Privileged Remote Access 24.1.1 Release Notes

March 5, 2024

Requirements:

• Requires Base 7.1.0.
• Requires ECM 1.6.1.
• Requires Integration Client 1.7.5.
• This version includes essential security upgrades to OpenSSH 9.7, libssh 0.10.6, and OpenSSL 3.0. Operating systems dependent on legacy encryption methods such as SHA-1, TLS 1.1, or TLS 1.0 may not be accessible. Before upgrading, confirm the operating systems of your endpoints are capable of newer encryption methods.

New Features and Enhancements:

• Web Access Console can now connect to Atlas Traffic nodes.
• Increased the maximum number of supported Shared Vault accounts to 100K.
• The new Privileged Endpoint Client is now launched from Jump Clients.
• Jump Item filter and search improvements in the Access Console.
• Users can now invite more than one user at a time to join their sessions.
• Vendor on-boarding improvements:
  • Now there can be more than one Admin for Vendor groups.
  • Vendor users can now automatically be deleted after expiration.
  • PRA users can now be mapped to Teams.
  • Added Configuration API support for GET, POST, and PATCH more than one PRA user to a Vendor Group.
  • Added Configuration API support for GET, POST, and PATCH Team to Vendor Groups.
• Access Console now supports wildcard searches of Password Safe endpoints.
• No longer requiring full screen mode to send hot keys or special keyboard shortcuts screen sharing. Now just hover the mouse over the screen sharing portion of the console and keyboard bindings will pass through to the remote system.
• Jump Item approvals can now be done within the Access Console.
• Added support for Kubernetes Protocol tunneling.
• Added support for Layer 3 Protocol tunneling (Network tunneling).
• New command API to logout users from the Access Console.
• New Configuration API to return a user’s Group Policy memberships.
• Added a new option to enable or disable users from approving their own Jump requests.
• Jump Item Authorization has been added to the Jump Item reports.
• Updated icons.
• Added Open SFTP Client button for Shell Jump sessions.
• The BT CLI tool can now be run from the Windows Run… window.
• Debian 11 and 12 are now supported.

Issues Resolved:

Administrative Interface

Reporting

• Fixed an issue with the 1.00x speed option missing when viewing recordings.
• Fixed an issue with setting the time zone to UTC causing some license reports not to be displayed.

API

• Configuration API version increased to 1.9.
• Command and Reporting API version increased to 1.24.1.
• API documentation updated for User password min and max length.
• Added get_appliances to the Command API.

Vault

• Fixed an issue with filtering based on Inherited not working properly on the Vault Accounts page.
• No longer accepting SHA1 based SSH keys when saving a Vault account with a SSH private key. More secure keys should be used going forward.
• Fixed an issue with checking Enable Passwordless FIDO2 Authentication sometimes not updating the Default Authentication Mechanism.

Security Providers

• Fixed an issue with saving invalid SMTP OAuth Client secrets and then attempting to validate the email configuration.
• Fixed an issue with displaying disabled SAML providers on the login page.
• Added a new error message for unrecognized FIDO2 devices.

FedRAMP

• Fixed an issue with the default value not being set for the Idle logout setting.

Text Updates

• Added help text to the Only keys in OpenSSH formats are valid section when editing an SSH key.
• Updated the btapi client heading to match the btapi client download button.
• Added Jump Item Installers to the warning messages for deleting Jump Groups.
• Updated some of the Help text for the BYOT parameters.
• Updated the Download and Install instructions for the Access Console on Linux.

Misc

• Fixed an issue with the page flashing briefly when clicking on the Jump Policies tab.
• Fixed an issue with the spacing in the Jump Group listing when there are 2 or less Jump Groups.
• Fixed an issue with the number of items to display on Jump Groups page not saving correctly.
• Fixed an issue with the Jump Client Installer list sometimes listing Override values as No incorrectly.

Clients

Access Console

• Fixed an issue with the highlight coloring for the Accept/Reject window while in Dark Mode.
• Fixed an issue with disabling External Tools not resizing the menu in the Access Console properly and leaving a blank space.
• Fixed an issue with Dark Mode not showing the CLI folder selection properly.
• Fixed an issue with the TCP Tunnel Jump Item Copy button not displaying a tool tip.
• Fixed an issue with the Access Console minimizing to the System Tray after being disconnected.
• Fixed an issue with Dark Mode not highlighting the column header when the mouse hovers over it.
• Fixed a permission issue with starting sessions through the BT CLI.
• Now providing better error messages when copying or moving Jump Items and there is a failure.
• Fixed an issue with the Jump Items total and Jump Clients total sometimes being inaccurate on clustered sites.
• Fixed an issue with clicking the Copy button for a TCP tunnel moving the focus to the Local Address column.
• Fixed an issue with pressing the Enter key while a session in the Personal queue is selected not changing the focus to that session’s tab.
• Fixed an issue with the Backspace/Delete key not deleting the selected Jump Item.
• Fixed an issue with the Access Console crashing sometimes while loading the Login Agreement.
• Fixed an issue with Windows Search not working correctly when Application Sharing Restrictions were enabled.
• Fixed an issue with started sessions from the IAC not showing as started in the Full Access Console and vice versa.
• Fixed an issue with Korean keys not being displayed on the Client side correctly.
• Fixed an issue with the Privacy Screen not being displayed if the session was started manually by clicking Screen Sharing.
• Fixed an issue with x11 forwarding through BYOT.
• Fixed an issue with slow response times in Shell Jump when Session Forensics was enabled.
• Fixed an issue with the IAC window appearing on the wrong side sometimes on Windows 11 systems.
• Fixed an issue with exporting a Jump Group that doesn’t have any Jump Items.
• Fixed an issue with using Kerberos to authenticate to SQL Server tunnels

Web Access Console

• Now sorting Jump Approval request based on status with Pending requests displayed at the top of the list.
• Fixed an issue with External Jump Items queue not being listed under the Personal queue.

Web Jump

• Fixed an issue with downloading files with unknown sizes through Web Jump.
• Fixed an issue with some special characters not working with German keyboard layouts while using the Web Access Console through a Web Jump session.
• Fixed an issue with some login windows not being detected correctly in Web Jump.
• Fixed an issue with loading some sites when the Jumpoint is installed on Linux.

Jumpoint

• Fixed an issue with Jump Zone Proxies sometimes having problems forwarding Jump Client connections.

Shell Jump

• Fixed an issue with Telnet not working properly through Shell Jump when BYOT was enabled.

Mac

• Fixed an issue where there was no feedback displayed after the CLI tool was installed on Macs.
• Fixed an issue with more than one Quit option displayed when right-clicking the Dock Access Console icon.

Linux

• Now reporting a failure message for Linux Jumpoints if they fail to install correctly.

Misc

• Fixed an issue with the Connection Agent sometimes not uninstalling properly

Known Issues:

None.

Notes:

• This version of Privileged Remote Access has been certified for physical BeyondTrust Appliances, virtual BeyondTrust Appliances, and cloud deployment models.
• Verified for GA.
• Supports upgrades from 22.4.1 PA+.
• Supports ECM Protocol 1.6.
• Includes VSC 1.2.6.1.