12.5.3

Added support for .NET 8.

Added a new option to run rbacenforce.exe and autores.exe to submit requests to resolve violations in parallel.

Added the -threads option for both rbacenforce.exe and autores.exe to submit requests to resolve violations in parallel as well as the PSUPDATE AUTORES THREADS and PSUPDATE RBACENFORCE THREADS system variables for the number of threads to use during auto-discovery.

Import rule attribute condition compacity has been increased.

Enhanced the Guacamole RDP Disclosure plugin to display the remote hostname in browser tab titles, significantly improving user experience when managing multiple remote desktop sessions.

Optimized team-filtered searches, especially for cases with very large numbers of memberships.

Added two hardcoded exclusions to file replication: a folder under the instance root named local and a registry key under the instance root named local. These two locations can be used to hold files and registry values that are local to an instance and should not be replicated

Introduced a new system variable MANAGED GROUP INHERITANCE COPY TARGET. It enables more intuitive handling of phased authorization when inheriting target system authorization. The system variable allows for retaining prior behavior so as not to disturb release trains. Upgrades will retain prior behavior (having the system variable disabled). New installs will have this turned on by default, allowing for new behavior.

Added a new system variable, PASSWORD HISTORY VIEW INCLUDE FAILED PASSWORDS, to control whether failed randomizations are shown in the password history search engine for managed accounts. By default, failed randomizations are not shown.

Modifies REST API to query system variable values directly from the database, as needed, instead of consulting a cache that relies on change notifications from SQL Service Broker.

Modified the installer to correctly verify .NET 6 is installed on pre-installation check.

Removed installer requirement that the SQL Server service broker be enabled.

Updated the Login Assistant installer (ska-x64.msi) to hide the password for the administrative credentials (ADMIN_USERNAME, ADMIN_PASSWORD) in the log file.  It is now replaced with "**********" in the logs.

Resolved an issue when a connector operation fails to show the actual error message, rather than "Failed (Failed: Operation results missing for index [0].)" generic failure message, to aid with troubleshooting.

Made account attributes available to connectors for GRUA and GRUD operations.

Fixed an issue on the password reset results page where error messages returned from a connector for failed reset were truncated.

Fixed unexpected quit during password reset when the browser client IP was too long.

Fixed a performance issue where it took a long time to start create role request when there are a large number of existing roles configured.

Fixed a minor bug where discovered system audit data is not always updated.

Import rule attribute condition compacity has been increased.

The Sent Notifications (usernotif) report now contains the correct number of users in summary mode.

Requests are forwarded to the primary node to process if the recipient doesn't exist on all the nodes.

Fixed multiple issues in the wizard functionality, including form control validation, attribute page navigation, and disabled attribute handling. This resolves problems with moving between wizard pages when date selector attributes are in read-only mode, ensuring a smoother and more intuitive user experience during request submissions and authorizations.

Modifies the Bravura Security Fabric queue code to properly deal with events that are to be handled more than 23 days in the future (due to overflow); in this case Bravura Security Fabric does not create an idtm thread for implementer tasks.

Fixed an issue on request details popup page where attributes ACLs are not respected on refresh.

Fixing issues on request details (popup) page for role removal request when clicking on Expand role button:

Improved request KVG in workflow plug-in's input. In the case of request containing duplicate resources, it always includes the copy from the enacted resource if applicable. This can avoid issues with authmod, implementer, and other plug-ins due to the duplicate resources.

Resolved an upgrade issue due to failure in dropping index reqinfo_full_uk1.

Fixes a delayed crash that may occur when agents are timed out at the same time that they finish running.

Updated idpm service to be able to log queue password reset operation with appropriate result (success/failure) for password reset requested from UI.

Fixing utility loaduccache.exe to return only cacheable userclasses/userclasspoints with the -listuc and -listucp options respectively.

Fixed a random crash in the .rbacenforce utility.

Instdump.exe now includes the MTCSPI common files subfolder when listing binary versions

Modified utility userunlock when "-all" option is specified to ignore system variable LOCKOUT_DURATION, which should only be used for automatic unlock.

Improved usability around the logutil utility on non-instance systems. Well-known instance names that correspond to client utilities (such as disclosure plugins) no longer require the makekey flag to be set.

Fixes a deadlock that can occur when the system is experiencing severe memory pressure.

Fixing an issue where cross-target group relationships can not load as group members (if the account/group members are also loaded within scope) on subsequent nightly discovery. This was previously causing an issue where Active Directory domain accounts could not be listed for an NT managed group that would only list local users as group members.  The Active Directory domain accounts are now also listed for the NT managed group members.

Fixed incorrect error message when psupdate failed to run because another instance of psupdate was already running.

Fixed an issue where the identifier in the logs intended to correlate user activity in the AJAX service would get stuck showing the same user ID repeatedly.

Fixed an issue to now fill in the Identifer field (ident column in the sesslog_full table) for password reset related operations such as for transparent synchronization requests.  This was previously causing the Identifier field to be blank in the Event Log reports for later versions of Bravura Security Fabric.

Fixed an issue where proxy services would incorrectly report that a file didn't exist if that file was larger than 4 GB.

Resolved duplicate left joins on REST API calls when expanding with OData:

REST API will no longer start if schema is missing, if iddb is down or if configuration (BASE_IDSYNCH_URL) is missing. Bravura Security Fabric will retry every 30 seconds until ready, and then start accepting requests.

Need to install .NET Runtime 8.0 with the following:

The default behavior for the managed account password search engine has changed to hide failed randomizations. You can revert to the previously-default behavior by enabling the PASSWORD HISTORY VIEW INCLUDE FAILED PASSWORDS system variable.

Update the Guacamole server

Enable the MANAGED GROUP INHERITANCE COPY TARGET system variable if you want to enable the more intuitive handling of inherited phased authorization.