Release Notes

This page provides public release notes for StrongDM software features, updates, and fixes. You may search the release notes by version number, software type, and/or text. For older release notes not shown on this page, please see the Archive.

Versioning Information

For all software, StrongDM currently increments versions as follows:

  • n.0-100.0 for each release (such as 32.97.0, 32.98.0, 32.99.0, 33.0.0)
  • a.b.1 for patch releases (such as 32.97.1)
  • Non-listed versions are internal (numbers missing from the sequence, such as 32.97.0, 32.98.0, 33.2.0, 33.3.0)
Release Notes Atom Feeds

To see all releases (including those that have no public notes) see the Atom feed for each software:

DateSoftwareVersionDescription
2025-04-10Terraform14.0.0This release is a major SDK version bump that introduces enhanced approval workflows. The approval workflow steps and approval workflow approvers endpoints have been deprecated to introduce multistep approval workflow functionality through the approval workflow endpoint. Approval workflows can now be created with multiple approval steps and approvers using the approval workflows endpoint. In addition, you can now specify a "skip after" timeout on an approval step so that the step will auto-approve if no approval has been given after the specified time elapses. Another optional "quantifier" specifies whether any or all approvers need to approve for an approval step. The approval workflows history, approval workflows steps history, and approval workflow approvers history endpoints remain as-is for historical data queries.
2025-04-10Go SDK14.0.0This release is a major SDK version bump that introduces enhanced approval workflows. The approval workflow steps and approval workflow approvers endpoints have been deprecated to introduce multistep approval workflow functionality through the approval workflow endpoint. Approval workflows can now be created with multiple approval steps and approvers using the approval workflows endpoint. In addition, you can now specify a "skip after" timeout on an approval step so that the step will auto-approve if no approval has been given after the specified time elapses. Another optional "quantifier" specifies whether any or all approvers need to approve for an approval step. The approval workflows history, approval workflows steps history, and approval workflow approvers history endpoints remain as-is for historical data queries.
2025-04-10Python SDK14.0.0This release is a major SDK version bump that introduces enhanced approval workflows. The approval workflow steps and approval workflow approvers endpoints have been deprecated to introduce multistep approval workflow functionality through the approval workflow endpoint. Approval workflows can now be created with multiple approval steps and approvers using the approval workflows endpoint. In addition, you can now specify a "skip after" timeout on an approval step so that the step will auto-approve if no approval has been given after the specified time elapses. Another optional "quantifier" specifies whether any or all approvers need to approve for an approval step. The approval workflows history, approval workflows steps history, and approval workflow approvers history endpoints remain as-is for historical data queries.
2025-04-10Ruby SDK14.0.0This release is a major SDK version bump that introduces enhanced approval workflows. The approval workflow steps and approval workflow approvers endpoints have been deprecated to introduce multistep approval workflow functionality through the approval workflow endpoint. Approval workflows can now be created with multiple approval steps and approvers using the approval workflows endpoint. In addition, you can now specify a "skip after" timeout on an approval step so that the step will auto-approve if no approval has been given after the specified time elapses. Another optional "quantifier" specifies whether any or all approvers need to approve for an approval step. The approval workflows history, approval workflows steps history, and approval workflow approvers history endpoints remain as-is for historical data queries.
2025-04-09CLI47.13.0This release exposes the manager id field of a user in sdm admin users list and improves the formatting of SCIM data when the --json flag is used.
2025-04-09Server101.95.0This release updates SSH (Customer Managed Key) resources using Identity Aliases with a third-party secret store (not Strong Vault) to optionally use a different SSH private key for each Identity Alias. This is done by configuring the path to the private key in the secret store to include a $SDM_USERNAME variable that will be replaced at runtime with the Identity Alias of the connecting user (for example, secrets/employees/$SDM_USERNAME?key=ssh-key).
2025-04-08Desktop App22.20.0This release fixes an issue where when a user would relaunch the SSO login in a browser window, it would show an error that the token was already used.
2025-04-08Server101.88.0This release adds SCIM metadata to the output from the sdm admin users list CLI command.
2025-04-08CLI47.11.0This release adds SCIM metadata to the output from the sdm admin users list CLI command.
2025-04-08CLI47.10.0This release adds support for Secret Engines and Managed Secrets in the SDKs.
2025-04-08Server101.87.0This release adds support for Secret Engines and Managed Secrets in the SDKs.
2025-04-08Python SDK13.12.0This release adds support for Secret Engines and Managed Secrets in the SDKs.
2025-04-08Ruby SDK13.12.0This release adds support for Secret Engines and Managed Secrets in the SDKs.
2025-04-08Go SDK13.12.0This release adds support for Secret Engines and Managed Secrets in the SDKs.
2025-04-07CLI47.8.0SSH (Customer Managed Key) resources now support Identity Aliases in addition to the existing support for leased credentials. Identity Aliases allow a different SSH username to be used for different users connecting to the same resource with the same SSH key. This new configuration is supported across the Admin UI, CLI, SDKs, and Terraform.
2025-04-07Server101.81.0SSH (Customer Managed Key) resources now support Identity Aliases in addition to the existing support for leased credentials. Identity Aliases allow a different SSH username to be used for different users connecting to the same resource with the same SSH key. This new configuration is supported across the Admin UI, CLI, SDKs, and Terraform.
2025-04-07Terraform13.11.0SSH (Customer Managed Key) resources now support Identity Aliases in addition to the existing support for leased credentials. Identity Aliases allow a different SSH username to be used for different users connecting to the same resource with the same SSH key. This new configuration is supported across the Admin UI, CLI, SDKs, and Terraform.
2025-04-07Python SDK13.11.0SSH (Customer Managed Key) resources now support Identity Aliases in addition to the existing support for leased credentials. Identity Aliases allow a different SSH username to be used for different users connecting to the same resource with the same SSH key. This new configuration is supported across the Admin UI, CLI, SDKs, and Terraform.
2025-04-07Ruby SDK13.11.0SSH (Customer Managed Key) resources now support Identity Aliases in addition to the existing support for leased credentials. Identity Aliases allow a different SSH username to be used for different users connecting to the same resource with the same SSH key. This new configuration is supported across the Admin UI, CLI, SDKs, and Terraform.
2025-04-07Go SDK13.11.0SSH (Customer Managed Key) resources now support Identity Aliases in addition to the existing support for leased credentials. Identity Aliases allow a different SSH username to be used for different users connecting to the same resource with the same SSH key. This new configuration is supported across the Admin UI, CLI, SDKs, and Terraform.
2025-04-07Server101.78.0This release updates the access workflow quota limit to be no longer capped at 100.
2025-04-07Server101.76.0This release adds support for the Amazon OpenSearch/Elasticsearch (IAM) datasource type, allowing Opensearch/Elasticsearch to be set up using IAM.
2025-04-07CLI47.7.0This release adds support for the Amazon OpenSearch/Elasticsearch (IAM) datasource type, allowing Opensearch/Elasticsearch to be set up using IAM.
2025-04-07Python SDK13.10.0This release adds support for the Amazon OpenSearch/Elasticsearch (IAM) datasource type, allowing Opensearch/Elasticsearch to be set up using IAM.
2025-04-07Go SDK13.10.0This release adds support for the Amazon OpenSearch/Elasticsearch (IAM) datasource type, allowing Opensearch/Elasticsearch to be set up using IAM.
2025-04-07Ruby SDK13.10.0This release adds support for the Amazon OpenSearch/Elasticsearch (IAM) datasource type, allowing Opensearch/Elasticsearch to be set up using IAM.
2025-04-03Server101.60.0This release speeds up load times between page and tab navigation in the Admin UI.
2025-04-02Server101.58.0This release makes multistep approval workflows generally available. You can now create approval workflows with multiple approval steps. There are new settings that allow you to skip an approval step after it's been idle for a period of time, or specify whether any or all approvers need to approve that step. In addition, this release adds the new CLI command sdm admin approval-workflows-multistep, which takes JSON configuration for a whole approval workflow, including approval steps and approvers. Users can also query and list information about approval workflows through this CLI command. Lastly, this release deprecates the following CLI commands, which will continue to work for existing customers, but without the new multistep approval workflow functionality: sdm admin approval workflows, sdm admin approval-workflow-steps, and sdm admin approval-workflow-approvers.
2025-04-02CLI47.3.0This release makes multistep approval workflows generally available. You can now create approval workflows with multiple approval steps. There are new settings that allow you to skip an approval step after it's been idle for a period of time, or specify whether any or all approvers need to approve that step. In addition, this release adds the new CLI command sdm admin approval-workflows-multistep, which takes JSON configuration for a whole approval workflow, including approval steps and approvers. Users can also query and list information about approval workflows through this CLI command. Lastly, this release deprecates the following CLI commands, which will continue to work for existing customers, but without the new multistep approval workflow functionality: sdm admin approval workflows, sdm admin approval-workflow-steps, and sdm admin approval-workflow-approvers.
2025-03-31Terraform13.6.0The SDKs now send requests to app.strongdm.com by default, rather than api.strongdm.com. The previous address will continue to be supported indefinitely.
2025-03-31Python SDK13.6.0The SDKs now send requests to app.strongdm.com by default, rather than api.strongdm.com. The previous address will continue to be supported indefinitely.
2025-03-31Ruby SDK13.6.0The SDKs now send requests to app.strongdm.com by default, rather than api.strongdm.com. The previous address will continue to be supported indefinitely.
2025-03-31Go SDK13.6.0The SDKs now send requests to app.strongdm.com by default, rather than api.strongdm.com. The previous address will continue to be supported indefinitely.
2025-03-27CLI46.98.0This release deprecates the sdm install --domain CLI command. Instead, use --app-domain and pass the full domain name of the control plane including the app. (for example, sdm install --app-domain app.eu.strongdm.com). The --domain flag will continue to work as-is indefinitely.
2025-03-21Server101.17.0This release mitigates certain instances of hung healthcheck diagnostics in the Admin UI.
2025-03-21CLI46.92.0This release removes sdm admin managedsecrets validate and sdm admin managedsecrets validate from the CLI. Please use sdm managedsecrets validate and sdm managedsecrets validate with relevant permission policy instead.
2025-03-20Server101.13.0This release makes proxy clusters generally available as a new deployment option.
2025-03-19Server101.9.0This release adds support for secret engines to enterprise customers. All enterprise customers can now create secret engines and managed secrets.
2025-03-14Server100.91.0This release updates the Relay and Gateway Resources tab in the Admin UI to have search and filtering capabilities. Users can now search by resource name, type filter, status filter, and tags filter.
2025-03-14Server100.89.0This release adds a workflow setting to the Admin UI to specify the number of requests a user can make to a resource.
2025-03-14Server100.86.0This release introduces an exponential backoff in case of automatic rotation failures for Active Directory secret engines. This will reduce the number of errors that might be observed for misconfigured Active Directory accounts. The interval for retries in case of failures will be increased with each failure until it reaches max_backoff_duration. After that retries happen every max_backoff_duration. The default value for max_backoff_duration is 1 day (24 hours). max_backoff_duration can be set using the --max-backoff-duration flag when updating a secret engine (sdm admin secretengines update active_directory <SECRET_ENGINE_ID>) or creating a secret engine (sdm admin secretengines create active_directory).
2025-03-14CLI46.87.0This release introduces an exponential backoff in case of automatic rotation failures for Active Directory secret engines. This will reduce the number of errors that might be observed for misconfigured Active Directory accounts. The interval for retries in case of failures will be increased with each failure until it reaches max_backoff_duration. After that retries happen every max_backoff_duration. The default value for max_backoff_duration is 1 day (24 hours). max_backoff_duration can be set using the --max-backoff-duration flag when updating a secret engine (sdm admin secretengines update active_directory <SECRET_ENGINE_ID>) or creating a secret engine (sdm admin secretengines create active_directory).
2025-03-11Server100.80.0This release adds the new permission level Database Operator.
2025-03-11Terraform13.3.0This release adds the new permission level Database Operator.
2025-03-11Ruby SDK13.3.0This release adds the new permission level Database Operator.
2025-03-11Go SDK13.3.0This release adds the new permission level Database Operator.
2025-03-11Python SDK13.3.0This release adds the new permission level Database Operator.
2025-03-10CLI46.84.0This release adds support to the sdm connect CLI command, allowing it to accept either a resource name or a resource ID as the argument.
2025-03-10Server100.75.0This release adds support to the sdm connect CLI command, allowing it to accept either a resource name or a resource ID as the argument.
2025-03-10Server100.71.0This release fixes an issue with the sdm admin users grant-temporary --template-role CLI command, in which it would not grant access to resources on that role.
2025-03-08CLI46.81.0This release fixes an issue that could cause unexpected disconnects from RDP (Certificate Based) resources with certain combinations of Windows client and server versions.
2025-03-06CLI46.78.0This release fixes a healthcheck bug for Amazon EKS resources where the wrong namespace was used during the healthcheck when Identity Sets were enabled.
2025-03-06CLI46.77.0This release adds the Kubernetes (Pod Identity) cluster resource type, which supports connection to Kubernetes clusters that have a node (relay or gateway) running inside them, without ever giving StrongDM credentials to the cluster.
2025-03-06Terraform13.2.0This release adds the Kubernetes (Pod Identity) cluster resource type, which supports connection to Kubernetes clusters that have a node (relay or gateway) running inside them, without ever giving StrongDM credentials to the cluster.
2025-03-06Server100.63.0This release adds the Kubernetes (Pod Identity) cluster resource type, which supports connection to Kubernetes clusters that have a node (relay or gateway) running inside them, without ever giving StrongDM credentials to the cluster.
2025-03-06Python SDK13.2.0This release adds the Kubernetes (Pod Identity) cluster resource type, which supports connection to Kubernetes clusters that have a node (relay or gateway) running inside them, without ever giving StrongDM credentials to the cluster.
2025-03-06Ruby SDK13.2.0This release adds the Kubernetes (Pod Identity) cluster resource type, which supports connection to Kubernetes clusters that have a node (relay or gateway) running inside them, without ever giving StrongDM credentials to the cluster.
2025-03-06Go SDK13.2.0This release adds the Kubernetes (Pod Identity) cluster resource type, which supports connection to Kubernetes clusters that have a node (relay or gateway) running inside them, without ever giving StrongDM credentials to the cluster.
2025-03-04CLI46.74.0This release updates the sdm replay rdp CLI command to include improved help and usage information, updates sdm replay rdp to support rendering RDP sessions older than one week, and updates sdm replay rdp to be able to be used to render RDP sessions from local relay log files encrypted with public key encryption (via the --key option).
2025-03-03Server100.44.0This releases changes the MS SQL Kerberos SPN field to be a non-credential type. This only changes behavior when using secret stores with MS SQL Kerberos resources. Previously, a secret path needed to be specified for the SPN field when using secret stores. Now the field is always a plaintext string.
2025-03-03Terraform13.0.0This releases changes the MS SQL Kerberos SPN field to be a non-credential type. This only changes behavior when using secret stores with MS SQL Kerberos resources. Previously, a secret path needed to be specified for the SPN field when using secret stores. Now the field is always a plaintext string.
2025-03-03Go SDK13.0.0This releases changes the MS SQL Kerberos SPN field to be a non-credential type. This only changes behavior when using secret stores with MS SQL Kerberos resources. Previously, a secret path needed to be specified for the SPN field when using secret stores. Now the field is always a plaintext string.
2025-03-03Ruby SDK13.0.0This releases changes the MS SQL Kerberos SPN field to be a non-credential type. This only changes behavior when using secret stores with MS SQL Kerberos resources. Previously, a secret path needed to be specified for the SPN field when using secret stores. Now the field is always a plaintext string.
2025-03-03Python SDK13.0.0This releases changes the MS SQL Kerberos SPN field to be a non-credential type. This only changes behavior when using secret stores with MS SQL Kerberos resources. Previously, a secret path needed to be specified for the SPN field when using secret stores. Now the field is always a plaintext string.
2025-03-03Server100.43.0This release improves the Cluster Discovery tab in the Admin UI to show a more meaningful message when nothing has been discovered yet.
2025-02-28Server100.39.0This release fixes an issue that caused requesting access to a resource via fixed duration to display "Requested for 0 days" in the access details column.
2025-02-26CLI46.69.0This release fixes an issue for Oracle, where entering a raw IP address as the hostname causes the connection to fail. Additionally, this release fixes a connectivity issue for Oracle 19 in OCI and any other Oracle servers using the same connection format from odbc6.jar (version8i).
2025-02-20Server100.16.0This release updates policies so that StrongDM::ManagedSecret::Action::"read" is now granted implicitly as part of StrongDM::ManagedSecret::Action::"retrieve", StrongDM::ManagedSecret::Action::"rotate", and StrongDM::ManagedSecret::Action::"validate". Now users granted those "broader" permissions can also list secrets they can take action upon.
2025-02-19Server100.12.0This release updates the way users are routed to certain Admin UI pages upon login. Users with the User permission level on login will be routed to the Download & Install page. Users with the Database Admin permission level on login will be routed to the Datasources page. Users with the Admin permission level who have expired Enterprise accounts will see an Enterprise purchase banner at the top of the page for pages that are Enterprise-only.
2025-02-19Server100.10.0This release updates the Policy Logs page of the Admin with a new design and filtering capability. Users can now use dropdown filters and search input to reduce the amount of logs displayed based on the requested filters.
2025-02-14CLI46.64.0This release addresses an issue where under periods of heavy load, nodes may potentially run out of memory if remote logging to StrongDM is enabled and query and replay data is being generated faster than it can be logged to StrongDM. Nodes are now limited to consuming no more than about 50 percent of system memory for buffering remote logs, throttling traffic when this limit is reached. While it should not be necessary to do so, these default limits may be overridden via SDM_RELAY_LOG_REMOTE_BUFFER_BYTES and SDM_RELAY_LOG_REMOTE_BUFFER_RETRY_BYTES environment variables.
2025-02-12CLI46.62.0This release updates the SDKs to support the new AccessRule field for account grants.
2025-02-12Server100.1.0This release updates the SDKs to support the new AccessRule field for account grants.
2025-02-12Python SDK12.10.0This release updates the SDKs to support the new AccessRule field for account grants.
2025-02-12Go SDK12.10.0This release updates the SDKs to support the new AccessRule field for account grants.
2025-02-12Ruby SDK12.10.0This release updates the SDKs to support the new AccessRule field for account grants.
2025-02-10CLI46.60.0This release adds support to RDP resources for connecting to Windows 11 and Windows Server 2025 RDP servers with Network Level Authentication (NLA) enabled. Previously, RDP resources required NLA to be disabled on these newer Windows versions.
2025-02-10CLI46.59.0This release fixes an issue where RDP sessions to some Windows target server versions, including Windows 10, may fail to render into video fields. This release also fixes an issue where RDP sessions from Windows 11 24H2 clients to some Windows target server versions, including Windows 10 and 11, may display incorrectly, with heavy pixelation of the screen.
2025-02-07Server99.89.0This release improves resource selection in the temporary access modal to allow better search results.
2025-02-06Server99.77.0This release updates the temporary access table to no longer increment the total count by two when adding a new temporary grant to a user.
2025-02-05Server99.74.0This release fixes an issue where gateways device details text would overflow into other text.
2025-02-04Server99.62.0This release fixes an issue where a newly created role wasn't immediately showing up in the roles table in the Admin UI. It also fixes an issue where the "reason" text field in the access request modal did not capture the first character being typed into it.
2025-02-03Server99.60.0This release ensures that Role IDs no longer show up in the search box of the attach role selector on the access workflow form.
2025-01-31Terraform12.9.1This release updates the Terraform provider docs to include max duration and fixed duration settings for individual access workflows.
2025-01-30CLI46.43.0This release fixes an issue with RDP session video rendering (both in the Admin UI and the CLI) that could potentially result in artifacts in the rendered video due to a rare mis-parsing of bitmap updates in the RDP session data.
2025-01-29CLI46.41.0This release provides the capability for users to append an -e flag to their sdm status CLI command. This will show privilege levels (if any) for any clusters they currently have privileges for.
2025-01-29Server99.38.0This release provides the capability for users to append an -e flag to their sdm status CLI command. This will show privilege levels (if any) for any clusters they currently have privileges for.
2025-01-29Server99.33.0This release adds a new logs page to the Admin UI for Credential Management logs.
2025-01-28CLI46.40.0Relays previously output the following non-structured log line every 2 minutes on stderr: link count: %d, stream count: %d, egress count: %d. This log will now appear in the following structured format on stdout, bringing it in compliance with all other log lines: time="2025-01-28T10:15:56-08:00" level=info msg="link monitor" linkCount=1 streamCount=0 egressCount=0.
2025-01-28CLI46.39.0This release adds the PrivilegeGroups field to sharedkernel.Capture model, allowing these to be auditable via sdm audit k8s and in query logs. These fields are populated by any groups granted via privileges for a given Kubernetes operation.
2025-01-28Terraform12.9.0This release adds the PrivilegeGroups field to sharedkernel.Capture model, allowing these to be auditable via sdm audit k8s and in query logs. These fields are populated by any groups granted via privileges for a given Kubernetes operation.
2025-01-28Python SDK12.9.0This release adds the PrivilegeGroups field to sharedkernel.Capture model, allowing these to be auditable via sdm audit k8s and in query logs. These fields are populated by any groups granted via privileges for a given Kubernetes operation.
2025-01-28Ruby SDK12.9.0This release adds the PrivilegeGroups field to sharedkernel.Capture model, allowing these to be auditable via sdm audit k8s and in query logs. These fields are populated by any groups granted via privileges for a given Kubernetes operation.
2025-01-28Go SDK12.9.0This release adds the PrivilegeGroups field to sharedkernel.Capture model, allowing these to be auditable via sdm audit k8s and in query logs. These fields are populated by any groups granted via privileges for a given Kubernetes operation.
2025-01-27CLI46.38.0This release adds the sdm access request <REQUEST_ID> CLI command that displays a summary of the request and approvals.
2025-01-27CLI46.37.0This release adds support for IAM authentication with Aurora MySQL.
2025-01-27Server99.24.0This release fixes an issue where sdm access requests --filter="request:<RESOURCE_NAME>"" would not return some access requests when there were matching requests.
2025-01-27Terraform12.8.0This release adds support for IAM authentication with Aurora MySQL.
2025-01-27Server99.22.0This release adds support for IAM authentication with Aurora MySQL.
2025-01-27Go SDK12.8.0This release adds support for IAM authentication with Aurora MySQL.
2025-01-27Ruby SDK12.8.0This release adds support for IAM authentication with Aurora MySQL.
2025-01-27Python SDK12.8.0This release adds support for IAM authentication with Aurora MySQL.
2025-01-24Server99.12.0This release makes the Windows x32 version no longer available for download on the Admin UI Download & Install page.
2025-01-24Server99.10.0This release fixes an issue where resources would not appear for an access request in reports.
2025-01-23Server99.4.0This release updates the Admin UI with new table ordering that allows you to sort by name on Gateway and Relay pages.
2025-01-22CLI46.32.0This release adds support for DocumentDB with IAM authentication.
2025-01-22Terraform12.5.0This release adds support for DocumentDB with IAM authentication.
2025-01-22Server98.87.0This release adds support for DocumentDB with IAM authentication.
2025-01-22Python SDK12.5.0This release adds support for DocumentDB with IAM authentication.
2025-01-22Go SDK12.5.0This release adds support for DocumentDB with IAM authentication.
2025-01-22Ruby SDK12.5.0This release adds support for DocumentDB with IAM authentication.
2025-01-21Server98.85.0This release adds a loading indicator to the policy logs details panel of the Admin UI.
2025-01-21CLI46.31.0This release addresses the following third party CVEs: CVE-2024-45336,CVE-2024-45341
2025-01-21Server98.80.0This release addresses the following third party CVEs: CVE-2024-45336,CVE-2024-45341
2025-01-17Server98.74.0This release fixes a bug where 31 days was the maximum duration access could be requested even if the organization or workflow allowed for more.
2025-01-17Server98.71.0This release updates the modal for granting temporary access to be broken up into multiple steps. The step for selecting resources has been changed from checkboxes to a combobox/search input.
2025-01-17Desktop App22.4.0This release makes ClickHouse available in the CLI.
2025-01-17Java SDK12.4.0This release adds the ClickHouse resource type.
2025-01-17CLI46.26.0This release adds the ClickHouse resource type.
2025-01-17Python SDK12.4.0This release adds the ClickHouse resource type.
2025-01-17Ruby SDK12.4.0This release adds the ClickHouse resource type.
2025-01-17Go SDK12.4.0This release adds the ClickHouse resource type.
2025-01-16Server98.57.0This release adds the DynamoDB (IAM) resource type.
2025-01-14Java SDK12.2.0This release makes the Google Cloud Platform Workforce Identity Federation resource type generally available.
2025-01-14CLI46.19.0This release makes the Google Cloud Platform Workforce Identity Federation resource type generally available.
2025-01-14Terraform12.2.0This release makes the Google Cloud Platform Workforce Identity Federation resource type generally available.
2025-01-14Server98.45.0This release makes the Google Cloud Platform Workforce Identity Federation resource type generally available.
2025-01-14Python SDK12.2.0This release makes the Google Cloud Platform Workforce Identity Federation resource type generally available.
2025-01-14Go SDK12.2.0This release makes the Google Cloud Platform Workforce Identity Federation resource type generally available.
2025-01-14Ruby SDK12.2.0This release makes the Google Cloud Platform Workforce Identity Federation resource type generally available.
2025-01-13Server98.30.0This release updates the Roles page of the Admin UI to have table ordering on the Roles column.
2025-01-10CLI46.14.0This release adds the CLI command sdm admin secretengines rotate for rotating a secret engine's password used for connecting to Active Directory (currently only the active_directory secret engine type supports this). Running the command will update Bindpass in the Active Directory and store a new password inside the secret engine's configuration stored inside the secret store.
2025-01-10Server98.23.0This release adds the CLI command sdm admin secretengines rotate for rotating a secret engine's password used for connecting to Active Directory (currently only the active_directory secret engine type supports this). Running the command will update Bindpass in the Active Directory and store a new password inside the secret engine's configuration stored inside the secret store.
2025-01-08CLI46.11.0This release adds the ability to set workflow settings at the workflow level via the StrongDM SDKs and CLI.
2025-01-08Terraform11.23.0This release adds the ability to set workflow settings at the workflow level via the StrongDM SDKs and CLI.
2025-01-08Java SDK11.23.0This release adds the ability to set workflow settings at the workflow level via the StrongDM SDKs and CLI.
2025-01-08Server98.8.0This release adds the ability to set workflow settings at the workflow level via the StrongDM SDKs and CLI.
2025-01-08Python SDK11.23.0This release adds the ability to set workflow settings at the workflow level via the StrongDM SDKs and CLI.
2025-01-08Ruby SDK11.23.0This release adds the ability to set workflow settings at the workflow level via the StrongDM SDKs and CLI.
2025-01-08Go SDK11.23.0This release adds the ability to set workflow settings at the workflow level via the StrongDM SDKs and CLI.
2025-01-08Server98.6.0This release updates the Jira Connect button on the Admin UI Integrations page to link to the EU version of the Jira plugin for the EU control plane.
2025-01-04Server97.91.0This release enhances the integration for Slack's display of access requests in the app by adding a summary of the approval steps and approvers.
2025-01-02Server97.82.0This release includes minor updates to the integrations with Microsoft Teams and Jira to support split requested and result duration of access requests.
2024-12-20Server97.69.0This release updates the Jira integration card in the Admin UI to link to the control plane-specific Jira app.
2024-12-19Server97.63.0This release allows admins to adjust settings of a specific access workflow.
2024-12-19Server97.59.0This release changes all Admin UI resource pages to allow columns to be ordered by name and type.
2024-12-18Server97.52.0This release updates credential rotation so that rotating a credential now updates the expiration date, in turn preventing a validation expiration date from showing an "expired" alert.
2024-12-18CLI46.3.0This release updates the CLI command sdm audit access-requests to include the approval flow ID.
2024-12-17Server97.45.0This release fixes an issue related to Snowflake resources created via the API/CLI and Terraform. Currently, when not set, the "Port" argument defaults to 0, resulting in the Snowflake driver constructing a request that causes Snowflake to return with an unexpected error. This fix ensures that the default port of 443 is used when not set.
2024-12-17CLI46.2.0This release makes the --name parameter visible in the CLI help for the sdm aws and sdm az CLI commands. This parameter was already documented but hidden in the CLI help.
2024-12-13Server97.36.0This change makes a fix to the Admin UI that allows known healthcheck information to be displayed on the Datasources details page as it comes in rather than waiting for all nodes to report healthcheck information. Prior to this change, if one or more nodes were in a broken state where they were not able to report healthcheck status, the displayed status for all nodes would have been Checking. Now, the healthy nodes' healthcheck status is able to be reported as it comes in and only unhealthy nodes stay in a Checking state.
2024-12-12Server97.28.0This release fixes an issue where failing to retrieve a credential on the Credentials page in the Admin UI could only be resolved by first refreshing the page. Now there is a retry button and the credential is always retrieval is always attempted when selecting the retrieve menu option.
2024-12-11CLI45.93.0This release adds a new filter for filtering queries through the sdm audit CLI command or through the Queries vertical in the SDK. The authzAction filter can filter queries by authorization request action (such as StrongDM::Action::"connect" or SQL::Action::"drop"). This filter may include wildcards, for example *sql*drop*. This filter does not match on queries that were not associated with a policy authorization.
2024-12-11Server97.22.0This release adds a new filter for filtering queries through the sdm audit CLI command or through the Queries vertical in the SDK. The authzAction filter can filter queries by authorization request action (such as StrongDM::Action::"connect" or SQL::Action::"drop"). This filter may include wildcards, for example *sql*drop*. This filter does not match on queries that were not associated with a policy authorization.
2024-12-10Server97.15.0This release updates the Integrations page in the Admin UI to now link to the EU Microsoft Teams listing for users on the EU control plane.
2024-12-09CLI45.90.0This release fixes an issue introduced in version 45.80.0 of the CLI that could cause sdm aws terraform commands to fail with a "tls: failed to verify certificate" error.
2024-12-09Server97.10.0This release enhances the Users page in the Admin UI to make the Name, Email, and Permission Level columns sortable.
2024-12-05Desktop App21.93.0This release fixes an issue where focus would be removed from the search bar in the desktop app while typing.
2024-12-04Server96.98.0This release updates access requests to now specify the requested duration and the result duration in the request step message.
2024-12-03Server96.89.0This release updates the the Approve/Deny message in the integration with Slack to include a text field where the approver can provide a note back to the requester regarding the outcome.
2024-12-02CLI45.80.0This release updates the sdm aws, sdm azure, and sdm gcp CLI commands to provide a --name parameter and an env subcommand. It also updates the sdm azure and sdm gcp CLI commands to support a run subcommand and to store on-disk cloud SDK configuration and logs in a per-resource directory of the form $SDM_HOME/azure-config/<RESOURCE_ID> and $SDM_HOME/gcloud-config/<RESOURCE_ID> respectively, instead of a global configuration directory. In addition, the sdm gcp CLI command no longer supports the activate and init subcommands; To use StrongDM GCP resources, the gcloud, run and env commands to be used instead. Lastly, the sdm gcp gsutil CLI command has been deprecated; it continues to be supported but is hidden and may be removed in the future. Google no longer maintains gsutil and it is recommended to use gcloud storage (sdm gcp cli storage) instead.
2024-12-02Server96.84.0This release upgrades the access to command in the integration with Teams to support more variations that may be desired in the list of resource names and IDs.
2024-12-02Server96.82.0This release allows users to authenticate to ClickHouse through the driver with a username and private SSH key, when the users are created in the database with their public key.
2024-11-27CLI45.79.0This release fixes an issue where sdm access to command in the integration with Slack caused ordinary users to get a permission error when requesting resources by name.
2024-11-27Server96.75.0This release updates the /sdm access to command in the integration for Slack to specify a request for multiple resources.
2024-11-27CLI45.78.0This release splits the Duration field on AccessRequest objects in the SDKs and CLI into Requested Duration and Result Duration.
2024-11-27Server96.73.0This release splits the Duration field on AccessRequest objects in the SDKs and CLI into Requested Duration and Result Duration.
2024-11-27Java SDK11.20.0This release splits the Duration field on AccessRequest objects in the SDKs and CLI into Requested Duration and Result Duration.
2024-11-27Python SDK11.20.0This release splits the Duration field on AccessRequest objects in the SDKs and CLI into Requested Duration and Result Duration.
2024-11-27Go SDK11.20.0This release splits the Duration field on AccessRequest objects in the SDKs and CLI into Requested Duration and Result Duration.
2024-11-27Ruby SDK11.20.0This release splits the Duration field on AccessRequest objects in the SDKs and CLI into Requested Duration and Result Duration.
2024-11-26Server96.69.0This release gives the current GCP driver a more descriptive name to contrast it with new GCP functionality currently in beta.
2024-11-26CLI45.75.0This release gives the current GCP driver a more descriptive name to contrast it with new GCP functionality currently in beta.
2024-11-25Server96.60.0This release updates the StrongDM app for Slack to display the requested duration in addition to the duration that the access request would grant upon approval.
2024-11-22Server96.55.0The format of API access keys has changed from a long Base64-encoded string to a hex string in the format auth-0123abcd. Existing API keys are unaffected, and the format of the secret portion of the key remains the same.
2024-11-22Server96.54.0This release allows the CLI command sdm access to to create requests with multiple resources. The sdm access to command no longer has a default duration, so it should normally be specified using the -duration flag.
2024-11-21Server96.49.0This release fixes a regression that caused access request creation to fail for organizations with a fixed duration setting.
2024-11-20Server96.42.0With this release, the Request Access page of the Admin UI now shows the StrongDM resource related to the action if present.
2024-11-19Server96.32.0With this release, the Microsoft Teams "Connect" link on the Admin UI Integrations page goes directly to the Teams marketplace listing for StrongDM.
2024-11-15Server96.24.0This release enables StrongDM's integration for Jira.
2024-11-15CLI45.66.0This release fixes an issue with the queries logged for AWS Management Console resource access, including incorrect values for the "region" and "service" fields extracted from the resource's ".sdm.network" HTTP hostname. These fields are now omitted as they are not applicable to this resource. This release also improves the queries logged for Snowsight console resource access to include the full details of the HTTP request, making the queries logged for this resource consistent with other cloud resources. Lastly, this release improves the queries logged for AWS resource access to include the command that was executed from the HTTP request.
2024-11-14CLI45.62.0With this release, Kubernetes drivers now support the latest Kubernetes cluster deployments and use websockets as the transport layer where applicable. The workaround KUBECTL_REMOTE_COMMAND_WEBSOCKETS=false is no longer required.
2024-11-12Server95.96.0This release allows users to be able to request multiple resources at the same time in the Admin UI.
2024-11-12Terraform11.18.0This release of the StrongDM Terraform Provider adds support for unstable GCP Workforce Identity Federation based resources.
2024-11-12CLI45.60.0This release adds two new filters applicable to filtering queries through the sdm audit CLI or the Queries vertical in the SDKs: policyID filters queries affected by the specified policy and authzDecision filters queries by authorization decision (either "allow" or "deny"). These filters do not match queries that were not associated with a policy authorization.
2024-11-12Server95.90.0This release adds two new filters applicable to filtering queries through the sdm audit CLI or the Queries vertical in the SDKs: policyID filters queries affected by the specified policy and authzDecision filters queries by authorization decision (either "allow" or "deny"). These filters do not match queries that were not associated with a policy authorization.
2024-11-09CLI45.57.0This release changes the name of "GCP" resources as displayed in the Admin UI and CLI from "GCP" to "GCP (Service Account)". This change only affects the displayed name and is intended to disambiguate this resource from the future introduction of other GCP resources using different authentication mechanisms.
2024-11-09Server95.87.0This release changes the name of "GCP" resources as displayed in the Admin UI and CLI from "GCP" to "GCP (Service Account)". This change only affects the displayed name and is intended to disambiguate this resource from the future introduction of other GCP resources using different authentication mechanisms.
2024-11-08CLI45.56.0This release allows customers engaged with us for GCP Workforce Identity Federation based resources to utilize the CLI, SDKs, and Terraform provider to create resources.
2024-11-08Server95.84.0This release allows customers engaged with us for GCP Workforce Identity Federation based resources to utilize the CLI, SDKs, and Terraform provider to create resources.
2024-11-08Java SDK11.18.0This release allows customers engaged with us for GCP Workforce Identity Federation based resources to utilize the CLI, SDKs, and Terraform provider to create resources.
2024-11-08Python SDK11.18.0This release allows customers engaged with us for GCP Workforce Identity Federation based resources to utilize the CLI, SDKs, and Terraform provider to create resources.
2024-11-08Go SDK11.18.0This release allows customers engaged with us for GCP Workforce Identity Federation based resources to utilize the CLI, SDKs, and Terraform provider to create resources.
2024-11-08Ruby SDK11.18.0This release allows customers engaged with us for GCP Workforce Identity Federation based resources to utilize the CLI, SDKs, and Terraform provider to create resources.
2024-11-08Server95.83.0This release adds a new column under the Admin UI Roles page called "Users", which displays how many users are assigned to the role. In addition, the "Managed By" column is always displayed, and results can be filtered by "Managed By" when the organization has a provisioner.
2024-11-08Server95.80.0This release fixes an issue that may cause integration connected service disconnect calls to fail due to deleted StrongDM users.
2024-11-07Server95.76.0This release fixes an occasional issue where the All Requests page would error loading.
2024-11-06CLI45.54.0This release adds a new configuration value to the Active Directory secrets engine that can be changed using: 
sdm admin secretengines update active_directory -id <eng-id> --do-not-validate-timestamps=true
 The default value for this configuration option is false and is only used in case of active_directory.
2024-11-06Server95.59.0This release adds a new configuration value to the Active Directory secrets engine that can be changed using: 
sdm admin secretengines update active_directory -id <eng-id> --do-not-validate-timestamps=true
 The default value for this configuration option is false and is only used in case of active_directory.
2024-11-05Server95.56.0This release fixes an issue with redirection when switching accounts during workflow integration setup process.
2024-11-05Server95.53.0This release improves the login state upon entering a bad password. The login screen no longer refreshes, resetting the login state. Instead, an error appears and the email is retained.
2024-11-01Server95.32.0This release improves lazy loading for the Policy Editor.
2024-11-01Server95.31.0This release fixes an issue where collapsing/expanding Policy Editor columns would increase column width unexpectedly.
2024-10-31Server95.27.0This release fixes an issue where when a user navigates directly to /app/login and attempts to log in using a password, they are redirected to /auth/login.
2024-10-31CLI45.44.0This release adds support for the AWS (Instance Profile) resource. The AWS (Instance Profile) resource type is generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider. The sdm aws cli commands support this resource type.
2024-10-31Terraform11.17.0This release adds support for the AWS (Instance Profile) resource. The AWS (Instance Profile) resource type is generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider. The sdm aws cli commands support this resource type.
2024-10-31Server95.22.0This release adds support for the AWS (Instance Profile) resource. The AWS (Instance Profile) resource type is generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider. The sdm aws cli commands support this resource type.
2024-10-31Python SDK11.17.0This release adds support for the AWS (Instance Profile) resource. The AWS (Instance Profile) resource type is generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider. The sdm aws cli commands support this resource type.
2024-10-31Go SDK11.17.0This release adds support for the AWS (Instance Profile) resource. The AWS (Instance Profile) resource type is generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider. The sdm aws cli commands support this resource type.
2024-10-31Ruby SDK11.17.0This release adds support for the AWS (Instance Profile) resource. The AWS (Instance Profile) resource type is generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider. The sdm aws cli commands support this resource type.
2024-10-30CLI45.43.0This release adds a new healthcheck service for fetching an organization's most recent healthchecks.
2024-10-30Server95.19.0This release adds a new healthcheck service for fetching an organization's most recent healthchecks.
2024-10-30Java SDK11.16.0This release adds a new healthcheck service for fetching an organization's most recent healthchecks.
2024-10-30Python SDK11.16.0This release adds a new healthcheck service for fetching an organization's most recent healthchecks.
2024-10-30Go SDK11.16.0This release adds a new healthcheck service for fetching an organization's most recent healthchecks.
2024-10-30Ruby SDK11.16.0This release adds a new healthcheck service for fetching an organization's most recent healthchecks.
2024-10-29Server95.3.0This release enables environment variables that set the HTTP/HTTPS proxy specifically for the StrongDM client. If SDM_HTTPS_PROXY is set, the client sets HTTPS_PROXY for itself. If SDM_HTTP_PROXY is set, the client sets HTTP_PROXY for itself.
2024-10-28Server94.99.0This release fixes an issue where an update to organization IDs caused reports to break.
2024-10-28Server94.94.0This release fixes an issue where changes to a resource's health state (and certain other properties, such as the subdomain of HTTP resources) may not be reflected immediately in the desktop app.
2024-10-28Server94.93.0This release fixes the Admin UI Integrations table to update when an integration is disconnected.
2024-10-28Server94.92.0This release fixes an issue where Log Stream may fail to upload large record sets to encrypted S3 buckets due to a lack of "kms:Decrypt" permission.
2024-10-25Server94.83.0This release updates the credential retrieval modal to close after 30 minutes or when the password expires.
2024-10-17CLI45.35.0This release updates Kubernetes drivers to support version 1.31 so that SSH session recordings are properly supported.
2024-10-17Server94.64.0This release makes all actionable buttons under the Identity Aliases tab within the Account Details page of the Admin UI disabled and hidden while logged in with an Auditor account.
2024-10-14Server94.40.0This release fixes an issue where multi-select on table rows incorrectly updated the selected row count.
2024-10-14Server94.38.0This release fixes layout inconsistencies and a scroll issue with policy logs.
2024-10-14CLI45.31.0This release makes the SSHPassword resource type available.
2024-10-14Java SDK11.15.0This release makes the SSHPassword resource type available.
2024-10-14Terraform11.15.0This release makes the SSHPassword resource type available.
2024-10-14Python SDK11.15.0This release makes the SSHPassword resource type available.
2024-10-14Ruby SDK11.15.0This release makes the SSHPassword resource type available.
2024-10-14Go SDK11.15.0This release makes the SSHPassword resource type available.
2024-10-11Server94.32.0This release fixes a bug where an account grant could be considered revoked by an access request when it expires naturally.
2024-10-08Server94.22.0This release updates resource configuration to prohibit @ and = characters in the names of new resources when they are created.
2024-10-08Server94.18.0This release fixes an issue to allow for correct email rerouting to logs/rdp-replays.
2024-10-07CLI45.22.0This release adds the ImpersonationUser and ImpersonationGroups fields to the sharedkernel.Capture model, allowing it to be auditable via sdm audit k8s and in query logs. These fields are populated when the client performs user and group impersonation in Kubernetes (that is, --as user --as-group group).
2024-10-07Java SDK11.14.0This release adds the ImpersonationUser and ImpersonationGroups fields to the sharedkernel.Capture model, allowing it to be auditable via sdm audit k8s and in query logs. These fields are populated when the client performs user and group impersonation in Kubernetes (that is, --as user --as-group group).
2024-10-07Ruby SDK11.14.0This release adds the ImpersonationUser and ImpersonationGroups fields to the sharedkernel.Capture model, allowing it to be auditable via sdm audit k8s and in query logs. These fields are populated when the client performs user and group impersonation in Kubernetes (that is, --as user --as-group group).
2024-10-07Python SDK11.14.0This release adds the ImpersonationUser and ImpersonationGroups fields to the sharedkernel.Capture model, allowing it to be auditable via sdm audit k8s and in query logs. These fields are populated when the client performs user and group impersonation in Kubernetes (that is, --as user --as-group group).
2024-10-07Go SDK11.14.0This release adds the ImpersonationUser and ImpersonationGroups fields to the sharedkernel.Capture model, allowing it to be auditable via sdm audit k8s and in query logs. These fields are populated when the client performs user and group impersonation in Kubernetes (that is, --as user --as-group group).
2024-10-04CLI45.20.0This release updates the sdm admin users add --csv CLI command help text to include the necessary tags column.
2024-10-04Server94.8.0This release makes the email Identity Set unable to be edited.
2024-10-03Server94.6.0This release fixes a 404 error that could be encountered when connecting the StrongDM app for Slack to a new workspace.
2024-10-03Terraform11.14.1This release updates the Terraform Provider documentation to include the API host.
2024-10-03CLI45.15.0This release enables users to be logged in automatically to Couchbase Web UI resources, so users no longer have to log in with fake credentials.
2024-10-03Server94.0.0This PR adds constants for the API host across different control planes.
2024-10-03Java SDK11.13.0This PR adds constants for the API host across different control planes.
2024-10-03Terraform11.14.0This PR adds constants for the API host across different control planes.
2024-10-03Python SDK11.13.0This PR adds constants for the API host across different control planes.
2024-10-03Go SDK11.13.0This PR adds constants for the API host across different control planes.
2024-10-03Ruby SDK11.13.0This PR adds constants for the API host across different control planes.
2024-10-03Server93.99.0This release fixes an issue where the "Enroll Here" button that appears in the desktop app when the user attempting to log in is not enrolled in Okta MFA was not clickable.
2024-10-02Server93.92.0This release ensures that only nodes that pass healthcheck for a secret store are taken into account when contacting a secret store.
2024-10-01Terraform11.13.1This release fixes an issue that prevented custom timeouts from being respected.
2024-10-01Terraform11.13.0This release adds support for custom timeouts for all operations on all resources in the StrongDM Terraform provider.
2024-10-01Server93.87.0This release fixes an issue where deleting an approval workflow could cause pending requests and access workflows bound to that approval workflow to be unchangeable.
2024-09-30Terraform11.12.1Terraform data sources can now filter by more than one tag. Previously a bug prevented this from working properly.
2024-09-27Server93.74.0This release gives database-admin users read-only access to gateways and relays.
2024-09-27Server93.72.0This release is the one of the few to enable support for email pass through Identity Sets, where all Identity Aliases in the set will be the user's corresponding email address or last name. This release adds Email Identity Alias creation and updates whenever a new account is created or updated. Deletion of Identity Aliases upon account deletion was already supported. The Identity Alias creation and update will only apply to user and service account types. For users, the Identity Alias username is the user's email address. For service accounts, the Identity Alias username is the last name, which is the nickname for the service account.
2024-09-27Server93.69.0This release fixes an issue so that an error page is no longer shown momentarily while the user is logged out of the Admin UI for stale or invalid credentials.
2024-09-26Server93.64.0This release cleared the name form value for the Add Role form on submission.
2024-09-25CLI45.4.0With the release of time in context attributes, users should expect to see policies being reevaluated, approximately once every minute, even after the initial "Allow" for "connect" actions on Postgres resources. If no time attributes are accessed by relevant policies, and no updates are made to the policies, the evaluation should continue to evaluate to "Allow." If the relevant policies make use of the time attributes, however, reevaluating relevant policies may result in "Deny," in which case, the client will sever the connection.
2024-09-25Server93.59.0With the release of time in context attributes, users should expect to see policies being reevaluated, approximately once every minute, even after the initial "Allow" for "connect" actions on Postgres resources. If no time attributes are accessed by relevant policies, and no updates are made to the policies, the evaluation should continue to evaluate to "Allow." If the relevant policies make use of the time attributes, however, reevaluating relevant policies may result in "Deny," in which case, the client will sever the connection.
2024-09-25Server93.58.0This release fixes an issue where SAML users could not finish logging in when the email they entered did not match the capitalization of the email in the system.
2024-09-24Desktop App21.87.0This release adds an alert on the desktop app when another user on the machine is currently running the desktop app. The second user will have to quit the app and wait until the other desktop app instance is closed in order to continue. This release also fixes an issue where clicking the dock icon in macOS showed the desktop app's Resource Center window.
2024-09-23CLI44.97.0This release adds a new context.utcNow.timestamp attribute for context-based policy allowing policies to be written against properties of the time at which authorization is performed. The value of this attribute is the current time (in UTC) as a Cedar datetime value.
2024-09-23Server93.46.0This release adds a new context.utcNow.timestamp attribute for context-based policy allowing policies to be written against properties of the time at which authorization is performed. The value of this attribute is the current time (in UTC) as a Cedar datetime value.
2024-09-19CLI44.95.0This release adds new temporal attributes for context-based policy, allowing policies to be written against properties of the current time (in UTC) when authorization is performed. The new context attributes include context.utcNow.dayOfWeek (a number representing the current day of week from 1-7, which is Sun-Sat), context.utcNow.day (a number representing the current day of the month, such as 31), context.utcNow.month (a number representing the current month from 1-12, which is Jan-Dec), and context.utcNow.year (a number representing the current four digit year, such as 2024).
2024-09-19Server93.33.0This release adds new temporal attributes for context-based policy, allowing policies to be written against properties of the current time (in UTC) when authorization is performed. The new context attributes include context.utcNow.dayOfWeek (a number representing the current day of week from 1-7, which is Sun-Sat), context.utcNow.day (a number representing the current day of the month, such as 31), context.utcNow.month (a number representing the current month from 1-12, which is Jan-Dec), and context.utcNow.year (a number representing the current four digit year, such as 2024).
2024-09-18Server93.15.0This release enables support for email to pass through Identity Sets, so that all Identity Aliases in the Identity Set are the user's corresponding email address. This release also adds the new read-only email Identity Set for new organizations. Existing orgs will be backfilled at a later release.
2024-09-17Server93.5.0This release updates the StrongDM Admin UI with a new navigation menu and updates both the Admin UI and desktop app with a refreshed layout, colors, and styling.
2024-09-16Server92.97.0This release adds a new organization setting, Enforce Single Session. This setting allows organization admins to restrict concurrent sessions for logged in users to a single session for the StrongDM Admin UI and a single session for desktop. With this setting enabled, if a user who is logged in to the Admin UI on one machine (or browser) logs in on another machine (or browser), the first session is revoked and the user is logged out of that session. The second session will still be preserved.
2024-09-16Java SDK11.10.1This release adds a new organization setting, Enforce Single Session. This setting allows organization admins to restrict concurrent sessions for logged in users to a single session for the StrongDM Admin UI and a single session for desktop. With this setting enabled, if a user who is logged in to the Admin UI on one machine (or browser) logs in on another machine (or browser), the first session is revoked and the user is logged out of that session. The second session will still be preserved.
2024-09-16Python SDK11.10.1This release adds a new organization setting, Enforce Single Session. This setting allows organization admins to restrict concurrent sessions for logged in users to a single session for the StrongDM Admin UI and a single session for desktop. With this setting enabled, if a user who is logged in to the Admin UI on one machine (or browser) logs in on another machine (or browser), the first session is revoked and the user is logged out of that session. The second session will still be preserved.
2024-09-16Ruby SDK11.10.1This release adds a new organization setting, Enforce Single Session. This setting allows organization admins to restrict concurrent sessions for logged in users to a single session for the StrongDM Admin UI and a single session for desktop. With this setting enabled, if a user who is logged in to the Admin UI on one machine (or browser) logs in on another machine (or browser), the first session is revoked and the user is logged out of that session. The second session will still be preserved.
2024-09-16Go SDK11.10.1This release adds a new organization setting, Enforce Single Session. This setting allows organization admins to restrict concurrent sessions for logged in users to a single session for the StrongDM Admin UI and a single session for desktop. With this setting enabled, if a user who is logged in to the Admin UI on one machine (or browser) logs in on another machine (or browser), the first session is revoked and the user is logged out of that session. The second session will still be preserved.
2024-09-13CLI44.75.0This release adds support to the Account update API and SDKs for setting the password of a user account. This ability to set a user password is only permitted by new API keys that have been explicitly assigned a new Password Set permission.
2024-09-11Server92.79.0This release adds support to the Account update API and SDKs for setting the password of a user account. This ability to set a user password is only permitted by new API keys that have been explicitly assigned a new Password Set permission.
2024-09-11Java SDK11.10.0This release adds support to the Account update API and SDKs for setting the password of a user account. This ability to set a user password is only permitted by new API keys that have been explicitly assigned a new Password Set permission.
2024-09-11Python SDK11.10.0This release adds support to the Account update API and SDKs for setting the password of a user account. This ability to set a user password is only permitted by new API keys that have been explicitly assigned a new Password Set permission.
2024-09-11Ruby SDK11.10.0This release adds support to the Account update API and SDKs for setting the password of a user account. This ability to set a user password is only permitted by new API keys that have been explicitly assigned a new Password Set permission.
2024-09-11Go SDK11.10.0This release adds support to the Account update API and SDKs for setting the password of a user account. This ability to set a user password is only permitted by new API keys that have been explicitly assigned a new Password Set permission.
2024-09-11CLI44.65.0This release adds support for Couchbase resources. The Couchbase and Couchbase (WebUI) resource types are now generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider.
2024-09-11Terraform11.9.0This release adds support for Couchbase resources. The Couchbase and Couchbase (WebUI) resource types are now generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider.
2024-09-11Server92.75.0This release adds support for Couchbase resources. The Couchbase and Couchbase (WebUI) resource types are now generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider.
2024-09-11Java SDK11.9.0This release adds support for Couchbase resources. The Couchbase and Couchbase (WebUI) resource types are now generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider.
2024-09-11Python SDK11.9.0This release adds support for Couchbase resources. The Couchbase and Couchbase (WebUI) resource types are now generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider.
2024-09-11Go SDK11.9.0This release adds support for Couchbase resources. The Couchbase and Couchbase (WebUI) resource types are now generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider.
2024-09-11Ruby SDK11.9.0This release adds support for Couchbase resources. The Couchbase and Couchbase (WebUI) resource types are now generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider.
2024-09-09CLI44.60.0This release makes two changes have been made to the JSON format of the authorization information that is included in the authz field in query event logs. The "policy" field has been removed in favor of a "policyId" field. The type has also changed from an int to a string, which is the appropriate Cedar JSON format for policy IDs. The keys of the "position" objects have changed to lower case from Pascal case.
2024-09-09Server92.66.0This release makes two changes have been made to the JSON format of the authorization information that is included in the authz field in query event logs. The "policy" field has been removed in favor of a "policyId" field. The type has also changed from an int to a string, which is the appropriate Cedar JSON format for policy IDs. The keys of the "position" objects have changed to lower case from Pascal case.
2024-09-09Server92.65.0This release adds the support_login_user filter for listing activities via the sdm audit activities --filter command.
2024-09-03Server92.46.0This release adds support for selecting LDAP schema by setting the schema query param in the URL. By default it is ad (Active Directory) but can be set to openldap by providing the schema query param (ldaps://127.0.0.1?schema=openldap).
2024-09-03CLI44.55.0This release updates the GCP Secret Manager to store paths relative to secret manager root path (/projects/<project-id>). It also normalizes the names of managed secrets into the secret path by changing '/' characters into double underscore characters.
2024-09-03Server92.43.0This release updates the GCP Secret Manager to store paths relative to secret manager root path (/projects/<project-id>). It also normalizes the names of managed secrets into the secret path by changing '/' characters into double underscore characters.
2024-08-29CLI44.48.0This release fixes a rare memory leak in the gateway that can occur when connections are forwarded through a relay and there are repeated egress connection failures to one or more resources on the relay.
2024-08-28Server92.22.0This release fixes an issue with Slack access requests where duplicate resources made granting access impossible.
2024-08-27CLI44.44.0This release fixes potential interoperability issues between the StrongDM CLI and some third-party vendor firewall and packet filtering applications due to a recent change in Go to enable a experimental post-quantum key exchange mechanism in TLS negotiations by default. This mechanism has been temporarily disabled until such issues are resolved.
2024-08-27Server92.17.0This release fixes potential interoperability issues between the StrongDM CLI and some third-party vendor firewall and packet filtering applications due to a recent change in Go to enable a experimental post-quantum key exchange mechanism in TLS negotiations by default. This mechanism has been temporarily disabled until such issues are resolved.
2024-08-27Desktop App21.83.0This release updates the desktop app with new icons and colors, enhances the user experience around layout and filters, and adds tabs for navigation.
2024-08-26CLI44.42.0This change updates the output of sdm audit access-requests to add requester name, reason, duration, and account grant(s) information to the output.
2024-08-24Server92.9.0This change updates the output of sdm audit access-requests to add requester name, reason, duration, and account grant(s) information to the output.
2024-08-24Java SDK11.8.0This change updates the output of sdm audit access-requests to add requester name, reason, duration, and account grant(s) information to the output.
2024-08-24Ruby SDK11.8.0This change updates the output of sdm audit access-requests to add requester name, reason, duration, and account grant(s) information to the output.
2024-08-24Go SDK11.8.0This change updates the output of sdm audit access-requests to add requester name, reason, duration, and account grant(s) information to the output.
2024-08-24Python SDK11.8.0This change updates the output of sdm audit access-requests to add requester name, reason, duration, and account grant(s) information to the output.
2024-08-23Server92.4.0This release fixes an issue in the Policy Editor where incorrect completion suggestions may be provided based on other content in the policy.
2024-08-22Server92.1.0This change adds a new "PingID (OIDC)" SSO provider.
2024-08-21Server91.98.0This release resolves an issue where some resources were not able to be updated due to a unique validation on a field that was not required or visible to the user.
2024-08-20Server91.96.0Policy-based action control for PostgreSQL databases is now supported for Aurora PostgreSQL, Cockroach, GreenPlum, and RDS PostgreSQL IAM resources.
2024-08-14Server91.73.0This release adds a few activity verbs involving workflows to SDKs for completeness. These verbs are no longer used currently, but in audit trails, can still be requested. The verbs in question: ActivityVerbDeprecatedWorkflowResourceAssigned, ActivityVerbDeprecatedWorkflowResourceUnassigned, ActivityVerbDeprecatedWorkflowResourceMultipleAssigned, ActivityVerbDeprecatedWorkflowResourceMultipleUnassigned, ActivityVerbDeprecatedWorkflowApproversUpdated, ActivityVerbDeprecatedWorkflowAutoGrantUpdated, ActivityVerbDeprecatedWorkflowApprovalCriteriaUpdated
2024-08-14Terraform11.7.0This release adds a few activity verbs involving workflows to SDKs for completeness. These verbs are no longer used currently, but in audit trails, can still be requested. The verbs in question: ActivityVerbDeprecatedWorkflowResourceAssigned, ActivityVerbDeprecatedWorkflowResourceUnassigned, ActivityVerbDeprecatedWorkflowResourceMultipleAssigned, ActivityVerbDeprecatedWorkflowResourceMultipleUnassigned, ActivityVerbDeprecatedWorkflowApproversUpdated, ActivityVerbDeprecatedWorkflowAutoGrantUpdated, ActivityVerbDeprecatedWorkflowApprovalCriteriaUpdated
2024-08-14Java SDK11.7.0This release adds a few activity verbs involving workflows to SDKs for completeness. These verbs are no longer used currently, but in audit trails, can still be requested. The verbs in question: ActivityVerbDeprecatedWorkflowResourceAssigned, ActivityVerbDeprecatedWorkflowResourceUnassigned, ActivityVerbDeprecatedWorkflowResourceMultipleAssigned, ActivityVerbDeprecatedWorkflowResourceMultipleUnassigned, ActivityVerbDeprecatedWorkflowApproversUpdated, ActivityVerbDeprecatedWorkflowAutoGrantUpdated, ActivityVerbDeprecatedWorkflowApprovalCriteriaUpdated
2024-08-14Python SDK11.7.0This release adds a few activity verbs involving workflows to SDKs for completeness. These verbs are no longer used currently, but in audit trails, can still be requested. The verbs in question: ActivityVerbDeprecatedWorkflowResourceAssigned, ActivityVerbDeprecatedWorkflowResourceUnassigned, ActivityVerbDeprecatedWorkflowResourceMultipleAssigned, ActivityVerbDeprecatedWorkflowResourceMultipleUnassigned, ActivityVerbDeprecatedWorkflowApproversUpdated, ActivityVerbDeprecatedWorkflowAutoGrantUpdated, ActivityVerbDeprecatedWorkflowApprovalCriteriaUpdated
2024-08-14Go SDK11.7.0This release adds a few activity verbs involving workflows to SDKs for completeness. These verbs are no longer used currently, but in audit trails, can still be requested. The verbs in question: ActivityVerbDeprecatedWorkflowResourceAssigned, ActivityVerbDeprecatedWorkflowResourceUnassigned, ActivityVerbDeprecatedWorkflowResourceMultipleAssigned, ActivityVerbDeprecatedWorkflowResourceMultipleUnassigned, ActivityVerbDeprecatedWorkflowApproversUpdated, ActivityVerbDeprecatedWorkflowAutoGrantUpdated, ActivityVerbDeprecatedWorkflowApprovalCriteriaUpdated
2024-08-14Ruby SDK11.7.0This release adds a few activity verbs involving workflows to SDKs for completeness. These verbs are no longer used currently, but in audit trails, can still be requested. The verbs in question: ActivityVerbDeprecatedWorkflowResourceAssigned, ActivityVerbDeprecatedWorkflowResourceUnassigned, ActivityVerbDeprecatedWorkflowResourceMultipleAssigned, ActivityVerbDeprecatedWorkflowResourceMultipleUnassigned, ActivityVerbDeprecatedWorkflowApproversUpdated, ActivityVerbDeprecatedWorkflowAutoGrantUpdated, ActivityVerbDeprecatedWorkflowApprovalCriteriaUpdated
2024-08-13Java SDK11.6.1This release updates javadocs for the Java SDK.
2024-08-08Server91.50.0This release causes dead relays or gateways that are pruned (30 days old without a heartbeat) to also emit an activity log.
2024-08-07Server91.48.0This release adds policy fields AuthzJSON and Target to the queries API.
2024-08-07Python SDK11.5.1This release adds policy fields AuthzJSON and Target to the queries API.
2024-08-07Ruby SDK11.5.1This release adds policy fields AuthzJSON and Target to the queries API.
2024-08-07Go SDK11.5.1This release adds policy fields AuthzJSON and Target to the queries API.
2024-08-06CLI44.28.0This release adds the --permissions-help flag to the admin tokens add command to show all available permissions and their descriptions. sdm admin tokens add --permissions-help will list all of the allowed permissions.
2024-08-06Server91.45.0This release adds the --permissions-help flag to the admin tokens add command to show all available permissions and their descriptions. sdm admin tokens add --permissions-help will list all of the allowed permissions.
2024-08-06CLI44.27.0This release deprecates the KubernetesBasicAuth and AKSBasicAuth resource types.
2024-08-06Server91.44.0This release deprecates the KubernetesBasicAuth and AKSBasicAuth resource types.
2024-08-06Terraform11.4.0This release deprecates the KubernetesBasicAuth and AKSBasicAuth resource types.
2024-08-06Python SDK11.4.0This release deprecates the KubernetesBasicAuth and AKSBasicAuth resource types.
2024-08-06Ruby SDK11.4.0This release deprecates the KubernetesBasicAuth and AKSBasicAuth resource types.
2024-08-06Go SDK11.4.0This release deprecates the KubernetesBasicAuth and AKSBasicAuth resource types.
2024-08-05CLI44.25.0This release adds sdm audit policies command to the CLI to list policies existing at a given timestamp.
2024-08-02CLI44.23.0This release adds sdm admin policies commands to the CLI to manage policies. It provides create, update, delete and list operations for policies.
2024-08-01Server91.29.0This release resolves a bug introduced in 91.24.0 where users, when unauthenticated via a session timeout, could enter an error page without the ability to log out.
2024-08-01Server91.28.0This adds support for the Policies API.
2024-08-01Java SDK11.3.0This adds support for the Policies API.
2024-08-01Python SDK11.3.0This adds support for the Policies API.
2024-08-01Go SDK11.3.0This adds support for the Policies API.
2024-08-01Ruby SDK11.3.0This adds support for the Policies API.
2024-08-01Server91.26.0This release updates the CrowdStrike integration to use the full set of network interfaces collected from the CrowdStrike API to detect the device agent corresponding to a given StrongDM client. Previously, devices with multiple network interfaces could potentially have been unable to identify a device trust score.
2024-07-29Server90.98.0Policy-Based Action Control (PBAC) is now generally available to all Enterprise customers. Fine-grained authorization is now performed against all PostgreSQL database actions and the Policy Editor in the Admin UI has been enhanced to support creating policies to authorize these actions.
2024-07-29CLI44.4.0This release adds support for the VAULT_TOKEN_RENEW_BEHAVIOR environment variable. Supported values are STOP_ON_ERROR, which, if the token renewal fails it will stop renewal process, and login will be attempted on the next healthcheck attempt; and DISABLED, which will disable token renewal, and login will happen again after the current token is expired.
2024-07-26Server90.88.0This change updates the format of some metadata in various emails sent from the StrongDM control plane.
2024-07-25Desktop App21.80.0This release updates the desktop app to show the following menu items when the dock icon (on macOS) or the tray icon (for Windows) is right-clicked: Open app.strongdm.com, which opens the Admin UI in the web browser; and Connect All, which connects to all assigned resources and is only visible when authenticated. In addition, this release fixes the main desktop app menu options in macOS to be About StrongDM and Quit StrongDM instead of About desktop and Quit desktop. The main desktop app menu also adds the Log Out option when authenticated and Log In when unauthenticated.
2024-07-23Server90.71.0This release ensures there will be no more friction for updating resources if your resource has Strong Vault as its default secret store and you have disallowed credentials to be stored with StrongDM.
2024-07-23CLI43.94.0This release fixes a bug in the sdm audit permissions CLI command where a filter specified by the --filter parameter was being ignored, causing results not to be filtered.
2024-07-23Server90.69.0This release fixes a bug with explicit routing enabled in strict or exclusive enforcement mode, where relays may be incorrectly reported as "isolated" in the Admin UI.
2024-07-23Server90.61.0This release fixes a connection error for Mongo legacy resource types when used with older gateways, reverting to continue using an old behavior mode.
2024-07-22Server90.56.0This change fixes a presentation bug that caused shrunken dashboards in the Reports Library.
2024-07-22CLI43.91.0This release resolves an incompatibility using the RDS PostgreSQL (IAM) resource type with policies, introduced in version 43.84.0.
2024-07-19Server90.53.0When creating a website resource, the subdomain field will provide an error about max length when longer than 256 characters.
2024-07-19CLI43.88.0This change augments sdm doctor -v and the desktop app's diagnostic output to include short descriptions of some common problems (for example, inability to reach gateways or api.strongdm.com).
2024-07-19Server90.47.0This release adds an example to the Log Stream page of the Admin UI, indicating how to set up CMK usage.
2024-07-18Server90.41.0This release adjusts StrongDM's syncing logic with CrowdStrike to prevent delays in updates to retrieved device trust scores when invalid API tokens are provided to StrongDM.
2024-07-18Server90.40.0This release fixes an issue where an idle timeout duration greater than 24 days caused users to log out immediately.
2024-07-17Java SDK11.1.0This release updates which Mongo drivers are unstable per their legacy naming.
2024-07-17Terraform11.1.0This release updates which Mongo drivers are unstable per their legacy naming.
2024-07-17Python SDK11.1.0This release updates which Mongo drivers are unstable per their legacy naming.
2024-07-17Ruby SDK11.1.0This release updates which Mongo drivers are unstable per their legacy naming.
2024-07-17Go SDK11.1.0This release updates which Mongo drivers are unstable per their legacy naming.
2024-07-16Server90.32.0This release addresses the following third party CVEs: CVE-2024-36138,CVE-2024-22020,CVE-2024-22018,CVE-2024-36137,CVE-2024-37372
2024-07-16Server90.30.0This change adds support for ALTER EXTENSION statements as parsed SQL actions
2024-07-15CLI43.73.0Fix filters help responses for approval workflows commands
2024-07-12Server90.19.0This release adds the egressNodeID field to log stream query outputs, reflecting the final node which processed a query and sent it directly to a resource.
2024-07-12Server90.17.0This release adds Okta Verify as a supported MFA provider.
2024-07-11CLI43.69.0This release removes the outdated flags --connect-to-replica and --replica-set from the sdm admin resources create mongo command.
2024-07-11Terraform11.0.0This release removes some deprecated fields from Mongo resource types.
2024-07-11Java SDK11.0.0This release removes some deprecated fields from Mongo resource types.
2024-07-11Python SDK11.0.0This release removes some deprecated fields from Mongo resource types.
2024-07-11Go SDK11.0.0This release removes some deprecated fields from Mongo resource types.
2024-07-11Ruby SDK11.0.0This release removes some deprecated fields from Mongo resource types.
2024-07-10Server90.7.0This release addresses the following third party CVEs: CVE-2024-6104, CVE-2024-6257 This release addresses the following third party CVEs: CVE-1984-12345,CVE-1984-12346
2024-07-10CLI43.65.0Add loopback range to the organization history API
2024-07-10Java SDK9.7.0Add loopback range to the organization history API
2024-07-10Python SDK9.7.0Add loopback range to the organization history API
2024-07-10Ruby SDK9.7.0Add loopback range to the organization history API
2024-07-10Go SDK9.7.0Add loopback range to the organization history API
2024-07-10CLI43.63.0Many CLI commands currently do not have validation against incorrect number of arguments being provided. This release adds those validations.
2024-07-09Server89.99.0In the event an access request has more than one resource associated with it, typically through an approval workflow associated with a policy, all resources will now be listed in the access request details.
2024-07-08Server89.92.0Fixed issue in the Admin UI where resources could not be created if there are no identity sets
2024-07-05CLI43.58.0On Linux, "sdm install" has a new -nostart flag that can be used when users want to complete the installation without actually starting the service.
2024-07-03Terraform10.5.0This change adds a resource type for SSH password authentication.
2024-07-03Java SDK9.6.0This change adds a resource type for SSH password authentication.
2024-07-03Ruby SDK9.6.0This change adds a resource type for SSH password authentication.
2024-07-03Python SDK9.6.0This change adds a resource type for SSH password authentication.
2024-07-03Go SDK9.6.0This change adds a resource type for SSH password authentication.
2024-07-02Server89.81.0This release allows the Port Override field to be set when creating or updating a cloud resource, as with other resources. Previously this field was only visible and editable for cloud resources through the CLI or SDKs.
2024-07-01CLI43.53.0This release removes the "alterUser" SQL action, treating such calls as aliases for ALTER ROLE.
2024-07-01Server89.74.0This release removes the "alterUser" SQL action, treating such calls as aliases for ALTER ROLE.
2024-07-01Desktop App21.76.0This release updates colors within the desktop app.
2024-06-27Desktop App21.74.0This release updates the desktop app so that when clicking the taskbar icon, the Resource Center window opens or is in focus instead of the Account menu opening. This change also puts the Account menu within the header of the Resource Center window.
2024-06-27Server89.59.0This release fixes a duplicate footer and image for TOTP MFA enrollment success.
2024-06-26Server89.54.0This fixes an issue for DBAs that caused the resource page not to load.
2024-06-26CLI43.31.0This changes the Microsoft Defender Device Trust checks to be evaluated against the required trust level "as expected" (fixing a previously present in the code bug).
2024-06-26Server89.52.0This changes the Microsoft Defender Device Trust checks to be evaluated against the required trust level "as expected" (fixing a previously present in the code bug).
2024-06-25Server89.45.0This release resolves an issue where the navigation layout sometimes flickered before the login screen. It also resolves an issue with idle timeouts not correctly logging users out, and an issue with Parent-Child organization logins via the Admin UI.
2024-06-24CLI43.15.0This release changes connection behavior to proactively close idle connections when proxying HTTP requests in order to reduce the memory profile of high volume HTTP requests for both nodes and clients.
2024-06-21CLI43.4.0This release addresses the following third party CVEs: CVE-2024-35255
2024-06-21Server89.22.0This release addresses the following third party CVEs: CVE-2023-49559
2024-06-18Java SDK9.4.0This release adds the ability to configure the following cluster type resources for discovery to the CLI, SDKs and the SDM Terraform Provider: Kubernetes, KubernetesServiceAccount, AKS, AKSServiceAccount, AmazonEKS, AmazonEKSInstanceProfile, GoogleGKE. The feature is not yet Generally Available and may not be available to your organization yet.
2024-06-18Server89.10.0This release adds more informational links to the MFA settings section in the Admin UI, including separate links for Duo, Okta, and TOTP setup.
2024-06-18Server89.5.0This release updates the text on the Microsoft Defender option for Device Trust in the Admin UI.
2024-06-18CLI42.97.0This release renames the CLI's admin relays tree to admin nodes with accompanying help text updates. Node is the more generic term that encompasses both gateways and relays. An alias for relays remains to prevent breakage in existing scripts. Similarly, the CLI's audit relays command has been renamed to audit nodes with accompanying help text updates. An alias for relays remains to prevent breakage in existing scripts.
2024-06-18CLI42.96.0This release adds support for Mongo 7 and Mongo 8 (tested with RC8).
2024-06-18CLI42.95.0This change adds support to parse ALTER DEFAULT PRIVILEGES statements as actions for Postgres resources.
2024-06-18Server89.4.0This change adds support to parse ALTER DEFAULT PRIVILEGES statements as actions for Postgres resources.
2024-06-17CLI42.93.0This release adds the ability to configure the following cluster type resources for discovery to the CLI, SDKs and the SDM Terraform Provider: Kubernetes, KubernetesServiceAccount, AKS, AKSServiceAccount, AmazonEKS, AmazonEKSInstanceProfile, GoogleGKE. The feature is not yet Generally Available and may not be available to your organization yet.
2024-06-17Server89.3.0This release adds the ability to configure the following cluster type resources for discovery to the CLI, SDKs and the SDM Terraform Provider: Kubernetes, KubernetesServiceAccount, AKS, AKSServiceAccount, AmazonEKS, AmazonEKSInstanceProfile, GoogleGKE. The feature is not yet Generally Available and may not be available to your organization yet.
2024-06-17Terraform10.4.0This release adds the ability to configure the following cluster type resources for discovery to the CLI, SDKs and the SDM Terraform Provider: Kubernetes, KubernetesServiceAccount, AKS, AKSServiceAccount, AmazonEKS, AmazonEKSInstanceProfile, GoogleGKE. The feature is not yet Generally Available and may not be available to your organization yet.
2024-06-17Go SDK9.4.0This release adds the ability to configure the following cluster type resources for discovery to the CLI, SDKs and the SDM Terraform Provider: Kubernetes, KubernetesServiceAccount, AKS, AKSServiceAccount, AmazonEKS, AmazonEKSInstanceProfile, GoogleGKE. The feature is not yet Generally Available and may not be available to your organization yet.
2024-06-17Python SDK9.4.0This release adds the ability to configure the following cluster type resources for discovery to the CLI, SDKs and the SDM Terraform Provider: Kubernetes, KubernetesServiceAccount, AKS, AKSServiceAccount, AmazonEKS, AmazonEKSInstanceProfile, GoogleGKE. The feature is not yet Generally Available and may not be available to your organization yet.
2024-06-17Ruby SDK9.4.0This release adds the ability to configure the following cluster type resources for discovery to the CLI, SDKs and the SDM Terraform Provider: Kubernetes, KubernetesServiceAccount, AKS, AKSServiceAccount, AmazonEKS, AmazonEKSInstanceProfile, GoogleGKE. The feature is not yet Generally Available and may not be available to your organization yet.
2024-06-17Terraform10.3.0This release changes the Remote Identity references to Identity Alias in the header and JSON keys for sdm audit queries, and for Log Sync.
2024-06-17CLI42.92.0This release changes the Remote Identity references to Identity Alias in the header and JSON keys for sdm audit queries, and for Log Sync.
2024-06-17Server89.1.0This release changes the Remote Identity references to Identity Alias in the header and JSON keys for sdm audit queries, and for Log Sync.
2024-06-17Python SDK9.3.0This release changes the Remote Identity references to Identity Alias in the header and JSON keys for sdm audit queries, and for Log Sync.
2024-06-17Ruby SDK9.3.0This release changes the Remote Identity references to Identity Alias in the header and JSON keys for sdm audit queries, and for Log Sync.
2024-06-17Go SDK9.3.0This release changes the Remote Identity references to Identity Alias in the header and JSON keys for sdm audit queries, and for Log Sync.
2024-06-17CLI42.90.0This release renames the Remote Identity activities to Identity Alias and Identity Sets. This release also renames the Remote Identities header to Identity Aliases for sdm audit users and sdm audit queries.
2024-06-17CLI42.91.0This release updates some CLI commands to now show the correct default value (instead of 0) for the --page-limit option.
2024-06-17Server89.0.0This release renames the Remote Identity activities to Identity Alias and Identity Sets. This release also renames the Remote Identities header to Identity Aliases for sdm audit users and sdm audit queries.
2024-06-17Terraform10.2.0This release renames the Remote Identity activities to Identity Alias and Identity Sets. This release also renames the Remote Identities header to Identity Aliases for sdm audit users and sdm audit queries.
2024-06-17Python SDK9.2.0This release renames the Remote Identity activities to Identity Alias and Identity Sets. This release also renames the Remote Identities header to Identity Aliases for sdm audit users and sdm audit queries.
2024-06-17Ruby SDK9.2.0This release renames the Remote Identity activities to Identity Alias and Identity Sets. This release also renames the Remote Identities header to Identity Aliases for sdm audit users and sdm audit queries.
2024-06-17Go SDK9.2.0This release renames the Remote Identity activities to Identity Alias and Identity Sets. This release also renames the Remote Identities header to Identity Aliases for sdm audit users and sdm audit queries.
2024-06-14CLI42.81.0This change causes nodes to restart if they detect they have lost their authentication state, so they can either restore it or sever themselves from the network and cut idle traffic if they cannot (because they were remotely deleted, for example).
2024-06-14Server88.91.0This release implements a default behavior to forbid self-approvals in the workflow settings. Existing configurations will be unaffected.
2024-06-13Server88.85.0This change resolves a bug where deleted nodes would not be notified of their deletion, causing them to continue to fruitlessly send requests to a StrongDM control plane until they were manually cut off.
2024-06-12Server88.72.0This release allows Resources to be filtered by identityEnabled and identitySetID "identityEnabled" has a Boolean value and indicates if a resource is configured to use an Identity Alias on connection. "identitySetID" has a string value, and is the specific Identity Set that the resource is configured to use. Filtering by remoteIdentityEnabled is still supported but is deprecated.
2024-06-11CLI42.69.0This change reveals the sdm admin network subtree for working with peering groups.
2024-06-11CLI42.66.0This PR adds support for special JSON functions and the IS JSON clause to the SQL actions parser.
2024-06-11Server88.68.0This PR adds support for special JSON functions and the IS JSON clause to the SQL actions parser.
2024-06-11CLI42.61.0This changeset supports DROP DATABASE, DROP CAST, DROP TRANSFORM, and DROP OPERATOR CLASS in the PostgreSQL action parser.
2024-06-11Server88.64.0This changeset supports DROP DATABASE, DROP CAST, DROP TRANSFORM, and DROP OPERATOR CLASS in the PostgreSQL action parser.
2024-06-11CLI42.59.0This changeset adds action parsing support for SQL MERGE statements.
2024-06-11Server88.63.0This changeset adds action parsing support for SQL MERGE statements.
2024-06-11CLI42.58.0This change adds support for UESCAPE clauses in PostgreSQL query parsing.
2024-06-11Server88.62.0This change adds support for UESCAPE clauses in PostgreSQL query parsing.
2024-06-10CLI42.57.0This PR augments SQL parsing to correctly handle cases around type copying in function creation and some forms of type casting.
2024-06-10Server88.57.0This PR augments SQL parsing to correctly handle cases around type copying in function creation and some forms of type casting.
2024-06-10CLI42.54.0This release augments the Postgres policy action parser to understand more edge cases of the Postgres grammar.
2024-06-10Server88.46.0This release adds Microsoft Defender as a supported Device Trust provider.
2024-06-06Server88.24.0This release fixes a bug preventing configured Okta MFA settings from appearing in the Admin UI.
2024-06-06Server88.23.0This release updates the error message received when a user is not enrolled in Okta MFA, for clarity.
2024-06-05Server88.22.0This release changes the behavior of the 'default' Identity Set. New organizations will no longer have a 'default' Identity Set automatically created. 'default' Identity Sets will also be able to be deleted.
2024-06-03Server88.4.0SCIM requests can now include a list of identity aliases to be assigned to a user.
2024-06-03Server88.3.0This change deprecates some older forms of creating healthchecks. Specifically, when gateways come online after being offline for over 60 seconds, they would formerly enqueue a healthcheck for every resource at that time; this has been removed. In addition, legacy clients used a less efficient mechanism for healthchecking resources on sdm connect; this has been removed. All CLI versions released within the last year, or greater than 38.13.0, will see no change in behavior here. Newer clients will (still) efficiently healthcheck resources on sdm connect, for any unhealthy resource, and this in combination with manual checks, checks on resource updates, and periodic automatic checks will keep gaps from causing access problems. Switching to explicit routing is also recommended for users with large, complicated networks.
2024-05-29CLI42.34.0This release adds the Identity Set Create, Update, and Delete commands to the CLI and SDKs. It also changes sdm admin identities create to take in a required identity-set-id or identity-set-name, instead of creating all Identity Aliases with the default Identity Set.
2024-05-29Server87.78.0This release adds the Identity Set Create, Update, and Delete commands to the CLI and SDKs. It also changes sdm admin identities create to take in a required identity-set-id or identity-set-name, instead of creating all Identity Aliases with the default Identity Set.
2024-05-29Java SDK9.1.0This release adds the Identity Set Create, Update, and Delete commands to the CLI and SDKs. It also changes sdm admin identities create to take in a required identity-set-id or identity-set-name, instead of creating all Identity Aliases with the default Identity Set.
2024-05-29Terraform10.1.0This release adds the Identity Set Create, Update, and Delete commands to the CLI and SDKs. It also changes sdm admin identities create to take in a required identity-set-id or identity-set-name, instead of creating all Identity Aliases with the default Identity Set.
2024-05-29Python SDK9.1.0This release adds the Identity Set Create, Update, and Delete commands to the CLI and SDKs. It also changes sdm admin identities create to take in a required identity-set-id or identity-set-name, instead of creating all Identity Aliases with the default Identity Set.
2024-05-29Go SDK9.1.0This release adds the Identity Set Create, Update, and Delete commands to the CLI and SDKs. It also changes sdm admin identities create to take in a required identity-set-id or identity-set-name, instead of creating all Identity Aliases with the default Identity Set.
2024-05-29Ruby SDK9.1.0This release adds the Identity Set Create, Update, and Delete commands to the CLI and SDKs. It also changes sdm admin identities create to take in a required identity-set-id or identity-set-name, instead of creating all Identity Aliases with the default Identity Set.
2024-05-29Server87.74.0This release addresses a race condition in native login that could cause the user to be redirected to the login page when they should not be.
2024-05-22CLI42.26.0This release renames sdm admin remote-identities to sdm admin identities, the sdm admin remote-identities tree is deprecated. Similarly for SDKs, the old Remote Identity and Remote Identity Group surfaces have been deprecated and renamed to Identity Alias and Identity Set. For Drivers, the RemoteIdentityHealthcheckUsername and RemoteIdentityGroupId have been renamed to IdentityAliasHealthcheckUsername and IdentitySetId. When creating resources using the CLI, the user would need to use identityAliasHealthcheckUsername and identitySetId, instead of remoteIdentityHealthcheckUsername and remoteIdentityGroupId as the JSON keys.
2024-05-22Server87.53.0This release renames sdm admin remote-identities to sdm admin identities, the sdm admin remote-identities tree is deprecated. Similarly for SDKs, the old Remote Identity and Remote Identity Group surfaces have been deprecated and renamed to Identity Alias and Identity Set. For Drivers, the RemoteIdentityHealthcheckUsername and RemoteIdentityGroupId have been renamed to IdentityAliasHealthcheckUsername and IdentitySetId. When creating resources using the CLI, the user would need to use identityAliasHealthcheckUsername and identitySetId, instead of remoteIdentityHealthcheckUsername and remoteIdentityGroupId as the JSON keys.
2024-05-22Java SDK9.0.0This release renames sdm admin remote-identities to sdm admin identities, the sdm admin remote-identities tree is deprecated. Similarly for SDKs, the old Remote Identity and Remote Identity Group surfaces have been deprecated and renamed to Identity Alias and Identity Set. For Drivers, the RemoteIdentityHealthcheckUsername and RemoteIdentityGroupId have been renamed to IdentityAliasHealthcheckUsername and IdentitySetId. When creating resources using the CLI, the user would need to use identityAliasHealthcheckUsername and identitySetId, instead of remoteIdentityHealthcheckUsername and remoteIdentityGroupId as the JSON keys.
2024-05-22Terraform10.0.0This release renames sdm admin remote-identities to sdm admin identities, the sdm admin remote-identities tree is deprecated. Similarly for SDKs, the old Remote Identity and Remote Identity Group surfaces have been deprecated and renamed to Identity Alias and Identity Set. For Drivers, the RemoteIdentityHealthcheckUsername and RemoteIdentityGroupId have been renamed to IdentityAliasHealthcheckUsername and IdentitySetId. When creating resources using the CLI, the user would need to use identityAliasHealthcheckUsername and identitySetId, instead of remoteIdentityHealthcheckUsername and remoteIdentityGroupId as the JSON keys.
2024-05-22Python SDK9.0.0This release renames sdm admin remote-identities to sdm admin identities, the sdm admin remote-identities tree is deprecated. Similarly for SDKs, the old Remote Identity and Remote Identity Group surfaces have been deprecated and renamed to Identity Alias and Identity Set. For Drivers, the RemoteIdentityHealthcheckUsername and RemoteIdentityGroupId have been renamed to IdentityAliasHealthcheckUsername and IdentitySetId. When creating resources using the CLI, the user would need to use identityAliasHealthcheckUsername and identitySetId, instead of remoteIdentityHealthcheckUsername and remoteIdentityGroupId as the JSON keys.
2024-05-22Ruby SDK9.0.0This release renames sdm admin remote-identities to sdm admin identities, the sdm admin remote-identities tree is deprecated. Similarly for SDKs, the old Remote Identity and Remote Identity Group surfaces have been deprecated and renamed to Identity Alias and Identity Set. For Drivers, the RemoteIdentityHealthcheckUsername and RemoteIdentityGroupId have been renamed to IdentityAliasHealthcheckUsername and IdentitySetId. When creating resources using the CLI, the user would need to use identityAliasHealthcheckUsername and identitySetId, instead of remoteIdentityHealthcheckUsername and remoteIdentityGroupId as the JSON keys.
2024-05-22Go SDK9.0.0This release renames sdm admin remote-identities to sdm admin identities, the sdm admin remote-identities tree is deprecated. Similarly for SDKs, the old Remote Identity and Remote Identity Group surfaces have been deprecated and renamed to Identity Alias and Identity Set. For Drivers, the RemoteIdentityHealthcheckUsername and RemoteIdentityGroupId have been renamed to IdentityAliasHealthcheckUsername and IdentitySetId. When creating resources using the CLI, the user would need to use identityAliasHealthcheckUsername and identitySetId, instead of remoteIdentityHealthcheckUsername and remoteIdentityGroupId as the JSON keys.
2024-05-20Java SDK8.4.0Added support for Hashicorp Vault AWS IAM and EC2 authentication methods for use as a secret store.
2024-05-20Python SDK8.4.0Added support for Hashicorp Vault AWS IAM and EC2 authentication methods for use as a secret store.
2024-05-20Go SDK8.4.0Added support for Hashicorp Vault AWS IAM and EC2 authentication methods for use as a secret store.
2024-05-20Ruby SDK8.4.0Added support for Hashicorp Vault AWS IAM and EC2 authentication methods for use as a secret store.
2024-05-20Desktop App21.71.0Added support for Hashicorp Vault AWS IAM and EC2 authentication methods for use as a secret store.
2024-05-20CLI42.25.0Added support for Hashicorp Vault AWS IAM and EC2 authentication methods for use as a secret store.
2024-05-20Server87.49.0Added support for Hashicorp Vault AWS IAM and EC2 authentication methods for use as a secret store.
2024-05-17Server87.44.0This release updates the display and visibility of the Log Stream Admin UI component based on payment tier.
2024-05-16Server87.32.0When using the Context-Based Policy feature, the default "Global Access" policy shown in the Policy Library in the Admin UI can now be modified or deleted. Modifying or deleting this policy may prevent users with pre-assigned role or temporary account grants from accessing resources, as access to resources must be permitted by both grants and by policy. In addition, when using the Context-Based Policy feature, the policy editor in the Admin UI can now be used to create permit policies without specifying a location, device trust, or user requirements. Such policies can be used to permit access to resources in conjunction with existing role and account grants.
2024-05-16Server87.30.0This release fixes an issue where queries logged for context-based policy were not populating the source and client IP address fields in the query. The source and client IP address information was still present in the authorization data included with the logged query.
2024-05-15Server87.25.0This release fixes a bug where SCIM token rotation would not present a new token to copy.
2024-05-13Server87.13.0This release fixes a bug related to opening app.strongdm.com from the desktop app and fixes a bug related to SSO logins.
2024-05-13CLI42.9.0sdm install now supports the --domain flag, which allows you to instruct the client or relay to connect to a StrongDM control plane other than strongdm.com. For example, customers using GovCloud should connect to strongdm-gov.com.
2024-05-13Server87.8.0This release adds the ability to reference Identity Aliases and Identity Sets in the context of policies. It also adds Identity Set as an entity (that is, StrongDM::IdentitySet). Example usage: &#xA;@justify(&#34;Please provide justification&#34;)&#xA;permit (&#xA; principal,&#xA; action in [StrongDM::Action::&#34;dial&#34;],&#xA; resource == StrongDM::Resource::&#34;rs-25599cd76579dac5&#34;&#xA;) when {&#xA; context.identityAlias.username == &#34;ssh_superuser&#34; &amp;&amp; &#xA; context.identitySet == StrongDM::IdentitySet::&#34;is-111111111111&#34;&#xA;};&#xA;
2024-05-09Server86.98.0Added support for a new certificate authority integration: Keyfactor EJBCA SSH CA
2024-05-09Java SDK8.3.0Added support for a new certificate authority integration: Keyfactor EJBCA SSH CA
2024-05-09Terraform9.3.0Added support for a new certificate authority integration: Keyfactor EJBCA SSH CA
2024-05-09Ruby SDK8.3.0Added support for a new certificate authority integration: Keyfactor EJBCA SSH CA
2024-05-09Python SDK8.3.0Added support for a new certificate authority integration: Keyfactor EJBCA SSH CA
2024-05-09Go SDK8.3.0Added support for a new certificate authority integration: Keyfactor EJBCA SSH CA
2024-05-09CLI42.4.0This release addresses the following third party CVEs: CVE-2024-28180
2024-05-09Server86.97.0This release addresses the following third party CVEs: CVE-2024-28180
2024-05-08Server86.91.0This release resolves a bug where timed out Admin UI sessions would not redirect users back to the login screen.
2024-05-08CLI41.98.0This release removes the client key password environment variable field for configuration of Keyfactor RDP CAs.
2024-05-08Server86.86.0This release removes the client key password environment variable field for configuration of Keyfactor RDP CAs.
2024-05-06Server86.79.0This release adds a page in the Admin UI that informs users that they are logging out prior to showing the login screen.
2024-05-06Server86.76.0This release addresses the following third party CVEs: CVE-2024-33883
2024-05-06CLI41.94.0This release changes the Request Access form in the integration for Slack so that the duration component now allows times that are less than 1 hour.
2024-05-06Server86.75.0This release changes the Request Access form in the integration for Slack so that the duration component now allows times that are less than 1 hour.
2024-05-02Server86.64.0This release fixes a bug in the rendering of the query panel for policy logs, where it would take some time to fill the screen on large displays.
2024-05-02Server86.62.0Fixes a bug in integration with Slack where non-approvers could mark channel-based request as approved, which would result in no actual access to the resource since they are not approvers.
2024-04-30Server86.55.0This release fixes a bug in the rendering of routes via sdm admin network topology.
2024-04-30CLI41.82.0The FIPS-compliant variant of our linux CLI binary is now compatible with glibc versions as old as 2.27. This does not affect normal, non-FIPS-compliant linux binaries.
2024-04-30Server86.48.0The Download & Install page on the Admin UI now directs Docker users to public.ecr.aws/strongdm instead of quay.io/sdmrepo. quay.io will continue to be supported.
2024-04-25Java SDK8.1.0This release adds support for the Keyfactor EJBCA Certificate authority type.
2024-04-25Terraform9.1.0This release adds support for the Keyfactor EJBCA Certificate authority type.
2024-04-25Python SDK8.1.0This release adds support for the Keyfactor EJBCA Certificate authority type.
2024-04-25Go SDK8.1.0This release adds support for the Keyfactor EJBCA Certificate authority type.
2024-04-25Ruby SDK8.1.0This release adds support for the Keyfactor EJBCA Certificate authority type.
2024-04-23CLI41.70.0This release addresses the following third party CVEs: CVE-2023-45288
2024-04-23Server86.25.0This release addresses the following third party CVEs: CVE-2023-45288
2024-04-23Server86.23.0This release adds the Remote Identity group ID (i.e. ig-123) field to the resource filters.
2024-04-23CLI41.67.0This release adds support for a new third party certificate authority: Keyfactor for RDP.
2024-04-23Server86.22.0This release adds support for a new third party certificate authority: Keyfactor for RDP.
2024-04-23Desktop App21.69.0This release updates the installers to provide better support for managed installations where the SDM user may be a standard user, not an administrator. To allow auto-updates to work without requiring an administrator, the SDM application is now installed by default into the user's program directory ($HOME/Applications on macOS and $PROFILE/AppData/Local/Programs on Windows). The Windows and macOS installers both provide a way for an administrator to install the application on behalf of a standard user and both install the latest StrongDM Virtual Network Adapter when the installation is performed with administrator privileges.
2024-04-22CLI41.64.0This release enhances proxied HTTP requests for website resources to now include the X-Forwarded-Proto header indicating the protocol scheme (HTTP or HTTPS). Some HTTP servers may relay on this header being present.
2024-04-22CLI41.63.0This release enables the ability to refer to a resource by name when requesting access via the CLI (sdm access to &lt;resource name&gt;). This release also fixes a bug where the requested resource IDs would not populate in the sdm access requests command.
2024-04-22Server86.20.0This release enables the ability to refer to a resource by name when requesting access via the CLI (sdm access to &lt;resource name&gt;). This release also fixes a bug where the requested resource IDs would not populate in the sdm access requests command.
2024-04-22CLI41.62.0This release augments logging for the Snowsight driver to include any UUIDs that are found in responses when connection attempts fail. Snowsight documentation indicates that these may be used to query the LOGIN_HISTORY or LOGIN_HISTORY_BY_USER views to get more details about the error.
2024-04-22Server86.17.0This release augments logging for the Snowsight driver to include any UUIDs that are found in responses when connection attempts fail. Snowsight documentation indicates that these may be used to query the LOGIN_HISTORY or LOGIN_HISTORY_BY_USER views to get more details about the error.
2024-04-18Server86.5.0This release addresses the following third party CVEs: CVE-2024-29041,CVE-2024-28863
2024-04-17Server86.2.0This release fixes a bug that caused the minimum CrowdStrike score not to appear correctly in the Admin UI.
2024-04-15CLI41.52.0This release fixes a bug with context-based policy where justification and MFA prompts may no longer appear through the desktop app when logging back in to the client after a log out or session expiration.
2024-04-15Server85.95.0This release fixes a bug with context-based policy where justification and MFA prompts may no longer appear through the desktop app when logging back in to the client after a log out or session expiration.
2024-04-12Terraform9.0.0This release adds the ability to query tokens on the sdm_account resource type in the StrongDM Terraform provider.
2024-04-09Server85.88.0This release refactors Slack token refreshes to be more tolerant of Slack outages.
2024-04-09Server85.87.0This release includes the following changes: - Write operations are limited to Create and Delete operations for API keys and tokens. Furthermore, Update is valid for changing the name of these token types, but no other fields are allowed to be updated. - Read operations support all token types (API Key, Admin Token, SCIM Token, and ServiceNow Tokens) in addition to the existing users and service account types. Note that the default behavior of the List operation on all accounts without any filters on account type will now return token types in addition to the users and service account types. - API keys and admin tokens now can be attached with permissions to create new tokens. The permissions on the tokens created must be a subset of the permissions that the parent token has.
2024-04-09Java SDK8.0.0This release includes the following changes: - Write operations are limited to Create and Delete operations for API keys and tokens. Furthermore, Update is valid for changing the name of these token types, but no other fields are allowed to be updated. - Read operations support all token types (API Key, Admin Token, SCIM Token, and ServiceNow Tokens) in addition to the existing users and service account types. Note that the default behavior of the List operation on all accounts without any filters on account type will now return token types in addition to the users and service account types. - API keys and admin tokens now can be attached with permissions to create new tokens. The permissions on the tokens created must be a subset of the permissions that the parent token has.
2024-04-09Python SDK8.0.0This release includes the following changes: - Write operations are limited to Create and Delete operations for API keys and tokens. Furthermore, Update is valid for changing the name of these token types, but no other fields are allowed to be updated. - Read operations support all token types (API Key, Admin Token, SCIM Token, and ServiceNow Tokens) in addition to the existing users and service account types. Note that the default behavior of the List operation on all accounts without any filters on account type will now return token types in addition to the users and service account types. - API keys and admin tokens now can be attached with permissions to create new tokens. The permissions on the tokens created must be a subset of the permissions that the parent token has.
2024-04-09Ruby SDK8.0.0This release includes the following changes: - Write operations are limited to Create and Delete operations for API keys and tokens. Furthermore, Update is valid for changing the name of these token types, but no other fields are allowed to be updated. - Read operations support all token types (API Key, Admin Token, SCIM Token, and ServiceNow Tokens) in addition to the existing users and service account types. Note that the default behavior of the List operation on all accounts without any filters on account type will now return token types in addition to the users and service account types. - API keys and admin tokens now can be attached with permissions to create new tokens. The permissions on the tokens created must be a subset of the permissions that the parent token has.
2024-04-09Go SDK8.0.0This release includes the following changes: - Write operations are limited to Create and Delete operations for API keys and tokens. Furthermore, Update is valid for changing the name of these token types, but no other fields are allowed to be updated. - Read operations support all token types (API Key, Admin Token, SCIM Token, and ServiceNow Tokens) in addition to the existing users and service account types. Note that the default behavior of the List operation on all accounts without any filters on account type will now return token types in addition to the users and service account types. - API keys and admin tokens now can be attached with permissions to create new tokens. The permissions on the tokens created must be a subset of the permissions that the parent token has.
2024-04-09Server85.86.0This release fixes a regression where user agents weren't being populated for requests originating from Slack requests or anonymous HTTP requests.
2024-04-02Desktop App21.65.0This release fixes a bug where failing MFA during login would require quitting the application to re-attempt login.
2024-03-26Server85.70.0This release fixes some broken documentation links in the Admin UI.
2024-03-26Server85.68.0This release fixes a bug where retrieving large replays through the API could fail with a resource exhausted error due to exceeding maximum GRPC message size limits.
2024-03-26Python SDK7.1.1This release fixes a bug where retrieving large replays through the API could fail with a resource exhausted error due to exceeding maximum GRPC message size limits.
2024-03-25Server85.64.0This release adds a new Default Service Account Enforcement setting in the Admin UI Device Trust security settings in the Settings > Security page and a matching Service Account level setting in the Access > Users > Service Account > Settings page. The new settings allow for setting the default Device Trust enforcement policy for service accounts to be either required or exempt at the organization level, and also to set an overriding setting on individual service accounts. The effective Device Trust state is now shown for service accounts on the Access > Users page in the Device Trust column.
2024-03-21Server85.63.0This release fixes an issue that could cause a manual approval flow to be converted to an automatic one that would fail to save.
2024-03-21Server85.62.0This release fixes an issue where automatic approval workflows couldn't be saved unless an approver was selected.
2024-03-21Server85.61.0This release reduces the number of error emails that may be sent due to Device Trust provider issues. In addition, a "resolved" email will now be sent when the issue is no longer present.
2024-03-19Server85.59.0This release fixes an issue where only the first 25 Approval Workflows would list in the Admin UI.
2024-03-19Server85.58.0This release fixes an issue where the MFA screen did not take up the whole screen in the desktop app.
2024-03-19Server85.56.0Third Party Certificate Authorities are generally available, including AWS Private CA RDP, Active Directory Certificate Services, GCP Certificate Authority Service RDP, HashiCorp Vault SSH, HashiCorp Vault SSH (AppRole), HashiCorp Vault SSH (Token), HashiCorp Vault RDP, HashiCorp Vault RDP (AppRole), HashiCorp Vault RDP (Token) Each third party Certificate Authority has a details page which includes Diagnostics, Settings, and Resources (if resources have been applied).
2024-03-19Server85.55.0If an access request is automatically denied due to there being no approvers on the bound workflow a reason is added to indicate why the request was denied.
2024-03-18Server85.53.0This release fixes an issue where the IP Allowlist settings page could not be accessed even with the feature enabled.
2024-03-18Desktop App21.64.0The installer for Windows (EXE file) and macOS (PKG file) have been changed. When the installer is run by a privileged user (run as Administrator on Windows; with sudo or as root on macOS), the installation also includes a virtual networking component. The installer now provides a way for an administrator to install the application for the use of specified standard user that makes auto-updates work properly for that end user. To do this on Windows, run the installer as Administrator with an extra --SDMUSER=&lt;OtherUserName&gt; on the command line. On MacOS, run the command HOME=/Users/&lt;OtherUserName&gt; sudo installer -pkg &lt;SDMInstaller.pkg&gt; -target /. Standard (non-admin) users can still run the installer. When executed without admin, the installer acts as it did before. It installs the SDM application to a per-user location and does not install the virtual networking component.
2024-03-15CLI41.34.0This release fixes an issue with AWS resources where where retrieving objects through S3 with certain special characters in the object key could fail with a signature error.
2024-03-15Desktop App21.63.0This release addresses the following third party CVEs: CVE-2024-24786,CVE-2024-27303
2024-03-15CLI41.33.0This release addresses the following third party CVEs: CVE-2024-24786,CVE-2024-27303
2024-03-15Server85.49.0This release addresses the following third party CVEs: CVE-2024-24786,CVE-2024-27303
2024-03-15CLI41.32.0This release adds the Issued Certificate TTL Minutes field, as a required field, to the Certificate Authorities configurations for AWS Private CA, Google Certificate Authority Service and HashiCorp Vault SSH and PKI. This field allows for the specification of the lifetime of the requested certificate. This release also marks the Certificate Authority category Secret Stores as stable.
2024-03-15Server85.48.0This release adds the Issued Certificate TTL Minutes field, as a required field, to the Certificate Authorities configurations for AWS Private CA, Google Certificate Authority Service and HashiCorp Vault SSH and PKI. This field allows for the specification of the lifetime of the requested certificate. This release also marks the Certificate Authority category Secret Stores as stable.
2024-03-15Java SDK7.1.0This release adds the Issued Certificate TTL Minutes field, as a required field, to the Certificate Authorities configurations for AWS Private CA, Google Certificate Authority Service and HashiCorp Vault SSH and PKI. This field allows for the specification of the lifetime of the requested certificate. This release also marks the Certificate Authority category Secret Stores as stable.
2024-03-15Terraform8.1.0This release adds the Issued Certificate TTL Minutes field, as a required field, to the Certificate Authorities configurations for AWS Private CA, Google Certificate Authority Service and HashiCorp Vault SSH and PKI. This field allows for the specification of the lifetime of the requested certificate. This release also marks the Certificate Authority category Secret Stores as stable.
2024-03-15Python SDK7.1.0This release adds the Issued Certificate TTL Minutes field, as a required field, to the Certificate Authorities configurations for AWS Private CA, Google Certificate Authority Service and HashiCorp Vault SSH and PKI. This field allows for the specification of the lifetime of the requested certificate. This release also marks the Certificate Authority category Secret Stores as stable.
2024-03-15Ruby SDK7.1.0This release adds the Issued Certificate TTL Minutes field, as a required field, to the Certificate Authorities configurations for AWS Private CA, Google Certificate Authority Service and HashiCorp Vault SSH and PKI. This field allows for the specification of the lifetime of the requested certificate. This release also marks the Certificate Authority category Secret Stores as stable.
2024-03-15Go SDK7.1.0This release adds the Issued Certificate TTL Minutes field, as a required field, to the Certificate Authorities configurations for AWS Private CA, Google Certificate Authority Service and HashiCorp Vault SSH and PKI. This field allows for the specification of the lifetime of the requested certificate. This release also marks the Certificate Authority category Secret Stores as stable.
2024-03-15CLI41.31.0This release adds the ability to modify user permission levels via the SDKs.
2024-03-15Server85.46.0This release adds the ability to modify user permission levels via the SDKs.
2024-03-15Terraform8.0.0This release adds the ability to modify user permission levels via the SDKs.
2024-03-15Java SDK7.0.0This release adds the ability to modify user permission levels via the SDKs.
2024-03-15Python SDK7.0.0This release adds the ability to modify user permission levels via the SDKs.
2024-03-15Go SDK7.0.0This release adds the ability to modify user permission levels via the SDKs.
2024-03-15Ruby SDK7.0.0This release adds the ability to modify user permission levels via the SDKs.
2024-03-15Server85.43.0This release replaces Support chat links during organization trials with documentation links.
2024-03-14Server85.39.0This release changes the Admin UI Access Workflows page's table header checkbox to show an indeterminate state when some but not all rows have been selected.
2024-03-12Server85.35.0This release makes approval workflows unable to be saved unless an approver is selected.
2024-03-12Server85.33.0This release updates the Device Trust settings in the Admin UI with more flexible controls globally and per user.
2024-03-08CLI41.26.0This release sets the TTL for issued certificates using certain third-party CAs to a lower default TTL of 5 minutes.
2024-03-08Server85.24.0This release makes new Policy features available to Enterprise customers in the Admin UI. These features allow admins to require MFA or text justifications or to require approval workflows to be followed for some access. Policies can consider conditions such as the geographic location of the user and the device trust score of the user's machine when making access decisions.
2024-03-08CLI41.25.0This change hides the account field returned by sdm ready by default, replacing it with account_info, a new object containing more specific information about the logged in account. This also adds the -v or verbose flag to sdm ready which restores this deprecated field temporarily, and adds additional fields as well.
2024-03-07Server85.21.0This release fixes a bug where access workflows did not save when unlinking a manual approval flow.
2024-03-07Server85.19.0In this release, the default value of the Access filter in the Access Catalog has been changed from "Any" to "Available", so that the default results will now be restricted to resources that are currently available for the user to request.
2024-03-06Server85.18.0This release modifies the presentation of user and global settings for device trust in the Admin UI.
2024-03-05Server85.15.0This adds an Access component to the Catalog Search form in the Slack app. The default value for the Access filter is still "Available", but users now have the option to change it.
2024-03-04Server85.10.0This release adds Approval Workflows permissions and Approval Workflows audit permissions for API token creation and admin token creation.
2024-03-04Terraform7.7.0This release adds support for managing approval workflows. Using the SDKs/CLI, users can now Create, Update, List, Get, and Delete approval workflows. Users can also Create, List, Get, and Delete approval workflow steps and approval workflow approvers.
2024-03-04Ruby SDK6.9.0This release adds support for managing approval workflows. Using the SDKs/CLI, users can now Create, Update, List, Get, and Delete approval workflows. Users can also Create, List, Get, and Delete approval workflow steps and approval workflow approvers.
2024-03-04Python SDK6.9.0This release adds support for managing approval workflows. Using the SDKs/CLI, users can now Create, Update, List, Get, and Delete approval workflows. Users can also Create, List, Get, and Delete approval workflow steps and approval workflow approvers.
2024-03-04Java SDK6.9.0This release adds support for managing approval workflows. Using the SDKs/CLI, users can now Create, Update, List, Get, and Delete approval workflows. Users can also Create, List, Get, and Delete approval workflow steps and approval workflow approvers.
2024-03-04Go SDK6.9.0This release adds support for managing approval workflows. Using the SDKs/CLI, users can now Create, Update, List, Get, and Delete approval workflows. Users can also Create, List, Get, and Delete approval workflow steps and approval workflow approvers.
2024-03-04Server85.7.0This release adds the ability to create, update, and delete Approval Workflows.
2024-03-04Terraform7.6.0This change adds Approval Workflows and related verticals.
2024-03-04Java SDK6.8.0This change adds Approval Workflows and related verticals.
2024-03-04Python SDK6.8.0This change adds Approval Workflows and related verticals.
2024-03-04Go SDK6.8.0This change adds Approval Workflows and related verticals.
2024-03-04Ruby SDK6.8.0This change adds Approval Workflows and related verticals.
2024-03-04Server85.4.0This release adds a link to the settings page on the access workflows page of the Admin UI.
2024-03-02Server85.3.0This release fixes an issue where the resource catalog might appear empty when fetched in ServiceNow.
2024-03-01CLI41.20.0The release fixes a bug where the SourceIP field of queries as returned in the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries incorrectly included a port number in addition to an IP. Queries created since this fix will contain only an IP address in the SourceIP field. In addition, this release adds a new ClientIP field to the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries. This is the public-facing IP address that the client that performed a query used to authenticate with the StrongDM servers. This may differ from the SourceIP which is the IP address the client used to connect to the gateway through which the query was performed. These IP addresses may differ when the gateways are on a different network, such as behind a VPN. Lastly, this release adds the --extended option to the sdm audit k8s|rdp|ssh CLI commands, which includes some additional extended fields in the query output.
2024-03-01Server85.2.0The release fixes a bug where the SourceIP field of queries as returned in the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries incorrectly included a port number in addition to an IP. Queries created since this fix will contain only an IP address in the SourceIP field. In addition, this release adds a new ClientIP field to the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries. This is the public-facing IP address that the client that performed a query used to authenticate with the StrongDM servers. This may differ from the SourceIP which is the IP address the client used to connect to the gateway through which the query was performed. These IP addresses may differ when the gateways are on a different network, such as behind a VPN. Lastly, this release adds the --extended option to the sdm audit k8s|rdp|ssh CLI commands, which includes some additional extended fields in the query output.
2024-03-01Java SDK6.7.1The release fixes a bug where the SourceIP field of queries as returned in the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries incorrectly included a port number in addition to an IP. Queries created since this fix will contain only an IP address in the SourceIP field. In addition, this release adds a new ClientIP field to the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries. This is the public-facing IP address that the client that performed a query used to authenticate with the StrongDM servers. This may differ from the SourceIP which is the IP address the client used to connect to the gateway through which the query was performed. These IP addresses may differ when the gateways are on a different network, such as behind a VPN. Lastly, this release adds the --extended option to the sdm audit k8s|rdp|ssh CLI commands, which includes some additional extended fields in the query output.
2024-03-01Python SDK6.7.1The release fixes a bug where the SourceIP field of queries as returned in the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries incorrectly included a port number in addition to an IP. Queries created since this fix will contain only an IP address in the SourceIP field. In addition, this release adds a new ClientIP field to the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries. This is the public-facing IP address that the client that performed a query used to authenticate with the StrongDM servers. This may differ from the SourceIP which is the IP address the client used to connect to the gateway through which the query was performed. These IP addresses may differ when the gateways are on a different network, such as behind a VPN. Lastly, this release adds the --extended option to the sdm audit k8s|rdp|ssh CLI commands, which includes some additional extended fields in the query output.
2024-03-01Go SDK6.7.1The release fixes a bug where the SourceIP field of queries as returned in the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries incorrectly included a port number in addition to an IP. Queries created since this fix will contain only an IP address in the SourceIP field. In addition, this release adds a new ClientIP field to the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries. This is the public-facing IP address that the client that performed a query used to authenticate with the StrongDM servers. This may differ from the SourceIP which is the IP address the client used to connect to the gateway through which the query was performed. These IP addresses may differ when the gateways are on a different network, such as behind a VPN. Lastly, this release adds the --extended option to the sdm audit k8s|rdp|ssh CLI commands, which includes some additional extended fields in the query output.
2024-03-01Ruby SDK6.7.1The release fixes a bug where the SourceIP field of queries as returned in the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries incorrectly included a port number in addition to an IP. Queries created since this fix will contain only an IP address in the SourceIP field. In addition, this release adds a new ClientIP field to the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries. This is the public-facing IP address that the client that performed a query used to authenticate with the StrongDM servers. This may differ from the SourceIP which is the IP address the client used to connect to the gateway through which the query was performed. These IP addresses may differ when the gateways are on a different network, such as behind a VPN. Lastly, this release adds the --extended option to the sdm audit k8s|rdp|ssh CLI commands, which includes some additional extended fields in the query output.
2024-03-01Server85.0.0This release fixes an issue that caused the Request Access page and its tabs not to load properly in the Admin UI.
2024-03-01Server84.98.0This change adds a notification email sent to organization admins for non-transient Device Trust API failures.
2024-02-29Server84.93.0This release fixes an issue with dynamic access rules on access workflows, where they couldn't be updated under certain conditions.
2024-02-28Server84.88.0This release introduces a change to the file format and path location of replay data stored to Amazon S3 with Log Stream enabled, to improve the performance of storing that data. Replay data is no longer stored under individual objects (one object per chunk), but is instead aggregated so that multiple chunks from different replays may be stored in the same object, up to a limit of 1000 entries or 100 MB per object. Replay data from Log Stream is now stored similarly to activity and query data. Specifically: * The path under which replays are stored in S3 changes from &lt;prefix&gt;/replays/YYYY/MM/DD/HH/MM/&lt;queryUUID&gt;/&lt;chunkID&gt;.json to &lt;prefix&gt;/replays/YYYY/MM/DD/HH/MM/&lt;randomUUID&gt;.json. * The content of each JSON object changes from a single chunk per object ({&#34;formatVersion&#34;:&#34;v1.0.0&#34;, &#34;chunkID&#34;:&#34;1&#34; ...}) to N chunks separated by new lines (that is, in JSON lines format, as with queries and activities).
2024-02-28Server84.87.0This changeset clarifies text for access workflows and approval workflows throughout the Admin UI.
2024-02-28Terraform7.5.0This change introduces the new AWS Private CA X.509 Certificate secret store. This secret store is marked as unstable and, as such, is not available for general use yet.
2024-02-27CLI41.18.0This change introduces the new AWS Private CA X.509 Certificate secret store. This secret store is marked as unstable and, as such, is not available for general use yet.
2024-02-27Java SDK6.7.0This change introduces the new AWS Private CA X.509 Certificate secret store. This secret store is marked as unstable and, as such, is not available for general use yet.
2024-02-27Python SDK6.7.0This change introduces the new AWS Private CA X.509 Certificate secret store. This secret store is marked as unstable and, as such, is not available for general use yet.
2024-02-27Go SDK6.7.0This change introduces the new AWS Private CA X.509 Certificate secret store. This secret store is marked as unstable and, as such, is not available for general use yet.
2024-02-27Ruby SDK6.7.0This change introduces the new AWS Private CA X.509 Certificate secret store. This secret store is marked as unstable and, as such, is not available for general use yet.
2024-02-27Server84.75.0This change reports a mocked version of a legacy variable to CLI versions older than 37.0.0 (released February 14, 2023). This variable was removed on February 24, 2024. The absence of this variable could cause the CLI to fail to respect port overrides on new connections.
2024-02-26Java SDK6.6.0This release adds the approval flow ID field to access workflows.
2024-02-26Go SDK6.6.0This release adds the approval flow ID field to access workflows.
2024-02-26Python SDK6.6.0This release adds the approval flow ID field to access workflows.
2024-02-26Ruby SDK6.6.0This release adds the approval flow ID field to access workflows.
2024-02-26Desktop App21.58.0Installer behavior has changed to allow silent installations on macOS and Windows and for installations to include updates to Virtual Networking Mode. On macOS, all PKG installers always require admin privilege, always install StrongDM in /Applications (but are owned by the end user so that update-in-place can still work), and always install the Virtual Networking Mode helper application. If macOS users want to install the desktop app without Virtual Networking Mode, they should use the DMG distribution. For a silent installation, macOS users should run the installer command line tool with the PKG file as a command line argument. On Windows, the EXE installers now install Virtual Networking Mode whenever the installer runs as Administrator. If the EXE installer is run as a non-administrator, StrongDM gets installed, but Virtual Networking Mode is not installed or updated. If Windows users want to install the desktop app without Virtual Networking Mode, they should run the installer as a non-administrator. Note that the EXE installers on Windows can be executed from the Command Prompt, and the installation will be in silent mode if the /S flag is used with the command.
2024-02-23Server84.67.0This release adds the Update Admins scope to API keys. This is a sensitive scope that allows your key to update admin users.
2024-02-23CLI41.15.0This change removes some deprecated capabilities around disabling port overrides. In particular, some CLI commands under sdm admin ports have been removed.
2024-02-23Server84.63.0This release updates the StrongDM app for Slack with improved tag search functionality that matches the way tag searching works in the Admin UI.
2024-02-23CLI41.14.0This change adds the --download option to the sdm replay rdp CLI command, which allows users to download formatted query logs from StrongDM and immediately render an MP4 from them. Previously, the logs had to be manually retrieved from a relay's logs directory. This does not currently support user-encrypted RDP logs.
2024-02-22Server84.61.0This release fixes a bug that caused resources assigned to peering groups to sometimes incorrectly show as reachable from nodes not in the resource's peering group on the Resources tab of the Admin UI Network > Relays page, the Admin UI Network > Gateways page, and the output of the sdm admin relays list in the CLI. In addition, this release fixes a bug that caused resources shown on the Resources tab of those Admin UI pages not to be ordered by name.
2024-02-22Server84.55.0This release adds support for all filters documented by the CLI help text for sdm admin resources list --filters-help.
2024-02-22CLI41.10.0This release adds support for all filters documented by the CLI help text for sdm admin resources list --filters-help.
2024-02-21Server84.53.0This change fixes a bug in device trust calculations which would prevent assessment storage from CrowdStrike for a CrowdStrike account with over 500 agents.
2024-02-21Server84.51.0User names will no longer prevent creation of service accounts with the same name.
2024-02-20CLI41.8.0This release introduces the GCP Certificate Authority Service, which is not yet available for general use.
2024-02-20Terraform7.3.0This release introduces the GCP Certificate Authority Service, which is not yet available for general use.
2024-02-20Server84.42.0This release introduces the GCP Certificate Authority Service, which is not yet available for general use.
2024-02-20Java SDK6.5.0This release introduces the GCP Certificate Authority Service, which is not yet available for general use.
2024-02-20Go SDK6.5.0This release introduces the GCP Certificate Authority Service, which is not yet available for general use.
2024-02-20Python SDK6.5.0This release introduces the GCP Certificate Authority Service, which is not yet available for general use.
2024-02-20Ruby SDK6.5.0This release introduces the GCP Certificate Authority Service, which is not yet available for general use.
2024-02-20Server84.40.0This release fixes an issue where access requests which were automatically approved would not show the correct approved timestamp when viewing the request details page in the Admin UI.
2024-02-20Server84.38.0This release fixes an issue where activities would not live feed into the Admin UI page on initial load.
2024-02-16Server84.36.0This release fixes an issue where the access requests page of the Admin UI would not load in some instances.
2024-02-16CLI41.6.0This release fixes an issue with the CLI where the sdm doctor -v command did not return any output.
2024-02-12Server84.6.0This release fixes the access details text shown on the Admin UI Request Access page to not reference a reason if there is none.
2024-02-09Server84.2.0This release fixes a bug that caused the /sdm access to command in the StrongDM integration for Slack not to work for non-admin users.
2024-02-09Ruby SDK6.4.0This release adds the new resource type, RDP (Certificate Based) server, which supports Remote Identities.
2024-02-09Java SDK6.4.0This release adds the new resource type, RDP (Certificate Based) server, which supports Remote Identities.
2024-02-09Terraform7.2.0This release adds the new resource type, RDP (Certificate Based) server, which supports Remote Identities.
2024-02-09Python SDK6.4.0This release adds the new resource type, RDP (Certificate Based) server, which supports Remote Identities.
2024-02-09Go SDK6.4.0This release adds the new resource type, RDP (Certificate Based) server, which supports Remote Identities.
2024-02-08Server83.93.0This release adds the Request timeout duration setting to the Settings > Workflows page of the Admin UI.
2024-02-07Server83.83.0The StrongDM integration for Slack has been updated to a new version. This version offers: - Channel-based approvals - Multiple-resource requests - Easier request/resource filtering - UI/UX improvements
2024-02-07Server83.79.0Creating an access request with a reason now has max length validation that matches the server.
2024-02-05Server83.59.0This release adds the Certificate Authority field to the RDP (Certificate Based) and SSH (Certificate Based) resource forms, allowing users to select a desired Certificate Authority (default is Strong CA). Strong CA is the StrongDM RDP Certificate Authority or StrongDM SSH Certificate Authority, depending on the selected server type. Strong CA is selected by default and is always the default, even if the Allow Credentials to be Stored with StrongDM option is set in the Admin UI > Settings > Security. Strong CA may be managed in the Admin UI > Network > Certificate Authorities.
2024-02-03Server83.52.0This release fixes a bug when running the sdm audit queries and related CLI commands, where including a filter using the query field to filter by query content would return an error that the filter was invalid.
2024-02-02Server83.49.0This release changes the application of the security setting "Allow Credentials to be Stored with StrongDM." Certificate-based resources, such as SSH (Certificate Based) and RDP (Certificate Based), may be created without assigning a secret store, even if the "Allow Credentials to be Stored with StrongDM" security setting is set to "No."
2024-02-01Server83.43.0This release adjusts the text in the enterprise banner at the top of workflow related pages to no longer reference Reports Library but rather Access Workflows.
2024-02-01CLI40.89.0This PR adds secret stores that will request signed x509 certificates from the PKI configured in the secret store. The initially supported PKI is HashiCorp Vault PKI. This new secret store is marked unstable and, as such, is not available for use yet.
2024-02-01Server83.40.0This PR adds secret stores that will request signed x509 certificates from the PKI configured in the secret store. The initially supported PKI is HashiCorp Vault PKI. This new secret store is marked unstable and, as such, is not available for use yet.
2024-01-31Server83.34.0This release removes the option to select suspended users as approvers for access workflows.
2024-01-31Java SDK6.3.2This release upgrades the GRPC dependency of the Java SDK to version 1.59.1. This version of the GRPC library fixes an incompatibility with newer versions of the Netty library, which may prevent the SDK from working with frameworks such as recent versions of Spring Boot.
2024-01-31Server83.32.0This release adjusts the logout condition for SentinelOne Device Trust. Previously devices would be logged out if SentinelOne reported them as not live, but testing revealed this value was not being consistently reported; live agents would sometimes be marked offline, causing random logouts. The replacement for this condition requires that a device is offline for 15 minutes before that results in an automatic logout.
2024-01-30Server83.24.0This release allows new certificates to be created for both SSH and RDP without immediately making them active. You can create a certificate, add it to your infrastructure, and then make it active in StrongDM. This enables the certificate rotation process to happen without downtime due to the delay from adding a new certificate. Additionally, previous certificates may be reactivated as a rollback option until they are removed. Certificate Authorities can be managed in the new Network > Certificate Authorities section of the Admin UI.
2024-01-29Desktop App21.54.0This release restores the missing Connect All menu item to the desktop app menu.
2024-01-29Server83.9.0This release fixes an issue where some organizations could not see reports in the Reports Library.
2024-01-26Server83.4.0This release marks the standing access report as no longer in beta.
2024-01-26Server83.3.0This release fixes a bug in filter functionality for the Access Workflows dashboard.
2024-01-25Java SDK6.3.0This release adds an SDK vertical to request checks for and retrieve the healthiness of the connections between nodes and secret stores.
2024-01-25Go SDK6.3.0This release adds an SDK vertical to request checks for and retrieve the healthiness of the connections between nodes and secret stores.
2024-01-25Python SDK6.3.0This release adds an SDK vertical to request checks for and retrieve the healthiness of the connections between nodes and secret stores.
2024-01-25Ruby SDK6.3.0This release adds an SDK vertical to request checks for and retrieve the healthiness of the connections between nodes and secret stores.
2024-01-25Server82.90.0Add pkg and msi installers to the downloads page
2024-01-25Server82.89.0This release fixes a bug where in rare cases a valid authentication with an admin token or API key would return an unauthenticated error.
2024-01-25Server82.88.0Slack tokens are no longer revoked after a failed refresh attempt.
2024-01-25Server82.87.0Update the default filter on the Standing Access Dashboard.
2024-01-25Server82.86.0This release augments resource update validation in the case when the secret store of the resource is modified. See also Server 82.80.0.
2024-01-24CLI40.78.0This release allows the Secret Store field on resources to be updated after creation. When transitioning from using a non-Strong Vault secret store to any other, or vice versa, all sensitive credential field values (those hidden in the AdminUI) are reset to ensure they are not exposed in plaintext. The Terraform Provider still recreates resources when their secret store is updated to ensure it doesn't lose track of its state because of the reset sensitive fields.
2024-01-24Server82.80.0This release allows the Secret Store field on resources to be updated after creation. When transitioning from using a non-Strong Vault secret store to any other, or vice versa, all sensitive credential field values (those hidden in the AdminUI) are reset to ensure they are not exposed in plaintext. The Terraform Provider still recreates resources when their secret store is updated to ensure it doesn't lose track of its state because of the reset sensitive fields.
2024-01-23Server82.75.0This release fixes a broken banner link for StrongDM email alerts.
2024-01-23Server82.74.0This release fixes a condition where authentications could take up to several seconds before they were available to use after logging in.
2024-01-23Server82.73.0This change fixes the filter parameters for the Approvers list in the Access Workflows dashboard.
2024-01-23Server82.70.0This release overhauls the presentation of Reports Library dashboards.
2024-01-22Server82.68.0This change fixes a bug with a deprecated authentication mode used by clients beneath 33.17.0, where those authentications were frequently revoked without reason.
2024-01-19Java SDK6.2.1This change removes some unimplemented snapshot APIs.
2024-01-19Python SDK6.2.1This change removes some unimplemented snapshot APIs.
2024-01-19Ruby SDK6.2.1This change removes some unimplemented snapshot APIs.
2024-01-19Go SDK6.2.1This change removes some unimplemented snapshot APIs.
2024-01-18CLI40.73.0This release fixes an issue that prevented successful authentication for SSH certificate-based resources that had Secret Store IDs set.
2024-01-18CLI40.59.1This release fixes an issue that prevented successful authentication for SSH certificate-based resources that had Secret Store IDs set.
2024-01-18Server82.54.0Added a checkbox in the Admin UI to allow requesters to approve their own requests when they meet the approval criteria for the associated workflow.
2024-01-16Java SDK6.2.0This release updates the SDKs to enable retrieving configured RDP CAs.
2024-01-16CLI40.67.0This release adds the 'sdm admin rdp view-ca' CLI command to retrieve the CA used for certificate-based RDP connections.
2024-01-16Python SDK6.2.0This release updates the SDKs to enable retrieving configured RDP CAs.
2024-01-16Go SDK6.2.0This release updates the SDKs to enable retrieving configured RDP CAs.
2024-01-16Ruby SDK6.2.0This release updates the SDKs to enable retrieving configured RDP CAs.
2024-01-16Terraform7.1.0This release updates the SDKs to enable retrieving configured RDP CAs.
2024-01-12Server82.35.0This release modifies the behavior of the integration with Slack, including help text and welcome message frequency changes.
2024-01-12Server82.30.0This release restores the presence of some missing release notes from the /release-notes endpoint.
2024-01-11CLI40.63.0This release renames the columns of CSV query output to be more consistent between query categories. It also adds three new fields for features in development.
2024-01-11CLI40.61.0This release adds a new, non-stable server type: SSH (Cert Based with User Provisioning). This new server type is in closed beta and not available at this time.
2024-01-09CLI40.57.0This release deprecates the sdm admin ssh rotate-ca command. The correct way to rotate SSH CA is through the credential management area in the Admin UI.
2024-01-09Server82.11.0Admins can now set a fixed duration for access requests on the Workflows settings page of the Admin UI.
2024-01-08CLI40.55.0This release updates the permissions checked when calling sdm ssh resource-name, fixing a recent regression which prevented user-level accounts from executing this action.
2024-01-08CLI40.54.0This release fixes an issue that prevented connections to certain resources with an "unable to load credential type for db type" error. This error is resolved.
2024-01-08Python SDK6.1.0This release adds a Healthcheck verb to the SDKs and the sdm admin &lt;resource-category&gt; CLI trees. From the CLI, one may request a healthcheck via a resource's ID or its name. Note admin tokens are not able to request checks by name if they lack the permission to list resources, as they will not be able to look up the resource.
2024-01-08CLI40.51.0This release adds a Healthcheck verb to the SDKs and the sdm admin &lt;resource-category&gt; CLI trees. From the CLI, one may request a healthcheck via a resource's ID or its name. Note admin tokens are not able to request checks by name if they lack the permission to list resources, as they will not be able to look up the resource.
2024-01-08Java SDK6.1.0This release adds a Healthcheck verb to the SDKs and the sdm admin &lt;resource-category&gt; CLI trees. From the CLI, one may request a healthcheck via a resource's ID or its name. Note admin tokens are not able to request checks by name if they lack the permission to list resources, as they will not be able to look up the resource.
2024-01-08Go SDK6.1.0This release adds a Healthcheck verb to the SDKs and the sdm admin &lt;resource-category&gt; CLI trees. From the CLI, one may request a healthcheck via a resource's ID or its name. Note admin tokens are not able to request checks by name if they lack the permission to list resources, as they will not be able to look up the resource.
2024-01-08Ruby SDK6.1.0This release adds a Healthcheck verb to the SDKs and the sdm admin &lt;resource-category&gt; CLI trees. From the CLI, one may request a healthcheck via a resource's ID or its name. Note admin tokens are not able to request checks by name if they lack the permission to list resources, as they will not be able to look up the resource.
2024-01-05Server82.2.0This changeset adds support for IDP initiated logins for SAML, if enabled within one's StrongDM SSO configuration.
2024-01-04Admin UI86.20.0This release makes some minor bug fixes for filters within dashboards.
2024-01-04Ruby SDK6.0.1This release unlocks the gemspec for the strongdm ruby SDK expanding openssl from ~> 3.1.0 to ~> 3.1.
2024-01-03Admin UI86.19.0This release adjusts and improves the user experience for filters within dashboards.
2024-01-02Server81.81.0This release adds a feature to alert organization admins for when the StrongDM RDP CA is close to expiring. It will send alert emails for the following stages: 30 days before expiration, 2 weeks before expiration, 1 week before expiration, 2 days before expiration, 1 day before expiration, and 2 days after expiration.
2023-12-22CLI40.46.0This release fixes a regression in the CLI that prevented listing resources with the sdm admin datasources|servers|... list commands with an admin token that had resources list permission but not resource locks list permission. The commands now function when run without resource lock list permission by omitting resource lock status information.
2023-12-21Go SDK6.0.1This release includes documentation updates.
2023-12-20Admin UI86.14.0In this release, the Workflows settings page of the Admin UI now allows admins to forbid users from setting a custom duration on requests. Instead, admins can define a fixed duration.
2023-12-19Server81.61.0This change modifies query storage logic to be more tolerant of queries that may be awaiting processing from recently deleted gateways or relays.
2023-12-13Admin UI86.10.0This release adds a validation error in the Admin UI if a duplicate ServiceNow URL is configured.
2023-12-13Admin UI86.9.0This release internally simplifies the flow for requesting RDP replays in the Admin UI, removing possible failure modes.
2023-12-12Server81.44.0Quotas have been enforced on all customers in order to prevent usage by one customer from impacting StrongDM's availability for other customers. If you see an error due to a quota being exceeded, please submit a request to StrongDM Support to have your quota increased.
2023-12-12Admin UI86.7.0This release fixes a bug where the revoke option was presented for access requests that can't be revoked.
2023-12-12Server81.40.0This release modifies the format of the content in access request emails to refer to request duration.
2023-12-12Admin UI86.6.0This release fixes typos in the integrations page.
2023-12-11Admin UI86.3.0This release allows non-enterprise users to see reports in a limited manner.
2023-12-11Admin UI86.1.0This release fixes a bug which prevented the creation of some RDP resource types with specific settings selected.
2023-12-08Server81.30.0This release expands the time range of valid RDP queries to request replays for in the Admin UI. This range looked back 4500 replays historically, but recent changes brought this limit down to 200. This release expands it to search all historical queries up to an organization's complete query retention range.
2023-12-08Java SDK6.0.0This release renames approver_id to account_id and adds role_id to the workflow approver vertical.
2023-12-08Python SDK6.0.0This release renames approver_id to account_id and adds role_id to the workflow approver vertical.
2023-12-08Ruby SDK6.0.0This release renames approver_id to account_id and adds role_id to the workflow approver vertical.
2023-12-08Go SDK6.0.0This release renames approver_id to account_id and adds role_id to the workflow approver vertical.
2023-12-07CLI40.28.0This release adds roles to the CLI interface for workflow approvers, renaming the 'approver-id' flag to 'account-id' in the process.
2023-12-07CLI40.27.0There was in issue with the SDM client Docker image starting at version 40.8.0 that prevented it from running properly. This issue has now been fixed.
2023-12-06Admin UI85.98.0This release adjusts the presentation of the auditor report dashboard.
2023-12-06Admin UI85.97.0When making an access request users can now specify a start date and time.
2023-12-05Admin UI85.96.0This change migrates some secret stores to be Enterprise bundle features.
2023-12-05Admin UI85.95.0This change reveals the Admin UI version number at the bottom of the navigation sidebar.
2023-12-04CLI40.24.0The RDP cert-based driver now supports DRDYNVC, which should allow the driver to support more environments.
2023-12-01Admin UI85.91.0This change adds cards on the Admin UI's Integrations page for existing integrations, such as secret stores and logging options.
2023-11-30Server80.82.0StrongDM now enforces a limit of 1,000 resources per organization for new customers. Customers who require more than this should submit a request to StrongDM Support to get their quota increased. Existing customers have been assigned enough quota to at least double their current resource count.
2023-11-28Server80.65.0This release modifies an error message displayed on one OIDC login error, to more clearly point to the cause of the problem; when a POST to an OIDC server to verify that they did send us a login request occurs, if the response is lacking a token, it usually implies that the configured client secret is invalid, or expired.
2023-11-28Server80.64.0Fixed an issue where the CLI command sdm access to executed with only a duration would immediately time out.
2023-11-28Server80.61.0This change restores the ability to provide a start from time for access requests.
2023-11-27CLI40.20.0This change modifies the proxy used by sdm aws commands to include http:// in the HTTPS_PROXY variable, which otherwise can cause some programs like terraform modules in TF 1.6.3 to reject the variable for the lack of a schema.
2023-11-22Admin UI85.90.0This change enables the use of Roles to define workflow approvers.
2023-11-21CLI40.19.0This release resolves an issue where some relays hosted in AWS, using AWS secret stores, but without permission to use IMDSv2, could panic due to an updated AWS Go SDK version introduced in CLI version 40.2.0.
2023-11-20Admin UI85.87.0This release allows users of the Auditor permission level to interact with access requests as Users, if they belong to the appropriate roles.
2023-11-17Admin UI85.85.0This release adjusts the presentation of queries in the Admin UI to address bugs where replays would not show as replayable.
2023-11-17Server80.50.0This release adjusts the presentation of queries in the Admin UI to address bugs where replays would not show as replayable.
2023-11-17Server80.47.0This release fixes a an issue where, since server version 80.41.0, it would take a manual refresh of the Admin UI for live, complete replays to present as replayable.
2023-11-16Server80.44.0This release increases the limit of workflows that an organization can have from 25 to 50.
2023-11-16Admin UI85.80.0This release enables viewing older historical queries in the Admin UI. Previously this view was limited to between 30 and 4500 results, depending on resource category. Now, using date filters, the same query range that can be viewed by users of any given organization can be viewed by those users in the Admin UI as well.
2023-11-15Admin UI85.77.0This change prevents auditors from being able to see access request approval and reject buttons even if they are selected as an approver.
2023-11-09Terraform6.0.6This release makes the resource types Aurora PostgreSQL (IAM) and RDS PostgreSQL (IAM) generally available.
2023-11-09Admin UI85.72.0This release augments the access request workflow modal to respect organization-wide workflow settings for maximum durations.
2023-11-09Java SDK5.0.5This release makes the resource types Aurora PostgreSQL (IAM) and RDS PostgreSQL (IAM) generally available.
2023-11-09Admin UI85.71.0This release makes the resource types Aurora PostgreSQL (IAM) and RDS PostgreSQL (IAM) generally available.
2023-11-09Python SDK5.0.5This release makes the resource types Aurora PostgreSQL (IAM) and RDS PostgreSQL (IAM) generally available.
2023-11-09Ruby SDK5.0.5This release makes the resource types Aurora PostgreSQL (IAM) and RDS PostgreSQL (IAM) generally available.
2023-11-09Go SDK5.0.5This release makes the resource types Aurora PostgreSQL (IAM) and RDS PostgreSQL (IAM) generally available.
2023-11-09Server80.16.0This release makes the resource types Aurora PostgreSQL (IAM) and RDS PostgreSQL (IAM) generally available.
2023-11-08Server80.12.0This release fixes a bug causing '/sdm access catalog' to not display if it contained resources with more than 6 tags.
2023-11-08Admin UI85.70.0Notification settings have been added to the Settings > Workflows page which allows you to enable/disable the sending of email notifications. This does not affect Slack notifications (if using the Slack integration).
2023-11-08Admin UI85.69.0This release adjusts the display of duration text in Access Requests.
2023-11-08Admin UI85.68.0This release adjusts the display of revoked access request details.
2023-11-08Admin UI85.67.0This release fixes a bug where the Access Requests page sometimes displayed blank timestamps.
2023-11-08CLI40.8.0This release upgrades the 'rdpreplay' Docker image to be based on Ubuntu 22.04.
2023-11-07Admin UI85.65.0This release adds a workflow settings page to the Admin UI. This page currently only has one setting, allowing admins to specify the maximum duration access may be requested for.
2023-11-06Admin UI85.64.0This release changes the Access Request form to base requests on total duration instead of a 'valid until' time.
2023-11-06CLI40.4.0This release fixes a rare edge case in idle timeout calculation, where if a user sent over one query per second for the entire duration of their idle timeout, the idle timeout would never be reset and it would log them out as if they had sent no queries.
2023-11-02CLI40.1.0This release fixes a bug in sdm audit users, restoring visibility into service accounts via this command.
2023-11-02Admin UI85.61.0This release adds the ability to view and change a user's External ID in the Admin UI.
2023-11-02Terraform6.0.5This release specifies the weight fields of the Workflows domain as computed in the SDM Terraform Provider. When a computed field is not provided in the configuration, Terraform will not try to update the computed value to null in subsequent execution plans.
2023-11-01Admin UI85.60.0This release fixes an issue where the Member CID field was not optional as described when setting up the CrowdStrike provider in Device Posture settings.
2023-11-01Terraform6.0.4This release fixes a bug in the API in which the creation and deletion of WorkflowRoles were not concurrency safe. The bug affected the SDM Terraform provider and any other API consumer that tried to do concurrent creation and deletion of WorkflowRoles.
2023-11-01Server79.87.0This release fixes a bug in the API in which the creation and deletion of WorkflowRoles were not concurrency safe. The bug affected the SDM Terraform provider and any other API consumer that tried to do concurrent creation and deletion of WorkflowRoles.