

Updated

  • Secret Store Type Names. Updated the names of secret store types to reflect the services they represent more accurately.

Fixed

  • Resource Update Sync. Fixed an issue that caused updates to resource information made in the Admin UI and CLI not to be reflected immediately in the desktop app.
  • Resource Name Display. Fixed an issue that caused resource names to flash when resizing the browser window on the resource view in the Admin UI.
  • Table String Display. Fixed an issue that caused long strings in tables to behave erratically at a particular screen size in the Admin UI.
  • Order of Activity Logs. Fixed an issue that sometimes caused the Admin UI to display activities logged at the same time in the wrong logical order (for example, “failed login” displayed after a “successful login”).
  • Admin UI Navigation Menu. Fixed an issue in the Admin UI navigation accordion menu that caused it to expand incorrectly.
  • Combobox Keyboard Interactions. Fixed combobox keyboard interactions for accessibility in the Admin UI.