Changelog
Version 3.21
version release 17/01/2022
The following items presented in this changelog have been introduced, improved and fixed in the 3.21.0 version of senhasegura.
caution
The changes presented are aligned with the version of the entire platform. Part Number segmentation is not considered in this document. Consult our commercial department, or your reseller, to acquire other funcionalities.
For details on which features have been enhanced or corrected for each component, see the next chapter in each module section.
info
For details on how the new items or improvements were introduced to the solution, see our documentation.
New logs database with Elasticsearch
The new log storage system brings a significant improvement in indexing, log search, and data synchronization in clustered environments.
This new system is automatically configured during the solution upgrade process, and logs previously-stored in files will be migrated automatically to the new system with Elasticseah.
danger
Before updating or installing the senhasegura in a cluster environment it is necessary to release the port 9300 in the firewall between solution nodes.
General license consumption dashboard
A new dashboard containing a view of the system's general consumption was added. This dashboard displays, for example, how many users have access to each module so that the person responsible for the tool can see them in the same place.
Filtering and behavior detection of DLLs
The solution must prevent high-risk applications (such as browsers or document handlers) from starting untrusted side processes, untrusted loading DLLs, or exploiting PowerShell in content-based attacks. When an application or process is executed, it will start several DLLs. It was created measures to identify a DLL considered safe and stop the execution of any DLL that is not regarded as secure.
API for Login via Web Proxy senhasegura
A new API method that allows the creation of a URL session for authentication in senhasegura Web Proxy was created. Through parameters, the developer will be able to define which device, in what credential, and from which IP address can be installed of the device. The URL is valid for 30 seconds after expiration. A new one must be created.
Changelog
senhasegura
| Item | Description |
|---|---|
| New Feature 3503, 3726 | A floating help button was added on the bottom right corner that allows access to the official documentation, senhasegura shorts and community. |
| New Feature 3440 | A new Tk expect plugin resource was added to change passwords called SQL Plus. |
| Improvement 2987 | Improved the Selenium-based password change executor in Executions ➞ Settings ➞ Templates. |
| Improvement 3446 | The process of changing SSH passwords was divided into distinct operations: one of the creations of the key in the origin device, and the others of publication in the target device. |
| Improvement 3542 | Improved the internal logs database. |
| Improvement 3113 | The reviewing and certification of access groups in PAM improved, with periodicity to analysis. |
| Improvement 3315 | Updated the texts reading component in RDP sessions for Cyrillic support |
| Improvement 3499 | Removed the system users from notification configurations. Still maintained only real users to be configured. |
| Improvement 1448 | Changed the storage technology of proxy sessions texts. The text search is enhanced in performance and storage from this version and beyond. |
| Improvement 3699 | Accomplihsed the data valdidation in Spanish and German inside proxy modules. |
| Improvement 2851 | The alter and removal actions of an execution profile of a device were created. |
| Improvement 3452 | Improved the monitoring of the internal vault. |
| Bugfix 3465 | Fixed the authentication failures via Google OpenID. |
| Bugfix 3162 | Fixed the error that caused messages to be shown in Portuguese on some pages. |
| Bugfix 3161 | Fixed the error of URLs with non-existing permissions. |
| Bugfix 3580 | Fixed the errors in the search filters that once the clear button was pressed, the information was not brought correctly. |
| Bugfix 2874 | Fixed the bug that caused user by group reports do not bring up the correct access group. |
| Security 3184 | Fixed the exhibition of emails sent through Domum in senhasegura submition screens. |
| Security 3676 | The necessary permissions to install an instance activation license into senhasegura were reviewed. |
| Security 3658 | Fixed the error while impersonating a profile. |
| Security 3494 | Reviewed the proxy system security politics. |
senhasegura Terminal Proxy
| Item | Description |
|---|---|
| Improvement 2912,3106 | Added the argument domain and username that allow the visualization of all devices related to a credential or SSH key. |
| Bugfix 3457 | Fixed the error that had terminal proxy repeating data after many information line. |
senhasegura RDP Proxy
| Item | Description |
|---|---|
| Bugfix 3313 | Fixed the error in senhasegura RDP Proxy when using multimonitor funcion |
senhasegura Cloud
| Item | Description |
|---|---|
| New Feature 3392 | Azure reports were added in Cloud → Cloud IAM → User Roles the roles reported by service accounts to Azure service accounts. |
| New Feature 3391 | Azure reports were added in Cloud → Cloud IAM → Account Roles the roles reported by service accounts to Azure service accounts. |
| Improvement 3073 | An intermediate state was added when deleting a user or service account, allowing the result analysis that avoids a false positive. |
| Improvement 3071 | Improved the synchronism of users and service accounts. The senhasegura will not remove permissions/roles added directly in Azure to users and service accounts. If it is inactivated/removed into senhasegura, it will be removed from Azure. |
| Improvement 1505 | When registering a GCP account it was improved the validation to verify if the APIs are active. |
| Bugfix 3274 | Fixed the issue in Azure integration. |
senhasegura WebService A2A
| Item | Description |
|---|---|
| New Feature 3362 | Added endpoint for an authenticated URL (SSO) to senhasegura Web Proxy Session. |
| New Feature 2967 | In the endpoints /iso/dash/risk/all and /iso/dash/sessions/all it was corrected the return message when the initial date |
| New Feature 2804 | Created a mechanism that can authenticate API calls using AWS signature. |
| New Feature 3080 | Implemented A2A authorization usage log in A2A → Logs. |
| Bugfix 3126 | Fixed the error that caused the system to allow an activation of a specific authorization linked to an application even if it was deactivated. |
| Bugfix 3583 | Fixed the public and private keys inversions while retrieving information via A2A when using sensitive information cryptography. |
senhasegura DSM
| Item | Description |
|---|---|
| New Feature 3151 | Added automatic versioning of a secret when a password of a credential with a secret linked to it has its password changed. |
| New Feature 2930 | Created an auto-renewal of dynamic provisioning secrets according to TTL. |
| New Feature 2804 | Created a feature that can authenticate API calls using AWS signature. |
| Improvement 1493 | Added all secret information to your version history. |
| Bugfix 3381 | Fixed a visualization error from the details screen after creating automation in DSM → Automations → Automations and clicking the bloom option. |
| Bugfix 3325 | The message to provide authorization via API in an application with dynamic provisioning enabled was reviewed. |
| Bugfix 3382 | Fixed error in database that happened while registering secret value with an empty field. |
| Bugfix 3379 | Fixed the error of Disabled Secrets that could still be accessed via the DSM API. |
| Bugfix 3378 | Fixed bug with DSM Automations Triggers not triggering actions. |
| Bugfix 3326 | Fixed error that caused malfunctioning when registering a credential for dynamic provisioning in DSM. |
| Bugfix 3380 | Fixed the bug that caused disabled authorizations got enabled once enabling an application that has relationship with the disabled one. |
senhasegura Orbit Command Line
| Item | Description |
|---|---|
| Improvement 2993 | Changed orbit output of sudo orbit version command from Orbit Console - MT4: senhasegura group to senhasegura Orbit Console when querying the version. |
| Improvement 3546 | Added to the second instance cluster the possibility to view these log files. |
| Improvement 3384 | Added support to new languages: Brahmic, Devanagari, Devanagari Extended, Vedic Extensions. |
senhasegura Scan & Discovery
| Item | Description |
|---|---|
| Improvement 3067 | Added an option of user group scan on target devices. To configurate the already existing Scans, this option will be automatically marked in the actualization. |
| Improvement 3273 | Improved the connection string used by Discovery in UNIX domain credentials. |
| Improvement 3290 | A checkbox was added that allows the user to choose to find or not the user groups. |
| Improvement 3291 | The searching robots were improved only to find the access group its option is activated. |
| Bugfix 3061 | Fixed a bug that happened while importing credentials via Discovery. |
| Bugfix 747 | Fixed the scan error of target containers. The senhasegura state suggested a false positive when a mistake of SSH connection occurred. |
| Bugfix 3463 | Fixed the configuration of accounts linked to services not being addressed by Discovery. |
senhasegura Dashboard
| Item | Description |
|---|---|
| New Feature 2994 | Added a new screen to visualize the general consumption of licenses. |
| Improvement 3100 | Added DSM dashboards links to the Dashboard menu. |
senhasegura Domum
| Item | Description |
|---|---|
| Improvement 3111 | It was simplified the Domum parameters screen. |
| Improvement 3055 | Added a dynamic icon that validates the connection status established with gateway. |
| Improvement 2959 | The possibility of a re-send action of access link was added if the gateway is unavailable. |
| Improvement 3601 | It was improved the displayed text to the user while accessing an expired link. |
senhasegura Orbini
| Item | Description |
|---|---|
| Improvement 2748 | Updated javascript libraries and packages. |
| Improvement 3376 | Implemented the English language as fallback default if a text in the selected language is unavailable. |
| Improvement 3424 | Added support to Turkish, Croatian and Russian on the senhasegura RDP Proxy login screen. |
| Bugfix 2865 | Fixed the error that caused the system to force the password to be changed even with the option unchecked. |
| Bugfix 3225 | Fixed the error while registering the token in the first access using the digital certification as factor of authentication. |
| Bugfix 3422 | The error that caused showing expiration date pushed when licensing senhasegura using an activation code generated with Production flag was fixed. |
| Bugfix 3681 | Reviewed the necessary permissions to undo a user impersonation. |
senhasegura.go
| Item | Description |
|---|---|
| Bugfix 3357 | Revised the security of the authenticated URLs of senhasegura.go. |
senhasegura.go for Windows
| Item | Description |
|---|---|
| New Feature 3350 | Created detection event of an untrusted DLL execution attempt. The event will be registered as “Untrusted DLL execution attempt” containing the name of the DLL. The event will also be notified via SYSLOG and be available for email notification setup. |
| New Feature 3397 | The DLLs will be able to be filtered in access lists using the same properties as an application: Product name, Product version, Certificate, File version, Directory, File hash, Internet zone identifier, Windows store publisher. |
| New Feature 3354 | Applications that are already in execution, but contain any DLL considered as malware, will be finished. |
| New Feature 3385 | The functionality of register requested directories functionality, which allows applications, automation and DLLs to override "allow/denylist" rules if specified within a trusted directory. |
| Improvement 3353 | In the application filter registration, the validation rule by certificate will be obligatorily "Trusted only" |
| Improvement 3594 | The senhasegura.go logs were moved to the “Applications and Services Logs” section of the Microsoft Event Viewer. Available in information(1000), alert(2000) and error(3000). |
| Bugfix 3566 | Fixed the log synchronization when a workstation returns from an offline scenario. |
| Improvement 3679 | Changed the presentation of domain credentials that previously only appeared the "username" for "domain\user" in cases where the credential has a domain. When there is no domain, it will be replaced by the workstation's name. |
| Security 3408 | Removed the support for TLS1.1 on Windows workstations for communication with senhasegura servers. This communication will only be possible using TLS1.2 and 1.3. |
senhasegura.go for Linux
| Item | Description |
|---|---|
| Improvement 3570 | Updated the politics register label of access from "Deny" to "Lock". |
| Bugfix 3330 | Fixed a default rule to restrict the access that was being sent through the back of the PEDM Linux. |
| Bugfix 3127 | Fixed the error in Sudo rules that was not deleting the rule if the one registered was inactivated. |
senhasegura Orbit Web Interface
| Item | Description |
|---|---|
| Improvement 3129 | Switch-like components have been standardized to avoid confusion between enabling and disable actions. |
| Improvement 3090 | Updated the factor label of authentication from "MFA" to "2FA". |
| Bugfix 3363,3364 | New languages supported: Spanish and German. |
senhasegura Certificates
| Item | Description |
|---|---|
| Bugfix 3086 | Fixed the error caused the certificate module not to fill in the alternative name for the certificate's subject (SAN). |
| Bugfix 3507 | Fixed the error in Certificates → Requisitions while signing an certificate. |
Protected information
| Item | Description |
|---|---|
| Bugfix 3602 | Fixed the error while registering and visualizing protected information. |