12.8.1

Updated the branding for Bravura Security within the product installer for a few remaining areas.

Updated the scheduled report configuration page to allow editing and saving the previously saved scheduled report on a patch version upgraded instance.

Updated the IDAPI Login function to return a generic error Invalid username or password  or the specified user has insufficient privileges when login fails in the following cases to prevent username enumeration:

The autores command line utility now skips and warns for roles that are disabled and/or unassignable when submitting.

A warning notification is presented in the role assignment user interface if a selected role is disabled and/or unassignable.

The installer now validates that the database compatibility level meets the minimum requirement of 130.

Changes to Create OTP user request:

Updated stored procedure TargetDelete to use RECOMPILE when deleting from targetobj to ensure that an unsuitable (from a performance perspective) cached query plan is not used when deleting large target systems.

Removed an SQL upgrade script that modifies the value of the discovery option Link accounts on this target system to subscribers for the target system discovery template NT_TEMPLATE and for all discovered systems created from NT_TEMPLATE.

Fixed issues with date timezones for Ajax and the product UI in general related to setting the preferred timezone environment variable.

Resolved an issue with the Login Assistant / SKA when upgrading from version 12.4.x to 12.8.1 and up.  Upgrading to 12.5.0 and up caused an upgrade issue due to rebranding from Hitachi ID to Bravura Security.

Fixed an issue where operation SRES (User self-reset result) is logged per account for both self-service and help-desk reset, which should be one operation per reset action and for self-service reset only. Also updated the Session activity report to generate the proper statistics for both self-service and help-desk change passwords.

Resolved an issue with Login Assistant / SKA to retain the value for the vpn-connect-terminate registry key on upgrade.  The value was previously being dropped after upgrading Login Assistant.

Resolved an issue with Login Assistant / SKA to retain the values for -vpnurl and -vpnurlsearch for the cmd registry key on upgrade.  The vpn-url and vpn-url-search registry keys are also now added for new Login Assistant / SKA installations.  These registry keys must be manually added prior to an upgrade of the SKA.

Fixed unexpected quit during password reset when the browser client IP was too long.

Fix issue on pages for unlock/detach/reset password for accounts ending in .x.

Updated the Orgchart graph page to load the current user's manager, even if the manager is in an orphaned Orgchart tree (calculated level is -1).

The autores utility now skips and warns for roles that are disabled and/or unassignable when submitting.

A warning message is given in the role assignment user interface if the role is disabled and/or unassignable.

Fixed an issue in the Requests app where the delegation manager was unable to delegate an implementer task on behalf of the selected primary implementer.

Updated requests app to not list requests with Calculating authorizers status with Active filter on.

Profile attributes now correctly fall back to the next-priority mapped account attribute when the highest priority attribute is removed.

During discovery, the order of precedence in target attribute overrides is obeyed when listing target attributes.

Fixed runtime error in ObjDiffAssociate stored procedure during auto discovery when handling duplicate accounts (sharing the same stable ID) across different targets with cross-target relationships.

Updated scheduled report configuration page to allow editing and saving the previously saved scheduled report on a patch version upgraded instance.

Modified the component uninstallation to check if the table exists before removing component data.  This previously caused an issue/exception for hid_extdb to show an error for "no such table".

If relevant, the Link accounts on this target system to subscribers discovery option for the target system discovery template "NT_TEMPLATE" and for all discovered systems created from NT_TEMPLATE should be reviewed.  By default, this setting is disabled upon installation.

Added strings vpn-url and vpn-url-search.  During the upgrade, these registry keys must be manually added to construct the runurl command line (cmd registry key). To do this: