1.1   New functionalities and improvements in WALLIX Bastion 12.3.2

1.2   New functionalities and improvements in WALLIX Bastion 12.3.1

1.3   New functionalities and improvements in WALLIX Bastion 12.3

1.4   New functionalities and improvements in WALLIX Bastion 12.2.3

1.5   New functionalities and improvements in WALLIX Bastion 12.2.2

1.6   New functionalities and improvements in WALLIX Bastion 12.2.1

1.7   New functionalities and improvements in WALLIX Bastion 12.2

1.8   New functionalities and improvements in WALLIX Bastion 12.1.1

1.9   New functionalities and improvements in WALLIX Bastion 12.1

1.10   New functionalities and improvements in WALLIX Bastion 12.0.2

1.11   New functionalities and improvements in WALLIX Bastion 12.0.1

2.1   Bug fixes in WALLIX Bastion 12.3.2

• WAB-13455: Fix Bastion interface availability and license update issues when the timezone is set to Africa/Casablanca.
• WAB-14371: Improve replication log management by moving MariaDB binary logs from /var/log to /var/wab/mysql.
• WAB-16674: Improve the System ❭ SIEM integration page by moving the "+" button to the left of the screen and automatically adding the unsaved row when the form is submitted.
• WAB-16937: Fix wabwatchdog to prevent service status checks and notifications during the upgrade process.
• WAB-17147: Disable the "WABEmergencyCredentialRecovery" cron task on secondary (slave) replication nodes.
• WAB-17757: Fix error 500 in GET /api/sessions/traces when a date is given in query string parameters.

2.2   Bug fixes in WALLIX Bastion 12.3.1

• WAB-8198: Fix The "bastion-change-redis-password" command that no longer allows setting an empty password.
• WAB-11169: Fix the URL returned for domain account credentials in the REST API.
• WAB-13167: Fix the audit log message when the timeout of an external authentication is modified.
• WAB-13225: Fix an issue preventing the immediate application of changes to the graphical user interface inactivity timeout.
• WAB-14645: Remove the message shown by the form after submission when a REST API error occurs, as it duplicates the error notification. Notifications remain visible until the user closes them.
• WAB-16777: Fix several typographical errors on the Backup/Restore page.
• WAB-17148: Fix a timing mismatch between metadata events and video position in RDP and VNC session replay, ensuring that clicking a metadata timestamp jumps to the correct video position.
• WAB-17184: Fix the Paths field desynchronization in Standard applications. When the targets of a cluster associated with a Standard application are modified, the Paths field in the application form is now correctly updated to reflect those changes.
• WAB-17294: Fix internal logger crash when logging non-UTF-8 characters.
• WAB-17375: Fix an incorrect error message when trying to restore a backup in the user interface while replication is active.
• WAB-17526: Fix a typo in emails containing the results of the Discovery analysis.
• WAB-17552: Fix the "WABChangeDbRootPassword" command. The command now works with any special character.
• WAB-17629: Fix an issue preventing a backup without a cryptographic passphrase from being restored from the user interface.
• WAB-17635: Add the ability to specify the Email attribute in an LDAP authentication domain.
• WAB-17667: Fix remote port forwarding in SSH sessions. Sessions no longer close when using remote port forwarding.

2.3   Bug fixes in WALLIX Bastion 12.3

• WAB-8981: Disable backup purge via cron job on WALLIX One PAM Bastions.
• WAB-9030: Improve handling of the error triggered when resizing the terminal window below the minimum form size.
• WAB-9357: Fix the naming of network interfaces connected to a physical or virtual machine during operation.
• WAB-10186: Fix the WABCRLFetch command by removing the deprecated --location option, updating the --file option to accept a path or ` -` (minus sign) for standard input, allowing the - -config option to be used without an argument for the default configuration file, using standard input only when explicitly specified, and improving error reporting.
• WAB-10447: Improve the description of the Keyboard input masking level field on the RDP connection policy page.
• WAB-11108: Fix the impossiblity to change the number of parallel connections when a hop is configured.
• WAB-11169: Fix the URL returned for domain account credentials in the REST API.
• WAB-11763: Disable automatic backup via cron job on the WALLIX One PAM Bastions.
• WAB-11913: Fix a bug which prevent WABChangeGrub to set a password on physical appliances.
• WAB-12294: Improve the error message on the Network page when disabling a network interface that is still used in the Service control page.
• WAB-12370: Add a parameter in the SSH Proxy configuration options to define remote commands treated as SFTP sessions, useful for configuring a specific SFTP executable command in WinSCP.
• WAB-12871: Add password rotation data to the data sent to SIEM.
• WAB-13449: Add french translation for the "disk full" notification.
• WAB-14031: Fix sending large RAIL application icon to RDP client.
• WAB-14088: Fix a compatibility issue between the Application Driver UI automation script for Google Chrome and Microsoft Edge, and iDRAC v9.
• WAB-14406: n
• WAB-14532: Fix a problem that prevented the security level of certain services from updating on version upgrades or backup restoration.
• WAB-14593: Fix certain cases where transferred files were not properly recorded in the list of saved files during SSH sessions.
• WAB-14764: Fix the target port value for a WSM session.
• WAB-14807: Update the default log level for SNMP to avoid flooding.
• WAB-14978: Improve seamless connections in IPRedir mode by supporting applications that use the WSAConnect system call, such as EasyModbusClient.
• WAB-15066: Fix an issue preventing the configuration of the SMTP server without authentication via the REST API.
• WAB-15143: Fix the disappearance of the default gateway in certain cases of IP source routing.
• WAB-15192: Add password change logs to the syslog file and for SIEM export.
• WAB-15202: Fix renaming errors for RDP session recordings that use an application cluster when sessions ended due to user inactivity.
• WAB-15203: Fix the missing display of the message banner in the RDP Selector when a banner is configured under Configuration ❭ Configuration options ❭ Global ❭ Banner.
• WAB-15204: Fix an issue where RDP clients using FreeRDP 3.15 libraries (Debian 13 "Trixie") required the relax-order-checks option to connect to targets. Connections can now be established without this option.
• WAB-15240: Fix copy/paste in RDP sessions with Rdesktop.
• WAB-15247: Fix the content of clipboard log events during RDP sessions so that transferred text data is not displayed.
• WAB-15329: Add the Allow rt without recording parameter in SSH Proxy configuration options, allowing the “4 eyes” audit to be disabled when the SSH session is not recorded.
• WAB-15412: Disable authentication with the RDP proxy and SSH proxy when the encryption passphrase is locked.
• WAB-15510: Add passphrase confirmation before exporting sessions via WABSessionLogExport.
• WAB-15513: Add default ascending sort order in the Account name column in the Add target accounts for session management window.
• WAB-15516: Improve notification handling by preventing duplicate password change emails when one delivery attempt fails.
• WAB-15607: N
• WAB-15651: Add a boolean field trace_corrupted to the REST API resource GET /api/sessions.
• WAB-15653: Add Debian packages libpq5 and python3-psycopg2 to WALLIX Bastion, enabling the use of the PostgreSQL password change plugin.
• WAB-15715: Improve error handling when a DNS query returns no answer.
• WAB-15739: Fix an issue causing the console keyboard to revert to US QWERTY after reboot.
• WAB-15929: Improve the REST API request GET /api/devices when only specific fields are returned using the fields URL parameter.
• WAB-15983: Fix display of legacy UI pages when accessing them for the first time after login.
• WAB-16006: Fix incorrect field validation for the number of allowed simultaneous connections.
• WAB-16171: Improve backup restoration by increasing the file size limit for restores via the web interface. Backup files can now be up to 300 MB.
• WAB-16173: Fix the 2FA options in the RADIUS form so that each option is independent and applied correctly.
• WAB-16185: Fix an issue where the Windows Security dialog couldn’t be filled or bypassed when using a domain administrator account.
• WAB-16220: Fix stability issue by reverting Blobfuse2 to version 2.2.1 to avoid memory leak.
• WAB-16223: Fix the generation of the SSH/RDP connection file when the username is the e-mail adress.
• WAB-16267: Fix a bug that prevented submitting the LDAP form when using an anonymous bind method from the Configuration ❭ External authentications page.
• WAB-16299: Fix a random issue affecting device redirection from FreeRDP-based clients to RDP sessions.
• WAB-16651: Fix the identification of the HTTP Basic Authentication dialog box of Firefox 145.0.2.
• WAB-16663: Add three additional log files to the debug information to enhance the advanced logs files.
• WAB-16669: Improve the error message displayed when creating an application if the license has expired or the resource limit has been reached.
• WAB-16726: Fix a spelling mistake in the error message when adding an existing NTP server.
• WAB-16760: Improve the REST API request GET /api/accounts when only specific fields are returned using the fields URL parameter.
• WAB-16765: Improve the REST API request GET /api/targetgroups when only specific fields are returned using the fields URL parameter.
• WAB-16778: Add missing translations on the System ❭ Backup ❭ Restore page.
• WAB-16807: Fix an issue that could prevent replication from resuming after a WALLIX Access Manager or WALLIX Bastion node restart.
• WAB-16808: Fix a replication failure that could occur in “master/master” mode when resynchronizing databases on clustered Access Managers or Bastions using the bastion-replication --dump-resync command.
• WAB-16813: Remove non-onboarded discovered devices from the list of targets in the application form.
• WAB-16861: Improve SQL replication by increasing the maximum number of replica (slave) nodes to 100.
• WAB-16954: Improve error 500 returned by GET /api/devices when a plugin is not found.
• WAB-16974: Fix web session status in Session History when the WSM server is down, so failed sessions appear as FAILED and interrupted sessions as ABORTED.
• WAB-17018: Add the WALLIX Bastion version impacted by the recent addition of resources in the REST API v3.12.
• WAB-17023: Improve management of cron jobs related to replication. Cron jobs no longer accumulate.
• WAB-17071: Fix the cron-run command help to show the correct exit code (254) when failing to acquire the lock with --flock option.

2.4   Bug fixes in WALLIX Bastion 12.2.3

• WAB-11455: Add a configuration option that fixes connections that use email and a vault transformation rule.
• WAB-12568: Fix a display issue in the legacy user interface when an external Active Directory user is mapped to multiple groups, including at least one with user group restrictions.
• WAB-12786: Add anonymization of "accountcredhistory", "scan", and "scan_job" tables in the "bastion-db-anonymizer" script.
• WAB-13437: Fix the audit log when creating, modifying, or deleting the “authorization” object.
• WAB-13442: Fix the F5 Big-IP password rotation plugin to properly support passwords containing double-quotes ("), question marks:question: , and backslashes ().
• WAB-13524: Add detection of an error by the Windows password change plugin when NTLM is disabled on the target.
• WAB-13597: Add detection of an error by the Windows password change plugin when the target account has the "CannotChangePassword" attribute.
• WAB-13785: Fix a traceback error in the syslog that occurs when an expired, disabled, or locked user tries to authenticate to WALLIX Bastion.
• WAB-14192: Fix the removal of the old SSH key during a key rotation via the UNIX plugin when the Keep other keys option was selected.
• WAB-14300: Fix an issue where an SAML user was able to log into the administrator network interface.
• WAB-14523: Improve clarity by renaming the Last connection parameter to Last session for the user entity on both the Users ❭ Accounts web page and the /api/users endpoint.
• WAB-14553: Fix incompatibility between WSM and IPv6 Bastion.
• WAB-14703: Fix high RAM consumption during MP4 video generation for web sessions.
• WAB-14778: Fix high memory usage and performance issue when the connected user has a lot of authorizations.
• WAB-14822: Add max length for strings in REST API "sessions" resource.
• WAB-14941: Fix CSV export of users with limited rights profiles.
• WAB-15015: Fix WinRM fallback to HTTP for retrieving local Windows accounts in the context of local account discovery.
• WAB-15077: Fix an issue where the resolution of names found by the discovery feature failed when the first DNS server returned a response other than a timeout or a ServFail error, preventing fallback to the next DNS servers.
• WAB-15121: Fix creating a domain with an external HashiCorp vault when optional parameters are not set.
• WAB-15122: Fix for approval closure in WABCleanApprovals close. Approvals whose end date has already passed, have an “accepted” status, and no sessions started now remain unchanged and are no longer closed automatically.
• WAB-15127: Fix the issue preventing an auditor from opening a web session simultaneously with another user.
• WAB-15185: Fix an error in Unix password change plugin during reconciliation on a Red Hat target.
• WAB-15229: Add anonymization of the WSM table to the bastion-db-anonymizer script.
• WAB-15231: Add anonymization of web application URLs in the bastion-db-anonymizer script.
• WAB-15236: Add the generation of an error when importing web applications from a CSV file if the URL is missing.
• WAB-15273: Disable reverse name lookup when canonicalizing hostnames for use in Kerberos service principal names.
• WAB-15354: Fix wrong status code being returned by the Windows password change plugin when the host is unreachable for the WinRM method.
• WAB-15381: Fix database initialization timeout on replica nodes in W1PAM clusters.
• WAB-15422: Remove the bastion-replication cron jobs from all nodes when running --uninstall.
• WAB-15432: Fix editing issues when a global and local domain share the same name.
• WAB-15465: Fix SMTP passphrase synchronization across all nodes of a W1PAM cluster.
• WAB-15476: Improve display of the Audit ❭ Authentication History page, and add the “X-Pagination-Counters” HTTP header to the REST API.
• WAB-15543: Fix a 400 (Bad Request) error in the REST API that occurs when searching for fields with a null value.
• WAB-15601: Add automatic periodic cleanup of troubleshooting files generated from the System ❭ Status page.
• WAB-15611: Improve the response time of GET /api/sessionrights when handling many rights and tags, and remove unnecessary spaces and indentation in the JSON returned by the REST API.
• WAB-15616: Fix support for long user names in the F5 Big-IP password rotation plugin.
• WAB-15617: Fix the search for plugins in "devel" mode in wallix-debug.
• WAB-15638: Update openssl packages to fix following security advisories: CVE-2025-9230, CVE-2025-9231, CVE-2025-9232.
• WAB-15656: Fix 500 errors in the REST API caused by a lock on the confignumber table and improve the performance of database update requests.
• WAB-15673: Fix the result of a vault transformation rule when the regular expression contains curly braces.
• WAB-15710: Fix wallix-debug to correctly display command output when the return code is non-zero and stderr is empty.
• WAB-15717: Fix a 500 error returned by the REST API when attempting to create a group restriction that already exists.
• WAB-15727: Update redis package to fix the following security advisories: CVE-2025-46817, CVE-2025-46818, CVE-2025-46819, CVE-2025-49844.
• WAB-15734: Fix the automatic deletion of backup files created from the System ❭ Backup/Restore page and stored in /var/tmp/backups/.
• WAB-15736: Improve the "backup_key" option by raising its maximum length from 16 to 128 characters.
• WAB-15737: Fix connection failures during simultaneous GSS-API bind authentications to Active Directory domains.
• WAB-15751: Fix the association of a global domain account with target groups when the account is edited on the Targets ❭ Domains page.
• WAB-15760: Fix the list of targets displayed on the standard application form.
• WAB-15950: Fix support for the tmsh shell in the “F5 Big-IP” password rotation plugin.
• WAB-15951: Fix risk of having different RDP proxy certificates on W1PAM cluster nodes after a reboot.
• WAB-16052: Remove unnecessary redirects when navigating to pages in the legacy user interface.
• WAB-16069: Fix an issue preventing WALLIX Bastion from retrieving LDAP approver users to notify in an approval workflow. This occurred when using an OpenLDAP directory with the memberOf overlay.
• WAB-16070: Fix a 500 error returned by the API request GET /api/passwordrights?count=true.
• WAB-16203: Fix repetition of the security level prompt during upgrades from version 12.0.
• WAB-16270: WSA-2025-11-001: Fix local privilege escalation (MEDIUM) - CVE number pending.
• WAB-16298: Fix error on the Targets ❭ Applications page when a standard application has no path defined.
• WAB-16344: Fix an issue preventing the use of the password_hash parameter on the /users API resource.
• WAB-16382: Add an event to the audit log when a user logs out of the web interface.
• WAB-16383: Fix XSS vulnerability affecting the restrictions field on the Users ❭ Accounts page.
• WAB-16384: Fix a vulnerability that allowed unauthorized access to the physical console via brute-force.
• WAB-16411: Remove the unused directory /tmp/crl.

2.5   Bug fixes in WALLIX Bastion 12.2.2

• WAB-10179: Fix cluster imports in CSV format.
• WAB-13460: Fix Oracle password rotation plugin startup by replacing a missing deprecated dependency with its supported counterpart, adding Oracle 23 support and dropping Oracle 11.2. Fix handling of single quotes (') in usernames and passwords, and enable password rotation for accounts without the CREATE SESSION permission via reconciliation.
• WAB-13580: Fix check of the received hostname in REST API when it contains a port number.
• WAB-13746: Improve performance by avoiding updates to static data from the database during SSH, RDP, or VNC sessions.
• WAB-13790: Fix interval for retrieving X509 connection approvals from 1s to 5s.
• WAB-14064: Fix excessive growth of the "redis" log file by changing the default verbosity level to notice.
• WAB-14155: Fix the keep_other_keys parameter of the UNIX password change plugin after an upgrade or the restoration of a backup.
• WAB-14242: Update source protocol RDP to APP for sessions on applications in CSV exports.
• WAB-14264: Improve the description of the configuration option Trusted hostnames for HTTP_HOST header.
• WAB-14387: Fix typos in the description of the Windows password change plugin options.
• WAB-14567: bastion-replication --uninstall uninstall cron jobs for monitoring and notification
• WAB-14569: Improve security on the REST API CSRF token by accepting it only in the HTTP header X-CSRF-Token.
• WAB-14617: Fix dashboard upgrade from WALLIX Bastion 12.0.10.
• WAB-14639: Fix tags added by API on an application that were removed when saving the application via WALLIX Bastion web interface.
• WAB-14646: Fix possible conflict in redis configuration file while upgrading.
• WAB-14663: Fix secondary connection message for WEBAPP targets.
• WAB-14782: Fix the creation of a second device (or application) using a new tag (key/value) identical to a first device (or application) when both POST RESTAPI creation calls are made at the same time. The creation could fail and several minor issues could occur.
• WAB-14793: Add the tags field of the Device object (resource /api/sync) in the REST API documentation.
• WAB-14840: To work properly with Citrix ADC load balancer 13.1, the security level for the HTTP Admin client must be set according to Open-Source community recommendations.
• WAB-14845: Fix an issue that prevented selecting interfaces on the Network page in certain web browsers.
• WAB-14909: To use SSL encryption for Active Directory authentication on Windows 2019 or earlier, the LDAP client’s security level must be set to the open-source community recommendations (oss).
• WAB-14920: To use Remote Desktop connection on Windows Server 2019 or earlier, the security level for RDP Proxy must be set according to Open-Source community recommendations.
• WAB-14932: Remove the "Use CSRF token" REST API option. The REST API client can still force the use of a CSRF token using the HTTP header "X-Use-Csrf-Token" upon API authentication.
• WAB-14943: Add a message regarding changes to security level algorithms during updates from version 12.0.10 or earlier.
• WAB-14960: Fix an issue where the replication cron jobs were deleting the replication config file during setup due to cron jobs not being deleted.
• WAB-14985: Fix an issue causing user-defined DNS servers to be removed and replaced with those provided by DHCP.
• WAB-15057: Fix the automatic deletion of old versions of CRL files when importing new ones.
• WAB-15061: Add a log action when a user account is disabled, reactivated, or marked as expired.
• WAB-15085: Remove case sensitivity for sessionSharing field in CSV import of authorizations.
• WAB-15154: Update maximum length of private keys in REST API version 3.8: from 2000 to 20000 characters.
• WAB-15217: Fix update script: checks encryption status before the upgrade and prompts for unlock.
• WAB-15218: Fix type and description of default connection policies "RDP-ccn" and "SSH-ccn".
• WAB-15249: Fix error 500 on REST API bulk request when the body is an empty JSON list.
• WAB-15253: Fix an issue in AD domain handling with recursive groups. When an approver group was defined via group mapping and the mapping referenced an invalid group, emails were sent to all users in the domain.
• WAB-15331: Fix error on CCN connection policies in migration.
• WAB-15383: Update Axios package to version 1.12.0 (CVE-2025-58754).
• WAB-15624: Fix an issue preventing SSH access to the Debian machine hosting Web Session Manager after a reboot.

2.6   Bug fixes in WALLIX Bastion 12.2.1

• WAB-13811: Fix session timeout not updating when retrieving X509 connection approvals.
• WAB-14084: Fix password reconciliation with Unix password change plugin when the sudo rule is configured with NOPASSWD.
• WAB-14391: Fix an issue preventing the upgrade from running in a completely non-interactive way
• WAB-14525: Fix a default route issue caused by the global table being set to an incorrect value in IPSR mode.
• WAB-14527: Fix password change error in the Windows plugin when credential rotation was configured without the krb_file (Kerberos configuration file) parameter.
• WAB-14551: Fix the creation or update of a password change policy where password_length is set to null via the REST API.
• WAB-14558: Add default ascending sort order in the Account name column.
• WAB-14559: Fix "wallixsession" service not starting on Wallix One Pam replica nodes.
• WAB-14590: Update Debian packages to fix this security advice: CVE-2025-32462.
• WAB-14611: Fix changes to the “url” field that were not tracked in the audit log.
• WAB-14707: Add heuristics to hide usernames, passwords, and API keys in URLs stored in audit information and logs of Web Application sessions.
• WAB-14747: Fix a file writing error when trying to save customized logos.
• WAB-14766: Update GnuTLS packages to address security advices: CVE-2025-32990, CVE-2025-32989, CVE-2025-32988, CVE-2025-6395.
• WAB-14828: Update WSM version to 4.0.9 to fix plain-text credentials in WebSocket frames.
• WAB-14862: Fix replication of custom proxy connection messages across Wallix One PAM nodes.
• WAB-14893: Fix limitations on user/target groups in the profile when the user is logged with an API key.
• WAB-14901: Update debug email templates for discovery.
• WAB-14995: Update connection failure message in Discovery.
• WAB-15062: Update Paramiko to version 3.4.0 in Discovery (CVE-2023-48795).
• WAB-15063: Update Axios package to 1.11.0 (CVE-2025-7783).
• WAB-15079: Fix connection failures to RDP and SSH proxies with SAML authentication if the user was already logged into the GUI.
• WAB-15221: Update Debian packages in order to fix this security advice: CVE-2025-7425.

2.7   Bug fixes in WALLIX Bastion 12.2

• WAB-5852: Remove Timeout field requirement when an approver accepts a user request.
• WAB-8024: Fix sorting on "device" field in API resource /api/targets/session_scenario_accounts.
• WAB-9700: Fix device removal when there are no active approvals.
• WAB-9942: Fix the acceptance of empty names or zero-length passwords when creating or updating password change policies via the REST API.
• WAB-10269: Fix an incorrect error message when reaching the concurrent users limit.
• WAB-10277: Improve logs when an OTP has expired while connecting to the WALLIX Bastion GUI.
• WAB-10937: Fix the maintenance page when viewing approval request details in Entra ID.
• WAB-10943: Fix start dependencies for the "wallixsession" service.
• WAB-11056: Fix the disappearance of the default gateway in specific cases.
• WAB-11412: Remove the need to open port 443 between WALLIX Bastions while configuring HA Database Replication.
• WAB-11423: Fix the long display time of a global account page when the account has more than 30 resource associations.
• WAB-11672: Add a warning message in the GUI and in "WABNetworkConfiguration" if an FQDN does not have two levels for the domain.
• WAB-11759: Fix the validation of "F5 Big IP" plugin parameters on a local domain for a device.
• WAB-11801: Fix the display of devices in a cluster when there are a lot of devices in the database.
• WAB-12323: Fix concurrent user count when the same account connects to the WALLIX Bastion interface from different IP addresses.
• WAB-12393: Remove sending of Break glass and approval emails to disabled users.
• WAB-12492: Improve several descriptions on the Configuration options > RDP proxy page.
• WAB-12581: Fix the inability to use interfaces previously used for bonding.
• WAB-12831: Fix SAML authentication when the user is already connected to the browser.
• WAB-12848: Fix the execution of "bastion-disk-space-checker" during WALLIX Bastion upgrade which led to mails being sent to the Bastion administator.
• WAB-12857: Fix the compression of rotated files in /var/log.
• WAB-12997: Fix disconnection from web site when authenticating with SAML on a proxy.
• WAB-13019: Fix Chrome compatibility affecting password field detection in RDP sessions.
• WAB-13035: Fix slow display of approvals when searching in the history.
• WAB-13131: Fix the visibility of users with the same profile permissions but different "transferable flags".
• WAB-13163: Improve errors reporting in the "F5 BIG-IP" password rotation plugin and improve support for slower authentication on the target device.
• WAB-13251: Fix an issue with the Application Driver and Interactive Login mode, which requires locating input fields.
• WAB-13284: Remove support for the underscore (_) and dot (.) characters in the system hostname configured in the 'WABNetworkConfiguration' script. They are no longer permitted. Due to this new restriction, it is the duty of the Bastion administrator to manually modify any system host name that contains these forbidden characters.
• WAB-13335: Add support of MariaDB in the MySQL password change plugin.
• WAB-13450: Improve SNMP reporting by setting the WALLIX Bastion status to "false" when services are disabled due to low disk space.
• WAB-13513: Fix issue with service mapping restrictions for a SAML administrator.
• WAB-13525: Fix an issue related to the inability to obtain a root shell when booting in "rescue" mode.
• WAB-13545: Fix update of application paths via the REST API for interactive login and accoung mapping targets.
• WAB-13550: Fix an event sent by "WABSessionLogIntegrityChecker" to the SIEM when the session status is "OK" and added a missing quote in a reported event.
• WAB-13578: Add a note about allowed characters in the Trusted hostnames for HTTP_HOST header field.
• WAB-13605: Remove "camellia256-cts-cmac" and "camellia128-cts-cmac" algorithms from accepted encryption types for kerberos authentication.
• WAB-13625: Fix duplicate session record creation in the database when editing its description via the REST API.
• WAB-13630: Remove sending break-glass and approval emails to expired local users.
• WAB-13631: Fix an issue in 'bastion-replication --add-slave' where the script could incorrectly report "This Bastion is already in slave list".
• WAB-13639: Fix the "WABSessionLogExport" script, which could generate archives with corrupted data, making them non-importable. A separate fix to the "WABSessionLogImport" script allows importing those previously affected archives.
• WAB-13649: Add search and sort features for the "is_application" field in REST API resource /api/applications.
• WAB-13652: Fix missing KBD_INPUT logs in RDP session connections from Windows 11 MSTSC to a Windows Server 2025 target.
• WAB-13672: Fix multiple plugin backup issues that could trigger internal errors after restoration, and verification that pre-existing plugins are stored in the "restored_aside" directory.
• WAB-13703: Fix Ctrl+End and Ctrl+Alt+End shortcuts interpreted as Ctrl+Delete and Ctrl+Alt+Delete during VNC sessions.
• WAB-13711: Fix local user editing on the web interface when the account expiration date is in the past.
• WAB-13725: Fix an issue causing incorrect nighttime notification during license status check.
• WAB-13726: Fix an issue with Application Driver when the login field does not have any type.
• WAB-13729: Fix copy-paste issue in internal page edit fields of the RDP proxy, where an invisible character was added that prevented deletion of the first character.
• WAB-13749: Fix incorrect network configuration when restoring a backup that did not include the DNS Domain or Search options.
• WAB-13802: Fix multi-line banner formatting on SSH target connections.
• WAB-13857: Fix a traceback being printed when running the 'WABCleanGhostSessions' command when the license has expired.
• WAB-13871: Fix approval request email not being sent to LDAP/AD approvers for groups linked to a SAML authorization.
• WAB-13893: Fix an issue with Bastion replication clusters where SQL replication between servers could be disrupted by the simultaneous execution of specific recurring jobs on multiple cluster nodes.
• WAB-13895: Add Celery and SQL replication logs in debug ZIP file on the System > Status page .
• WAB-13978: Add Windows 11 Pro and Entreprise, and Windows Server 2025 to the list of supported versions.
• WAB-14003: Fix error in logs when trying to change a secret that is not present in the account.
• WAB-14065: Fix unintended sending of the password expiration notification to the “admin” user.
• WAB-14116: Improve Domain Server Name handling to support names with only one or two characters.
• WAB-14133: Fix LDAP user listing issues when using "memberOf" as a group attribute in an authentication domain.
• WAB-14166: Fix the version check for WALLIX Bastions to allow more flexibility during replication script execution.
• WAB-14232: Update kernel package to 6.1.140-1 and intel-microcode to 3.20250512.1~deb12u1 to fix CVE-2024-28956 and CVE-2024-45332 security advices.
• WAB-14274: Fix an issue causing the "ntpsec" service configuration file to reference an invalid directory pathname.
• WAB-14451: Fix default route that was set to "blackhole" for each routing table of IPSR interfaces.
• WAB-14468: Fix the "RDP-sogisces_1.3_2030" and "SSH-sogisces_1.3_2030" connection policies when new parameters are added. These parameters were not taken into account during a configuration restore or upgrade of WALLIX Bastion.
• WAB-14479: Add vault activity logs in the debug archive.

2.8   Bug fixes in WALLIX Bastion 12.1.1

• WAB-13812: Fix old password been keep with Kerberos method of Windows password change plugins when password successfully changed on Active Directory.

2.9   Bug fixes in WALLIX Bastion 12.1

• WAB-6301: Improve the listing time of users with AD recursive groups.
• WAB-6445: Fix deletion of target by a limited administrator if it exists in another group.
• WAB-7383: Fix AD/LDAP 'simple (client certificate)' bind method.
• WAB-7705: Improve route definition by accepting host bit set. The applied route is normalized, and a warning message is logged in/var/log/syslog.
• WAB-8391: Improve the user interface by hiding the iDrac network interface of Dell physical appliances.
• WAB-8445: Add replication of logo customizations in WALLIX One PAM cluster.
• WAB-8999: Fix the Deactivate action in the configuration of the remote storage.
• WAB-9074: Fix to automatically reload logger settings on each REST API request without restarting the service.
• WAB-9155: Fix X.509 authentication when there are accents in the user certificate.
• WAB-9170: Fix to keep the user's last connection date when the password changes.
• WAB-9476: Remove the interface element related to the deprecated HA DRBD feature.
• WAB-9491: Improve the default display of API key in the browser. After the generation, this key is hidden by default. Add an eye icon to display the API key.
• WAB-9862: Remove unnecessary data for each file when session files are moved between local and remote storage. This fixes the "data is too long" error in the case of a session with a huge number of files.
• WAB-9873: Fix an issue preventing a notification email to be sent when the watchdog gets back to an operational state after having been out of order.
• WAB-10180: Fix target connection failure notification sending when application cannot be launched.
• WAB-10230: Fix error logging in/opt/wab/bin/WABCRLFetch cron.
• WAB-10250: Fix RDP Proxy Sesman configuration options lost after upgrade.
• WAB-10278: Fix to display the login instead of defaultEmailDomain for UserPrincipalName.
• WAB-10340: Fix the CSV import of Entra ID (ex Azure AD) users.
• WAB-10341: Fix to ensure that a limited administrator can access the authentication history.
• WAB-10401: Fix the Clear action of the remote storage configuration so it deletes the remote storage parameters from the bastion.
• WAB-10443: Fix time frame verification that allowed to open a session on an application outside a time frame under certain conditions.
• WAB-10464: Improve robustness of HA Database Replication with concurrent check-ins and checkouts of credentials.
• WAB-10618: Improve usability by limiting email notifications to approvals whose end date has not yet passed.
• WAB-10664: Fix the test network parameters by using the timeout during a GSSAPI connection.
• WAB-10671: Fix target name in file created for ticketing interface script in case of password checkout.
• WAB-10754: Update the Apache server to version 2.4.62-1~bpo10+wallix1 to fix following vulnerabilities: CVE-2024-39573 CVE-2024-38477 CVE-2024-38476 CVE-2024-38475 CVE-2024-38474 CVE-2024-38473 CVE-2024-38472 CVE-2024-36387 CVE-2024-39884 CVE-2024-40898 CVE-2024-40725.
• WAB-10833: Fix the error "AttributeError: 'list' object has no attribute 'st_size'" that could be reported by the integrity checker "WABSessionLogIntegrityChecker" after importing a session archive. The imported sessions are now correctly processed.
• WAB-10844: Fix the SAML Entra ID authentication end to end between Bastion and Access Manager.
• WAB-10910: Add the option for administrators to reencrypt the LUKS volume.
• WAB-11001: Add more logs when LDAP connection test fails.
• WAB-11005: Fix wrong script path in the replication cron jobs.
• WAB-11006: Fix the "bastion-traceman info" subcommand to provide the correct values for available and total space on the remote storage.
• WAB-11007: Fix the removal of the monitoring cron job of the replication.
• WAB-11011: Fix the “--elevate-master“ option of the replication script.
• WAB-11019: Fix to allow creation of profiles with Manage Approvals right but without the Manage Authorizations right. Fix to prevent saving a profile with Manage Authorizations right but without User groups and Target groups rights.
• WAB-11031: Fix the restoration of /var/wab/etc content during backup restore.
• WAB-11043: Update python3 packages to version 3.7.3-2+deb10u8 to fix the following vulnerabilities: CVE-2024-0397 CVE-2024-4032.
• WAB-11051: Fix the HA installation workflow if the system locale is not in English.
• WAB-11063: Disable account creation by Google cloud agent.
• WAB-11087: Fix the automatic partition resizing on cloud images.
• WAB-11095: Remove mail sent every five minutes for replication check.
• WAB-11097: Disable users from launching bastion-upgrade.sh manually.
• WAB-11103: Fix notifications for OCR and keyboard input-based pattern detection during RDP sessions.
• WAB-11111: Remove unexpected successful message in logs when a domain failed to be saved.
• WAB-11138: Improve readability by reinstating the previous upgrade log file name, which used underscores instead of spaces.
• WAB-11139: Improve usability by resetting the default wabupgrade shell to bash, which restores autocompletion.
• WAB-11140: Add a message at the end of the upgrade to say the operation was successful.
• WAB-11142: Add a confirmation message on BastionSecureUpgrade command before launching upgrade
• WAB-11143: Fix service control limit value when toggling iptables rules.
• WAB-11166: Fix live session audit not working with WALLIX Access manager 5.0.0.
• WAB-11201: Fix corrupted vhdx image release.
• WAB-11289: Fix issue in the SBOM regarding the incorrect version of the 'python3-winrm' package.
• WAB-11297: Update dashboard component.
• WAB-11303: Fix an issue that causes mail notifications to be sent to the wrong recipient during a HA Database Replication.
• WAB-11316: Add a default HTTPS transport feature when changing credentials with WinRM method of Windows password change plugin.
• WAB-11349: Fix SAML data schema update from 10.0 in migration scripts.
• WAB-11351: Fix IPv4 and IPv6 default gateway deletion each time the configuration is applied in the System > Network page if IP source routing is enabled.
• WAB-11378: Fix backup import from previous versions when the backup key has been truncated.
• WAB-11391: Improve the description of the Enable Kerberos and Allow NLA NTLM fallback RDP options in Connection Policies.
• WAB-11399: Fix users of AD recursive groups not correctly mapped to their Bastion groups. Improve performance when fetching users from an AD/LDAP domain.
• WAB-11401: Fix Universal Tunneling session when requested source ip is empty.
• WAB-11424: Fix import of backup when there are duplicated user or target groups in database.
• WAB-11428: Improve security by further restricting LDAP client algorithms to match SOG-IS.
• WAB-11431: Fix two bastion-replication issues: certain SSH operations are no longer interrupted before completion, and the autossh tunnel is now established through the right network interface.
• WAB-11453: Fix deletion of e-mail list in user group via API endpoint PUT /api/usergroups.
• WAB-11459: Improve the strength of passwords and passphrases. Weak, common or too short passphrases and passwords are now rejected.
• WAB-11461: Fix HTTP host header handling in redirects.
• WAB-11462: Fix a bad error handling when entering an invalid network mask in the network configuration form of the setup wizard.
• WAB-11463: Improve CSRF token behavior which is now provided by the REST API thanks to a cookie (with established ttl) and is not stored anymore in the browser local storage.
• WAB-11490: Add a new advanced option tls enable legacy server in RDP Connection Policy to fix RDP connections with TLS 1.0 to legacy Windows Server (such as Windows Server 2008). This option is disabled by default and must be enabled only for targets on a legacy Windows Server.
• WAB-11499: Fix clipboard redirection with Windows XP target.
• WAB-11503: Fix internal server error (HTTP 500) in API request when filtering on a timestamp field and providing an invalid date.
• WAB-11518: Fix password checkout of a target whose account name contains a "" character (Secrets table).
• WAB-11552: Add options to control the authentication method and TLS options in the connection policy of VNC.
• WAB-11559: Fix keyboard input pattern detection in Access Manager invited sessions.
• WAB-11574: Fix a vulnerability that allowed a malicious user to execute arbitrary commands while restoring a backup.
• WAB-11590: Fix the integrity errors of the current sessions caused by WABSessionLogPurge by recreating, if necessary, the hash folder deleted by the script.
• WAB-11626: Fix WALLIX-PuTTY installation in Windows workstation where some libraries (VCRUNTIME140.dll) are not present.
• WAB-11636: Fix auditor 4 hands (via Windows Shadowing) access on some targets.
• WAB-11648: Fix the network configuration migration during upgrade or restoration from a version prior to IPv6 support.
• WAB-11665: Fix restoration of backup made on version 9.0 when a connection policy has single quotes in name.
• WAB-11671: Fix error notification appearance when a global account is linked to an application via a target group.
• WAB-11727: Improve logging for Windows password change plugin.
• WAB-11743: Improve the error report of the keyboard pattern detections of the RDP sessions by resetting the text sent when the Enter key will be detected.
• WAB-11764: Fix handling of multiple LUKS partition in bastion-luks-update.
• WAB-11771: Fix the vulnerability issue DSA 5782-1 affecting the Linux kernel.
• WAB-11791: Add Disable keyboard log option to the VNC connection policy to configure the KBD_INPUT log.
• WAB-11795: Fix the detection of closure by inactivity on the shared RDP sessions and whose control is given to the guest.
• WAB-11811: Fix errors when changing multiple passwords at the same time with the Kerberos method of the Windows plugin.
• WAB-11813: Fix the login generated by the GUI for an account mapping.
• WAB-11816: Fix display of the default gateway interface for ipv4 and ipv6 when the IP source routing is disabled on the System > Network page.
• WAB-11818: Fix the display of the approval history list by de-duplicating rows when the approver belongs to more than one approver group.
• WAB-11830: Fix RDP connections closing when approval requests were pending for too long.
• WAB-11842: Fix "mariadb Aborted connection ..." warning for bastion-replication that was triggered by the replication monitoring, and which appeared in syslog every minute.
• WAB-11883: Fix the delete icons for ipv4 and ipv6 routes as they removed the wrong routes on the System > Network page.
• WAB-11884: Fix issue when adding multiple ipv4 or ipv6 routes in the System > Network page.
• WAB-11904: Fix display of local authentication configuration in user creation form with Chrome browser version 127 or later.
• WAB-11910: Fix encoding of users imported from an LDAP or AD server.
• WAB-11928: Fix an issue that causes Ha Database Replication to be down for too long.
• WAB-11929: Fix a traceback issue caused by Unicode decoding in SQL replication.
• WAB-11949: Fix message displayed outside of visible area when configuring X.509 certificates on the web interface.
• WAB-11950: Improve warning message when target session is limited in time by indicating the timezone of the deconnection time.
• WAB-11953: Fix support for small computers without a keyboard controller. The absence of a keyboard controller was causing the startup setup screens to crash.
• WAB-11965: Add optional field to enter the administrator's domain for Windows password change plugin.
• WAB-11966: Fix to catch network error in the Windows password change plugin.
• WAB-11967: Fix for Windows plugin to catch error when changing password of a user who does not exist on the target.
• WAB-12025: Fix issue that could allow a disabled or expired Active Directory user to connect to the Bastion SSH proxy with a SSH key or to the Bastion with an X.509 certificate.
• WAB-12028: Fix interruption of the launch of a manually deployed Application Driver by an end-user.
• WAB-12038: Fix XRDP target connections when the Allow TLS only fallback option is disabled in the RDP connection policy.
• WAB-12068: Improve the upgrade process of WALLIX Bastion by preventing it from starting if disk space is insufficient.
• WAB-12090: Fix compatibility issue between Cisco Secure Endpoint and Session Probe.
• WAB-12097: Improve the strength of SMTP cipher algorithms in TLS or STARTTLS, with the ability to configure their security level.
• WAB-12131: Fix "Page not found" error that might appear on Administration and Audit pages
• WAB-12169: Fix RDP session status when the connection has been aborted.
• WAB-12176: Fix read of approvals assigned to a user via the REST API when the user logged is an external user.
• WAB-12177: Fix interactive mode for SCP and SFTP protocols when primary authentication is SAML.
• WAB-12179: Fix the system going into lockdown mode when the upgrade is prevented by an active HA Database Replication. The fix will be effective when upgrading from this version and newer versions.
• WAB-12197: Fix errors in the Check Point GAIA password change plugin.
• WAB-12203: Fix uniqueness of the /etc/machine-id file on the disk image.
• WAB-12209: Fix email sent containing "UNLIKELYVALUEMAGICASPICONSTANTS3141592926ISUSEDTONOTIFYTHEVALUEMUSTBEASKED" when a user attempts to access a critical target in interactive login, but quits via the escape key or due to a timeout.
• WAB-12214: Improve SQL request made when an AAPM client is authenticating.
• WAB-12225: Fix an issue on the SMTP system page when trying to check a certificate against a SMTP server listening on a non-standard port.
• WAB-12241: Fix file permission of the logger configuration preventing the change of the log level of the Bastion.
• WAB-12247: Fix issue that allowed a disabled or expired FreeIPA user to connect to the Bastion SSH proxy with an SSH key or to the Bastion with an X.509 certificate.
• WAB-12283: Add Hungarian keyboard layouts (named hu-HU). The previous keyboard layout hu-HU is renamed hu-HU.101-key.
• WAB-12287: Improve RDP Client Keepalive description in the RDP proxy configuration options.
• WAB-12378: Fix network interface renaming after upgrade.
• WAB-12397: Remove mentions of traces in the log when no file needs to be transferred. [bastion-traceman]
• WAB-12401: WAB wallix-config-restore.py exit code does not report errors
• WAB-12412: Fix for Windows plugin to catch error when trying to change the password of a locked out account.
• WAB-12452: WABSessionLogPurge: fix orphan file detection to prevent accidental deletion of hash files when some session files are temporarily not available.
• WAB-12497: Fix inaccurate error message sent in case of rejected credential change.
• WAB-12502: Improve the handling of untrusted HTTP hosts by returning a 400 error instead of redirecting on the UI and API.
• WAB-12645: Add error about a file copy in the logs and in the output of the bastion-traceman job. When bastion-traceman failed to copy one individual file for a trace, it left the trace's files in the local storage (as expected), but would not report any error in the logs.
• WAB-12671: Fix RAIL application that can appear partially or not at all in 4eyes when the primary monitor is not at the top-left corner of the virtual desktop.
• WAB-12780: Fix emails sent to approvers by error for targets outside of their limitations.
• WAB-12842: Fix an error message concerning remote storage when it was not configured.
• WAB-12909: Fix restoration of backup when there are NULL values in the "owner" column of the SQL table "session_log".
• WAB-12938: Fix error "STATUS_ACCOUNT_RESTRICTION" in Samba method of Windows password change plugin.
• WAB-12999: Fix failure of session sharing between multiple RemoteApps when the target name is too long.
• WAB-13026: Fix "WABSessionLogImport" when importing archives with a specific error in data format (see related fix WAB-13639). The import script will now handle the error, do its best efforts to recover the relevant data, and proceed to the end of the archive without a fatal error.
• WAB-13037: Fix parallelization for change credentials in multiple domains.
• WAB-13140: Improve workflow and error handling in Windows password change plugins.
• WAB-13150: Fix the Local domain field in the device and application accounts forms.
• WAB-13153: Fix the warning message when lowering the security level.
• WAB-13162: Add support of accounts with shell different from /etc/cli.sh in Checkpoint GAIA password change plugin.
• WAB-13209: Fix Kerberos form in edit mode then a keytab file is not provided.
• WAB-13261: Fix the creation of approval requests starting in the past and bypassing the current allowed timeframe (security fix).
• WAB-13272: Update libgnutls30 package to fix this security advice: CVE-2024-12243.
• WAB-13275: Fix the SIEM message on session log purge that only contained one session.
• WAB-13296: synchronize-cluster fails when there are too much folder in /var/wab/hash
• WAB-13396: Improve Users > Groups page by renaming the User number column to Local users.
• WAB-13496: Fix a Python import error during upgrade of the Bastion.
• WAB-13519: Remove credential cache file left after rotation in Kerberos method of Windows password change plugin.
• WAB-13548: Fix the encryption level of the Discovery service and use HTTPS as the default method for connecting to Windows devices through WinRM.
• WAB-13722: Fix the Discovery service status that was not stopped when deactivating the corresponding configuration option.

2.10   Bug fixes in WALLIX Bastion 12.0.2

• WAB-8391: Improve the user interface by hiding the iDrac network interface of Dell physical appliances.
• WAB-10754: Upgrade the Apache server to fix multiple vulnerabilities.
• WAB-10910: Add the option for administrators to reencrypt the LUKS volume.
• WAB-11005: Fix wrong script path in the replication cron jobs.
• WAB-11007: Fix the removal of the monitoring cron job of the replication.
• WAB-11011: Fix the "--elevate-master" option of the replication script.
• WAB-11051: Fix the HA installation workflow if the system locale is not in English.
• WAB-11063: Improve GCP agent configuration.
• WAB-11087: Fix the automatic partition resizing on cloud images.
• WAB-11103: Fix notifications for OCR and keyboard input-based pattern detection.

2.11   Bug fixes in WALLIX Bastion 12.0.1

• WAB-6364: Fix permanent connection file when the user is in an authentication domain with the Server Domain Name different from the Authentication Domain Name.
• WAB-6420: Fix usage of variable approvers in custom e-mail templates.
• WAB-6643: Fix issues with bastion-debugging-tools.
• WAB-6969: Improve external authentications to ensure that the Last Connection field updates in scenarios where the User Name attribute is configured as UserPrincipalName.
• WAB-7484: Improve "Missing authorization UID for right" log message by changing the log level to TRACE.
• WAB-7489: Add anonymization of table "activity" in script bastion-db-anonymizer.
• WAB-7605: Fix wrong behavior when activating or deactivating IP Source Routing where /32 routes were deleted.
• WAB-7623: Improve HA Database Replication by forbidding the execution on some command in slave.
• WAB-7711: Remove exception from file /var/log/apache2/wabrest-uwsgi.log when an object is not found in REST API.
• WAB-7812: Improve the error message for Domain server name field in the Authentication domains page. The name should comply with the Domain Naming Convention.
• WAB-8019: Improve message displayed to user for TLS errors with RDP connections.
• WAB-8042: Improve readability by renaming the "Authentication domain name" field to "Server domain name" in the Groups form for users.
• WAB-8243: Fix account mapping login issue from Access Manager when user password contains special characters like "é", "ü", "ß", "¾", or "§".
• WAB-8268: Fix approval requests obtention for an external user.
• WAB-8269: Fix the installation of HA database replication when the database passwords of the cluster nodes are different.
• WAB-8283: Fix CSV export for Global Domain configuration.
• WAB-8288: Fix the sending of notifications that was not always working.
• WAB-8529: Fix the session audit right being transferable by a user who does not have this right.
• WAB-8990: Fix WALLIX Bastion outage when filesystem is full and trying to download debug logs zip file.
• WAB-8991: Improve Bastion-replication script which now checks the license for clustering entitlement.
• WAB-8993: Fix parsing of LDAP user e-mails for approval permissions.
• WAB-9031: Fix issue which allows to configure an invalid FQDN in the setup screens.
• WAB-9069: Fix the --resync command in HA Database Replication.
• WAB-9164: Fix an issue, in the context of approval workflow or auditor 4-hands, where the refused message notification can randomly be silenced while in RDP pending page.
• WAB-9186: Fix CAL per Device license management when using multiple RDS in an application cluster.
• WAB-9241: Fix translation of some fields on the website that were using the browser language instead of the Bastion user language.
• WAB-9295: Fix reconciliation of password in Unix password change plugin.
• WAB-9375: Fix the absence of two csv reports in the daily reporting e-mail.
• WAB-9413: Increase default number of concurrent connections allowed to 30.
• WAB-9486: Improve compatibility with HA database replication by reducing the size of the password generated for the database to 32 characters.
• WAB-9497: Fix reconciliation for SSH key change in Unix password change plugin.
• WAB-9514: Improve approval display time for approvers on large LDAP directory.
• WAB-9561: Improve REST API target password checkout by adding real domain name for global domain accounts.
• WAB-9684: Add return of error 503 in API endpoint "/api/ldapuser" if the LDAP/AD server is not reachable.
• WAB-9711: Fix access to an application outside authorized time frames.
• WAB-9718: Fix security issue caused by the database root password being displayed in the process list and in error messages.
• WAB-9733: Fix connection to target with a local account discovered by a discovery scan.
• WAB-9755: Improve performance of the Audit > Session history page on the web interface.
• WAB-9804: Add LDAP case insensitive option to perform case insensitivity checks for LDAP or Active Directory mappings. This option affects the performance of the user listing.
• WAB-9818: Add extended mouse buttons support in RDP sessions.
• WAB-9819: Fix regeneration and upload of a new SSH private key in an account when it already has one.
• WAB-9827: Fix wrong Bastion version being displayed on the grub menu after upgrade.
• WAB-9834: Fix wrong EHLO command by sending a correct hostname.
• WAB-9859: Fix to ensure that a self-approval request is only possible if the requester is a member of the approvers group.
• WAB-9886: Fix to ensure adding of new routes with a subnet of 255.255.255.255 or 32 to the appliance interface no longer deletes routes with a submask of 255.255.255.255 or 32.
• WAB-9963: Improve Filesystem Virtual Channel Manager to ignore malformed requests.
• WAB-9988: Fix profile addition by a limited administrator.
• WAB-9998: Fix to allow auditors with a group restriction to see accounts activities under their control.
• WAB-9999: Add anonymization of authentication domains in script bastion-db-anonymizer.
• WAB-10056: Update kernel version to version 6.1.85-1 in order to fix following security advice: CVE-2023-2176 CVE-2023-6270 CVE-2023-7042 CVE-2023-28746 CVE-2023-47233 CVE-2023-52429 CVE-2023-52434 CVE-2023-52435 CVE-2023-52583 CVE-2023-52584 CVE-2023-52587 CVE-2023-52588 CVE-2023-52589 CVE-2023-52593 CVE-2023-52594 CVE-2023-52595 CVE-2023-52597 CVE-2023-52598 CVE-2023-52599 CVE-2023-52600 CVE-2023-52601 CVE-2023-52602 CVE-2023-52603 CVE-2023-52604 CVE-2023-52606 CVE-2023-52607 CVE-2023-52616 CVE-2023-52617 CVE-2023-52618 CVE-2023-52619 CVE-2023-52620 CVE-2023-52621 CVE-2023-52622 CVE-2023-52623 CVE-2023-52630 CVE-2023-52631 CVE-2023-52632 CVE-2023-52633 CVE-2023-52635 CVE-2023-52637 CVE-2023-52638 CVE-2023-52639 CVE-2023-52640 CVE-2023-52641 CVE-2024-0340 CVE-2024-0841 CVE-2024-1151 CVE-2024-2201 CVE-2024-22099 CVE-2024-23850 CVE-2024-23851 CVE-2024-24857 CVE-2024-24858 CVE-2024-26581 CVE-2024-26582 CVE-2024-26583 CVE-2024-26584 CVE-2024-26585 CVE-2024-26586 CVE-2024-26590 CVE-2024-26593 CVE-2024-26600 CVE-2024-26601 CVE-2024-26602 CVE-2024-26603 CVE-2024-26606 CVE-2024-26621 CVE-2024-26622 CVE-2024-26625 CVE-2024-26626 CVE-2024-26627 CVE-2024-26629 CVE-2024-26639 CVE-2024-26640 CVE-2024-26641 CVE-2024-26642 CVE-2024-26643 CVE-2024-26651 CVE-2024-26654 CVE-2024-26659 CVE-2024-26660 CVE-2024-26663 CVE-2024-26664 CVE-2024-26665 CVE-2024-26667 CVE-2024-26671 CVE-2024-26673 CVE-2024-26675 CVE-2024-26676 CVE-2024-26679 CVE-2024-26680 CVE-2024-26681 CVE-2024-26684 CVE-2024-26685 CVE-2024-26686 CVE-2024-26687 CVE-2024-26688 CVE-2024-26689 CVE-2024-26695 CVE-2024-26696 CVE-2024-26697 CVE-2024-26698 CVE-2024-26700 CVE-2024-26702 CVE-2024-26704 CVE-2024-26706 CVE-2024-26707 CVE-2024-26710 CVE-2024-26712 CVE-2024-26714 CVE-2024-26715 CVE-2024-26717 CVE-2024-26718 CVE-2024-26720 CVE-2024-26722 CVE-2024-26723 CVE-2024-26726 CVE-2024-26727 CVE-2024-26731 CVE-2024-26733 CVE-2024-26735 CVE-2024-26736 CVE-2024-26737 CVE-2024-26741 CVE-2024-26742 CVE-2024-26743 CVE-2024-26744 CVE-2024-26745 CVE-2024-26747 CVE-2024-26748 CVE-2024-26749 CVE-2024-26750 CVE-2024-26751 CVE-2024-26752 CVE-2024-26753 CVE-2024-26754 CVE-2024-26759 CVE-2024-26760 CVE-2024-26761 CVE-2024-26763 CVE-2024-26764 CVE-2024-26765 CVE-2024-26766 CVE-2024-26769 CVE-2024-26771 CVE-2024-26772 CVE-2024-26773 CVE-2024-26774 CVE-2024-26775 CVE-2024-26776 CVE-2024-26777 CVE-2024-26778 CVE-2024-26779 CVE-2024-26780 CVE-2024-26781 CVE-2024-26782 CVE-2024-26787 CVE-2024-26788 CVE-2024-26789 CVE-2024-26790 CVE-2024-26791 CVE-2024-26792 CVE-2024-26793 CVE-2024-26795 CVE-2024-26798 CVE-2024-26800 CVE-2024-26801 CVE-2024-26802 CVE-2024-26803 CVE-2024-26804 CVE-2024-26805 CVE-2024-26809 CVE-2024-26810 CVE-2024-26811 CVE-2024-26812 CVE-2024-26813 CVE-2024-26814 CVE-2024-26815 CVE-2024-26816 CVE-2024-27437.
• WAB-10072: Add a mechanism that automatically stops SQL replication during a restore, then re-synchronizes the nodes and restarts the synchronization.
• WAB-10075: Improve logs readility by no longer creating logs when there is a logging attempt with an incorrect username.
• WAB-10123: Fix AD authentication test for GSS-API bind method.
• WAB-10147: Fix issue where the RDP Proxy configuration can not be modified on a fresh install.
• WAB-10167: Improve user experience by scheduling a single checkin task after multiple checkouts of the same account by the same user.
• WAB-10175: Fix Application Driver automatic deployment.
• WAB-10217: Update WALLIX-PuTTY to version 0.81.1 to fix the following security issue: CVE-2024-31497.
• WAB-10220: Add parameters to fine tune RDP targets authentication phase.
• WAB-10244: Improve backups by allowing a backup to happen while bastion-traceman is running.
• WAB-10253: Remove default evaluation license for Cloud installations.
• WAB-10254: Fix wabadmin password change prompt not being displayed on Azure at the first shell login.
• WAB-10255: Fix support of legacy hash algorithms for the local user password hashes.
• WAB-10299: Fix removing redirected drive of Session Probe.
• WAB-10312: Fix RDP sessions with corrupted recordings that leave TMP files.
• WAB-10333: Fix forwarding of arguments to WABInitReset properly when ran as wabadmin.
• WAB-10385: Remove a question about the "crypto" during the configuration of the HA Database Replication. The answer was not used.
• WAB-10386: Fix superset cookie issue.
• WAB-10407: Fix the Palo Alto change password plugin.
• WAB-10519: Update the VMware disk from ".vmdk" to ".ova".
• WAB-10746: Update Debian packages in order to fix this security advice: CVE-2024-6387.
• WAB-10865: Fix non-functional boot in EFI SecureBoot mode.
• WAB-10877: Add audit logs related to SIEM settings when the log format is changed or the filter configuration is changed.
• WAB-10889: Fix of file rights under /var/wab/hash when restoring a backup. The standard rights expected on a bastion are now restored.
• WAB-10917: Fix Network and Service control pages, as well as the WABNetworkConfiguration script, in WALLIX One Remote Access environments.