Released: Jun 16, 2026

Server and Console 2026.2.7.0 中的更新

特性

Server

• Core - Website Legacy entries can no longer be edited and must be converted before use. The option to permanently dismiss the conversion notice has also been removed.
• Core - Improved loading performance for repository assignments, including the Batch Grant Access window.
• PAM - Added requested elevation details to reports.
• PAM - Added visibility into which approvers received temporary access and PAM checkout requests.
• PAM - Prevented users from approving their own checkout requests through linked accounts when self-approval is disabled.

Console

• Made minor updates.

修補程式

Server

• Core - Fixed a security issue where ticketing service credentials (ServiceNow and Jira) could be viewed by authenticated users through data source settings.
• Core - Fixed a security issue where duplicating a folder could expose attachments and handbook pages to users without access to the original content.
• Core - Fixed an issue where social-login entry metadata could be visible to vault members who were explicitly denied access to those entries.
• Core - Fixed a privilege escalation issue that could allow users creating vaults or PAM providers to assign themselves System Administrator rights.
• Core - Fixed a performance regression that caused system permission changes to take longer than expected to save.
• Core - Fixed a synchronizer error that occurred when nested groups were deleted in Entra ID (Azure AD).
• Core - Fixed an issue preventing orders from being created when they contained both a starter pack and additional licenses.
• Core - Fixed an issue where changing a password on first login after a basic installation could fail.
• Core - Fixed an issue where exported attachments and documents could become unusable after re-importing with attachments included.
• Core - Fixed an issue where the "Template list only" mode was not enforced, allowing entries to be created without a template.
• Core - Fixed an issue where variables were not resolved when unsealing entries or sending related notifications.
• Core - Fixed false password-change audit logs and notification emails when updating non-credential Website entry settings.
• PAM - Fixed missing permission checks on discovery scan results, ensuring only authorized users can access discovery data.
• PAM - Fixed PostgreSQL accounts incorrectly appearing out of sync after successful password resets.
• PAM - Fixed the "MFA on checkout" default setting not being saved.
• Web - Fixed a JavaScript error when viewing entry details containing deserialization errors under Reports > Diagnostic > Entries.
• Web - Fixed an issue where deleting an entry could trigger an error and leave the connections tree in an incorrect state until the page was refreshed.
• Web - Fixed an issue where unsupported AI Assistant providers appeared blank in the edit dialog and could cause the wrong provider to be saved.
• Web - Fixed Synchronizer entries becoming unusable in the web interface when the synchronization mode was set to manual or inherited manual.
• Web - Made UI fixes.