25.1 Release Notes

Release Date: March 1, 2025

New Features

  • A button to 'Regenerate the Use My Account SSH keys' has been added. (519067)

  • The IBM Security sudo plugin is now able to securely inherit environment variables. (578060)

  • The Direct Audit packages have been updated with the latest OpenSSL. This update removes Atomic support while adding support for Alpine and RHEL7 ARM64. (605226)

Improvements

  • The iOS APNS certificate has been updated to support iOS 15.4 and iPad 13. (628085)

  • The connector now uses the asynchronous mode as default when preparing auditing data. (594291)

Fixed Issues

  • The validation check has been added for SortBy value when executing the RedRock\query request. (592090)

  • You can retrieve all accounts that are accessible based on a user's sys admin role permissions from PAS > Access > Policies > Policy Settings > Policy Sets. (508390)

  • Fixed password rotation failures caused by outdated AWS profile instructions, MFA input blockage, and account page opening in new tabs, by requiring a database upgrade script. (533578, 504002)

  • Fixed a HTTP request smuggling vulnerability. (594459)

  • Refactored the javascript code to fix the issue with CSP restriction for CBE Chromium. (536202)

  • Improved performance when populating set members for systems and roles. (613122)

  • The predefined cipher suite list now includes modern, strong TLS 1.2 ciphers to improve compatibility. (615816)

  • Refactored the DataVault and Sets views by decreasing the number of calls, sub requests, and using joins. (615877)

Resolved Issues and Changes in 25.1 HF5

  • Improved performance on Unix profile lookups (663006, 663008)

  • Improved event logging performance during role updates and deletion.(653159)

  • Improved audit logging performance for privilege elevation assignments (665752)

  • Improved performance when assigning rights to a user (653159)

  • Fixed an HTTP request smuggling vulnerability (594459). If you're not using the latest Verify Privilege Server Suite agents, this fix requires that you upgrade. You must upgrade to Verify Privilege Server Suite 2023.1 (agent 6.0.1) or later.

    If you cannot upgrade to Release 2023.1 (agent version 6.0.1) or later, there are some component updates that you can upgrade to -- you can choose one of the following versions:

    • Verify Privilege Server Suite release 2023.0.5 (agent version 6.0.0-158)

    • Verify Privilege Server Suite release 2022.1.10 (agent version 5.9.1-337)

Resolved Issues and Changes in 25.1 HF4

  • Fixed an issue where connectors failed to refresh cloud certificates. (638298)

  • Fixed an issue where connectors refused to download certificates from old HSPAS instances. (649839)

  • Fixed an issue where agent enrollment failed on some tenants. (653696)

Notice of Termination of Support

  • SLES12

  • Debian 10

  • CentOS

  • RedHat Linux 6 and 7

The Verify Privilege Cloud Suite Syslog Writer is no longer supported. For more information see, Integrating Verify Privilege Cloud Suite with Syslog Collector Plugin