Changelog V9

v9.9 Build 9992 - 29th April 2026

Third-Party Security Updates

Updated Updated Telerik ASP.NET Controls to version 2026.1.421.462 (Security Update)

v9.9 Build 9991 - 10th April 2026

Fixed Resolved some performance issues with Passwordstate loading, after upgrading to 9988 or 9990, as reported by a few customers

v9.9 Build 9990 - 1st April 2026

Third-Party Security Updates

Updated Updated Remote Session Gateway to build 1122 (Security Update)
Updated Minor updates and improvements

v9.9 Build 9988 - 25th March 2026

Third-Party Security Updates

Updated Updated Telerik ASP.NET Controls to version 2026.1.225.462 (Security Update)
Updated Minor updates and improvements

v9.9 Build 9986 - 12th February 2026

UpdatedMade changes to Duo authentication to better support WinHTTP proxy.
UpdatedMinor updates and improvements.

v9.9 Build 9984 - 20th January 2026

UpdatedUpdated authentication to accommodate Duo’s deprecation of the v1.0 User-Agent for API requests.

v9.9 Build 9983 - 1st December 2025

UpdatedMinor updates and improvements.
FixedFixed an issue accessing the User Account Management screen for the Password Reset Portal module.
FixedFixed an issue with the Windows Integrated API, where an exception was occuring using the copy/move password functionality.

v9.9 Build 9980 - 10th November 2025

UpdatedUpdated Reset and Validation script for Procurve switches to use Chilkat assembly.
UpdatedMinor updates and improvements.
FixedFixed an issue where the screen to print the Emergency Access login details would not open.
FixedFixed a couple of issues with the Copy/Move Password feature.
FixedFixed an issue where you were redirected to the logout page when your trial had expired.
FixedHave I Been Pwned report was trying to report on password records where the password value was not set.
FixedFixed an Insufficient Permissions error when trying to delete a Password List when the user had Modify rights - and the System Setting was set to allow this.
FixedFixed a Unicode bug in the Password Reset Portal when retrieving device names for Duo verification.

v9.9 Build 9972 - 28th August 2025

Security Updates

UpdatedFixed a potential Authentication Bypass when using a carefully crafted URL against the core Passwordstate Products' Emergency Access page (CVE-2025-59453).
UpdatedStrengthened security and approach to preventing potential Clickjacking associated with our Brower Extension if users visit compromised web sites.

v9.9 Build 9970 - 23rd July 2025

UpdatedMinor updates and improvements.
FixedFixed issues in Browser Based Gateway where session recordings were not being marked as complete, or password records being checked back in.

v9.9 Build 9968 - 15th July 2025

Database Schema Updates

UpdatedSQL Server 2012 Native Client is no longer a requirement for Passwordstate.
UpdatedBreaking Change: If you have MultiSubnetFailover=Yes in the database connection string in your web.config file, you need to change it to MultiSubnetFailover=True.
UpdatedAdded in new System Settings to prevent password records configured for Check In/Out from showing in Mobile App, Browser Extensions and Standard API.
UpdatedMinor updates and improvements.

v9.9 Build 9965 - 10th June 2025

Database Schema Updates

UpdatedVarious updates to Mobile App - refer to App and Play store.
UpdatedImproved global error handling in APIs.
UpdatedMinor updates and improvements.
FixedFixed an issue in API's where multiple Allowed IP Ranges settings on Password Lists could have prevented API calls.

v9.9 Build 9961 - 19th May 2025

FixedFixed a potential SystemSettings Hash bug introduced in Build 9960.

v9.9 Build 9960 - 12th May 2025

Database Schema Updates Security Updates

UpdatedAdded a new alerting feature for Security Administrators if they have not encryption sections of various configuration files, as per best practises.
UpdatedAdded a new Restricted Feature for moving Private Password Lists between user accounts.
FixedFixed an issue where page threads were not being aborted with certain permission check redirects.
FixedFixed potential cross site scripting vulnerabilities with Copy Password feature, and radio button field types for Generic Fields.
FixedUpdated Telerik ASP.NET controls to version 2025.1.416.462, and other minor bug fixes, updates and security improvements.

v9.9 Build 9955 - 18th April 2025

UpdatedChanged font on Add and Edit passwords screen, to improve readability of similar looking characters.
UpdatedAdded additional hash checks to tables.
UpdatedUpdated OTP fields for Google and OTP login screens to use the autocomplete="one-time-code" property.

v9.9 Build 9952 - 14th April 2025

Security Updates

FixedFixed a potential cross site scripting vulnerability with the Self Destruct message feature.
FixedMinor bug fixes, updates and improvements.

v9.9 Build 9950 - 24th March 2025

UpdatedUpdated Password Reset Portal with latest versions of third party components.
FixedVarious updates a fixes for sending emails, and specifying blank fields when posting data to the API.
FixedFixed potential bug when viewing folder permissions where the ability to manage permissions may have been disabled, when you had administrator rights to the folder.

v9.9 Build 9947 - 10th February 2025

UpdatedUpdated machineKey setting in web.config file to use randomly generated key by default - please note manual upgrade step required for Load Balancing of multiple web servers.
UpdatedUpdated Telerik ASP.NET controls to version 2024.4.1114.
FixedFixed a potential issue where first letter word capitalization setting may not have been working for password generator policies if set.
FixedSelecting a different policy on the Password Generator screen, was not updating all the controls with relevant policy values.

v9.9 Build 9943 - 30th January 2025

Database Schema Updates

UpdatedAdded various System Settings options for password generator policies to limit quantity and length of randomly generated passwords.
UpdatedCSV Imports for Passwords now also support semi-colon as the delimiter.
UpdatedUpdated Active Directory validation script to first attempt to use account in UPN format, instead of sAMAccountName format.
FixedFixed a bug introduced in build 9938 where it was not possible to click on Hosts Home under the Hosts tab.
FixedFixed an issue with the AD Sync process where the scheduled would not trigger if no domain records in Passwordstate had the 'Use for Authentication' option selected.

v9.9 Build 9938 - 14th January 2025

Database Schema Updates

UpdatedAdded support for Windows Server 2025.
UpdatedMade potential SQL performance improvements when using the Pattern option in Password Generator Policies, when the pattern also includes word phrases.
FixedFixed a possible error with the Remote Site Locations Agent where it could have reported a conversion failure of type System.String to type System.Security.SecureString.
FixedFixed possible exceptions when using the Out-Of-Band synchronization method in the API's, when querying of Active Directory was taking more than 1 minute to complete.
FixedFixed an issue where the Launch buttons for remote sessions may not have been working when using the Global Search feature.
FixedMade some improvements to session tracking when having multiple tabs open in your browser.
FixedFixed a potential memory leak in the lsass.exe process for Passwordstate Windows Services, when using an MSA account for database connectivity, and when using the Backup functionality within Passwordstate.
FixedFixed a potential 'Record Not Found' bug when navigating to the properties of a Folder from the screen Administration -> Password Folders.

v9.9 Build 9930 - 11th December 2024

UpdatedCSV imports now support the UTPUri field for One-Time Passwords.
UpdatedAll PowerShell scripts have been updated to use SecureString type where appropriate, to support PowerShell Transcription group policy settings.
FixedFixed an issue with Client Based Launcher to work around browser changes for custom URL protocols.
FixedFixed an issue with the Encryption Key Rotation feature where it could have malformed the data in the Passkey Hash field - used within the Browser Extensions.
FixedFixed a possible hash failure check in the browser extension, and the API's when sending Self Destruct Messages, if one of the generic fields in the Password List was configured as a Date Picker Field Type.

v9.9 Build 9925 - 2nd December 2024

FixedFix an issue with the Client Based Launcher, where sessions using the Manual Launch button where not executing.
FixedFixed an issue where the 'Email Sent' auditing record was not being added if using Exchange Online for sending emails.
FixedFixed a data integrity issue when browsing directly to the Emergency Login page.

v9.9 Build 9922 - 26th November 2024

FixedFixed an error of "Could not find any recognizable digits" when trying to view a password record where generic fields were being used, with the encryption option deselected for those fields.
FixedFixed an error in the App Server, where the Mobile App was reporting the session had expired just after logging in.

v9.9 Build 9920 - 25th November 2024

Database Schema Updates Security Updates

UpdatedAdded custom 404 pages to Password Reset Portal, and Self Destruct Message web sites.
UpdatedAdded additional hash data and checks to various tables.
FixedFixed a potential permission escalation on the edit folder screen (CVE-2024-54124).
FixedFixed an issue on the Edit Passwords screen where the OTP animation could have kept the user's session alive.
FixedFixed possible unicode encoding issue in emails sent for Self Destruct Messages.

v9.9 Build 9915 - 24th September 2024

UpdatedIf the Password List option 'Allow Password List to be Exported' is deselected, the 'Password Export' option on the Add Password screen will no longer be deselected by default.
UpdatedMinor updates and improvements.
FixedFixed an issue where a similar System Setting for View access to password records was allowing the user to delete a record.
FixedPrevious fix for a bug with Remote Site Locations with duplicate Domain NetBIOS values was not working.

v9.9 Build 9911 - 3rd September 2024

Database Schema Updates

UpdatedAdded Proxy support for sending emails through Exchange Online.
UpdatedMinor updates and improvements.
FixedFixed an error reported in the Windows Application Event Log, if Auditing data exceeded 2.1 billion rows.
FixedFixed an issue where the 'Perform Active Directory Synchronization' API method may not have triggered.
FixedFixed LastPass Import script if there were no 'Groups' in the exported data.
FixedFixed a bug with Remote Site Locations with duplicate Domain NetBIOS values where checks for password resets was duplicating the records.

v9.9 Build 9905 - 30th July 2024

Database Schema Updates

UpdatedPasskey authentication for browser extensions is now out of beta.
UpdatedIf a Password List is configured for 'Additional Authentication', then this setting will also be honored when performing Remote Sessions.
UpdatedDeprecated the 'Usage Tracking' feature on the System Settings screen.
UpdatedMade searching under the Hosts tab consistent with the Passwords tab, in that search results will only show Host records that are nested beneath folders which your account has been given access to.
UpdatedAdded further error capturing to Browser Extensions for errors like 'Object reference not set to an instance of an object' when synchronizing data.
UpdatedMinor updates and improvements.
FixedFixed as possible bug of 'Value was either too large or too small for an Int32' when trying to query auditing data.
FixedFixed an issue where the 'Copy or Move Password' menu item was disabled with View access, when the relevant System Setting should have allowed this.
FixedFixed a potential encoding formatting issues when executing various reports via the API(s).
FixedFixed a bug of 'EBQ=.DxQ= in the Assembly PasswordstateAppServer', when installing, or upgrading, to build 9894 of the App Server.
FixedFixed a possible exception in the Passwordstate Windows Service where it was checking the browser based gateway session recording folder path, when the option to not purge any session recordings was set.

v9.8 Build 9894 - 28th June 2024

UpdatedVarious improvements for chromium browser extensions, including minor UI changes, and better handling of intermittent network connectivity issues to Passwordstate API.
UpdatedProvided new option for changing ownership of Private Password Lists.
UpdatedMinor updates and improvements.
FixedFixed a potential issue with Key Rotation feature for the AccessRequestApprovers table.

v9.8 Build 9890 - 3rd June 2024

UpdatedUpdated Active Directory account discovery script, to discover accounts within nested security groups as well.
UpdatedUpdated Chromium based browser extensions to manifest v3 format.
UpdatedUpdated the Self Destruct Message method in both APIs to return the message URL once the message has been sent.
UpdatedProvided an option in the Remote Session Gateway to disable clipboard functionality for RDP sessions.
FixedFixed an issue in the APIs where deleting a Remote Site Location record, was not deleting all associated data in the database.
FixedFixed an issue for Remote Session Gateway and session recordings, when using local accounts for authentication, when using the passive HA instance of Passwordstate.
FixedFixed a possible "Object reference error" in the API's when trying to send a Self Destruct message, based off of a password record.
FixedFixed an issue in the Remote Session Gateway where dragging and dropping files (uploading) into a session was not working.
FixedFixed bug when accessing Host Discovery jobs from the Administration tab, where it reported you had insufficient permissions.

v9.8 Build 9881 - 6th May 2024

Database Schema Updates

UpdatedAdded a new system setting option which prevents modifying the username, host name or domain fields on password records, if the Password List was enabled for resets.
UpdatedAdded a new "Passwordstate Resumption Notification" email template, and a button on the main Administration screen.
UpdatedUpdated Putty and VNCViewer for the client based remote session launcher to the latest versions.
FixedFixed an 'Access Denied' error with the Password Reset Active Directory Password PowerShell script, if the account being reset was linked to a Privileged Account Credential.
FixedFixed an issue in the browser based remote session gateway where it was not possible to download files from a remote session.
FixedFixed and issue in the Windows Integrated API, where the permission check on the use of a privileged account credential was not being performed.
FixedFixed an issue with permalinks where it could have presented a screen saying "insufficient permissions", instead of the screen giving you the option to request access.
FixedFixed a potential error of "String or binary data would be truncated" when deselecting the "Enable Password Resets" option on a Password List, and clicking the Save button.

v9.8 Build 9873 - 15th April 2024

UpdatedChanged session recording file naming convention for browser-based gateway, so file names are now more generic.
UpdatedMinor updates and improvements.
FixedFixed potential confusion with remote session gateway session recording file names, under various different conditions.
FixedFixed an error of "Conversion from string "" to type 'Integer' is not valid" for Linux discovery jobs, when a custom operating system was selected for the Job and Host records.
FixedFixed an issue where the AD Sync process was reporting in Auditing a user's email address field was updated, when it wasn't because the System Setting to ignore email address changes was selected.
FixedFixed an error of 'Conversion from string "Emergency" to type 'Double' is not valid' when using SAML in conjunction with the Allowed IP Ranges feature.
FixedFixed an issue where the SAML Logout URL was not being used, when using SAML in conjunction with the Allowed IP Ranges feature.

v9.8 Build 9866 - 28th March 2024

FixedFixed a database integrity error after cloning user permissions in bulk using a csv file, when the DestinationUserID field was not all lowercase.
FixedFixed the error of "This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms" for the Password Reset Portal, when using the Temporary Pin Code verification policy with FIPS encryption.
FixedFixed a potential error of "Unable to find an entry point named 'SI17c3a78ecf9eff4c' in DLL 'SQLite.Interop.dll'" for the passive read-only version of High Availability.
FixedFixed an issue introduced in build 9849 where password updates with the Browser Extensions was no longer working.
FixedFixed an issue with the Remote Session Gateway for SSH sessions, where the icons for viewing terminal history was not displaying for non-Linux devices.
FixedFixed a possible error of 'Object reference not set to an instance of an object' when cloning User or Security Group permissions, when used in combination with the filtering options.
FixedFixed an Invalid Referring Page message when using ScramblePad authentication in combination with AD Single Sign-On.
FixedFixed a potential issue where permissions based on Security Groups could have been removed, if deliberately cloning many user permissions in succession, on the Administration -> User Accounts screen.

v9.8 Build 9858 - 7th March 2024

Security Updates

FixedFixed a potential authentication bypass issue (CVE-2024-39337).
FixedFixed an issue where the App Server Windows Service may not have recovered communicating to the database, if the database was offline at the time the Windows Service started.
FixedFixed an issue where it was possible to add permissions to a host folder for a user account, when the user's account was disabled in Passwordstate.
FixedFixed a potential issue on the Security Groups and User Accounts screen, where the default domain may not have been selected by default.
FixedFixed a potential issue on the Security Groups and User Accounts screen, where it may not have been possible under certain conditions to query security group members.

v9.8 Build 9853 - 20th February 2024

UpdatedUpdated some screens for the Password Reset Portal, to inform the user how to close the browser when accessing from Windows Login screen.
UpdatedUpdated OpenJDK version in install scripts for browser based remote session gateway to 21.0.2.
FixedFixed an issue with LastPass data import, where an apostrophe in the Group Name would cause the import to fail.
FixedFixed an issue with Security Administrator roles where Privileged Account Credentials and PowerShell Scripts roles where incorrectly enabled/disabled in the navigation tree.

v9.8 Build 9849 - 13th February 2024

UpdatedAdded support in the browser extensions for passkey authentication (Beta).
UpdatedAdded a new auditing activity type called 'OTP Secret Viewed'.
FixedFixed an issue with SSH sessions using browser based gateway where creating folders via the GUI was applying read only permissions to them.
FixedFixed an issue where a scheduled reset for a password record was still executing after moving the record into a Password List that was not enabled for resets.
FixedFixed a potential issue where a new tab was not opened when clicking on the 'Auto Launch' button for browser based remote sessions.
FixedFixed an issue when selecting an AD Domain as it wouldn't select the correct domain due to two or more having the same NetBIOS name.
FixedFixed an issue where you could not add permissions to Remote Session Credentials in the Administration area, if there were no permissions currently applied to the credential.
FixedFixed an issue where the comma character was not being considered when calculating password strength.
FixedFixed an issue where Brute Force lockout entries where automatically being cleared when the number of minutes was set to 0.
FixedFixed the error of "Input array is longer than the number of columns in this table" when cloning Security Group permissions.

v9.8 Build 9839 - 21st December 2023

UpdatedCode signed the Powershell script used with the client based launcher.
FixedFixed an issue with a new install of the Password Reset Portal where the web.config file was referencing the incorrect version of the .NET Framework.
FixedFixed an issue where the Last Logged In date for a user account was not being updated, if certain Single Sign On and additional authentication option was being used.
FixedFixed a potential issue where Remote Session Credentials where not showing in the Linked Credentials dropdown list for some host records.

v9.8 Build 9835 - 14th December 2023

Database Schema Updates

UpdatedIf a 'Domain Controller FQDN' is specified for an AD domain record, it will also now be used for authentication.
UpdatedUpdated Reset and Validation scripts for Entra ID/Office 365 accounts to use the new Microsoft Azure Az PowerShell module.
UpdatedMade changes to searching for Folders via the APIs to improve the accuracy of searching for Folders in the root of Passwords Home.
UpdatedEdit Password screen will now show an indicator that the record is in the Recycle Bin - and no changes can be made to the record.
FixedFixed an issue with password permalinks, and Exchange Online email server, where the email would be sent to the person sending the permalink, and not the recipient.
FixedFixed a possible error console message which stated the drawing of charts timed out, even though the charts where successfully drawn.
FixedFixed an issue where the discovery job for scheduled tasks may not have reported back for certain operating systems, if the schedule task itself had the domain prefix stripped from the account itself on the task.
FixedFixed an issue where the Disable Inheritance option on folders was enabled when the setting to allow modify rights to rename folders was configured.
FixedFixed the error of "An error has occurred., PrivatePasswordList, System.IndexOutOfRangeException" when trying to copy/move password records via the Windows Integrated API (WinAPI).
FixedFixed an issue where the Copy to Clipboard was not working for the URL field on Passwords Home, for Favorite Passwords grid, when the URL was being shown as an icon.
FixedFixed a potential bug where a general error would occur when trying to determine the next file name to use for remote session recordings.
FixedFixed an issue where it was possible remote session recordings where not being initiated/saved, when launching the session direct from a password record - when the per host session recording option was being used.

v9.8 Build 9823 - 19th October 2023

Database Schema Updates

UpdatedAdded a new Restricted Feature to remove the requirement for a user generated Master Password for browser extension authentication.
UpdatedUpdated the Restricted Features unlock codes so they are only valid for 48 hours.
UpdatedUpdated Self Destruct message feature to search for recipient email addresses to improve performance.
UpdatedYou can now specify default values for Self Destruct Message view and destruct period.
UpdatedUpdated Windows Credential Provider browser to use latest build of Chromium.
FixedFixed a potential form filling issue with browser extensions for the username field, when the field IDs were blank.
FixedFixed an issue with the browser extensions where clicking on a credential within the icon overlay was not working when used in conjunction with the search functionality.
FixedFixed a potential formatting issue when composing Self Destruct Messages based off of a password record.
FixedFixed a potential file naming issue for browser based gateway remote session recordings, if a recording for the same username and hostname where deleted on the same day they were created.
FixedPassword List Administrators, who's account in Passwordstate was disabled, were being returned as someone who could approve Access Requests.
FixedFixed a potential failed backup, caused by a file locking issue if the remote session gateway feature was in use.
FixedFixed an issue with Session Recording playback, if the authenticating UserID had a decimal character in it.

v9.8 Build 9811 - 25th September 2023

Database Schema Updates Security Updates

UpdatedUpdated Windows Credential Provider browser to use latest build of Chromium.
UpdatedUpdated Chilkat assembly used for SSH to version 9.5.0.95.
UpdatedAdded an option to use the -UseSSL parameter in PowerShell scripts for the Invoke-Command cmdlet.
UpdatedAdded logging of IP Address on the screen Administration -> Error Console.
UpdatedAdded an option to prevent the use of Password Lists in the browser extensions, and mobile app, where the Additional Authentication option is set on the Password List.
UpdatedIncluded OTPUri field in response for the API endpoints when retrieving password records.
UpdatedAdded 3 new Auditing Activity types for Add/Delete/Update Password Folders.
FixedIncorrect Access Control allowing the potential for an existing Security Administrator to use the System Wide API Key to interact with private password lists for Password History, delete and copy/move API endpoints (CVE-2023-47801).
FixedFixed a potential bug when discovering accounts on IIS Application Pools where it may have reported an account name that matched the application pool name.
FixedFixed an issue with Bulk Permissions feature, for Password Lists with the disable inheritance option set, where the Password List was disabled when wanting to apply permissions based on a security group.
FixedFixed a potential case sensitivity failure check for Bad Passwords, if using both the local and Have I Been Pwned options.
FixedFixed possible logging of anti-forgery error, when load balancers, app proxies or other events, cause sessions in IIS to end prematurely.
FixedFixed a potential Unicode/character transformation issue when exporting data from the screen Administration -> Reporting, or via a Scheduled Report, or when editing the description for an Active Directory security group.
FixedFixed a file naming logic issue for remote session recordings, if a recording was deleted via the UI and another recording was started prior to the file being removed from the file system.
FixedFixed a "user not found" error when trying to edit a user's account when the data contained certain Unicode characters.
FixedCorrected MIME type errors when being served from Azure, and the Add/Edit password screens.

v9.7 Build 9795 - 31st August 2023

Database Schema Updates Security Updates

UpdatedMade various security improvements and enhancements (CVE-2023-43295).
UpdatedObfuscated some data used to query statistics for generating graphs.
UpdatedUpdated brute force login detection to also check upon successful logins.
UpdatedUpdated Active Directory Account Discovery job to no longer discover disabled or managed service accounts.
UpdatedUpdated the Bulk Password Copy/Move functionality in the administration area, so you first have to search for your Password Lists - improved performance.
UpdatedUpdated the Trial Extension screen so customers can specify purchase license keys on this screen also.
UpdatedAdded additional timeout values for the Browser Extension Session Timeout setting.
FixedFixed a potential General Error screen when a user reset's their login password for Local Login account.
FixedFixed typos in Windows Integrated API documentation.

v9.7 Build 9786 - 3rd August 2023

FixedFixed a potential performance issue with the newly updated Browser Extensions.

v9.7 Build 9785 - 31st July 2023

Please note the new requirement for browser extensions in this build

Database Schema Updates

UpdatedMade improvements to browser extension authentication, which now requires the use of a Master Password for each user.
UpdatedAdded support for importing Bitwarden password records.
UpdatedUpdated Remote Session Gateway configuration file to use stronger ciphers and TLS settings by default.
UpdatedBrowser based remote session gateway now supports Kerberos authentication.
UpdatedUpdated browser based Remote Session Gateway to internal build 1034.
UpdatedAdded additional auditing for SAML Authentication, and for when EmailAddress and UserPrincipalName field values change.
UpdatedUpdated Windows Credential Provider browser to use latest build of Chromium.
UpdatedAdded an option to the API's to use the PreventAuditing parameter when retrieving or searching for Password Lists.
UpdatedThe browser extension settings for automatically logging out of the extensions have now been deprecated and replaced with new settings.
UpdatedWhen exporting password records, the OTPUri field for One-Time Passwords will now also be exported.
UpdatedWhen adding/updating password records via the API's, you can now specify a OTP Uri value for Password Lists where One-Time Passwords are enabled.
UpdatedImproved accuracy of auditing for the Browser Extensions when opening multiple tabs at the same time, when parallel form filling was occurring.
UpdatedRefactored various legacy code in the verification screens for the Password Reset Portal module.
UpdatedIncreased the size of the AD Domain LDAP field to 500 characters.
UpdatedAdded HMAC Hashing checks to HostsACL table.
UpdatedAdded HMAC Hashing checks to RemoteSessionCredentials table.
UpdatedAdded additional data to the HMAC Hash field in UserAccounts table.
FixedFixed a potential issue querying or synchronizing Active Directory Security Groups and Users within the UI where a specified Domain Controller FQDN for the domain was not being used.
FixedFixed a potential issue querying or synchronizing Active Directory Security Groups and Users if the Security Groups contained any objects that were stored in the ForeignSecurityPrincipals Container.
FixedFixed an issue where the FirstName and Surname of a user may have been missing from Password Reset Portal Auditing, when editing their account details in the UI.
FixedFixed a UI issue where selecting a Privileged Account Credential for resets on the Edit Password screen, would result in the fields on the 'Password Details' tab from not rendering.
FixedFixed a possible error of "Index was outside the bounds of the array" when visiting the System Settings screen, based on a missing value in the HideFieldsRequestAccess field.
FixedFixed an issue when playing back remote session recordings where you were not informed if the file no longer existed on the file system.
FixedFixed a Javascript error of "MIME type ('text/html') is not a supported stylesheet" for the file kendo.dataviz.min.css.
FixedFixed an issue with the Separate Password authentication option on Password Lists, where the value of the password could have been cleared by making changes to any settings for the Password List.
FixedFixed an issue when using a Host Folder permalink where it was reporting to the user they did not have access to the Host Folder.
FixedFixed a potential 'Object reference not set error' when searching for Host records under the Hosts tab.
FixedFixed an issue where session recordings for the browser based gateway where showing as In Progress after invalid credentials were provided and the session was ended.
FixedFixed various icon issues in the Hosts tab when using the Load On Demand feature.
FixedFixed the Adblocker detection for the Passwordstate web site.
FixedFixed a FieldNameLookup error when searching in the Password Lists/Folder navigation tree, after first clicking on the 'Favorite Password Lists' icon.
FixedFixed a formatting issue with SSH for browser based gateway for the "top" command.

v9.7 Build 9753 - 4th May 2023

UpdatedAPI Key fields will now be disabled and you must use the Generate New Key and Clear buttons.
UpdatedUpdated Telerik ASP.NET Controls to version 2023.1.323.45.
UpdatedAdded IP Address logging to the log file used during upgrades.
UpdatedUpdated the authenticate screen using during upgrades, so you can login with the Emergency Access account if needed.
UpdatedThe report "What passwords does a user still know?" will now consider password records that the user no longer has access to within Passwordstate.
UpdatedUpdated Windows Credential Provider browser to use latest build of Chromium.
UpdatedWhen sending self destruct messages via the WinAPI, we now validate the sending account has an email address associated with the account.
UpdatedWith the Restricted Feature for powershell scripts, the Test Script Manually feature will now also be disabled.
UpdatedRemoved the use of the /upload folder.
FixedFixed an issue converting the permission model of a folder where it was still performing the convert after clicking on the cancel confirmation button.
FixedFixed an issue on some screens where it may have reported there were no Active Directory Domains, because no domains had the setting 'Used For Authentication' enabled.
FixedFixed a bug when searching on Passwords Home or a Folder, where the Username copy to clipboard icon was presenting the Provide a Reason screen when this setting was enabled on the relevant Password List.
FixedFixed an issue with the Password Reset Portal where the 'Unlock & Reset' button was not unlocking the user's account in Active Directory.
FixedFixed a Mobile App sync issue on the App Server when permissions were applied to individual password records.
FixedFixed an issue with the Client Based Launcher where SSH sessions would not launch correctly if the password had any of the following characters in it (){}.
FixedFixed an issue when re-uploading a document under the Passwords tab where the document name was not being updated in the database if it was different.

v9.7 Build 9737 - 12th April 2023

UpdatedWith the 'Mobile Access Bulk Permissions' feature, you can now change Mobile Permissions for Private Password Lists.
FixedCode signed the Passwordstate Windows Service file (Passwordstate.exe), which was missed since build 9708 where is was moved to a different folder location.

v9.7 Build 9735 - 23rd March 2023

UpdatedUpdated the Password Reset Portal so the browser included with the new Windows Credential Provider can be closed with a keyboard shortcut.
UpdatedAdded a warning when dragging and dropping Password Lists and Folders around, to ensure they are dropped on top of other nodes, and not between nodes.
UpdatedLogins screens will now redirect you to the log off page, if your session expired whilst leaving the page idle.
FixedFixed an issue in the Windows Integrated API where searching for Folders by Description field was giving the error "Ambiguous column name Description".
FixedFixed an issue in the Windows Integrated API where updating a password record could return an error saying "string was not recognized as a valid DateTime".
FixedFixed an issue where it was possible there were missing corresponding records in the TreeViewState table for Password Lists and Folders.
FixedThe Emergency Access password field on the Unauthorized Web Server page was limited to 100 characters.
FixedFixed an issue in the APIs when searching for a folder using the Description field where it returned the error of Ambiguous column name 'Description'.

v9.7 Build 9727 - 15th March 2023

Please note the database upgrade screen for this build may take some time to complete

Database Schema Updates

UpdatedAdded HMAC Hashing checks to TreeViewState tables.
UpdatedWhen impersonating another user from the screen Administration -> User Accounts, drag and drop of folders and password lists will be disabled under the Passwords and Hosts tabs.
UpdatedAutomatically update the BaseURL to use https if it was set to use http.
UpdatedProvided an updated Password Reset Portal Windows Credential Provider that no longer relies on Internet Explorer for its usage.
FixedFixed a possible issue with the Remote Session Gateway where it was failing to download files from a remote session.
FixedFixed an issue in the API's when searching permissions on Privileged Account Credentials, when using multiple search criteria.
FixedFixed a bug under the Hosts tab where it may not have been possible to drag and drop a Host folder if the folder was in the root of Hosts home.
FixedFixed a potential permission bug when dragging folders from a Standard Permission Model folder to an Advanced Permission Model folder, where permissions may not have been added to some nested Folders and Password Lists.
FixedFixed a potential permission bug when dragging folders around when using Advanced Permission Model folder, when used in conjunction with the Disable Inheritance feature.
FixedFixed an potential issue testing emails on the screen Administration -> Email Templates, when using the new Exchange Online email method.
FixedFixed an issue on the Licensing screen where an & symbol was being displayed as &.
FixedFixed a potential issue in the API's where adding password history may have failed if the ExpiryDate field was not in the correct format.

v9.7 Build 9715 - 23rd February 2023

FixedFixed issues in the API's where the ExpiryDate field for password records was not being added to password history.
FixedFixed an issue where the auditing record for Auto-Enrollment for the Password Reset Portal was displaying on the incorrect Auditing screen.
FixedFixed the "Internal" remote session gateway installer script to look for the new path of the Passwordstate Windows Service.
FixedFixed a potential General Error screen when viewing Password History when the record was updated via the API, and a date value was specified for a Generic Field.
FixedFixed a potential General Error screen when adding a password record if the DatePicker field was selected for a Password List, but not value was specified on the record itself.
FixedFixed a bug where values for Generic Field 1, 2 & 3 may not have been added to password history, when the password was updated.
FixedFixed the SSL Test link on the Remote Session Gateway connection issue page.

v9.7 Build 9708 - 16th February 2023

UpdatedUpdated various third-party packages to their respective latest versions.
UpdatedUpdated the Passwordstate Windows Service to have its own folder within the main Passwordstate folder.
FixedFixed a possible General Error screen when using SAML Authentication when the authenticating user was not found in the Passwordstate database.
FixedFixed an issue on the Email Templates screen where it was not possible to test templates when using Exchange Online email option.
FixedFixed an issue with Remote Session Gateway where SSH sessions were reporting Page Not Found - introduced in build 9700.
FixedFixed an issue when dragging a Password List between two different Folders using the Advanced Permission Model, where permissions from the destination folder where not being applied.
FixedFixed an issue with the Delta Permission Report where column UserOrSecurityGroup did not exist.
FixedFixed an issue in the Passwordstate Windows Service where it may not have cleared expired tokens for the App Server.

v9.7 Build 9700 - 7th February 2023

Please note the database upgrade screen for this build may take some time to complete

Database Schema Updates

UpdatedMade performance improvements to the Show Favorites button in the Passwords navigation tree.
UpdatedCleaned up additional data in the database when deleting an Active Directory Domain record.
UpdatedProvided an option for the Remote Session Gateway, when installed externally to Passwordstate, to use files in the html folder located with the Gateway, or use files within the Passwordstate folder.
UpdatedFor the report "Where are Privileged Account Credentials currently being used", it will now show if the password record is in the recycle bin - if the privileged account is linked to a password record.
UpdatedAdded a check with SAML Authentication to ensure duplicate NameID values do not exist in the database.
UpdatedMade changes to the Notes field for password records to honour carriage returns from imported data.
UpdatedMade improvements to backup scripts to better capture possible errors.
UpdatedAdded HMAC hashing to the FeaturesACL table.
UpdatedUpdated the cookie used to remember the domain dropdown list value on login screens to use the 'SameSite' attribute.
UpdatedRelaxed automatic logging out of the Browser Extensions when the API is intermittently unavailable.
UpdatedProvided additional randomization of encryption keys.
UpdatedChanged wording on the Browser Extension confirm URL dialog to 'OK, I understand'.
UpdatedFor One-Time Password authentication, the option to use 8 digits with Counter Based authentication has been deprecated.
UpdatedThe 'Brute Forced Blocked IP Added' auditing event will only be added when the user is blocked, and not during the commencement of tracking.
UpdatedFor failed logins, the UserID value will no longer be reported in auditing or email alerts if the UserID was not found in the database.
UpdatedAdded additional debugging into the Error Console for the Password Reset Portal when a account reset fails the domain password policy check.
FixedFixed a potential issue where Password History could not be viewed in the UI if updated via the Mobile App.
FixedFixed an issue where the setting on the Preferences to clear the clipboard using the Browser Extension was not working.
FixedFixed a potential SQL Timeout issue running certain reports with large datasets.
FixedFixed an issue with the Host Discovery Job where the job remained "In Progress" if the use of the Privileged Account Credential failed its authentication.
FixedFixed an issue with HOTP (counter based) verification policy in Password Reset Portal where it was reporting incorrect pin number.
FixedFixed a possible bug with Generic Fields when turning off and on the encryption setting for the fields.
FixedFixed a possible "Query timeout expired" bug in the Passwordstate Windows Service when trying to remove time-based access to various features or Password Lists.
FixedFixed an issue with the 'Additional Approvers' feature for access requests, where the request could not be approved unless the Additional Approver was an Administrator of the Password List.
FixedFixed and issue with the Password Reset Portal where the ToFirstName variable was not being updated with the Email Temporary Pin Code verification policy.
FixedFixed the bug "Conversion from type 'DBNull' to type 'String' is not valid" when querying the GridSettings table.
FixedFixed LastPass import script as it was referencing an image for the Password List icons that did not exist.
FixedFixed a bug on the Security Administrators screens where the PowerShell Scripts and Privileged Account Credentials roles where being reversed.
FixedFixed possible 'Page Not Found' error for a page informing users they did not have access to the specific feature.
FixedFixed an issue where the confirm Passwordstate URL dialog would display a chrome-extension string when the user does not have permission to the browser extension.
FixedFixed an issue with backups where it was possible an error with a scheduled backup did not report as a failure.
FixedFixed a possible bug in the Passwordstate Windows Services which was referring to the field 'ResetPasswordOneTimeAccess' which no longer exists in the database.
FixedFixed an issue where the Remote Session API Key may not get created if a new user opens a Host Permalink that hasn't visited the Hosts tab previously in the user accounts life.
FixedFixed an issue when sending a self-destruct message where it would check if an SMTP mail server is set even if you have Exchange Online configured.
FixedFixed a copy to clipboard error using Safari of "The request is not allowed by the user agent" on Edit Password page.

v9.6 Build 9665 - 15th December 2022

FixedFixed the error of 'Incorrect syntax near the keyword DEFAULT' post upgrade, when upgrading from builds older than 9627.
FixedFixed an issue with scheduled CSV file reports where the subject line in the email was prefixed with either SMTP or OFFICE365.
FixedFixed an issue where the Microsoft Exchange Online Client Secret could have been cleared when saving other System Setting values.
FixedFixed a copy to clipboard error using Safari of "The request is not allowed by the user agent".

v9.6 Build 9661 - 12th December 2022

Database Schema Updates

UpdatedAdded the ability to clear OTP codes on password records.
UpdatedAdded the ability to cancel in progress Discovery Jobs in the UI.
FixedFixed a naming convention issue for Remote Session Recordings where the recorded file name on disk, could have been different compared to what was stored in the database.
FixedFixed an error of "An error has occurred authenticating to the API' when using RADIUS authentication for the Password Reset Portal.
FixedFixed an issue with the Excessive Activity Report where generic mailboxes on the Email Template were not receiving the report.
FixedFixed an encoding issue for Generic Field 1 on Password List page when permissions were applied using a security group.
FixedFixed an encoding issue on the User Account Management screen for the Password Reset Portal feature, for certain special characters in different fields.
FixedFixed an issue where remote session recordings where being deleted when customers had a group policy set to log users off of hosts when their sessions were idle for a set period.

v9.6 Build 9653 - 7th November 2022

Security Updates

UpdatedPrivileged Account Management feature now supports VMWare's PowerCLI module for resets, validations and discoveries.
UpdatedPassword Generator methods in APIs have been updated so it's easier to generate random passwords based on the Pattern Matching option.
UpdatedUpdated the API's to support all the Web Site Field ID's which are used with the browser extensions.
UpdatedUpdated the Pattern Matching password generator policy so you can also include literal characters in the password.
UpdatedUpdated the Pattern Matching password generator policy so the length of word phrases can be taken from the settings under the Word Phrases tab.
UpdatedAdded protocol validation checks to URL fields (CVE-2022-3877).
UpdatedUpdated Telerik Dataviz library to build 2022.3.913.
UpdatedReduced the postback payload for copy to clipboard feature, to improve performance.
UpdatedUpdated the Password Reset Portal to allow duplicate login ID's for Radius and SecurID.
UpdatedAdded additional logging in the App Server to assist in troubleshooting Mobile App data synchronization issues.
UpdatedUpdated third party assemblies for Mobile App to the latest versions.
FixedFixed a bug for Mobile App for iOS users where resetting face ID after the initial setup would report biometric data changed when unlocking via the autofill feature, even after re-enabling the setting in the app.
FixedFixed visual spacing bug in Mobile App for OTP records where initially the gap between the items was larger than it should be for iOS 16 users.
FixedFixed bug in the Mobile App where the theme setting was not visible for iOS 16 users.
FixedFixed the bug "Must declare the scalar variable EndId" for the auditing archive feature for when SQL Server was configured for case sensitivity.
FixedFixed an issue where the email for Self Destruct messages was not sent via the Windows Integrated API.
FixedFixed a bug with scheduled Password Resets where the option 'Capitalize First Letter of Word Phrases' for the Password Generator was not being honoured.
FixedFixed a bug on the System Settings page where the 'Clear' button for the standard API's 2FA QR Code was non responsive.
FixedFixed an issue in the API's when adding a new folder, and adding new permissions, where it was not possible to specify the DisableInheritance option when using the advanced permission model.
FixedFixed Security Administrator manual where images for new Exchange Online configuration were missing.
FixedFixed an issue with dragging and dropping a folder when using the advanced permissions model, where permissions could have changed when Disable Inheritance option was enabled.
FixedFixed an issue with generic fields where some special characters where being encoded incorrectly within the passwords grid view.
FixedFixed a possible bug in the Password Reset Portal where Duo SMS may not have allowed the user to reset their account password.

v9.6 Build 9630 - 6th October 2022

UpdatedAdded logging to the Error Console screen, when a user is presented the Account Disabled screen.
FixedFixed an upgrade issue when using SAML Authentication, when Passwordstate was in maintenance mode.
FixedFixed an issue in the Browser Based Gateway where copying a folder did not present the folder name as the zip file to download.

v9.6 Build 9627 - 4th October 2022

Database Schema Updates

UpdatedWhen cloning permissions from one user to another, and the option to first remove permissions on the destination user was selected, only security group memberships of local security groups will be processed.
UpdatedFor the Browser Based Launcher, you can now specify background and font colors for SSH sessions.
UpdatedRemoved modernizer.js from the solution.
UpdatedFor Brute Force login detection, you can now track based on UserID and IP Address, or just IP Address.
UpdatedBrute Force login detection is now tracked in the database, instead of using session variables.
UpdatedUpdated System Setting for email alerts for failed logins, to either alert on every failed login attempt, or when user was locked out due to the Brute Force login setting.
UpdatedAdded a copy to clipboard icon next to URL fields.
UpdatedUpdated jQuery to build 3.6.0.
UpdatedMade improvements to the Check All option for Auditing reports, when filtering on Password Lists.
UpdatedWhen cloning permissions from one user to another, the option to first remove permissions on the destination user was not working.
FixedFixed an issue when using Firefox with the Browser Based Gateway where the pasted value is "Copying... Please try again" when using the key combination of Ctrl-C to copy data to the clipboard.
FixedFixed a potential high CPU issue for the Browser Based Gateway and SSH sessions.
FixedFixed an issue where copying permissions from a Template on the Edit Password List screen, was not propagating those permissions up when using the Standard Permission Model.
FixedFixed a potential error of "Public member 'Split' on type 'DBNull' not found" when searching in Passwords Home, or a Folder, when a Password List did not have a corresponding record in the PasswordListColumnSettings table.
FixedFixed a potential bug where a User Account could not be deleted if there were pending Access Requests under their name.
FixedFixed an issue with SSH sessions in the browser-based launcher where the Alt-D key combination was deleting two words after the cursor, instead of one.

v9.6 Build 9611 - 5th September 2022

Database Schema Updates Security Updates

UpdatedAuditing records will now be added for any changes to System Settings, or Feature Access settings.
UpdatedAdded additional logging and processing to the Password Reset Queue to help troubleshoot any records getting stuck in the queue.
UpdatedThe ability to navigate to a Password List's contents from the Administration area has been deprecated.
UpdatedThe password field for the Separate Password authentication option for Templates and Password Lists will no longer be visible on the screen.
UpdatedMade various security improvements and enhancements (CVE-2022-3875, CVE-2022-3876).
FixedFixed a Hash validate issue for the Remote Site Locations agent if the Password List had data in the GenericField4 field.
FixedFixed the error message of "The LDAP server is unavailable" when performing an Account Heartbeat on an Active Directory account, when the password was incorrect and LDAPS was being used.
FixedFixed an error of "does not meet complexity of the domain" when using the Password Reset Portal, if a domain controller was specified on the Active Directory Domain record.
FixedFixed an issue in the APIs where it was possible to add password records where the Title field was blank.
FixedFixed a bug with a scheduled password reset where the randomly generated password was blank, if the Password Generator policy only had pattern matching options selected.
FixedFixed a bug with the Remote Site Locations agent where any "dependencies" for an account password reset would have failed.
FixedFixed a possible bug when copying passwords to the clipboard from Passwords Home or Password Folder, where email's may not have been sent or Tree Path auditing data added.
FixedFixed a possible bug with the Active Directory account validate script where it could have reported the error "The server cannot handle directory requests".
FixedFix a UI issue in the browser extensions when it could have shown a web site as a Linked record, when it was not.
FixedFixed the error "Index (zero based)" for the Password Reset Portal module, when trying to query event logs for bad login attempts.
FixedFixed a possible 401 Unauthorised error message when performing imports of Passwords from third party products.

v9.5 Build 9595 - 10th August 2022

FixedFixed an issue with the copy to clipboard feature where certain characters where being encoded to a different value.
FixedFixed an error in the error console of "Failed to load the public suffix cache" and a possible issue with base domain matching in the browser extensions.

v9.5 Build 9593 - 9th August 2022

Database Schema Updates

UpdatedRemoved 'Bad Login Attempt' event log monitoring for the password reset portal, due to possible excessive auditing records.
UpdatedDeprecated the feature where the clipboard could automatically be cleared with older versions of Internet Explorer.
FixedFixed a database integrity exception for records in the Password Reset Queue, when the records had data specified for generic fields, and the records did not have the encryption option enabled.
FixedFixed an issue logging in with Local Login Accounts, where the UserID was specified in email address format.
FixedFixed a 'HMAC Validation Failure' message with the Password Reset Portal when using the Questions and Answers verification policy.
FixedFixed a potential Server 500 Javascript error when the browser extensions were trying to retrieve data from the API.
FixedFixed an issue with the copy to clipboard feature where it was possible additional unicode characters were being added to the value being copied to the clipboard.
FixedFixed an issue with the Self Destruct feature where it was not possible to save the message to the database, when wanting to use option where the message is not emailed to a recipient.
FixedFixed an issue in browser extensions where the Username field IDs may not have been honoured correctly, if there was no Password input element on the same page.
FixedFixed a 'The LDAP server is unavailable' error on the screen Administration -> Password Reset Portal Administration -> User Account Management, when trying to reset a password for a user when there was a domain controller specified for the domain.

v9.5 Build 9583 - 26th July 2022

Please note the database upgrade screen for this build may take some time to complete

Database Schema Updates

UpdatedDeprecated searching on every key stroke within the Mobile Apps, for the Password Lists and Passwords screen.
UpdatedUpdated the clipboard functionality in the Mobile App to appropriately handle sensitive data with the introduction of Android 12's clipboard popup.
UpdatedUpdated the Android Mobile App to target Android 12 (SDK 31).
UpdatedUpdated the database upgrade screen to show additional logging when the beginning of each build upgrade commences.
UpdatedImplemented a new method for copying data to the clipboard, which performs a postback to the web server before any data is copied into the clipboard.
UpdatedProvided additional HMAC Hash validation for various tables in the database.
UpdatedAdded new Windows Server 2022 Datacenter Azure Edition operating system.
UpdatedAdded Kerberos domain authentication options to Passwordstate, and the Password Reset Portal module.
UpdatedUpdated Client Based Launcher installer to be an executable, using new code signing certificate.
UpdatedUpdated various third party assemblies to the latest releases.
UpdatedUpdated Telerik ASP.NET Ajax Controls to version 2022.2.622.
UpdatedDeprecated the feature where you could view password history, or the password record, from the screen Administration -> Auditing.
UpdatedProvided an option on user's preferences screen for clearing Ignored URLs for the browser extensions in bulk.
UpdatedProvided options to clear the Web Field ID values on password records for the browser extensions.
UpdatedMade various performance improvements to browser extensions to prevent excessive processing of DOM events, and fixed various runtime errors showing in the extension console.
UpdatedAdded 'Copy to Clipboard' and 'Password Viewed' auditing events for browser extensions, when accessing details from within the browser extension itself.
UpdatedPassword Retrieved auditing event for browser extensions will now record the actual URL displayed in the browser itself.
UpdatedThe icon overlay for browser extensions will now only show on web sites where the user already has a saved password record for the web site.
UpdatedThe browser extensions will no longer automatically updated Field IDs on web sites on the corresponding password records - the new field mapping feature can be used, if web sites change the value of their Field IDs.
UpdatedMade various browser extension improvements for the accuracy of form filling web sites.
UpdatedAdded new URI matching capabilities to the browser extension, giving more matching options when form filling and updating password records.
UpdatedAdded field mapping capabilities to the browser extensions, to simplify the recording of Field ID's on web sites.
UpdatedBrowser extensions now support form-filling OTP fields on web sites.
UpdatedBrowser extensions now support storing and form-filling up to 10 additional fields - stored in the Generic Fields.
UpdatedThe Brute Force lockout feature for the Password Reset Portal now has an option to disable the feature, for troubleshooting purposes.
UpdatedThe Brute Force lockout feature for the Password Reset Portal will now track based on UserID as IP Address.
FixedFixed bug in the Mobile App where if the user did not have permissions to the existing privileged account credential, of a reset enabled record, then the drop down control would be empty.
FixedFixed bug in the Mobile App where updating a password record may have failed if the password list did not have the expiry date field enabled.
FixedFixed bug in the Mobile App where a password with special characters may have appeared truncated when viewing on the password record detail screen.
FixedFixed a "does not contain a method named 'new'" error with various Windows based PowerShell scripts when hosts were running older versions of PowerShell.
FixedFixed an issue in various PowerShell scripts where the ::new initializer was not working on older versions of PowerShell.
FixedFixed an issue with the Remote Session Gateway scripts where it could not download OpenJDK because of TLS restrictions.
FixedFixed an issue in the Browser based Gateway where a 'Not Found' message was displayed when trying to download files from within a RDP session.
FixedFixed an issue where the playback buttons for viewing session recordings were non responsive.
FixedFixed a bug with the System Setting 'Allow permissions to be applied multiple times for a user/security group to the same Password or Password List' where it was not be honoured for password record permissions.
FixedFixed an insufficient permission screen warning when a user has been removed as a Security Administrator, but they last had the Administrator's tab selected before the logged off.
FixedFixed an issue with a Custom Auditing Report where All Activity types was not being selected when next editing the report settings.
FixedFixed an issue where a system setting to disable AD accounts when immediately added into Passwordstate, was not setting the DisabledDate field value for the account.
FixedFixed an issue where Drag and Dropping Password Lists and Folders was not working under the Passwords tab, when using search filter.
FixedFixed an issue of a Build Mismatch error when using the non Push/Pull version of the Self Destruct Message feature when installing new builds of 9535.
FixedFixed an issue when searching in a Passwords Folder where there were no Password Lists nested beneath it, was giving the same results as searching in Passwords Home.
FixedFixed the error 'Value cannot be null' when testing permissions for Backups, when no backup account was selected.
FixedFixed a 'Page Not Found' error when using the Add Password List wizard for Private Lists, when copying from Templates that have an authentication option set.
FixedFixed a bug in the Mobile App where it was not possible to update password records in a Password List where the ExpiryDate field was not selected for the List.
FixedFixed a display issue in Mobile App on the password detail screen where certain characters could have truncated the display.
FixedFixed an possible error of "String was not recognized as a valid DateTime" when retrieving password history from the APIs (Generic Fields) for a record that was added via the API.
FixedFixed an error of "String was not recognized as a valid DateTime" when importing a csv file where a Generic Field was blank, but expecting a Date value.
FixedFixed an issues on the user's Preferences screen where the Windows Integrated API One-Time Password may not have saved after being created.

v9.5 Build 9535 - 3rd June 2022

UpdatedUpdated code signing certificate for core Passwordstate product, and all associated modules.
FixedFix an 'Unexpected token json' bug in the Password Reset Portal for Duo Authentication when using SMS or Passcode login.

v9.5 Build 9533 - 25th May 2022

UpdatedUpdated PowerShell scripts for MySQL and MariaDB to support later versions of these databases.
FixedFixed a database exception when upgrading to build 9493 where it reported an error of FunctionalRoles column not existing.

v9.5 Build 9531 - 24th May 2022

UpdatedRemoved mcv version information from header responses in various modules.
UpdatedMade further changes to the execution of all PowerShell scripts to prevent logging in the Windows Event Log if detailed logging for PowerShell was enabled for the Event Log Category of 'Executing Pipeline'.
UpdatedMade changes to the renaming of Generic Fields so you could not accidently clear the name.
FixedFixed a bug with dragging and dropping host nodes under the Hosts tab, where it may have removed the same host from the view of a different folder.
FixedUpdated the Import Passwords screen so users could not import into Password Lists that they do not have Modify or Admin rights to.
FixedFixed a bug when restoring PowerShell validation scripts where HP switch scripts were not being restored.
FixedFixed a possible bug on entering the Backup Settings screen where it was reporting a "Split" issue on a NULL value.
FixedFixed a bug during importing into a Password List where a 'string or binary data would be truncated' error could occur, if you had the 'Enable for Password Resets' option checked on the Password List.
FixedFixed a bug on the Add/Edit Password List settings page where it may not have copied permissions from another Password List if the advanced permissions model was being used.
FixedFixed a possible bug where Guest Permissions may not have been added to upper-level folders, when individual permissions on password records where granted.
FixedFixed a bug where a Security Group which had the option 'Hide Group in UI' enabled, was still showing on the User Accounts screen when adding users to local security groups.
FixedFixed a 'Insertion index was out of range' exception when clicking on a SQL Server Host under the Hosts Navigation tree, when no Remote Session Credentials where configured for SQL Server.

v9.5 Build 9519 - 2nd May 2022

Database Schema Updates

UpdatedAdded a feature for the Browser Based Gateway where you can select different options for RDP performance i.e., show wallpaper, etc.
UpdatedAdded a feature for the Browser Based Gateway where you can specify the font size for SSH sessions.
UpdatedWith Remote Session Management, both remote session credentials, and local login accounts, will now appear in the Linked Credentials drop down list if appropriate.
UpdatedUpdated the Browser Based Gateway to build 1005.
FixedFixed a bug of 'No value given for one or more required parameters' on the Security Groups screen when trying to add groups, or synchronize membership.
FixedFixed an issue where scheduled backups of the Passwordstate database would not occur if the customer had re-ordered the settings in the database connection string in the web.config file.
FixedFixed an issue where the Client Based Remote Session Launcher may not have launched sessions for SQL Server.

v9.5 Build 9512 - 26th April 2022

Database Schema Updates

UpdatedUpdated the client based remote session launcher to support connections through Microsoft's RDP gateway.
UpdatedAdded the ability to search for privileged account credential permissions via the APIs.
UpdatedChanged the behaviour of password related permalinks so that it does not try and search for Password Lists or Folders in the Passwords navigation tree, if the user has Load On Demand enabled.
UpdatedDeprecated the System Setting feature to prevent concurrent logins.
UpdatedUpdated the KeePass import process to better support Unicode characters.
FixedFixed an issue on the Request Access to Passwords page where navigating to the next set of records in the grid was clearing the contents of the grid.
FixedFixed a possible DBNull to String error in both APIs when searching for privileged account credential records.
FixedThe Standard API method for adding permissions to privileged account credentials was reporting the Address Book API key was wrong if the incorrect API key was used.
FixedFixed an issue on the Import Passwords screen where the 'Export' button was showing after successfully performing an import.
FixedFixed a general error on the screen if you refresh your browser after already viewing a permalink for a password record.
FixedFixed an issue where Windows Server 2022 Datacenter operating systems may not have be discovered with the Host Discovery job.
FixedFixed an issue when adding a new Authorised Web Server for the App Server, where the functional roles were not saved correctly.

v9.5 Build 9500 - 10th April 2022

UpdatedUpdate the Import Password feature to show better rendering of the Import Errors grid, and provided an Export button to export the data if required.
FixedFixed an issue in the APIs where it may have returned zero results when searching for Password Lists or Folders when using the TreePath field.
FixedFixed a bug in the Standard API where an exception was being raised when adding new Password Lists.
FixedFixed a Server 500 error when trying to use the Import Password feature for third party solutions.
FixedRemoved an additional space on one of the Auditing activities listed on various Auditing screens.
FixedFixed an issue when trying to rotation encryption keys where it would redirect to a screen informing the user they did not have the required Security Administrator role.
FixedFixed an issue during the upgrade of the database to build 9493 where a 'Alter Column' error occurred for customers who upgraded originally from the version 6 beta.

v9.4 Build 9493 - 7th April 2022

Please note the database upgrade screen for this build may take some time to complete

Database Schema Updates

UpdatedPasswordstate now supports storing Unicode characters in the database.
UpdatedAll documents will now open as attachments in the browser, instead of trying to view certain document types in a new tab in the browser.
UpdatedWhen entering the System Settings screen, we re-query all System Settings in memory in case another Security Administrator has made a change whilst the user’s session was active.
UpdatedUpdated the browser extensions to only refresh data once an hour.
UpdatedUpdated the browser extensions to provide a menu option to refresh data manually if required, instead of waiting for the sync period, or the need to log in and out of the extension.
UpdatedRemoved the onclick events for the main navigation icons on the left-hand side of the screen, requiring the sub menus to be used instead.
UpdatedMobile App can now scan, view and retrieve one-time passwords, and has its own dedicated menu for the feature within the App.
UpdatedMobile App can now add, update and delete password records.
UpdatedIncreased the length of the Username field for the Mailbox settings for sending emails.
UpdatedMade various security improvements to the Password Reset Portal module.
UpdatedMoved the Mobile App default home page setting from the UI in Passwordstate, into the App itself.
UpdatedDeprecated the 'Disable Inheritance' setting on Password List Templates - it can only be used on Password Lists now.
UpdatedRenamed Backups and Upgrades menu in the Administration area to Backups, and moved some upgrade information to the main Administration page.
UpdatedThe ability to copy the 'Disable Inheritance' Password List setting from other Password Lists, or Password List Templates, has been deprecated.
UpdatedAuthorised Web Servers for the core product and the App Server can now have different functional roles enabled or disabled.
UpdatedReduced the size of the AccessNotes field for ACL tables, and the Reason field when requesting access to passwords, to 1000 characters.
FixedFixed an issue with User Account Policies where the link shared password list to a template setting was not applying.
FixedFixed an issue where searching for Host records from the top search bar was not filtering the hosts under the Hosts tab.
FixedFixed an issue with account discovery jobs where some hosts may not have been queried for the job, if the Tag field for the host was null in the database.
FixedFixed an issue with the Clone User Permissions feature where it was not moving any Private Password Lists for the source user.
FixedFixed an issue with the Self Destruct Message web site where you could not browse to the root of the web site without the use of the Self Destruct Message ID being passed in the URL.
FixedFixed an issue with the Outage Notification feature where it was not honouring the setting of sending via the email address of the mailbox specified on the System Settings screen.

v9.4 Build 9471 - 8th March 2022

Database Schema Updates

UpdatedProvided additional filtering options for discovery jobs, where values can be separated by semicolon characters.
UpdatedAdded additional permissions checks on postback for menu items in the List Administrator Actions dropdown list.
UpdatedWithin the Hosts tab, provided further permission checks on all pages to ensure the user has been given access to the Hosts tab.
UpdatedIn addition to checking if a user's session is still active when browsing to a new page, we also check now on all Postback events.
UpdatedAdded a new System Setting to prevent users adding themselves to Local Security Groups, and prevent them from adding new or existing User Accounts to Local Security Groups on the User Accounts screen.
UpdatedAdded a new System Setting option to prevent concurrent logins using the same account.
UpdatedUpdate the Dell iDrac PowerShell script to support newer versions of firmware 4.40 and above.
UpdatedWhen a Password List is nested in a folder configure for the Advanced Permission model, you can now manage permissions for Mobile Access on those nested Password Lists.
UpdatedUpdated the Yubikey authentication screens so it would not log any exceptions if certain special characters were used as part of the authentication process.
UpdatedUpdated all pages within the Administrator area to also check Security Administrator roles on postback events.
UpdatedAdded additional permission checks on Add Password screen when entering the screen, and on postpack.
UpdatedUpdated the API(s) so the password strength policy compliance is only checked for the parent password record, if updating a password record which is linked to one or more other password records.
FixedFixed an issue where the Active Users screen in the Administration area may not have shown any active users.
FixedFixed an issue for the Browser Extension where a user's Private Password List was meant to be selected as the default Password List, if they had not already specified one themselves.
FixedFixed an issue where the Auditing Graphs menu in the Administration area for Password Reset Portal required the Security Administrator role from the other Auditing Graphs screen.
FixedFixed an issue where you could browse to the initial Setup page after the initial setup had been completed.

v9.4 Build 9455 - 22nd February 2022

Database Schema Updates

UpdatedThe Restricted Feature for converting private password lists to shared lists has now been deprecated.
UpdatedCustom Logos for Passwordstate will now show on the Permalink Loading screen.
UpdatedMade further performance improvements to the screen Reports -> Auditing.
UpdatedImproved the performance of the Import Passwords screen when the user had access to thousands of Password Lists.
UpdatedAdded all Activity types to the screen Reports -> Auditing.
UpdatedMade changes to the Clone Permissions feature to ensure no SQL deadlocks were experienced during the cloning process.
UpdatedUpdated the clone user permissions feature to also clone favourite Password Lists.
UpdatedUpdated the Account Discovery feature to better capture exceptions when using multi-threaded execution against multiple hosts.
UpdatedOn Auditing screens, clicking on the various Platforms will no longer filter the different Activity types.
UpdatedYou can now export a list of Private Password Lists as well from the screen Administration -> Password Lists.
UpdatedIntroduced a new Feature Access to restrict which users are allowed to convert the permission models on folders. By default, no users have access, and access needs to be granted on the screen Administration -> Feature Access -> Folder Options tab.
UpdatedAdded new SQL Index to improve performance of displaying the 'Password Statistics' chart on Passwords Home.
UpdatedIf navigating to the Request Access to Passwords screen from a Password List you do not have access to, then appropriate records for this Password List will be displayed on the request access screen.
FixedFixed a bug with the 'Add Hosts to Folder' screen under the Hosts tab where the paging in the grid would not navigate past the second page.
FixedFixed an issue on the screen Reports -> Auditing, where the grid paging was not progressing to additional pages.
FixedFixed an issue with the High Availability Polling feature where it was polling as a passive server, when it should have been polling as on active server.
FixedFix and issue where the Report Loading popup window would not close when executing the Expiring Passwords report.
FixedFixed a bug where the Passphrase for the Self Destruct Message feature was not allowing certain HTML type characters as part of the Passphrase.
FixedFixed an issue where the link provided in emails for Pending Access Requests, was not taking you to the Pending Access Requests screen if you were already logged into Passwordstate when clicking on the link.
FixedFixed an issue adding Host records via the API(s), or via importing from a csv file, where the Remote Connection Type of Telnet was not being set correctly.

v9.4 Build 9435 - 8th February 2022

Database Schema Updates

UpdatedThe two based forms of Authentication in Passwordstate (AD and Forms) have now been consolidated into one version.
UpdatedDeprecated the "Separate Password" authentication option which could only be used with Active Directory Single sign-on.
UpdatedMade performance improvements to the Add/Edit Password List screens when customers have thousands for Password Lists.
UpdatedMade performance improvements to the 'Request Access to Passwords' screen by limiting the number of records returned when searching, and also not returning all data when opening the screen.
UpdatedMade performance improvements to the Passwords Home screen open first entering the screen.
UpdatedMade performance improvements by adding various SQL Server indexes.
UpdatedMade performance improvements to Auditing screens by providing searching functionality for selecting Password Lists as opposed to listing all Password Lists in a dropdown.
UpdatedMade performance improvements to the loading of data on the Reports -> Auditing screen.
UpdatedUpdated the new Import process, to ensure the default Password Strength Policy does not interfere with imports - by temporarily turning off the 'Compliance is Mandatory' setting.
UpdatedUpdated the API's to ensure certain data could not exceed the field size in the database.
UpdatedImproved brute force detection for Passphrases for Self Destruct Messages to retain login attempt counts when restarting your browser.
UpdatedUpdated Telerik ASP.NET Controls to version 2022.1.119.
UpdatedOn the View Failed Reset History screen, removed generic fields from the screen as they are not relevant to retrieving the value of the password used during the password reset attempt.
UpdatedFor the Privileged Account Credential system setting of "only allow the user to manage credentials they have been explicitly given access to", the radiobutton to view all credentials will be disabled if this option is set to yes.
FixedFixed a bug with the KeepAlive functionality for Load Balancers where the page was reporting a precompiled page message.
FixedOn the View Failed Reset History screen, fixed the issue where the Account Type images were oversized.
FixedFixed an issue with Self Destruct Message feature where it was possible to bypass the passphrase authentication, if the correct URL and MessageID could be guessed.
FixedFixed an issue where the new 'Import' Powershell scripts may not have been added if customers installed or upgraded to build 9400 specifically.
FixedFixed an issue with the Load On Demand feature for the Passwords tab, where Passwords Home was not selected when you first navigated to this tab.
FixedFixed an error of "Conversion from string to type Double is not valid" when trying to open a password record from the Expiring Passwords Calendar screen, where the password record has a URL specified.
FixedFixed an issue where the 'Copy Permissions from Password List' feature on the add Password List screen was not working.

v9.4 Build 9414 - 14th January 2022

UpdatedMade performance issues to various reports in Passwordstate, and change method of exporting to csv file format, to also improve performance of exporting.
UpdatedMade performance improvements when exporting data from the Auditing screen.
UpdatedAdded Self Destruct Message auditing events to the Auditing screen under the Reports menu.
UpdatedAdded additional debugging if any exceptions occurred withing the Password Reset Portal when sending emails for the Temporary Pin Code verification policy.
UpdatedUpdate HTML attributes of Password fields so that build in password managers in browsers will not form fill those password fields.
UpdatedUpdated all Backup PowerShell scripts to indicate an error where the backup account could be locked out, or disabled.
FixedFixed an issue in the Password Reset Portal where the Bad Password option of using both the Custom Database and Have I Been Pwned database was not working.
FixedFixed a case sensitivity issue with the Have I Been Pwned check in the main UI.
FixedFixed an issue on the Bad Password screens for the Password Reset Portal, where changing the type of Bad Password check was not being saved.
FixedFixed an issue with the Browser Based Gateway for the Remote Site Locations module where the Gateway Windows Service would not start after upgrading to build 9381 or 9400.
FixedFixed an issue where it was possible Account Discovery Jobs were showing as "In Progress" even though the job had completed.
FixedFixed an issue when exporting from Administration -> Password Folders, when the folder had no nested Password Lists which had passwords stored in them.
FixedRemoved some debugging when running the Enumerated Permissions Report.
FixedFixed and issue with the Check In Time on a password record could have changed, when editing the record when the password was checked out.

v9.4 Build 9400 - 23rd December 2021

Database Schema Updates

UpdatedProvided a new consolidated Import Passwords feature for importing via CSV files, or from other products.
UpdatedRemoved synchronization timeout setting for Mobile App when synchronizing data from the App Server.
UpdatedUpdated ImageFileName field in PasswordLists and PasswordListTemplates table to match size of field in UserAccounts table.
UpdatedProvided a better warning message when the Passwordstate web server was blocking outgoing connections to the Have I Been Pwned API URL for Bad Password checks.
UpdatedUpdated the Actice Directory synchronization process so user accounts are no longer deleted as part of this process. Instead, a purge option has been provided to delete disabled accounts after a set period of time.
UpdatedProvided a new setting to automatically purge password records in the Recycle Bin after a set period of time.
UpdatedThe feature to clone user permissions will now no longer remove permissions on Private Password Lists for the destination user, even if this option is selected - it will still remove permissions for shared lists.
UpdatedWhen exporting passwords from a Password List, individual auditing records for 'Password Viewed' will no longer be added, as it can trigger the Excessive Activity Auditing report.
UpdatedThe API Key fields on the Add/Edit Password Lists screen is now enabled, if you've been given permission to create/change API Keys.
UpdatedIn the Mobile App, the Tree Path field for long Folder names will be displayed in their entirety now, instead of being truncated on the screen.
FixedFixed a crash in iOS Mobile App when clicking the X symbol if not text was specified in the search bar.
FixedFixed an issue in the Standard API when querying a Password List's details, where the API Key was only being considered if it was included in the Header or Querystring - not the Body of the request.
FixedFixed and issue with the Password Reset Portal where the client IP Address being reported to the Duo Admin Portal, was of the Password Reset Portal Server, and not the client itself.
FixedFixed an issue where the Browser Extensions were not updating the Last Updated field for password records, when the extension updated the password.
FixedFixed the description on the Passwords Exported email template, to indicate the email is sent to Security Administrators with the Password Lists role.
FixedFixed a threading error with the Windows Local Admin Accounts discovery job, which was preventing the discovery job completing for all hosts.
FixedFixed a bug with the manual synchronization of security groups in the main UI where it may not have detected an AD account being deleted from Active Directory.
FixedFixed a 'UnlockComponent' error on the Edit Password screen when using the Heartbeat icon for hosts they require SSH connectivity.
FixedFixed an issue where the 'Guide' was not being copied from a Password List Template when using the standard Add Password List screen.

v9.3 Build 9381 - 29th November 2021

Database Schema Updates

UpdatedAuditing screen under Reports navigation menu will now only load data when the Search button is clicked.
UpdatedMade changes to Bad Password check in the core product where it no longer performs the check via the Standard API.
UpdatedMobile App will now honour the enabled status on user accounts when authenticating to the Mobile App.
UpdatedExact match searching for passwords now includes the Account Type field.
UpdatedUpdated Telerik ASP.NET Controls to build 2021.3.1111.
UpdatedMade changes to the scheduled account heartbeat process to resolve occasional SQL locks some customers are experiencing.
UpdatedAdded additional error capturing to the Windows Local Administrator Discovery script.
UpdatedAdded additional error capturing for failures with the SSH Templates password reset scripts.
UpdatedUpdated RDP functionality for Browser Based Gateway so it no longer logs an error in the Error Console when connecting to a host more than once with the same login credentials.
UpdatedRemoved the password validation check which occurs 4 times per day for the privileged account credential being used with the Password Reset Portal module.
FixedFixed a search issue for Password List/Folders in the Passwords navigation tree, when using the search icon and thousands of Password Lists.
FixedFixed some issues for the URL field where HTML Encoding of data could have malformed the value of the URL when opening the sites in new tabs in the browser.
FixedFixed a bug in the Standard API where calls could not be made to Private Password Lists - introduced bug in build 9350.
FixedFixed a bug with the Mobile App where it was not taking the 'Mobile Access' permissions on Password Lists into consideration.
FixedFixed the Email Template 'User Account Impersonation' as line breaks where not rendering in email clients.
FixedFixed a documentation error for the API(s) for the retrieving of security groups.
FixedFixed a General Error screen bug after successfully performing a Bulk Update of passwords in a Password List.
FixedFixed an issue where the Disable Inheritance setting on Password List templates was not being applied to any linked Password Lists.
FixedFixed an issue with the SSH Templates password reset script feature where the value of variables where not being updated during execute of the scripts.
FixedFixed a potential issue where is was not possible to use the 'Bulk Delete Empty Password Lists' feature if one of the Password Lists was selected in a Scheduled Report.
FixedFixed a bug on the Edit Password List screen where it was possible the incorrect Password Generator Policy was being selected.

v9.3 Build 9360 - 27th October 2021

UpdatedHost discovery jobs will no longer duplicate hosts records, if a newly discovery host in an Active Directory OU has been previously manually added to Passwordstate.
UpdatedRemoved the 'Your Position' button when performing SSH sessions with Browser Based Gateway.
UpdatedAdded extra steps to the Database Upgrade screen in Passwordstate to ensure relevant session variables are set before an upgrade can proceed.
FixedFor the new Server 2022 operating systems, removed the reference to Standard.
FixedFixed an issue where High Availability servers were not polling back to the primary server.
FixedFixed a bug introduced in build 9350 for the Standard API where API Keys were not being accepted in the Body of the request for password related calls - only in the header.
FixedFixed an issue in the API where the new "Search Remote Site Locations" method was returning all sites, and not the specific sites matching the search term.
FixedFixed an issue on the Delete Remote Site Locations and Delete Host screens, where the disabled Delete button still had an actionable OnClick event handler.
FixedFixed a potential issue where a Password Folder and all nested Folders and Password Lists, might not have been deleted from the Administration area.
FixedFixed an issue introduced in build 9350 where it was not possible to add or save password records if the Password field was not selected on the Password List.

v9.3 Build 9350 - 18th October 2021

Database Schema Updates

NewAdded new methods to the API for managing Active Directory Domains.
NewAdded new methods to the API for managing Privileged Account Credentials.
NewAdded new methods to the API for managing Remote Site Locations.
NewAdded new options to both APIs where a 2FA one time password must be specified during the initial authentication process.
UpdatedDeleting Host records via the API will now also delete any associated password records for the host.
UpdatedAdded options in the APIs to also delete Host records via their HostID value.
UpdatedAdded support for Windows 11 and Windows Server 2022 Operating Systems.
UpdatedRedesigned initial setup wizard of Passwordstate to not write to the web.config file until the initial setup is complete.
UpdatedOn Add/Edit password screens, the Bad Password Check icon will now be visible for any of the selected Bad Password options.
UpdatedMade performance improvements by only checking for Bad Passwords at the time of making changes to password records when clicking the Save button.
UpdatedMade some changes to the Duo login screens to re-query session variables if they do not exist.
UpdatedIt is now possible to nest Private Password Lists under a folder structure configured with the Advanced Permission Model.
UpdatedUpdated the Remote Session Gateway to fix a display issue with Aruba switches.
UpdatedUpdated Telerik ASP.NET Controls to build 2021.3.914.
UpdatedAdded new auditing records for when permissions are added and removed from the Feature Access screen.
UpdatedAdded a new notification to the Notification Centre, to remind Security Administrators of the best practice recommendation for generating updated encryption keys and re-encrypting all data.
UpdatedAdded a feature where you can swap encryption method type during the encryption key rotation process - either AES or FIPS encryption.
UpdatedAdded new functionality to the SAML Logout process, to force users to re-authenticate to the SAML provider/Passwordstate each time they wish to access Passwordstate.
UpdatedAdded new Auditing records for the creation, deletion, and updating of Remote Site Location records.
UpdatedIt is now possible to delete Remote Site Location records, and all associated records, from within the UI in Passwordstate.
UpdatedUpdated the email sent for failed SAML Logins to report the returned value of the SAML ID sent back to Passwordstate.
UpdatedRemoved legacy SAML code which was replace in Build 8488.
UpdatedMade memory optimizations to encryption/decryption functionality, for all modules.
UpdatedDeleting Host records in bulk will now also you to also delete all associated password records.
UpdatedUpdated Browser Based Remote Session Gateway to automatically check back in authenticating password records when the session is ended - this relates to the 'Password Requires Check Out' feature.
UpdatedAdded additional auditing records for Brute Force Lockout for the Password Reset Portal - on the second verification screen.
UpdatedWith the Host Name filtering on Remote Session Credentials, spaces will automatically be removed if added.
UpdatedHost discovery jobs now have an option to delete Host records when the host has password records associated with the host.
UpdatedAdded progress indication animation when uploading documents.
UpdatedAdded further checks to Active Directory password reset and validation scripts to ensure sAMAccountName format is being used in the Username field.
UpdatedAdded additional debug logging for the Password Reset Portal for the password expiry reminder emails.
UpdatedAdded an option for the Active Directory synchronization process to immediately disable User Accounts as they are added into Passwordstate.
UpdatedUpdated the Self Destruct Message feature to wrap long values on the screen.
UpdatedFixed a foreign key constraint error when trying to add a new user account and adding to a local security group at the same time.
FixedFixed an issue in the browser based launcher where certain characters for the password field were preventing authentication.
FixedFixed 'Failed to execute insertRule' JavaScript error on Edit Passwords screen when performing certain postback events.
FixedFixed a bug in the standard API where the Delete Permissions from Folder method was not accepting the API Key in the header.
FixedFixed an issue with the scheduled backup where the Secret3 field value was blank in the backup.
FixedFixed an issue in the Passwords Navigation Tree where some right-click context menus might have been disabled when duplicate permissions were applied to the folder - specific Guest access.
FixedFixed the PowerShell Test Script screen for Active Directory accounts, as it was not showing the Domain FQDN field on the screen.
FixedFixed an issue with Account Discovery Jobs for the Remote Site Locations agent where the job would not be marked as completed, if there were no hosts to query for the job.
FixedFixed an issue where the Emergency Access login password would not update if it contained an asterisks character.
FixedFixed an issue in the Auditing for the Password Reset Portal where the IP Address of the portal web server was being reported in the Description field.
FixedFixed an issue with Password Reset Portal and Duo Authentication where it was not reporting the user's IP Address back to the Duo portal.
FixedFixed an issue with the Remote Site Locations agent where the Chilkat assembly DLL was missing from the file system, which is used for SSH connections.
FixedFixed an issue where under certain conditions the Update functionality in the browser extensions could have updated other non related password records.
FixedFixed an issue where it would appear the High Availability Server was not polling back on the Authorised Web Servers screen, if the Passwordstate App Server was installed on the same host.
FixedFixed an issue with the encryption key rotation feature where it was not re-encrypting data for the AppTokens table for the Mobile Apps.
FixedFixed an issue where global security header attributes added into IIS, could have conflicted with entries added to the web.config file.
FixedFixed an issue where under certain conditions an incorrect Password List was selected on the screen after navigating away from the main navigation menus.

v9.3 Build 9300 - 2nd August 2021

Database Schema Updates

UpdatedIntroduced a new Common Software Installation Process (CSIP) with published checksums for validation.
UpdatedIncreased code obfuscation across all Click Studios software assemblies.
UpdatedImplemented strict calling process validation for all critical processes.
UpdatedRemove the dependency on the file Moserware.SecretSplitter.dll.
UpdatedSubdomain naming standard enforced for the Click Studios Content Delivery Network servicing downloads of the Common Software Installation Process.
UpdatedDeprecated In-Place Upgrade capability and blocked from working on all existing builds. Replaced by CSIP in build 9300.
UpdatedAdded a One-Time Password feature for the Emergency Access Login account.
UpdatedUpdated Telerik ASP.NET Controls to version 2021.2.511.
UpdatedUpdated Telerik ASP.NET Controls to use the digitally signed versions.
UpdatedRemote Site Locations Agent will now upgrade directly from your instance of Passwordstate.
UpdatedAdded an option on the screen Administration -> Remote Site Locations to export all agent installer instructions to a csv file.
UpdatedIncreased the Description field length in the database for Security Groups from 255 to 1000 characters.
UpdatedProvided a setting on security groups to prevent the security group from showing in the UI when applying permissions to credentials, features, etc.
UpdatedOracle validation script has been updated to support SYS accounts.
UpdatedUpdated iDrac password reset script to support iDrac firmware version 9.
UpdatedPowerShell scripts no longer exist within the Passwordstate folder after the initial installation is complete.
UpdatedAdded additional HMAC Hashing checks to various fields in the SystemSettings table.
UpdatedUpdated backup functionality so administrative rights on the Passwordstate web server are no longer required.
UpdatedBrowser Extensions have now been updated so the 'Update Dialog' does not display when updating an account password on a web site, if the user only has 'View' permissions to the credential in Passwordstate.
UpdatedUpdated the Client Based Remote Session Launcher so 'AdditionalParameters' in included in the Public/Private Key sessions as well.
UpdatedUpdated VNCViewer for the Client Based Remote Session Launcher to version 1.3.2.0.
UpdatedUpdated PuTTY for the Client Based Remote Session Launcher to version 0.75.
UpdatedRenamed the methods in the APIs which triggers a synchronization of AD Security Groups and User Accounts to GetADSync.
UpdatedMade some changes to the 'Password Retrieved' auditing events in the API's to make the description more consistent with the core UI auditing.
UpdatedIf the user has not been given the 'Feature Access' for the Mobile App, then the QR Code will no longer be visible on their Preferences screen for scanning.
UpdatedThe Build Number will now be added to exceptions for the core product, and Passwordstate Windows Service.
UpdatedAdditional additional content validation to various URL fields and document name fields on relevant screens.
UpdatedUpdated to latest build of Remote Session Gateway to resolve Chrome 89 issue where mouse scrolling was not working.
UpdatedMade changes to Mobile Apps to better support formatting of the Notes field.
UpdatedUpdated Remote Session Gateway installer scripts to use OpenJDK 16.0.1.
UpdatedThe RADIUS sectet field on the System Settings screen is now masked like a normal password field.
FixedFixed an issue in the API's where it would not send Self Destruct Messages correctly when using the Push/Pull instance of the Self Destruct message feature.
FixedFixed an issue in the API's when sending Self Destruct Messages where it was not honouring the System Setting as to which email address the message was meant to be sent from.
FixedFixed an issue where scheduled account heartbeats could still have executed, when the Password Lists has been modified to disable the 'Enable for Resets' option.
FixedFixed an error of 'The remote certificate is invalid according to the validation procedure' if TLS was selected for the mail settings, and older TLS protocols were disabled on the email server.
FixedFixed the SonicWall account discovery script as it had an invalid path to the Passwordstate bin folder.
FixedFixed a bug where a password record was getting checked out for exclusive use immediately (Password Requires Check Out) when enabling the option for the first time.
FixedFixed a bug where it was attempting to link a Password List to a Template (based on a System Setting) when it should not have been, which was causing a FOREIGN KEY constraint exception.
FixedFixed an issue where two menus under the Help menu were not hidden, when permissions were removed from them from the Administration -> Feature Access screen.
FixedFixed an issue deleting a domain from the Password Reset Portal administration area where it was reporting the domain was in use for password records.
FixedFixed a bug where the PG_CapitalizeWordPhrases session variable was not set when logging in via emergency causing some page load errors.
FixedFixed a false positive with Active Directory heartbeat check on the Add Password screen where the list is new and never had any password records assigned.
FixedFixed an issue with the Browser Based Launcher where authentication would fail if the password contained a & character.
FixedFixed an Internal Server 500 error for the Password Reset Portal when using SecurID authentication.
FixedFixed a bug in the Password Reset Portal when using SAML Authentication where it would error with 'user not successfully authenticated' when trying to change the user's password.
FixedFixed an issue with new installs where the Twitch icon for the Account Type was incorrect.
FixedFixed an issue where the Self Destruct Manual link in Passwordstate was giving a Page Not Found error.
FixedFixed an issue in the API when adding a Host record where it could have errored with "index was outside the bounds of the array".
FixedFixed a potential issue with the Remote Site Locations agent where a discovery job may not have completed if no 'dependencies' were found for a host.
FixedFixed a bug where it was not possible to view Permissions of a Host Discovery Job under the Hosts menu.
FixedFixed an issue where some customers where reporting the App Server could not be installed on the same web server as the core Passwordstate install.
FixedFixed an issue here some environments might not have had their browser based launcher gateway configured to use http posts for the websockets connections.
FixedFixed an issue on the Add/Edit Passwords screen, where it was trying to use the proxy server settings in System Settings, when it should not have been.
FixedFixed an issue where the Username button at the top right-hand side of the screen still had a click event on it, when the user had their access removed from the Preferences screen - resulting in a 404 page not found error.

v9.1 Build 9117 - 20th April 2021

Database Schema Updates

UpdatedAdded an option for SQL Server backups to not perform a DNS Lookup on the database server name if not required.
FixedFixed an issue where the 'active' node for High Availability could have duplicated some processing by the Passwordstate Windows Service.
FixedFixed an exception of 'Cannot bind argument to parameter String because it is an empty string' with the Remote Site Locaiton agent, for the Discovery Jobs.
FixedFixed an issue where the URL icon on the Edit Password screen may have been unresponsive to a click.
FixedFixed an issue where a notification might have been added for records in the Password Reset Queue, stating an active maintenance contract was required.

v9.1 Build 9112 - 14th April 2021

Database Schema Updates

UpdatedAdded back the Push/Pull version of the Self Destruct Message web site as an option.
UpdatedBrute Force Login detection will now also be tracked against the UserID field for the user for the main Passwordstate UI.
UpdatedAdded an option where Brute Force login can be temporarily disabled whilst troubleshooting X-Forwarded support on network devices.
UpdatedAdded a configurable database setting for backups to change the impersonation method used for the backup account if required.
UpdatedMade some changes to Browser extensions to increase performance when clicking on the Browser Extension icon, and also fixed where on occasion more than one click was required on a record within the browser extension.
UpdatedWhen browsing to the web site for the App Server, it will now give you a 200 Status Okay page, instead of the previous 404 Page Not Found.
UpdatedAdded additional checks to the backup "Test Permissions" process to ensure the linked password record was configured correctly.
FixedFixed some issues on the Passwords Home screen, where 3 'Actions' menus for Search Passwords and Recent Passwords was causing an exception, or message about insufficient permissions.
FixedFixed an issue where an automated clean-up process could have removed permissions from a folder that was configured with the Advanced Permission Model when it should not have.
FixedFixed an issue with new installs of version 9 where a different Verification Policy could be used, when it was not selected.
FixedFixed an error with the High Availbility In-Place upgrade feature where it may have raised an exception about the \upgrades\passwordstate\haupgrades folder not existing.
FixedFixed an issue where password resets where not being processed in the queue when using the free version of Passwordstate.

v9.1 Build 9100 - 29th March 2021

UpdatedUpdated the PowerShell scripts for SQL Server backups to support SQL Aliases.
UpdatedMade further improvements to Browser Extensions for performance, and Save dialogs appearing when they should not have been.
UpdatedAdded additional checks to ensure subsequent upgrades are not performed if a previously failure was detected.
UpdatedWhen uploading new images for Account Types, we now check to confirm the file name is not already in use.
UpdatedAdded some additional debugging to the Backup Settings screen during testing of permissions, as well as the In-Place Upgrade screen for downloading new builds.
UpdatedMade some improvements to the backup setting screen when trying to search fo your backup account - it will now also search on your Domain, or Host Name.
UpdatedAdded additional debugging if the test for sending of emails on the System Settings screen fails.
UpdatedMade improvements to the Oracle Password Reset script when not using a Privileged Account Credential to perform the reset.
UpdatedUpdated the feature where the browser extensions could automatically clear the clipboard so the event is now triggered based on using the 'Copy to Clipboard' buttons.
FixedFixed a bug upgrading to build 9000 where an exception of 'Subquery returned more than 1 value' if there where duplicate Account Types with the same name.
FixedFixed an issue with new installs of Passwordstate where the SAML Verification Policy for the Password Reset Portal did not have auto-enrolment enabled.
FixedFixed an issue with setting permissions when creating Password Lists under folders with Advanced Permissions model, where settings and permissions were based off a Template via a User Account Policy.
FixedFixed an issue with the backups to import the SQLSERVER module rather than the SQLPS module.
FixedFixed an issue with the Dependencies Discovery Job where it could have reported exceptions for "System.Threading.Tasks" when a Host could not be queried.
FixedFixed an issue when applying individual permissions to a password record, where permissions to upper-level folders maybe have been added, when they were not meant to be.
FixedFixed an issue where it was not possible to use the In-Place Upgrade feature for High Availability instances.
FixedFixed an issue in the WinAPI when generating random passwords where it may have raised an exception for the phrase CapitalizedWordPhrases.
FixedFixed an issue upgrading to version 9, if your High Availability Nodes were recorded in NetBIOS format, instead of FQDN.
FixedFixed an issue where auditing records for the Mobile App may not have shown in the Recent Activity grid under the Passwords grid.
FixedFixed an issue with the WinAPI where adding and updating password records would result in a 'No HTTP resource' error.
FixedFixed an issue when creating Password Lists via API where it could set a Password List to block inheritance when it should not have been.
FixedFixed an issue with the Test Permissions process for backups where it was checking if a Local Account, and remote SQL Server were being used, when the option to back up the database was deselected.
FixedFixed an issue where an exception of converting varchar to datetime could have happened for the Self Destruct Message feature - both adding and deleting messages.
FixedFixed an issue where the number of Discovery Threads on the System Settings page was not displaying the value saved in the database.
FixedFixed issues with Oracle PowerShell scripts where an exception was raised about the Oracle components not being found.
FixedFixed an issue with the browser extensions, which was allowing users to view a Password when they should not have been allowed to, based on the Hide Password settings for a Password List.
FixedFixed In-Place Upgrades for App Server if it was installed on the same servers as Passwordstate.

v9.0 Build 9073 - 11th March 2021

UpdatedExtended the expiry date, and number of views, for the Self Destruct Message feature.
UpdatedImproved error reporting on Mobile Apps for any issues pairing the App, or Logging into the App.
FixedFixed a bug upgrading to version 9 where an exception of 'Subquery returned more than 1 value' if there where duplicate Account Types with the same name.
FixedFixed an unhandled exception in the Mobile Apps when trying to authenticate if the offline cache days for the App was set to 30 days.
FixedFixed an issue when backup of SQL Server database where it could have reported the requirement to 'Import-Module SQLPS'.
FixedFixed issues for future upgrades where performing a backup just prior to upgrading was resulting in the ChilkatDotNet45.dll file not be able to be overwritten.
FixedFixed a 'System.IndexOutOfRangeException' exception in the Windows Integrated API when trying to manage permissions on a Password List.
FixedFixed an issue with scheduled and manual backups where it may have errored under certain conditions when trying to delete old backups.

v9.0 Build 9065 - 10th March 2021

Database Schema Updates

UpdatedMade the App Server's SSL Certificate Public Key for visible on the System Settings screen.
UpdatedMade some changes to the InPlace Upgrade feature to better validate a Windows Account it one was being used for the Backup and Upgrades account.
UpdatedAdded additional upgrade logging to final process on the Upgrade Notification screen.
UpdatedAdded additional checks to confirm the App Server installation instructions have been followed for configuring the web.config file.
UpdatedAdded a check to ensure the Health Check Utility was run after upgrading to version 9.
UpdatedMade various improvements to the backup process, with additional error capturing.
UpdatedWhen using the free version of Passwordstate, it will no longer be possible to scan the QR Code to configure your phone for the Mobile App.
UpdatedMade some changes to resolve intermittent issues with query Active Users in Passwordstate.
FixedEmails for backups was not reporting the file names correctly.
FixedFixed an issue upgrading to version 9 when using FIPS Encryption - error was "You must provide at least one secret share" when trying to join split secrets.
FixedFixed an issue with the new SAML option for Password Reset Portal where it could not communicate back to the API after SAML authentication completed.
FixedFixed and issue with the Move password record method in the API where a 'declare the scalar' exception was being raised.
FixedFixed an issue with the App Server not polling correctly into the main User Interface, if the App Server web.config file was encrypted.
FixedMade changes to the Self Destruct Message web site so it would pick up branding changes immediately when made on the System Settings page.
FixedFixed search functionality in Browser extension when users had more than 10 passwords saved for a website.

v9.0 Build 9050 - 1st March 2021

Database Schema Updates

UpdatedUpdated the Host icons within the Hosts tab to provide per connection type icons.
UpdatedDeprecated the 'Reset to All Records' options for Grids in Passwordstate for how many records can be displayed at any one time, and limited the option when clicking on the Screen Options button.
UpdatedFor features which send emails via the API's, we re-query email server settings prior to emails being sent.
UpdatedAdded a new notification to Notification Centre to detect if Adblockers were enabled for the site - which can affect performance and functionality.
UpdatedAdded new methods to the API's for adding Local Security Groups, and for adding/removing members from those security groups.
UpdatedAdded new methods to the API's for adding User Accounts into Passwordstate.
UpdatedAdded new methods to the API's returning and searching Security Groups.
UpdatedRenamed Operating System and Account Type of VMware ESX to VMware ESXi.
UpdatedImproved the scanning of OTP QR Codes to better detect invalid QR Codes.
UpdatedImproved the Brute Force IP Address lockout feature for the Mobile Apps.
UpdatedUpdated Telerik UI for Xamarin to version 2021.1.119.1 for Mobile Apps.
UpdatedUpdated Browser Extensions to use jQuery version 3.5.1.
UpdatedMade significant performance improvements to the re-encryption feature.
UpdatedMatches changes to the Browser Extension password update feature to better match on differences in URL values for the login URL, and the URL for the page where passwords are updated.
UpdatedMade changes to browser extensions to provide additional protection against HTML Injection attacks.
UpdatedIntroduced additional time-based token access control mechanism for Native Mobile Apps.
UpdatedMade some changes to support the inverted question mark character in encrypted fields.
UpdatedAdded a new notification to the Notification Centre, if the primary server's Windows Service did not poll back in the expected time frame.
UpdatedRenamed "All Passwords Report" to "Export all Passwords" on List Administrator Actions menu.
UpdatedFor the creation of the Passwordstate database, we now set the default collation to case insensitive.
UpdatedUpdated Telerik ASP.NET Ajax Controls to version 2021.1.119.
UpdatedAdded an email alert for Remote Site Locations to report if a site has not polled back in the specified time.
UpdatedMade some improvements to login screens to better handle sessions ending on the web server during the page sitting idle.
UpdatedMade changes to the execution of all PowerShell scripts to prevent logging in the Windows Event Log if detailed logging for PowerShell was enabled at the operating system level.
UpdatedAdded additional options to the Password Generator Policies.
UpdatedAdded functionality for In-Place Upgrade feature for the new Passwordstate App Server.
UpdatedAdded a new System Setting to hide the menu 'Convert to Shared Password List' for Private Password Lists.
UpdatedRename the label for the System Wide API Key to make it more obvious it is the System Wide key.
FixedFixed an issue with the Add Password List Wizard where the password value for the Separate Password authentication may not have been copied from a template.
FixedFixed an issue where a 404 page was displayed after using the Add Password List Wizard, where an authentication option was specified for the Password List.
FixedFixed an issue where the Password List Guide was being copied from a Template or Password List, when selecting the Copy Settings options on the Edit Password List screen.
FixedFixed an issue with the Linux Password Validation script where it was raising an exception about 'file not found' due to incorrect Chilkat assembly reference.
FixedFix the error 'The application passed an empty string or NULL to UnlockComponent' when testing SSH based PowerShell scripts from the screen Administration -> PowerShell Scripts.
FixedFixed an issue for the 'Adding Hosts into Folder' for Host Folders, where it was possible incorrect Hosts were automatically being added into folders.
FixedWhen adding a new password record, this was to be used for One-Time Passwords, the progress indicator was not showing on the screen after the QR Code was scanned.
FixedWhen editing the properties of a Password List, the options to copy permissions from a Template or Password List was disabled when the 'Disable Inheritance' option was selected.
FixedFixed issue with the 'Save and Add Another' button for adding password records, where a One Time Password QR code was being added to the secondary password record when not explicitly specified.
FixedWhen adding members to a local security group, clicking on the Cancel button was giving you a page not found error.
FixedIncorrect error message displayed when adding in a "Windows" account into a password record, if no Privileged Account was assigned.
FixedFixed a case sensitive matching issue on the Feature Access screen in the Admin area, which resulted in certain Add Folder/Password Lists menus being disabled.
FixedFixed an issue where you could not create folders in the root of Passwords Home, when you had been given access to do so.
FixedFixed an issue on the Feature Access screen where you may not have been returned to the correct tab after modifying permissions for a feature.
FixedFixed an issue with the re-encryption process where it would get stuck re-encrypting the PasswordDocuments table.
FixedPropagating Permissions arrow was not showing on Host folders.
FixedFixed an issue in the new API methods where blank API keys could have been used for retrieving Password Strength and Password Generator Policy data.
FixedFixed and issue where Permalinks were not working unless you were first authenticated.
FixedFixed an issue where user's need to also be given the Email Templates Security Admin role in order to get access to the Email Notification Groups menu in the Admin area.
FixedFixed an issue where UI elements would disappear on the Add/Edit folder screen when clicking on the setting 'Disable Inheritance of any permissions from upper-level folders'.
FixedFixed an issue with the Self Destruct web.config file which wasn't included in the Passwordstate Upgrade file.

v9.0 Build 9000 - 11th January 2021 - Beta 1

Database Schema Updates

NewNew native Mobile App available for iOS and Android.
NewNew Passwordstate App Server available for use with the Mobile App, Browser Extensions, and Self Destruct Site, for use when users are out of the office.
NewAdded a new method to the API(s) to trigger and Active Directory synchronization for user accounts and security groups.
NewYou can now Copy/Link/Move passwords via the API(s).
NewAdded the ability to delete password record dependencies via the API(s).
NewOne-Time Passwords can now be retrieved via both APIs if Password Lists and records are configured to use them.
NewAdded methods to both APIs for retrieving all Password Strength and Password Generator Policies.
NewBrowser Extension icon in the toolbar will now turn blue if the current web site has been added to the Ignored URL list.
NewBrowser Extension can now update passwords in Passwordstate when you change them on web sites.
NewPassword Lists which have the One-Time Password feature enabled, will now have the OTP progress and copy to clipboard functionality visible in the Password List grid.
NewBad Passwords and Have I been Pwned password checks can now be used in conjunction with each other on the Add/Edit Password screens.
NewBrowser based remote session gateway can now be configured to record and play back session recordings from a network share.
NewYou can now add in your own "Managed" account types, and configured password resets which are not related to a Host or Active Directory.
NewFailed Brute Force login attempts will now be locked out via IP Address, requiring the block to be removed manually from the Administration screen.
NewFolder and Password Lists can be configured to block inheritance of permissions from parent objects.
NewManual folder permissions on password folders has been deprecated and replaced by a combination of propagation, and blocking of inheritance.
NewProvided search functionality on various screens in the Administration area to help quickly find various settings.
NewAdded SAML Authentication support as a Verification Policy for the Password Reset Portal.
NewThe Password Reset Schedule for records now have options for adding the number of Days or Months to the Expiry Date field after the reset has occurred.
NewThe 'Default Password Reset Schedule' setting on Password Lists can now be randomized between two time slots.
NewAdded multi-threaded support for Account and Windows Dependency Discovery Jobs.
NewAdded a "Keep Alive" page to allow for monitoring website and database availability.
UpdatedAbility to delete empty password lists in bulk can now be found under Administration -> Password Lists -> Perform Bulk Processing.
UpdatedSession recordings in the browser based launcher will now be marked as complete if the user either closes their tab or browser.
UpdatedAdded more Operating Systems for account discovery, password resets and remote sessions.
UpdatedBackups have been improved where file and database backups can be stored in different locations, and backups zip files can be password protected.
UpdatedBrowser Extension Fixes and Updates.
UpdatedUpdated VNCViewer for the client based remote session launcher to version 1.2.4.0.
UpdatedUpdated PuTTY for the client based remote session launcher to version 0.74.
UpdatedAdded better error reporting if an OU for a Host Discovery Job no longer exists in Active Directory.
UpdatedUpdated Telerik ASP.NET Ajax Controls to version 2020.3.1021.45.
UpdatedAdded 256bit AES encryption option to password protected zip files for exports.
UpdatedThe Mobile Client Web site has now been deprecated and replaced by the new Native App.
UpdatedMade improvements to session variable handling when using multiple tabs to access Passwordstate.
UpdatedMade performance improvements to the In-Place High Availability upgrade feature.
UpdatedSSH public/private key authentication now works with the Browser Based Gateway, when the gateway is installed separately from Passwordstate.
UpdatedBrowser Extension Default Password Lists now show an option of --Please Select-- if a List has not yet been selected.
UpdatedBrowser Extension will now show a new Ignored URL menu, where you can delete any personal Ignored URLs.
UpdatedRemoved various words from the Word Dictionary for the Password Generator Policies.
UpdatedHost Properties section under the Host Dashboard now includes the "Tag" field data for the Host.
UpdatedMade improvements to the search feature to return better results if the search terms had a "_" in them.
UpdatedWhen using an active/active configuration for Passwordstate, the Windows Service on the 'Primary Server' will also now check on a schedule if any images/logos need to be written to disk, instead of just when the Windows Service starts.
UpdatedOn the SAML screen which informs you the account does not exist in Passwordstate, a Logout button will be presented to allow you to log out of your SAML Provider - as long as a Logout URL has been configured in Passwordstate.
UpdatedAn Exit button will always be visible now when using the Password Reset Portal, and redirect you to a screen instructing the user how to close their browser.
UpdatedThe email sent for Email Temporary Pin Code can now be customized - both for core product and Password Reset Portal.
UpdatedSafenet and AuthAnvil Authentication options have been deprecated - use SAML Authentication for these providers instead.
UpdatedAdded a check on the database upgrade screen to ensure the read-only Passive Node instance of Passwordstate could not attempt to upgrade the database.
UpdatedUpdated all icons to a new look and feel.
UpdatedBackground color branding has now been deprecated due to readability issues.
UpdatedUpdated Standard API so API Keys can be used consistently across all API Methods.
UpdatedSelf Destruct Message Web Site has been re-designed to work with active/active high availability setups, and can also be used with new Passwordstate App Server.
UpdatedUpdated HtmlSanitizer assembly to version 5.0.319.
UpdatedUpgraded Passwordstate and all modules to use .NET Framework 4.7.2.
UpdatedThe PassiveNode key in web.config files has been deprecated, and the 'roles' of your the Passwordstate web servers are now managed on the screen Administration -> Authorized Web Servers.
UpdatedWith the option to disable user's accounts when they are no longer members of any AD Security Groups, this setting will no longer be overridden by any other enabled/disabled setting.
UpdatedMade improvements to redact API Keys from various screens if user did not have access to the 'Anonymous API Permissions' feature on the Feature Access screen.
UpdatedThe option to nest Folders and Password Lists beneath other Password Lists has now been deprecated.
UpdatedThe Restricted Feature for allowing the use of Multiple Open Tabs has now been deprecated.
UpdatedConsolidated High Availability Nodes menu in Administration area into Authorised Web Servers.
UpdatedMade some UI improvements to the main navigation menus and tabs.
UpdatedUpdated to the latest SQLite DLLs for each appropriate module.
UpdatedMade some changes to PowerShell script for discovering Local Administrator accounts on Windows to improve performance.
UpdatedIf a password is check-out for exclusive use in the UI, it will only be available in the browser extensions for use by the person who has checked it out.
UpdatedNow digitally signing core DLLs, in additional to various Windows Services already signed.
UpdatedAdded additional Content Security header policies.
FixedWith the update to .NET Framework 4.7.2, the combination of SAML Authentication and Permalinks now work again.
FixedFixed a bug editing a User Account Policy if there was a System Setting set to hide Inbuilt Password List Templates.
FixedFixed some issues when using the Passive High Availability instance of Passwordstate where some controls where enabled on the screen when they should have been disabled.
FixedFixed an issue with expanding/collapsing navigation tree nodes if the user preference was set to collapse nodes by default.
FixedSSH Private Key authentication for the Browser Based Gateway was not working when launching a session directly from a password record.
FixedOn the System Settings page for Password Reset Portal, the Exit Button URL was leaving a https:// value behind when trying to clear the field.
FixedIn the browser extension, the Default Password List may not be selected correctly when navigating around the menus in the extension.
FixedFixed an issue with the Local Admin account discovery job where it could return a null user if a Security Group name was specified which did not exist.

Passwordstate

Password Reset Portal

Remote Site Locations

v9.9 Build 9992 - 29th April 2026

v9.9 Build 9991 - 10th April 2026

v9.9 Build 9990 - 1st April 2026

v9.9 Build 9988 - 25th March 2026

v9.9 Build 9986 - 12th February 2026

v9.9 Build 9984 - 20th January 2026

v9.9 Build 9983 - 1st December 2025

v9.9 Build 9980 - 10th November 2025

v9.9 Build 9972 - 28th August 2025

v9.9 Build 9970 - 23rd July 2025

v9.9 Build 9968 - 15th July 2025

v9.9 Build 9965 - 10th June 2025

v9.9 Build 9961 - 19th May 2025

v9.9 Build 9960 - 12th May 2025

v9.9 Build 9955 - 18th April 2025

v9.9 Build 9952 - 14th April 2025

v9.9 Build 9950 - 24th March 2025

v9.9 Build 9947 - 10th February 2025

v9.9 Build 9943 - 30th January 2025

v9.9 Build 9938 - 14th January 2025

v9.9 Build 9930 - 11th December 2024

v9.9 Build 9925 - 2nd December 2024

v9.9 Build 9922 - 26th November 2024

v9.9 Build 9920 - 25th November 2024

v9.9 Build 9915 - 24th September 2024

v9.9 Build 9911 - 3rd September 2024

v9.9 Build 9905 - 30th July 2024

v9.8 Build 9894 - 28th June 2024

v9.8 Build 9890 - 3rd June 2024

v9.8 Build 9881 - 6th May 2024

v9.8 Build 9873 - 15th April 2024

v9.8 Build 9866 - 28th March 2024

v9.8 Build 9858 - 7th March 2024

v9.8 Build 9853 - 20th February 2024

v9.8 Build 9849 - 13th February 2024

v9.8 Build 9839 - 21st December 2023

v9.8 Build 9835 - 14th December 2023

v9.8 Build 9823 - 19th October 2023

v9.8 Build 9811 - 25th September 2023

v9.7 Build 9795 - 31st August 2023

v9.7 Build 9786 - 3rd August 2023

v9.7 Build 9785 - 31st July 2023

v9.7 Build 9753 - 4th May 2023

v9.7 Build 9737 - 12th April 2023

v9.7 Build 9735 - 23rd March 2023

v9.7 Build 9727 - 15th March 2023

v9.7 Build 9715 - 23rd February 2023

v9.7 Build 9708 - 16th February 2023

v9.7 Build 9700 - 7th February 2023

v9.6 Build 9665 - 15th December 2022

v9.6 Build 9661 - 12th December 2022

v9.6 Build 9653 - 7th November 2022

v9.6 Build 9630 - 6th October 2022

v9.6 Build 9627 - 4th October 2022

v9.6 Build 9611 - 5th September 2022

v9.5 Build 9595 - 10th August 2022

v9.5 Build 9593 - 9th August 2022

v9.5 Build 9583 - 26th July 2022

v9.5 Build 9535 - 3rd June 2022

v9.5 Build 9533 - 25th May 2022

v9.5 Build 9531 - 24th May 2022

v9.5 Build 9519 - 2nd May 2022

v9.5 Build 9512 - 26th April 2022

v9.5 Build 9500 - 10th April 2022

v9.4 Build 9493 - 7th April 2022

v9.4 Build 9471 - 8th March 2022

v9.4 Build 9455 - 22nd February 2022

v9.4 Build 9435 - 8th February 2022

v9.4 Build 9414 - 14th January 2022

v9.4 Build 9400 - 23rd December 2021

v9.3 Build 9381 - 29th November 2021

v9.3 Build 9360 - 27th October 2021

v9.3 Build 9350 - 18th October 2021

v9.3 Build 9300 - 2nd August 2021

v9.1 Build 9117 - 20th April 2021

v9.1 Build 9112 - 14th April 2021