Added:

• Digital Signatures: INGOS Password Manager now supports digital signatures for agent files, enhancing authenticity and protection against tampering.
• New RESTful APIs:
  • API to share resource groups with users in bulk.
  • API to share resource groups with user groups in bulk.

Fixed:

• Resource Details: Fixed an issue where "Account Notes" displayed encoded characters instead of colons (:) on the Resource Details and Account Details pages.
• Rebranding: The rebranding of the INGOS Password Manager logo now reflects correctly in the mobile application for the Non-MSP version.
• Agent Ownership Transfer: Ownership transfer for resources discovered via an agent now works as intended, including updating the agent configuration file.
• Custom Role Privileges: Resolved issues with the "Lock/Unlock Users" privilege in custom roles.
• Access Control: Newly added accounts now inherit configured access control settings for File Store, Key Store, and License Store resource types.

Security Fixes:

• XSS Vulnerabilities: Stored Cross-Site Scripting (XSS) vulnerabilities have been resolved in the following areas:
  • Selecting domain accounts from the "Connections" tab.
  • Accessing the "SSH Keys" tab.
  • Fetching groups and OUs while creating an Active Directory User Certificate discovery schedule.
• LDAP Privilege Misuse: Fixed a vulnerability that allowed users with "Manage LDAP" privileges to open TCP sockets and communicate with other services on the server or network.