3.8.1 Release Notes

these release notes offer an overview of the enhancements, new features, and resolved issues incorporated into kron pam 3 8 1 for detailed instructions and information, please consult the reference guide contact us contact us at support\@krontech com please note that only registered users can contact the support team release summary below is a comprehensive list of the changes, additions, and fixes integrated into the 3 8 1 version of kron pam password vault more flexible configuration of password strength and length parameters has been introduced password management support for mongodb and redis user accounts has been added to the vault flexible scheduling options for password change timing of dynamic accounts have been implemented an option to restrict password changes to predefined periodic password change windows has been added support for managing user passwords via the ms active directory root domain in multi domain environments has been added the ability to create assigned credentials for private vault groups has been introduced password vault can now manage the passwords of kron pam users assigned credential assignments can now be listed from the policy tracking menu realm based authorization control for device connections via vault for administrative users has been added sensitive data exposure in windows event logs during iis pool account password management has been prevented secrets manager aapm agent security and performance improvements have been implemented in the aapm agent integration between tenable security center and password vault has been improved integration between ansible and password vault has been improved privileged session manager automatic user credential injection for su and sudo commands has been added support for "connect to target device" button using fqdn has been added session termination capability (kill session) for ot/ics session manager has been added service core itsm integration for session manager has been implemented secure remote access web session management via secure remote access has been enabled detailed debug logging for secure remote access has been added kron pam desktop client & kron pam mobile app the ability to connect to devices in the device list via double click within the kron pam desktop client has been added portal function permissions have been consolidated across the kron pam desktop client and kron pam gui both the kron pam gui and the kron pam desktop client now offer the same session experience managers can now modify reservation dates when approving requests through the kron pam mobile application multi factor authentication integration with external mfa vendors via the radius client has been implemented threat analytics web session manager (https proxy) logs can now be processed by ai based threat analytics system administrators can now mark detected anomalies as false positives cloud infrastructure entitlement management (ciem) a new dashboard and enhanced threat analysis capabilities have been introduced to ciem multitenancy tenant expiration date configuration has been introduced, with automatic tenant disablement after the defined expiration date endpoint privilege management an “apply to all agents” option has been added when creating advanced policies for epm agents remote start, stop, and uninstall capabilities for linux and windows epm agents have been enabled directly from kron pam kron pam logging has been enhanced to clearly distinguish between block actions, elevation requests, run as admin requests, and elevated executions, providing improved visibility into policy based operations configurable maximum ssh session limits have been introduced at the agent group level, with user notifications displayed when the defined threshold is reached local otp generation and validation capabilities have been implemented on windows and linux epm agents to support offline elevation and authentication scenarios when kron pam is unreachable video recording support for sessions on windows epm agents has been added support for subprocess exceptions has been introduced, allowing designated subprocesses to execute even when the parent process is subject to a block policy this capability applies to all policy types tunnel rule support (local and remote) has been reintroduced and integrated into the new agent architecture, including allow/deny actions and exception definitions applications are now automatically launched by the agent upon successful otp approval the krongina service has been secured by requiring administrator otp verification before it can be stopped a new logging system with configurable log levels has been implemented for the windows epm agent to improve diagnostics and troubleshooting session logs have been updated to display the protocol as “windows agent” instead of the generic “agent ” a linux agent mode has been introduced that operates without modifying openssh configuration linux agents can now report their agent version information to pam, aligned with the existing behavior of the windows epm agent api session logs have been updated to display the protocol as “linux agent” instead of the generic “agent ” platform features tls v1 3 support for the tacacs+ server has been implemented group based log authorization through the portal function feature has been added user import capability from entra id (azure ad) via microsoft graph api has been added oauth authentication support for email server integration has been implemented sms notifications are now sent when approval requests are generated the “session connection reason” field is now included in session logs forwarded to siem systems operational incompatibilities between approval workflows and time restriction policies have been resolved