12.4.1

Added ability to `include`/`exclude` accounts in the `MANAGEABLEACCOUNTS` search engine.

Cleaned up the warning level log messages when unlocking mobile accounts.

Added support for Windows Authentication to MSSQL for the REST API.

Optimized stored procedure execution during auto discovery.

Improved iddiscover robustness around loading list files that don't exist, have no data, or were produced by failed listing.

Optimized the stored procedures to check for segregation of duties rule violations to return early when no valid rules are configured so that queries to prepare role memberships based on validity windows in order to calculate sod violations will be skipped.

Some improvements for stored procedures used by the rbacenforce utility to return a list of variances for all users.

Added the ability for script manage-components.py to reload only the environment for component(s) specified in the new optional parameter --components.

Fix the multiple-value integer profile attribute issue for PDR Update attributes.

Fixed an issue where the selected language is lost through a SAML authentication.

Fixed password page in wizards to check whether a request generated password is provided before proceeding.

Fixed an issue to ensure that the correct record is updated in the orgchart when transferring subordinates.

Changed behavior in request app so that implementer tasks section is not automatically expanded when the implementer selects a request.

The accounts POST endpoint no longer requires the attribute array when creating and account on a target.

The REST API attributes endpoint will return the correct reference fields for attributes of type 'file'.

Fixed an issue where request to delete multiple roles (operations added by wfreq at submission time) failed to submit due to duplicate operations (expanded from roles).

Fixed an issue in wizard where segregation of duties violations are not listed when violations are triggered by requesting new role memberships and existing indirect group membership is also involved.

Fixed auto-discovery, so that import rules based on the memberOf computer attribute will be correctly evaluated.

Fixed race condition in replication so creation of PAMUtil API User through team management PDR will only have one GUID in the DB.

pam_account_management: Updated search filter for the ONBOARD_ACCOUNT pre-defined request to hide already onboarded accounts.

Fixed issue where the access control page for managed system policies would not function if any access groups had a space in their IDs.

Resolved an issue where having teams or team groups with long descriptions could cause pre-defined requests to fail.

Resolved an issue where managed accounts with special characters in the username or password could not be used with secure browser/webapp disclosure.

Resolved an error in website disclosure configuration scripts when disclosing managed accounts with special characters in the name or password.

Fixed an issue where the Privileged Access page took a long time to load for help desk members on systems with many teams.

Fixed session monitor to avoid modifying the keyboard state in the keyboard hook (Windows 10 build 1607 and later).

Allow session monitoring to capture keystrokes where multiple characters are produced from a single keystroke (i.e. when typing the sequence ~x on a United States-International keyboard, nothing is outputted when you press ~ but 2 characters ~x are outputted when you press the final x).

Fixed issue in session monitor keystroke recording where the presence of diacritics would cause issues with buffer lengths, resulting in the recorded text being cut off or the process name being null.

pam_team_management.pdr.team_members: Forcing the deselection of a group to assure that teams with the same group name does not cause errors in member list population.

Group IDs are now recalculated properly when changing teams.

Updated the pam_personal_admin_management component to read the personal admin MSP from the global configuration table.

idmlib: adjusted helper functions for unmanaging/managing groups to align with stored procedure changes.

Fixed Session Monitor so that screenshots from multiple monitors are properly captured.

Corrected dependencies for 2 data components:

components(upgrade): correct upgrade scripts preventing successful 11.1.3 to 12.4.x upgrades.

Fixed issues when skipping or retrying failed SQL upgrade scripts.

Changed the post-upgrade schema verification task to report on all errors encountered rather than just the first.

Fixed installer to not prompt for REST API user password during upgrade if REST API user already exists.

Fixed the installer when upgrading instances where the service administrator password contains < or > characters.

Fixed two issues where proxy instances could not be upgraded.

Fixed a logging issue with setup.exe when installing a new instance.

Fixed users' session security.

Corrected issue concerning the handling of report email attachments which were incorrectly escaping HTML characters.

Fixed non-expiring scheduled reports failing due to an invalid date format in the database table.

Fixed a tree traversal vulnerability where the hard drive directory structure could be explored.

Fixed edge case where setting a json value to "true" or "false" in an environment file would occasionally fail.

Updated Login Assistant installer, to validate the password of the Login Assistant account against the password policy of the system.