New Features

• Periodic Password Integrity Check: Administrators can now schedule automated password integrity checks for resource groups. These checks can run daily, at regular intervals, or on a specific day of the month, ensuring consistent password verification without manual intervention.
• SSL Certificate Synchronization Check: Perform regular checks on the synchronization status of SSL certificates deployed across servers. Generate detailed reports on synchronization results.
• Certificate Tools:
  • Convert certificate formats (e.g., PEM to PKCS7, CER to PEM).
  • Parse and organize certificate content into a readable format.
  • Scan domains for vulnerabilities without adding certificates to the repository.
  • Create Certificate Signing Requests (CSR) and self-signed certificates.
• Integration Enhancements:
  • AWS Certificate Manager: Full integration for certificate lifecycle management.
  • Azure Key Vault: Manage SSL/TLS certificates directly through INGOS Password Manager.
  • Sectigo Certificate Manager: Automate the management of Sectigo-issued certificates.
• Expanded Certificate Management:
  • Manage the entire lifecycle of Microsoft Certificate Authority (MSCA) certificates.
  • Manually add certificate details for certificates in restricted environments.
  • Deploy SSL certificates to Citrix ADC Load Balancers.

Enhancements

• Grouping certificates with identical Common Names and different serial numbers is now possible.
• Scheduled tasks can now be executed immediately with the "Execute Now" option.
• Email notifications for expired certificates can now exclude automatically renewed certificates.
• Support for importing private keys and issuer certificates to create complete certificate chains (JKS, PKCS, PEM).
• Improved certificate discovery with options for IP ranges and text files.
• Enhanced reporting now includes details like Common Name, Serial Number, and Sync Status.
• Optimizations for multi-server deployments and new IIS binding configuration options.

Bug Fixes

• Various issues with certificate discovery, import, and synchronization have been fixed to ensure seamless operation across platforms.
• Errors in API integration, certificate renewal processes, and notification delivery have been resolved.
• Compatibility issues with non-English templates and wildcard certificates have been addressed.
• Improved LDAP synchronization for large datasets and optimized audit logging.

Security Enhancements

• Strengthened protections against vulnerabilities such as Path Traversal, Local File Inclusion, and XSS.
• Fixed issues with parsing and validating certificate attributes during import operations.

Added:

• Digital Signatures: INGOS Password Manager now supports digital signatures for agent files, enhancing authenticity and protection against tampering.
• New RESTful APIs:
  • API to share resource groups with users in bulk.
  • API to share resource groups with user groups in bulk.

Fixed:

• Resource Details: Fixed an issue where "Account Notes" displayed encoded characters instead of colons (:) on the Resource Details and Account Details pages.
• Rebranding: The rebranding of the INGOS Password Manager logo now reflects correctly in the mobile application for the Non-MSP version.
• Agent Ownership Transfer: Ownership transfer for resources discovered via an agent now works as intended, including updating the agent configuration file.
• Custom Role Privileges: Resolved issues with the "Lock/Unlock Users" privilege in custom roles.
• Access Control: Newly added accounts now inherit configured access control settings for File Store, Key Store, and License Store resource types.

Security Fixes:

• XSS Vulnerabilities: Stored Cross-Site Scripting (XSS) vulnerabilities have been resolved in the following areas:
  • Selecting domain accounts from the "Connections" tab.
  • Accessing the "SSH Keys" tab.
  • Fetching groups and OUs while creating an Active Directory User Certificate discovery schedule.
• LDAP Privilege Misuse: Fixed a vulnerability that allowed users with "Manage LDAP" privileges to open TCP sockets and communicate with other services on the server or network.