HomeDocumentationAPI Reference
Log In
These docs are for v16. Click to read the latest docs for v33.

Release Notes for This Release

Suggest Edits

16.1

Bug fixes and improvements

  • Bug fix for fetching cloud metadata with license

16.0

Important notes for this release

Version 16 introduces a fix for Extenders in HA deployments where the load-balancer IP address is dynamic. If you run such an environment you will need to update your Extenders' configurations and certificates. To do this, perform the following after regular upgrade steps:

  1. Unregister your Extenders.

  2. Reobtain certificates by running the following on your Extenders:

     # /opt/privx/scripts/extender-postinstall.sh --request-cert

  3. Re-download Extender configurations to your Extenders.

  4. Apply changes by restarting Extender services:

    # systemctl restart privx-extender

    If you are performing a fresh install while having a license from prior to this release, you will need to request a new license from [email protected]

New features

  • [PX-273] - Ephemeral private key rotation for SSH
  • [PX-1697] - Allow using AWS role ARN to scan hosts on other AWS accounts
  • [PX-2027] - Support principal key import for roles
  • [PX-2714] - Connection duration to connection-closed event
  • [PX-2722] - Authentication to PrivX via SSH Bastion using public key
  • [PX-2731] - Allow access to connections using access roles
  • [PX-3182] - Allow defining web host specific domain restrictions for web access
  • [PX-3194] - Add advanced search helper description to search fields.
  • [PX-3224] - Disclaimer improvements

Bug fixes and improvements

  • [PX-2909] - Override SSH algorithms per target host or pattern
  • [PX-2912] - Add the license backend address to the license page
  • [PX-2965] - Fixed connection-manager status check for RDP Bastion playback
  • [PX-2994] - Support dynamic ELB endpoint: shared-config.privx_public_ip_address can not be set to a reasonable value with ELB
  • [PX-3147] - Show host comments on connections page
  • [PX-3177] - Default disclaimer example in shared-config.toml is invalid
  • [PX-3179] - If host scanning or tag import is disabled, hosts deployed with deploy script don't have any names
  • [PX-3180] - Focus can go to login form despite popup disclaimer
  • [PX-3185] - Remove extra event attribute on connection page search results
  • [PX-3191] - Contextual role restrictions do not work for API clients
  • [PX-3199] - Race condition in SSH Bastion channel close
  • [PX-3232] - Unused cache configs on rolestore.toml
  • [PX-3233] - Auth service should use unified audit event keys
  • [PX-3234] - RDP file upload fails if 'Overwrite existing files' is checked and file does not exist on target
  • [PX-3257] - Panic in host-store house-keeping
  • [PX-3264] - Race condition is auth service startup
  • [PX-3266] - Expose API clients as role-store users
  • [PX-3274] - Prevent granting access role to connection for already granted roles
  • [PX-3280] - The PrivX UI / help documents get indexed by crawlers
  • [PX-3291] - API clients are not allowed to access workflow engine APIs
  • [PX-3301] - Google GSuite is nowadays Google Workspace
  • [PX-3302] - trail-index: crash when attempting playback for trail with missing files
  • [PX-3306] - Fix data validations for workflow-engine requests
  • [PX-3315] - Workflow : add role through API but system marks the role added as ROLE REMOVED
  • [PX-3318] - Notification mechanism does not work well with local caches
  • [PX-3329] - PrivX web proxy does not support text/x-gwt-rpc content type
  • [PX-3353] - Fixed installation and backup restore issue for PostgreSQL 11. Added support for PostgreSQL 13.
  • [PX-3354] - Allow sending keycodes via menu for RDP/web containers
  • [PX-3356] - Forwarded connection failed where it is expected to succeed
  • [PX-3365] - Prevent Extender name and routing prefix namespace clashes when modifying or unregistering Extender.
    Note: For existing deployments, ensure your Extenders and routing prefixes have unique names.
  • [PX-3368] - Directory login is attempted even if directory has been disabled
  • [PX-3370] - Prevent superuser creating trusted clients with too broad permissions
    and security fixes

Known issues

  • [PX-1230] - When AWS role federation is enabled, description is shown instead of name in PrivX
    Workaround: Click Refresh on the /privx/deployment/aws-roles page. This associates correct names to AWS roles.
  • [PX-1517] - Permission denied for AuthorizedPrincipalsCommand on AWS RedHat AMI
    Workaround: To correct SELinux context, use cp to copy the principals_command.sh to correct location: 
    # scp -i key.pem principals_command.sh user@target:/tmp/
# ssh -i key.pem user@target "sudo cp /tmp/principals_command.sh /etc/ssh/"
  • [PX-1711] - RDP fails to connect to target in maintenance mode, need support for /admin flag
  • [PX-1835] - Extender/Carrier/WebProxy configs are not migrated on upgrade
    NOTE: In case of manual changes in the extra component .toml files:
    • Before upgrading, please copy the .toml files to another folder.
    • After upgrade, download new .toml files from PrivX UI and merge the manual changes from your .toml copies to the new .toml files.
  • [PX-1875] - Web proxy login does not work, if login page does requests to multiple domains
  • [PX-1980] - Several audit events are missing username information.
  • [PX-2665] - Cannot reuse the service address of a deleted host until its hosts_deleted_age has elapsed.
  • [PX-2947] No sound when viewing recorded rdp-mitm connection.
  • [PX-3086] - PrivX role mapping to AD OU not working as expected.
  • [PX-3183] - Belgian French keyboard layout change does not work in web and xrdp connections

Updated over 3 years ago