Released: Apr 1, 2026

Server and Console 2026.1.12.0 での更新項目

機能

Server

• Core
  • Added dashboard layout reset capability allowing administrators to reset a user's corrupted or misconfigured dashboard layout back to defaults.

不具合の修正

Server

• Core
  • Fixed a security issue where MFA check could be bypassed when Emergency Code authentication was disabled.
  • Fixed an issue where OAuth session reuse could allow user impersonation, including administrators.
  • Fixed a security issue where MFA could be bypassed using an alternate authentication cookie.
  • Fixed an issue allowing users to remove their own MFA despite enforced restrictions.
  • Fixed an issue where users with management permissions could access other users' MFA secrets.
  • Fixed an issue where the gateway health check could be exploited for server-side request forgery (SSRF).
  • Fixed a regression where Microsoft User synchronization failed with an error reading 'UserCleanupDelta'.
  • Fixed an issue where approving temporary access requests did not work when only groups were set as approvers.
  • Fixed an issue where the contractor welcome email redirect did not work if the user was already logged in.
  • Fixed KeePass XML import incorrectly creating Legacy Website entries instead of the correct entry type.
  • Fixed Public API path query parameter filtering to work correctly with encoded URLs and nested paths.
  • Fixed the scheduler service crashing when custom log retention policy configuration contained invalid data.
• Gateway
  • Fixed a server-side request forgery vulnerability in the gateway health check route.
  • Fixed an issue where new vaults could not be selected when changing the member filter in a gateway farm.
  • Fixed session recording not working when the session does not connect through a gateway.
  • Fixed the gateway going offline when a connection to a session fails due to a Virtual Gateway rule or other reason.
• Web
  • Fixed a regression where the "All vault" button in the search stopped working.
  • Fixed an issue where Domain/AD users could not be added by browsing and selecting them.
  • Fixed normal users receiving an "Unable to save" error in the customize dashboard layout when a default dashboard exists.
  • Fixed the credit card edit component missing a reveal sensitive data button.
  • Fixed the entry security analyzer where the "Pwned" password filter was not working.
  • Fixed the TOTP window display being broken.

Console

• Core
  • Fixed a regression where SQL-to-DVLS migration silently failed to decrypt User Vault (private) entries, causing users to see empty vaults after migration.