Privileged Remote Access 23.2.1 Release Notes
May 9, 2023
This release has been removed due to a critical issue. An updated release will be made available as soon as possible. For more information, please see KB0020207 at https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020207.
Requirements:
- This version of Privileged Remote Access has been certified for physical BeyondTrust Appliances, virtual BeyondTrust Appliances, and cloud deployment models.
- 23.2.1 PA requires Base 7.0.0.
- Requires ECM 1.6.0.
- Requires Integration Client 1.7.5.
New Features and Enhancements:
- FIDO2 authentication now supported in /login, access console, and web access console.
- Multiple SAML providers can now be configured.
- SAML is now allowed to use external group providers.
- Streamlined SAML authentication in the access console.
- Web access console can now create, edit, copy, and delete Jump Items.
- Added ephemeral Jump Clients. This allows administrators to override the offline time of Jump Clients, creating short-lived installers that provide our non-ephemeral Jump Clients access to ephemeral machines but are automatically removed when the endpoint is torn down.
- Added Terraform module, which allows users to interact with the Remote Support Configuration API to manage access to the resources under management.
- Added dark mode for /login.
- Jump Client installers are now listed in /login.
- Users now have additional options available when using Command shell within a Jump Client session, including Windows Command Prompt, PowerShell, Zsh, Bash, sh, fish, and tcsh.
- OAuth 2 support added for /login email configurations.
- A new API for downloading Syslog reports has been created. Also, a new permission has been added to the API account.
- Added a new session policy setting for automatically starting the privacy screen.
- The Run As Special Action now logs the command in session reports.
- Vendor Approvers are now notified of any waiting approval requests. The interval at which these reminders are sent can be configured on the Edit Vendors page.
- Public keys for stored private keys have been added for Vault SSH accounts.
- The Configuration API User Rate Limit per Hour has been increased from 15,000 to 60,000.
- Added <enter> and <delete> keyboard shortcuts to the native access console. <enter> now starts a session with the selected Jump Item and <delete> now removes the selected Jump Item.
- Jump Item export in the access console now allows you to select Export All, Export Current View, or Export Selected.
- The elevation tooltip in the access console now displays why the Elevation button is disabled.
- Configuration API additions and enhancements:
- VNC Jump Items
- GET jump-item/remote-vnc
- GET jump-item/remote-vnc/<id>
- POST jump-item/remote-vnc
- PATCH jump-item/remote-vnc/<id>
- DELETE jump-item/remote-vnc/<id>
- COPY jump-item/remote-vnc/<id>
- Vault Account Jump Item association
- GET vault/endpoint
- GET vault/endpoint/<id>/remote-rdp-jump-item-candidates
- POST vault/endpoint/<id>/remote-rdp-jump-item-association
- UPDATE jump-item/remote-rdp
- Associate Vault Accounts with Jump Items
- GET vault/account/<id>/jump-item-association
- PATCH vault/account/<id>/jump-item-association
- POST vault/account/<id>/jump-item-association
- DELETE vault/account/<id>/jump-item-association/jump-item
- POST vault/account/<id>/jump-item-association/shared-jump-group
- POST vault/account/<id>/jump-item-association/jump-item
- DELETE vault/account/<id>/jump-item-association
- DELETE vault/account/<id>/jump-item-association/shared-jump-group
- DELETE vault/account/<id>/jump-item-association/jump-item
- Associate Vault Account Groups with Jump Items
- GET vault/account-group/<id>/jump-item-association
- PATCH vault/account-group/<id>/jump-item-association
- POST vault/account-group/<id>/jump-item-association/shared-jump-group
- POST vault/account-group/<id>/jump-item-association/jump-item
- DELETE vault/account-group/<id>/jump-item-association/jump-item
- DELETE vault/account-group/<id>/jump-item-association/shared-jump-group
- Added connected state to Jumpoint
- GET jumpoint
- GET jumpoint/<id>
- Added account_expiration to VendorUser
- GET vendor/<id>/user
- Reactivate Vendor Account
- POST vendor/<vendor_group_id>/user/<user_id>/reactivate
- POST vendor/<vendor_group_id>/reactivate
- Extended GET user to include all permissions:
- GET user
- Return a list of all API accounts and permissions:
- GET api-account
- Manage Group Policy membership for Account Groups
- GET group-policy/<id>/vault-account-group
- POST group-policy/<id>/vault-account-group
- DELETE group-policy/<group_policy_id>/vault-account-group/<account_group_id>
- Added public_key to Vault accounts.
- VNC Jump Items
Issues Resolved:
Administrative Interface
- API
- Increased API version to 1.23.1.
- Resolved an issue with POST group-policy returning an error when id is specified.
- Vault
- Resolved an issue with checking out a local account at the same time a discovery is being run on that domain.
- Resolved an issue with importing accounts overwriting the previously imported accounts if their account names were changed.
- Resolved an issue with deleting domain with large numbers of endpoints taking longer than expected.
- Vault performance improvements.
- Resolved an issue with not displaying all discovery errors.
- Resolved an issue with the Discovery Results page showing local accounts for endpoints that are not reachable.
- Group Policies
- Made performance improvements to Group Policies in /login when there are large numbers of Group Policies and Jump Groups.
- Search
- Resolved an issue with spaces counting as characters.
- Vendor
- Resolved an issue with case sensitivity in the email domain field in Vendor registration.
- Resolved an issue with the change password email not being sent to Vendor users if they were approved by non-admin PRA users.
- Resolved an issue with Vendor registration allowing the same email address to be registered multiple times.
- Text Updates
- Updated some of the verbiage on the Backup Setting page.
- In /login, renamed the left navigation link for Downloads to Consoles & Downloads, and the left navigation link for Access Console to Console Settings.
- Resolved an issue with extra characters being displayed in the Edit Service Principal error message under Vault > Domains.
- Miscellaneous
- Resolved an issue with the Android Mass Deploy Jump Client link.
- Resolved an issue with the language selection icon showing on sites that don’t have any languages.
- Resolved an issue with the customizable strings on the Customer Client page not saving correctly for non-English languages.
- Added Vault Service Principal to the warning message that is displayed when configuring an outbound proxy.
- Updated the error message received when using the password reset link when the password was expired.
Clients
- Access Console
- Resolved an issue with Jump Clients that had not yet been upgraded showing as Pending in the access console.
- Resolved an issue with the access console sometimes crashing after pinning a session.
- Resolved an issue with the access console sometimes crashing when the network connection dropped.
- Resolved an issue with the access console crashing if the Jump Approval window was left open.
- Resolved an issue with the access console sometimes crashing while editing a registry value during registry access.
- Resolved an issue with the access console randomly crashing during customer client download.
- Resolved an issue with Shift + F10 not passing through screen sharing.
- Resolved an issue with the Time in Queue icon not being dark in dark mode.
- Resolved an issue with Jump Item details not being displayed correctly with long comments.
- Customer Client
- Resolved an issue with Windows clipboard history not being cleared at the end of a session.
- Web Access Console
- Resolved an issue with time counters not continuing when the web access console page was hidden.
- Resolved an issue with screenshots not working in some Firefox versions.
- Resolved an issue with slow UI responsiveness when there were large numbers of Jump Groups.
- Infrastructure Access Console
- Now when the IAC is started on a system that does not have a system tray, the IAC checkbox is greyed out and help text is provided to explain why.
- Web Jump
- Resolved an issue with starting Web Jump sessions through a Linux Jumpoint.
- vPro
- Resolved an issue with vPro sessions sometimes disconnecting and not reconnecting.
- Jump Client
- The ability to install and run multiple Jump Clients for the same user and site has been deprecated. There are other means available now to attain the same functionality.
- Resolved an issue with starting a Jump Client session while a Jump Client discovery is in process.
- Shell Jump
- Resolved an issue with the authentication error message not showing when the wrong credentials have been used to start a Shell Jump session.
- Mac
- Resolved an issue with transitioning from IAC mode to full console mode causing the access console’s title bar to not respond.
- Resolved an issue with upgrading the rep console if it was originally installed by a non-admin user.
- Resolved an issue with granting Accessibility permission if Screen Recording permission wasn’t granted first.
- Resolved issue with Jump Clients that were not restarting automatically being granted permissions by the System Settings app.
- Resolved an issue with sending AltGr keys through screen sharing on Macs.
- RDP
- Resolved an issue with backslash character (\) not being copied into the native Windows Security window.
- Resolved an issue with RDP file downloads when multiple reps, native access console and web access console, are in the same RDP session.
- Updated the error message displayed when a rep tries to start an RDP session without the proper permissions.
- Added support for 16 bit color in native BYOT RDP.
- Resolved an issue in which RDP was failing with certain certificates.
Notes:
- Verified for GA.
- Supports upgrades from 22.2.1 PA+.
- Supports ECM Protocol 1.6.
- Includes VSC 1.2.6.1.
- This release is certified with the following mobile versions:
