New Features

• Support for launching remote connections to target resources via RDP, SSH, and VNC, with monitoring, tracking, and auditing of remote sessions, including playback of recorded sessions.
• The special character '_' can now be included in password generation.

Improvements

• Upgraded Tomcat
• Upgraded PostgreSQL server
• Upgraded moment.js JavaScript library
• Upgraded Bootstrap framework
• Upgraded jQuery UI JavaScript library
• jTDS driver is no longer supported; JDBC driver is now the default for database connections.

Bug Fixes

• Fixed Remote Code Execution (RCE) vulnerabilities that allowed admins to execute arbitrary commands via specific SSH and SSL operations.
• Fixed stored Cross-Site Scripting (XSS) vulnerabilities during the following actions: creating a public key, adding/updating ClouDNS provider details, ordering certificates via GlobalSign, and ordering certificates via SSL Store.
• Fixed an access control vulnerability that allowed Operators to edit ACME-deployed domains configured by other users.
• Fixed a Local File Inclusion (LFI) vulnerability that allowed admins to enumerate files via crafted library paths.
• Fixed an issue where the one-time password for Two-Factor Authentication remained valid after its default duration.
• Fixed an issue where the criteria column in dynamic resource groups displayed "contains" as the default value.
• Fixed an issue where selecting any "Password Reset" privileges for a custom role enabled the "Remote Connection to Machines" privilege.
• File transfer in RDP sessions is now exclusive to the Enterprise edition; uploads via drag-and-drop in Premium and Standard editions have been disabled.

New Features

• Periodic Password Integrity Check: Administrators can now schedule automated password integrity checks for resource groups. These checks can run daily, at regular intervals, or on a specific day of the month, ensuring consistent password verification without manual intervention.
• SSL Certificate Synchronization Check: Perform regular checks on the synchronization status of SSL certificates deployed across servers. Generate detailed reports on synchronization results.
• Certificate Tools:
  • Convert certificate formats (e.g., PEM to PKCS7, CER to PEM).
  • Parse and organize certificate content into a readable format.
  • Scan domains for vulnerabilities without adding certificates to the repository.
  • Create Certificate Signing Requests (CSR) and self-signed certificates.
• Integration Enhancements:
  • AWS Certificate Manager: Full integration for certificate lifecycle management.
  • Azure Key Vault: Manage SSL/TLS certificates directly through INGOS Password Manager.
  • Sectigo Certificate Manager: Automate the management of Sectigo-issued certificates.
• Expanded Certificate Management:
  • Manage the entire lifecycle of Microsoft Certificate Authority (MSCA) certificates.
  • Manually add certificate details for certificates in restricted environments.
  • Deploy SSL certificates to Citrix ADC Load Balancers.

Enhancements

• Grouping certificates with identical Common Names and different serial numbers is now possible.
• Scheduled tasks can now be executed immediately with the "Execute Now" option.
• Email notifications for expired certificates can now exclude automatically renewed certificates.
• Support for importing private keys and issuer certificates to create complete certificate chains (JKS, PKCS, PEM).
• Improved certificate discovery with options for IP ranges and text files.
• Enhanced reporting now includes details like Common Name, Serial Number, and Sync Status.
• Optimizations for multi-server deployments and new IIS binding configuration options.

Bug Fixes

• Various issues with certificate discovery, import, and synchronization have been fixed to ensure seamless operation across platforms.
• Errors in API integration, certificate renewal processes, and notification delivery have been resolved.
• Compatibility issues with non-English templates and wildcard certificates have been addressed.
• Improved LDAP synchronization for large datasets and optimized audit logging.

Security Enhancements

• Strengthened protections against vulnerabilities such as Path Traversal, Local File Inclusion, and XSS.
• Fixed issues with parsing and validating certificate attributes during import operations.

Added:

• Digital Signatures: INGOS Password Manager now supports digital signatures for agent files, enhancing authenticity and protection against tampering.
• New RESTful APIs:
  • API to share resource groups with users in bulk.
  • API to share resource groups with user groups in bulk.

Fixed:

• Resource Details: Fixed an issue where "Account Notes" displayed encoded characters instead of colons (:) on the Resource Details and Account Details pages.
• Rebranding: The rebranding of the INGOS Password Manager logo now reflects correctly in the mobile application for the Non-MSP version.
• Agent Ownership Transfer: Ownership transfer for resources discovered via an agent now works as intended, including updating the agent configuration file.
• Custom Role Privileges: Resolved issues with the "Lock/Unlock Users" privilege in custom roles.
• Access Control: Newly added accounts now inherit configured access control settings for File Store, Key Store, and License Store resource types.

Security Fixes:

• XSS Vulnerabilities: Stored Cross-Site Scripting (XSS) vulnerabilities have been resolved in the following areas:
  • Selecting domain accounts from the "Connections" tab.
  • Accessing the "SSH Keys" tab.
  • Fetching groups and OUs while creating an Active Directory User Certificate discovery schedule.
• LDAP Privilege Misuse: Fixed a vulnerability that allowed users with "Manage LDAP" privileges to open TCP sockets and communicate with other services on the server or network.