2020 Release Notes
Last modified on February 1, 2023
- Terraform provider: The official StrongDM Terraform provider is now available for Terraform version 0.12 and up. The provider allows you to configure your infrastructure in StrongDM as you deploy it. Create, modify, and delete servers, databases, clusters, gateways, websites, users, roles, and access grants.
- Driver performance: Upgraded drivers for several datasources to improve overall performance, including HTTP, Kubernetes, DB2i, DB2 LUW, Cassandra, Druid, DynamoDB, Elastic, Memcached, MySQL, PostgreSQL, Presto, SSH, Sybase, Redis, Terradata, BigQuery, and Snowflake.
- Health Checks: Improved datasource healthchecks to properly account for changes in connection status.
- Updating Issue: Corrected the update system for relays and unauthenticated users so they can receive updates.
- Broken Link: Fixed broken download link for Linux gateway binaries.
- Password Reset Issue: Fixed deep link support conflicting with password resets.
- RDP Replay Issue: Fixed issues with RDP replays not rendering consistently.
- Terraform Issue: Fixed issue with Terraform provider auto-download in 0.13.
- Websites for Trial Accounts: Trial accounts are now able to create Websites.
- OneLogin OIDC: Added support for OneLogin OpenID Connect v2.
- Upgraded Drivers: Several drivers were upgraded to V3 and updated to help reduce empty query counts: DB2i, DB2 LUW, HTTP, K8s, Cassandra, Druid, DynamoDB, Elastic, Memcached, MySQL, PostgreSQL, Presto, SSH, Sybase, Redis, Terradata, BigQuery, and Snowflake.
- Terraform Improvements: You can now get your StrongDM public key via Terraform.
- Website Creation UX Enhancement: When a website is created or updated, minor issues such as whitespace in the input will be handled more effectively.
- Runaway Log Files: Fixed issue with Windows GUI generating runaway log files for particular connection errors.
- Cloned Websites: Fixed ability to clone websites.
- The ability to grant and revoke access to resources now requires grant and list permissions only, rather than the previously required create permissions.
- You can no longer update an existing Kubernetes, SSH, or RDP Server resource and change it to an unrelated resource type.
- User Added via CLI: Fixed an edge case in which errors were occasionally received when adding a user via the CLI.
- Admin Users Revoke Issue: Fixed issues with using
sdm admin users revokeand
revoke-all. Now, these commands will return an error if the target user is in a role, rather than failing silently.
- Role Deletion: Roles containing DBAs or Team Leaders can now be deleted.
- Kubernetes in Admin UI: Kubernetes clusters will no longer appear in the Servers page in the Admin UI. Instead, they now will appear in the Clusters page which is listed in the navigation sidebar.
- Terraform Binary: The Terraform provider binary is now statically compiled by default, which makes it compatible with containers such as the HashiCorp official container and other Alpine-based containers.
- SDM Update: Changed update behavior for relays so that relays automatically update on restart. The
sdm updatecommand will only be used to update StrongDM on your local machine going forward.
- Trial Signups:
- If a user attempts to redeem a trial code that has already been redeemed, they will now be redirected to the login page with a message explaining what happened.
- Signing up with an organization name or email subdomain that already exists will similarly trigger a more helpful response.
- Trial organizations can now have a wider range of emoji appended to their names!
- Notification emails are now sent to the team when a trial code is generated and sent, not just when something goes wrong or a trial is redeemed.
- Look and Feel: UI was updated to match the StrongDM branding in both the Admin UI and the GUI.
- Logging: Added tags to datasource audit trails.
- Missing Replays: Improved error messaging around missing SSH replays. Added handling for replays interrupted by dropped SSH sessions.
- SSH (Certificate Based) Healthcheck: Fixed bug in healthchecks which was encountered in some SSH (Certificate Based) resources.
- Composite Roles: Resources granted via composite roles will now appear in a user’s GUI without requiring them to log out and then log back in. Additionally, temporary grants are now correctly revoked when a resource is granted via a composite role.
- Kubernetes Audit: The
sdm audit k8scommand will now consistently include missing fields when using the
- Kubernetes Session Replays: Fixed a bug that was sometimes encountered when paging through Kubernetes session replays, when a large number of those sessions existed.
- Timestamps: Fixed timestamps when auditing to be in proper date time string format.
- Feature Work: Lots of ongoing work on features that are yet to be released ;)
- Protobuf: Upgraded protobuf from 1.4.2 to 1.25.0.
- Changes to the JSON API:
- We previously accepted
snake_casefor all JSON field names, and returned
snake_case. Now the standard is
camelCaseboth ways, and we only accept the one format as defined in our
- Resource type names now match dbtype aliases.
- Port overrides and ports can no longer be strings, they must be JSON numbers.
- We now detect when multiple polymorphic subtypes are provided (e.g. account and service to
/v1/accounts), and return a 400.
- We previously accepted
- Busy Login Button: Fixed an edge case issue with the GUI that would sometimes freeze the login button as “busy” and prevent login.
- Duplicate Port Overrides: Fixed an issue some users of heavy automation encountered where duplicate port overrides could be unintentionally created.
- Port Issues: Fixed an error that was sometimes experienced when trying to setup a k8s cluster with a default port.
- Grants: Added new “Grants” category for permissions when creating admin tokens and API keys (Create, List, Delete). This will allow more fine-grained delegation of powers related to resource access Grants.
- Relative Time Options: Added support for relative time options in audit commands (i.e.
sdm audit activities --from=30d --to=10d).
- MFA Settings Validation: Improved data validation when updating MFA settings.
- Log Availability: Clarified language around query log availability for high volume users.
- Help Text: Improved help text for some CLI commands.
- API Key Permissions: Clarified some descriptive text around edit permissions when creating API keys.
- GUI Notifications: Reduced noisy notifications when a user with temporary access Grants unlocks their GUI.
- Display Bug: Fixed a display bug in GUI header display when the version number was too long.