2021 Release Notes
Last modified on February 1, 2023
- Release Notes: Release notes are now officially available!
- Terraform Quick Start: Created an example Terraform quick start file that allows you to create resources and/or test them quickly, and can also be customized to use with your own infrastructure.
- CLI Access for DBAs: Added the ability for users with the DBA permission level to use CLI commands under the
sdm adminbranch that correspond with their abilities in the Admin UI.
- K8s Debugging Support: Added support for logging and auditing of Kubernetes sessions from
- Session ID Column: Added a button for SSH replays in the Admin UI that copies the session ID to the clipboard. This can then be used when auditing via the CLI.
- AWS Authentication: Extended support for assuming Role ARN to all eligible AWS resources (DynamoDB, Athena, AmazonES). Also added support for passing External ID (along with assuming Role ARN).
- Gateway Stability: Improved gateway resilience and recovery during incidents caused by misconfigured gateways.
- Improved Client Connectivity: We now prune stale gateways from the client to improve connection success rate.
- Terraform Configuration: Improved Terraform provider to handle new line breaks in API Access Key and Secret Key fields.
- Improved Error Messaging: Provided a more informative error message when a resource is only accessible by an isolated relay, or when trying to create a datasource with a duplicate name.
- SSH Keep-Alive: We now forward
firstname.lastname@example.org through our ssh proxy.
- CLI UX: The
sdm statusCLI command now organizes all resources by their specific type.
- Replays: Improved SSH session replays so that custom formatting in a replay is cleaned up after it finishes.
- Parent Org Admin UI: Fixed a bug where admins that were suspended disappeared from the Admin UI.
- Website Subdomain: Fixed a bug where use of uppercase in a website resource subdomain would cause errors.
- Permissions: Fixed a mismatch with API permissions required to list account attachments.
- Temporary Access Grants: Fixed a bug with setting dates while granting temporary access in the Admin UI.
- Website Access: Fixed a bug where users with the DBA permission level could not access some websites through the Admin UI.
- Presto Password Field: Fixed a bug where Presto resources required a password that was not actually needed.
- Port Overrides in Admin UI: Fixed port overrides sorting and editing issues in Admin UI.
- Windows Client Sleep/Wake Bug: Fixed a bug where occasionally a device would have issues connecting to StrongDM after the device wakes from sleep.
- GUI Log Rotation: Fixed a bug where GUI logs would occasionally grow too large.
- New Audit Options: Added encryption and replay support to SSH and Kubernetes audit commands.
- Improved UX for Adding Datasources: You can now search and filter existing datasources while adding a new datasource in the Admin UI.
- New User Indicator: Added the “New User” indicator to user list in the Admin UI. This will show up when a new user signs up and has yet to be given any access or roles.
- Datasource Listing: Fixed bug in displaying of resources with
- Deleted Organizations: Fixed bug where some users trying to join their organization ended up in a defunct version of the organization.
- Bug with ssh_config: Fixed bug that could occur in the
ssh_configfile when not connected to anything.
- SSO Provider Switching: Fixed a bug with the form that sometimes occurred when switching SSO provider used for authentication.
- MFA Settings: Fixed a bug that sometimes caused MFA settings to become invalidated when updating SSO or self registration settings.
- New Resource Type. Added a new SSH resource type, Customer-Managed Key, which allows you to provide your own private key and store it with StrongDM.
- New Driver Support. Added support for the Raw TCP driver. Note that logging for Raw TCP only counts transferred bytes, not traffic details.
- Auditing. Added user and resource tags to query logs when auditing with the
- Support Chat for Trials. Added a chat with support button in the Admin UI for trial users.
- Toast Alerts. Added toast alerts when performing Create, Update, Clone, or Delete operations on resources.
- UI Improvement. Added a more obvious button for rotating Admin keys/tokens.
- GUI Refactor. Refactored StrongDM GUI to improve stability and fix occasional connection problems with the listener. This should alleviate issues where network connections are lost and regained, or issues resulting from long periods of inactivity.
- Screen Scrolling Bug. Fixed minor bug in Admin UI to ensure screen scrolls to correct position after adding new resources.
- Admin UI Crash. Fixed Admin UI crash that sometimes occurred if an error was received during SSH replay.
- Tokens During Suspension. Fixed issue where tokens could not be properly preserved when suspending a user.
- Website Resources. Fixed bug some users encountered when trying to create website resources.
- Tooltip Text. Fixed truncation of tooltip text in Admin UI.
- macOS Client Bug. Fixed issue with client sometimes sticking to macOS dock.
- macOS Client Quit Options. The StrongDM client now properly closes on macOS with
Command-Qor when using the SDM > Quit menu option.
- Log File Size. Fixed bug that could allow some GUI logs to become larger than 10 MB.
- Secret Stores Support. Added public beta support for third-party Secret Stores. Secret Stores allow you to have credentials stored in your existing third-party secrets manager. These credentials are used by your gateways to authenticate with resources, and they are never stored anywhere on StrongDM infrastructure. Included in the initial beta release are the following options:
- HashiCorp Vault (installation guide for HashiCorp Vault)
- AWS Secrets Manager (installation guide for AWS Secrets Manager)
- GCP Secret Manager (installation guide for GCP Secret Manager)
- Cloud Resources. Added public beta support for the resource type “Clouds.” Cloud resource drivers allow you to administer your cloud environment through StrongDM. AWS is the first example of this new resource type, with more to come in the future. With your AWS Cloud resource set up in StrongDM, you can use the AWS CLI to administer your cloud just like you always have, but now with the access controls and auditing that you use with your other StrongDM resources (configuration guide for AWS Cloud).
- New Trial Experience. We launched a new product trial experience that includes a guided tour of the features and capabilities of StrongDM. This tour gives you the opportunity to get started right away with pre-made demo resources that you can directly interact with and use to discover the potential of StrongDM.
- Remember Me. Added “Remember my Email” option for Admin UI and GUI login.
- Displayed Gateway/Relay Versions. The Diagnostics tab of Gateways/Relays in the Admin UI now displays the version of the installed Gateway/Relay package.
- Displayed Resource Timestamps. The Diagnostics tab of resources in the Admin UI now displays the time that the resource was created, as well as the time when it was last modified.
- Healthy/Unhealthy Resource Filter. Whenever a resources page in the Admin UI has more than 12 resources listed, the dropdown for filtering that appears will now allow filtering on Healthy or Unhealthy resources.
- Online/Offline Gateway/Relay Filter. Added the ability to filter between online and offline Gateways/Relays in the Admin UI.
- Reorganized Form Fields for EKS. In the Admin UI, the page for adding or editing an EKS cluster is now rearranged, with the Assume Role AWS-specific fields now grouped at the bottom.
- Contact Support Subject Autofill. Clicking the Contact Support button in the Admin UI now creates an email. The subject of the email is automatically populated with information about where you were in the Admin UI when you asked for help.
- Added MS SQL Server 2017 Compatibility. Added compatibility for Microsoft SQL Server 2017.
- Added Syslog Support. Added syslog support for local logging on Gateways/Relays. It follows the same rules as the Raw TCP log emitter.
- Grant Temporary Access with Specific Time Zones. Added a time zone selector to the Grant Temporary Access to Datasources tab in the Admin UI, allowing customers to choose times based on the selected time zone.
- Clouds Section. Added the Clouds section to the Admin UI and the
sdm admin cloudssubtree in the CLI to allow for management of Cloud resources.
- Enhanced Admin UI Performance for Role and Permission Updates. Improved performance in the Admin UI when updating permissions within Roles.
- Gateway Improvements. Improved the stability of Gateways run in short-lived Kubernetes instances.
- Streamlined Client Download. Optimized the size of the StrongDM Client, making for a smaller download.
- HTTP Subdomain Description. Added help text describing the usage of the HTTP Subdomain field in the Admin UI and CLI.
- Speedier Queries. Reduced latency experienced when making very large dataset queries.
- Permissions During API Key Creation. In the Admin UI, added permissions options for Secret Stores when creating API keys.
- Terraform Quick Start. Reintroduced the Terraform quick start guide to the welcome page of the Admin UI in a new format.
- Kubernetes Icon Refresh. Updated the Kubernetes-related icons in the Admin UI.
- Resource Tags. Fixed an issue where tags on resources could be lost during mass updates of resources.
- Cloud Logs. Fixed an issue in which Cloud logs incorrectly showed an error in the Admin UI in cases where encryption or local logging was turned on.
- Token Creation with Secret Stores. Fixed an issue where tokens could not be created with Secret Stores selected in the Admin UI.
- Temporary Access to Datasources. Ensured that Cloud and Cluster types are correctly separate in the Grant Temporary Access to Datasource modal in the Admin UI.
- CLI Help Text. Fixed the CLI help text for the
sdm admin cloudscommand screen.
- Date/Time Field. Fixed a Temporary Access bug where the “start from” date/time field wouldn’t always work.
- Secret Stores Management Via the CLI. Enabled the ability to manage Secret Stores through the CLI.
- Admin User Permissions. Changed allowed operations so that admin users can only be updated, suspended, deleted, or have their passwords reset by other admins.
- Detailed Resource Type Names in Audit Logs. Improved audit logs so they display a more detailed and accurate resource type name (e.g., “EKS” instead of “Kubernetes”).
- New Permission for Admin Token Creation. Added a new “initiate password reset” permission when creating admin tokens to specifically control access to that power.
- Base64 Encoding Support for CLI. Allowed the use of Base64-encoded files in the CLI operations that target Kubernetes clusters.
- Admin UI Password Reset Redirect. Fixed a small bug where users trying to reset their passwords were sent to the Admin UI Login page instead.
- Admin Token Creation. Fixed a bug where admins could not create admin tokens in the Admin UI because of Secret Stores permissions.
- Resource Submission. Fixed a rare bug on form validation that prevented new resources and updates to resources from being submitted within the Admin UI.
- Role Permissions in Large Orgs. Fixed a bug in large organizations where role permissions in the Admin UI sometimes wouldn’t update unless there was a hard refresh.
- Display of Recent Activities. Fixed a bug in activities, cloud logs, web logs, and SSH Capture pages where recent items wouldn’t appear in the Admin UI due to a time zone offset error.
- EKS Cluster Access. Fixed an issue with accessing EKS clusters.
- AssumeRoleARN Usage. Fixed usage of
AssumeRoleARNwith EKS resources.
- TCP Connection Resource. Released the TCP Connection resource, which allows the addition of any resource that uses TCP connections, even those that are not explicitly supported by StrongDM yet.
- Log Export Container. Released the Log Export Container to the public Code Garden. This Docker image gives you the ability to stream StrongDM logs to the destination of your choice, such as Amazon CloudWatch, Amazon S3, and others.
- SSH Customer-Managed Key. The SSH Customer-Managed Key resource type is now generally available. With this type, you can provide your own private key to be used by SSH resources.
- Audit the Health of Gateways/Relays. In the CLI, added the
sdm audit relaysset of commands, which allow you to look at various elements of the health of your gateways/relays directly.
- Improved Fuzzy Matching in Admin UI Search. Improved the fuzzy matching in the Admin UI search for resources so that it uses full search terms.
- Wrong Landing Page in Admin UI. Fixed an Admin UI bug that caused users to land on the wrong page when they had not deep linked into the app.
- Copying Empty Files to/from S3. Fixed a bug in the AWS CLI driver to allow for copying empty files from the local machine to S3 (or from S3 to elsewhere).
- Start Time in Temporary Access Calendar. Fixed a bug where the start time is set to 12 a.m. when clicking Today in the Temporary Access modal calendar.
- Filter Resources by Port Overrides. Added the ability to filter resources by their port override number.
- Remember Login Emails. Added the
SDM_EMAILenvironment variable. If set, this email will be automatically used for authentication when you log in to StrongDM from the CLI.
- Reduced Validity Period for Gateway Certificates. Changed the validity period of certificates generated on Gateways to one year (down from three years).
- Version Headers. Updated our Terraform Provider and all StrongDM SDKs to send out version headers.
- Listener Status in CLI. Updated
sdm statusso that running the command will now notify you if the listener is not running.
- Kubernetes Driver Healthcheck Namespace. Made the
healthcheck namespacefield in Kubernetes drivers required and prepopulated.
- Logging and Encryption Settings. Fixed a bug that prevented multiple logging and encryption settings from being updated at the same time.
- Kubernetes Log Details. Fixed a bug that sometimes prevented full details of Kubernetes logs from displaying in the Admin UI.
- Temporary Access Modal. Fixed a bug in the Temporary Access modal that could lock up the interaction when the start/end date was deleted.
- SSH Replays Crash. Fixed an Admin UI crash experienced by some users on the SSH Replays page.
- Local Client Creation. Fixed a bug that could sometimes result in runaway creation of active StrongDM local clients.
- GUI Improvements. Fixed a bug that caused the GUI to incorrectly show MFA timeout errors and enter a login error state after five seconds.
- CLI Help Text. Fixed various help text typos in the CLI.
- Amazon MQ and RabbitMQ Resources. Added support for Amazon MQ and RabbitMQ resources.
- Elastic Support. Added support for resources hosted on
- Cassandra Native Protocol Support. Added support for Apache Cassandra native protocols version 3 through version 5.
- Required Kubernetes Fields. Made the Healthcheck Namespace field required for Kubernetes resources. Newly created, cloned, and updated Kubernetes resources will now have the healthcheck namespace prepopulated with the default.
- Detailed Diagnostics. Added more information to the Diagnostics tab for resources when all Gateways and Relays are offline or when no Gateways exist.
- See All the Commands. Made full CLI command trees visible to all users. If a user doesn’t have access to a given command, they will receive a
you do not have permission to perform this actionerror.
- Cluster Scoping Support. Added support for cluster-specific scoping of Kubernetes commands.
- Non-SSO User Creation. Fixed an issue where organizations did not have the option to create new non-SSO users when they should have.
- Firefox Form Submission. Fixed a double form submission error that occurred in Firefox when new users were added in the Admin UI.
- Website Resource Form Labels. Fixed the form label for Website resources to be
Auth Typeinstead of
- Healthcheck-Related Crash. Fixed an occasional crash when trying to healthcheck resources in the Diagnostics tab.
- Safari Page Loading Issue. Fixed an issue where HTTPS websites did not load in Safari.
- Access Rules and Multi-role Membership open beta. Released the open beta for Multi-role Membership, Access Rules, and IdP User Provisioning.
- Faster Admin UI Page Loading. Improved load times of the Admin UI by removing duplicate calls.
- Improved Healthchecks. Made the healthcheck status on new resources more responsive so they successively indicate a healthy connection as soon as they connect to an existing node.
- Logging Limits. Limited the number of log rows to 4,500 in the Admin UI. This change applies to SSH replays, RDP replays, Web logs, and Cloud logs. There is no change to CLI
sdm auditcommands or Amazon S3 storage of queries.
- Snazzier Links. Enhanced Admin UI link colors with a prettier shade of blue.
- Ruby SDK Gemspec Updates. Updated the Ruby SDK gemspec to require Ruby 2.4 or greater and gRPC 1.36 or greater.
- Terraform Tag Examples. Updated Terraform Registry docs with info on how to use resource tags.
- GUI Menu Display. Fixed an issue with the macOS GUI where the full menu frame was clipped.
- Clouds Typo. Fixed a typo on the Admin UI Clouds page, where there was a reference to “Websites” instead of “Clouds.”
- Temporary Access Error. Fixed an issue where the Admin UI would incorrectly present an error when granting temporary access to a resource to which a different user already had temporary access.
- Datasource Encrypted Fields. Fixed an issue with the Admin UI Datasources page so that it will now properly indicate when encrypted file upload fields have been set to a non-empty value by Terraform, an API, or SDK user. This fix only applies to updates done after this release is deployed. Encrypted fields that were set via Terraform prior to this release will still show as empty in the Admin UI.
- New Search and Filter Functionality in the Admin UI.
- Users page:
- You can now filter Users based on temporary access, Role membership, User status, User type, User permission level, and User tags.
- The Users page now filters out suspended Users by default.
- Free-text search now checks against first name, last name, and email.
- URLs now automatically update to include the parameters of your search or filter query, allowing you to bookmark your favorite searches and filters.
- New drop-down menus automatically populate filters based on Role, permission level, and User type.
- The table header now displays a count of all results returned by the active search and filter query.
- Roles page:
- You can now filter Roles based on Role name and tags.
- URLs now include the parameters of your search or filter query, allowing you to bookmark your favorite searches and filters.
- New drop-down menus automatically populate filters based on tags.
- The table header now displays a count of all results returned by the active search and filter query.
- Users page:
- User Quick Actions. Added an Actions button to the Users page, which enables you to take quick action on a User (e.g., edit Roles, send a password reset email, etc.) without having to go into the detailed view.
- Permission Level Change Confirmation. Added a confirmation step when changing a User’s permission level in order to avoid accidental changes.
- TLS Support for RabbitMQ. Updated the RabbitMQ driver to support full TLS.
- Longer Timeouts During SSO Auth. Increased the timeouts to better handle SSO logins over high-latency connections.
- Namespace Added to Vault Secret Store Config Page. Enabled HashiCorp Vault tokens created inside a namespace to healthcheck the Vault successfully.
- Incremental Relay/Gateway Auto Updates. Switched the auto-update deployment process for Relays and Gateways to be spread out over the course of an hour rather than be distributed all at once.
- RDP Replay Rendering. Fixed a bug where certain RDP replays ran into issues during the rendering process.
- Admin UI Not Loading in Safari. Fixed a bug where the Admin UI did not load in Safari 15.
- Additional Search and Filter Functionality in the Admin UI. Added the ability to filter Users based on tag(s) in the Search field (e.g., find Users by entering tags such as
- New Resource Types. Released Kubernetes (User Impersonation), DocumentDB, and Neptune resource types.
- GUI Enhancements. Ensured that every resource in the GUI now contains an icon and caption.
- Results Counter. Added count of results to the headers of the User’s Roles in all Infrastructure sections of the Admin UI.
- Infrastructure Search and Filter Functionality. Added Admin UI search and filter functionality to the Infrastructure sections of the Admin UI.
- Button to Delete Access Rules. Added a button in the Admin UI to delete Access Rules without having to open the Access Rules Editor.
- Access Rules Management. Fixed a bug where Access Rules that applied to more than 5,000 resources could not be deleted.