# Release Notes For a summarized view of monthly changes, see the Monthly Recap.
DateSoftwareVersionDescription
2026-04-17Control Plane126.22.0This release fixes an issue where in an organization configured with an idle timeout and MFA, after the idle timeout locks the StrongDM client, unlocking the client by performing MFA would cause the client to immediately lock again. This occurred because the idle timeout was not reset on unlock.
2026-04-15Control Plane126.12.0This release addresses a server-side issue where a failure to store policy authorization queries to a misconfigured Log Stream destination would sometimes retry indefinitely rather than failing and sending a warning notification email to the organization admin.
2026-04-09Desktop Application24.2.0This release fixes a regression in desktop app version 23.99.0 or higher, where the application would fail to start due to missing static files.
2026-04-07CLI54.0.0This release updates the CLI to suppress connection error notifications caused by the user cancelling the connection request.
2026-03-31Control Plane125.75.0This release verifies support for MySQL 8.4.8 against 8.0.33 and 8.4.8 command-line clients, as well as verifies support for MySQL 9.6.0 against 8.0.33, 8.4.8, and 9.6.0 command-line clients.
2026-03-30Control Plane125.70.0This release updates table filters styling.
2026-03-20CLI53.80.0This release fixes an issue in the desktop app where errors during an "Update kubectl configuration" action would not be surfaced and could only be seen by running the sdm k8s update-config CLI command.
2026-03-20Control Plane125.27.0This release adds support for using MCP Gateway with the Claude Desktop app.
2026-03-19Control Plane125.25.0This release adds granted-entitlements and requestable-entitlements subcommands to sdm admin clouds, sdm admin clusters, sdm admin kubernetes, sdm admin websites, sdm admin servers, sdm admin rdp, and sdm admin ssh. These commands support --filter, --filter-json, --filters-help, --extended, --json, and --timeout flags.
2026-03-19CLI53.79.0This release adds granted-entitlements and requestable-entitlements subcommands to sdm admin clouds, sdm admin clusters, sdm admin kubernetes, sdm admin websites, sdm admin servers, sdm admin rdp, and sdm admin ssh. These commands support --filter, --filter-json, --filters-help, --extended, --json, and --timeout flags.
2026-03-18Control Plane125.18.0Fixed issue where pages were not loading properly for user's identity aliases when there was a large number of them.
2026-03-17CLI53.77.0This release adds sdm admin users requestable-entitlements, sdm admin resources requestable-entitlements, and sdm admin roles requestable-entitlements commands for listing resources that can be requested via an access workflow. These commands support --filter, --filter-json, --filters-help, --extended, --json, and --timeout flags.
2026-03-17Control Plane125.13.0This release adds sdm admin users requestable-entitlements, sdm admin resources requestable-entitlements, and sdm admin roles requestable-entitlements commands for listing resources that can be requested via an access workflow. These commands support --filter, --filter-json, --filters-help, --extended, --json, and --timeout flags.
2026-03-12Control Plane124.96.0This release adds support in the Go, Java, Python, and Ruby SDKs for listing requestable account, resource, and role entitlements.
2026-03-12Java SDK16.21.0This release adds support in the Go, Java, Python, and Ruby SDKs for listing requestable account, resource, and role entitlements.
2026-03-12Python SDK16.21.0This release adds support in the Go, Java, Python, and Ruby SDKs for listing requestable account, resource, and role entitlements.
2026-03-12Ruby SDK16.21.0This release adds support in the Go, Java, Python, and Ruby SDKs for listing requestable account, resource, and role entitlements.
2026-03-12Go SDK16.21.0This release adds support in the Go, Java, Python, and Ruby SDKs for listing requestable account, resource, and role entitlements.
2026-03-12Control Plane124.92.0This release introduces a new MCP Gateway resource that enables connections to remote MCP servers with fine-grained Cedar policies for controlling MCP tool calls. Authentication modes include OAuth, which uses a user token obtained via OAuth; PAT, which uses a Personal Access Token (Bearer token); and NoAuth, for servers that do not require authorization.
2026-03-12CLI53.66.0This release introduces a new MCP Gateway resource that enables connections to remote MCP servers with fine-grained Cedar policies for controlling MCP tool calls. Authentication modes include OAuth, which uses a user token obtained via OAuth; PAT, which uses a Personal Access Token (Bearer token); and NoAuth, for servers that do not require authorization.
2026-03-12Java SDK16.20.0This release introduces a new MCP Gateway resource that enables connections to remote MCP servers with fine-grained Cedar policies for controlling MCP tool calls. Authentication modes include OAuth, which uses a user token obtained via OAuth; PAT, which uses a Personal Access Token (Bearer token); and NoAuth, for servers that do not require authorization.
2026-03-12Python SDK16.20.0This release introduces a new MCP Gateway resource that enables connections to remote MCP servers with fine-grained Cedar policies for controlling MCP tool calls. Authentication modes include OAuth, which uses a user token obtained via OAuth; PAT, which uses a Personal Access Token (Bearer token); and NoAuth, for servers that do not require authorization.
2026-03-12Ruby SDK16.20.0This release introduces a new MCP Gateway resource that enables connections to remote MCP servers with fine-grained Cedar policies for controlling MCP tool calls. Authentication modes include OAuth, which uses a user token obtained via OAuth; PAT, which uses a Personal Access Token (Bearer token); and NoAuth, for servers that do not require authorization.
2026-03-12Go SDK16.20.0This release introduces a new MCP Gateway resource that enables connections to remote MCP servers with fine-grained Cedar policies for controlling MCP tool calls. Authentication modes include OAuth, which uses a user token obtained via OAuth; PAT, which uses a Personal Access Token (Bearer token); and NoAuth, for servers that do not require authorization.
2026-03-11Control Plane124.90.0This release fixes an issue where resources granted to a user by a temporary account grant (that is, an admin assignment or via an access request) would appear in the desktop app prior to the account grant's start time. This issue was purely cosmetic and would not have allowed access to connect to the resource if the user attempted to do so.
2026-03-11CLI53.60.0This release fixes an issue in the RDP (Certificate Based) resource type where the RDP protocol interpreter could incorrectly parse data associated with non-virtual channels as virtual channel data. In rare cases, this could potentially lead to undefined behavior, including node crashes or unexpectedly high memory usage.
2026-03-10Control Plane124.71.0This release fixes an issue where the policy editor could not save.
2026-03-09Control Plane124.68.0This release adds sdm admin users granted-entitlements, sdm admin resources granted-entitlements, and sdm admin roles granted-entitlements commands for listing access entitlements. These commands support --filter, --filter-json, --filters-help, --extended, --json, and --timeout flags.
2026-03-09CLI53.55.0This release adds sdm admin users granted-entitlements, sdm admin resources granted-entitlements, and sdm admin roles granted-entitlements commands for listing access entitlements. These commands support --filter, --filter-json, --filters-help, --extended, --json, and --timeout flags.
2026-03-09CLI53.54.0
  • Disk usage information is now reported in diagnostics.
2026-03-05CLI53.46.0This release updates AccountGrant to include an access_request_id field. When an account grant is created through an access request workflow, this field will contain the ID of the originating access request. For grants created directly by an admin, this field will be empty.
2026-03-05Python SDK16.17.0This release updates AccountGrant to include an access_request_id field. When an account grant is created through an access request workflow, this field will contain the ID of the originating access request. For grants created directly by an admin, this field will be empty.
2026-03-05Ruby SDK16.17.0This release updates AccountGrant to include an access_request_id field. When an account grant is created through an access request workflow, this field will contain the ID of the originating access request. For grants created directly by an admin, this field will be empty.
2026-03-05Java SDK16.17.0This release updates AccountGrant to include an access_request_id field. When an account grant is created through an access request workflow, this field will contain the ID of the originating access request. For grants created directly by an admin, this field will be empty.
2026-03-05Go SDK16.17.0This release updates AccountGrant to include an access_request_id field. When an account grant is created through an access request workflow, this field will contain the ID of the originating access request. For grants created directly by an admin, this field will be empty.
2026-03-04CLI53.43.0This release contains no announceable changes for customers
2026-03-03Control Plane124.26.0This release fixes an issue where groups (privileges) requestable or granted within a given Entra ID or Okta Groups resource would not display in the said resource's Entitlements page.
2026-03-03Control Plane124.27.0This release fixes an issue where updating the Okta Org URL would not update the link that appears in the desktop app. In addition, this release fixes an issue where the privileges dropdown contained groups that could not have their membership manipulated.
2026-03-03Control Plane124.20.0This release adds support for Databricks SQL.
2026-03-03CLI53.37.0This release adds support for Databricks SQL.
2026-03-03Terraform Provider16.15.0This release adds support for Databricks SQL.
2026-03-03Java SDK16.15.0This release adds support for Databricks SQL.
2026-03-03Python SDK16.15.0This release adds support for Databricks SQL.
2026-03-03Go SDK16.15.0This release adds support for Databricks SQL.
2026-02-26Control Plane123.97.0This release adds Entitlements > Read as a grantable permission when creating admin tokens and API keys. This permission is required to use the new GrantedAccountEntitlements, GrantedResourceEntitlements, and GrantedRoleEntitlements services.
2026-02-26Control Plane123.95.0This release adds support in the Go, Java, Python, and Ruby SDKs for listing granted account, resource, and role entitlements.
2026-02-26Java SDK16.13.0This release adds support in the Go, Java, Python, and Ruby SDKs for listing granted account, resource, and role entitlements.
2026-02-26Python SDK16.13.0This release adds support in the Go, Java, Python, and Ruby SDKs for listing granted account, resource, and role entitlements.
2026-02-26Go SDK16.13.0This release adds support in the Go, Java, Python, and Ruby SDKs for listing granted account, resource, and role entitlements.
2026-02-26Ruby SDK16.13.0This release adds support in the Go, Java, Python, and Ruby SDKs for listing granted account, resource, and role entitlements.
2026-02-26Control Plane123.88.0This release adds the Okta Groups resource type.
2026-02-26CLI53.30.0This release adds the oktaGroups resource type.
2026-02-26Terraform Provider16.12.0This release adds the oktaGroups resource type.
2026-02-26Java SDK16.12.0This release adds the oktaGroups resource type.
2026-02-26Ruby SDK16.12.0This release adds the oktaGroups resource type.
2026-02-26Python SDK16.12.0This release adds the oktaGroups resource type.
2026-02-26Go SDK16.12.0This release adds the oktaGroups resource type.
2026-02-19CLI53.17.0This release fixes an issue where external UPNs (containing #EXT#) were not URL encoded when provisioning external grants, causing provisioning to fail.
2026-02-19Control Plane123.48.0This release fixes an issue where in the Jira plugin, request types were not populating correctly in the plugin settings when there were more than 50 projects.
2026-02-18Control Plane123.40.0This release adds internal safeguards for audit query log retrieval under sparse-result, large-range scans to reduce control-plane load.
2026-02-13Control Plane123.17.0This release fixes an issue where the Admin UI would hang when navigating away from the Utilization report while data was still loading.
2026-02-13Control Plane123.13.0This release fixes an issue where navigating away from the Managed Secrets report while data is loading no longer causes the Admin UI to hang.
2026-02-13Control Plane123.11.0This release fixes an issue where the Admin UI hangs when navigating away from the Access Workflows report while it is loading data.
2026-02-12Control Plane123.4.0This release fixes an issue where discovered Entra and Okta groups would lose permission information when discovered a second time.
2026-02-12Control Plane122.99.0This release fixes an issue where the Admin UI hangs when navigating away from the User Activity report while data is loading.
2026-02-12Control Plane122.93.0This release updates the Admin UI to use all healthy nodes when node_selector is not defined. When a secret engine's node_selector is not defined, all nodes that are reporting that the secret engine is healthy will be taken into account when communicating with the secret engine. For backward compatibility, existing secret engines will have node_selector set to tags:eng__{{name}}=true, where {{name}} is the secret engine's name.
2026-02-12Control Plane122.92.0This release revises the Authorize StrongDM action in the StrongDM app for Slack to work better for Slack enterprise customers with multiple workspaces.
2026-02-11CLI53.0.0This release adds a node_selector field to secret engines that allows selecting which nodes communicate with the engine. If the node_selector is empty the old fallback mechanism is used with the selector set to tags:eng__{{engine.name}}=true
2026-02-11Control Plane122.80.0This release adds a node_selector field to secret engines that allows selecting which nodes communicate with the engine. If the node_selector is empty the old fallback mechanism is used with the selector set to tags:eng__{{engine.name}}=true
2026-02-11Java SDK16.6.0This release adds a node_selector field to secret engines that allows selecting which nodes communicate with the engine. If the node_selector is empty the old fallback mechanism is used with the selector set to tags:eng__{{engine.name}}=true
2026-02-11Ruby SDK16.6.0This release adds a node_selector field to secret engines that allows selecting which nodes communicate with the engine. If the node_selector is empty the old fallback mechanism is used with the selector set to tags:eng__{{engine.name}}=true
2026-02-11Python SDK16.6.0This release adds a node_selector field to secret engines that allows selecting which nodes communicate with the engine. If the node_selector is empty the old fallback mechanism is used with the selector set to tags:eng__{{engine.name}}=true
2026-02-11Go SDK16.6.0This release adds a node_selector field to secret engines that allows selecting which nodes communicate with the engine. If the node_selector is empty the old fallback mechanism is used with the selector set to tags:eng__{{engine.name}}=true
2026-02-10Control Plane122.73.0
  • [Fix] Resolves an issue where the app would seem to hang when navigating away from teh Standing Access report.
2026-02-09Control Plane122.61.0This release fixes an issue where navigating away from the Executive Summary report while it's in a loading state no longer "hangs" the Admin UI.
2026-02-09Control Plane122.59.0This release fixes an issue where SSH replays were not playing.
2026-02-06Control Plane122.47.0This release fixes an issue with hanging navigation when navigating away from the Auditor Insights report.
2026-02-06Control Plane122.44.0This release adds BootDiskLicense, GKEClusterName, and GKENodePool to discovered GCP VM instance details.
2026-02-06CLI52.96.0This release adds BootDiskLicense, GKEClusterName, and GKENodePool to discovered GCP VM instance details.
2026-02-04Control Plane122.30.0This release fixes an issue that prevented discovered Entra Groups from having any extra information associated with them.
2026-02-04CLI52.92.0This release fixes an issue in the Azure discovery scanner that was causing scan failures when a list of subscription IDs was specified in the connector.
2026-02-04Control Plane122.27.0This release adds Terraform provider datasource "sdm_org_url_info" to return Organization settings.
2026-02-04Terraform Provider16.5.0This release adds Terraform provider datasource "sdm_org_url_info" to return Organization settings.
2026-02-04Java SDK16.5.0This release adds Terraform provider datasource "sdm_org_url_info" to return Organization settings.
2026-02-04Python SDK16.5.0This release adds Terraform provider datasource "sdm_org_url_info" to return Organization settings.
2026-02-04Ruby SDK16.5.0This release adds Terraform provider datasource "sdm_org_url_info" to return Organization settings.
2026-02-04Go SDK16.5.0This release adds Terraform provider datasource "sdm_org_url_info" to return Organization settings.
2026-02-02CLI52.88.0This release updates proxy workers to include their hostname in connection error messages. Connection error messages now include the address of the proxy cluster used for the connection. Gateway diagnostics now report "N/A" when no gateways are present.
2026-01-29CLI52.85.0This release exposes the user employee number via the SDKs and Terraform, along with resource discovery information for Okta groups via the SDKs, Terraform, and CLI.
2026-01-29Terraform Provider16.3.0This release exposes the user employee number via the SDKs and Terraform, along with resource discovery information for Okta groups via the SDKs, Terraform, and CLI.
2026-01-29Python SDK16.3.0This release exposes the user employee number via the SDKs and Terraform, along with resource discovery information for Okta groups via the SDKs, Terraform, and CLI.
2026-01-29Java SDK16.3.0This release exposes the user employee number via the SDKs and Terraform, along with resource discovery information for Okta groups via the SDKs, Terraform, and CLI.
2026-01-29Ruby SDK16.3.0This release exposes the user employee number via the SDKs and Terraform, along with resource discovery information for Okta groups via the SDKs, Terraform, and CLI.
2026-01-29Go SDK16.3.0This release exposes the user employee number via the SDKs and Terraform, along with resource discovery information for Okta groups via the SDKs, Terraform, and CLI.
2026-01-29Control Plane121.90.0For Slack enterprise grid connections to the StrongDM app, the Connected Services page now displays the list of workspaces that are currently connected to the app at Slack. If there are no connected workspaces at Slack, we provide a link to the page there where that can be done.
2026-01-29Control Plane121.85.0This release fixes an issue where local port overrides would sometimes not be reflected in the desktop app.
2026-01-28Control Plane121.78.0This release adds support for the Employee Number field in User settings.
2026-01-26Control Plane121.56.0This release addresses an auth loop issue experienced by Slack Enterprise customers where a single StrongDM user may have multiple Slack user IDs.
2026-01-23Control Plane121.43.0This release adds support for the employee_number field in the sdm admin users CLI tree.
2026-01-23CLI52.78.0This release adds support for the employee_number field in the sdm admin users CLI tree.
2026-01-21Control Plane121.25.0This release fixes an issue where secret logs were being prepended to the table even if it mismatched the active filter.
2026-01-20Desktop Application23.74.0We’ve modernized the desktop app to make it faster, more reliable, and easier to use. Resources are now shown in a single, streamlined list with filtering options for type and health status. Revisions to the Windows installer simplify setup and align MSI installs with the EXE installer. Behind the scenes, a major architectural upgrade improves stability, makes navigation smoother, and sets the stage for quicker, more seamless innovation in future releases.
2026-01-17Control Plane121.0.0This release changes the way access requests are loaded and significantly improves the performance of the Requests > All Requests page of the Admin UI.
2026-01-15Control Plane120.88.0This release fixes an issue introduced in server version 120.81.0 that caused some customers to lose access to the Access Workflows page of the Admin UI with a message that they were missing the required SKU.
2026-01-15Control Plane120.84.0This release updates the Group members table in the Admin UI so it no longer infinitely loads.
2026-01-15CLI52.65.0This release adds support for the "reason" field in access request approvals/denials. In addition, it ensures approver notifications are sent even if the requester lacks Slack integration or user configuration.
2026-01-15Control Plane120.77.0This release adds support for the "reason" field in access request approvals/denials. In addition, it ensures approver notifications are sent even if the requester lacks Slack integration or user configuration.
2026-01-14Control Plane120.72.0This release updates the Admin UI so that admins are no longer shown an "Assign members" button on managed groups when there are no current members.
2026-01-14Control Plane120.70.0This release updates the proxy cluster list and detail pages to display version information.
2026-01-14Control Plane120.64.0This release updates the Admin UI so that Auditors are no longer presented with a disconnect button on the connected services tab on the Integrations page.
2026-01-14CLI52.58.0This release fixes an issue where connecting to Oracle resources would fail when warning messages were returned by the Oracle server during authentication. This could happen, for example, when the password of the configured Oracle user was in an expiry grace period, among other reasons. Warning messages are now correctly decoded if present during the Oracle authentication handshake and passed through to the connecting client.
2026-01-12Control Plane120.43.0This release updates the Admin UI Groups table's "Managed By" filter to have more options in addition to SCIM provisioning.
2026-01-12Control Plane120.38.0This release fixes an issue that prevented Slack Enterprise Grid users who authorized in a different workspace from the bot's installation from being found during user lookups.
2026-01-12Control Plane120.35.0This release changes the entities that are logged in the query log as part of an authorization decision. These entities will now be limited to just those related to the principal, action, resource and context of the request.
2026-01-12CLI52.55.0This release updates the SDKs so that the managed secrets retrieve call does not require passing of a public key.
2026-01-12Java SDK15.45.0This release updates the SDKs so that the managed secrets retrieve call does not require passing of a public key.
2026-01-12Python SDK15.45.0This release updates the SDKs so that the managed secrets retrieve call does not require passing of a public key.
2026-01-12Ruby SDK15.45.0This release updates the SDKs so that the managed secrets retrieve call does not require passing of a public key.
2026-01-12Go SDK15.45.0This release updates the SDKs so that the managed secrets retrieve call does not require passing of a public key.
2026-01-09CLI52.53.0This release fixes a permissions issue when using API keys to audit access requests. If the token does not have the audit:users permission, the name will simply be blank.
2026-01-09Control Plane120.21.0This release allows ServiceNow request approvals to defer the start time to the time indicated by startFrom, formatted per RFC3339.
2026-01-08Control Plane120.19.0This release updates interactive exec sessions for SSH and K8s to now result in ssh logs or k8s for commands entered during those sessions.
2026-01-08Control Plane120.10.0This release fixes an issue that allowed temporary access to be granted to Microsoft Entra ID resources without including groups as privileges, or to groups that aren't valid.
2026-01-07CLI52.48.0This release improves doctor diagnostics collection under exceptional conditions where some diagnostics collectors could previously take longer than the default collection timeout and result in no diagnostics being collected. Long-running collectors are now interrupted if collection takes too long, so the overall collection still succeeds.
2025-12-24CLI52.39.0This release removes a limitation when connecting to RDP (Certificate Based) resources from clients that required smart card sharing/redirection to be explicitly disabled in the Windows Remote Desktop Connection and macOS Windows App RDP client connection settings in order to successfully log in to the RDP server. Connections to RDP resources now work regardless of whether the smart card sharing setting is enabled; any local smart cards present on the client are ignored and continue to be inaccessible on the remote RDP server.
2025-12-24CLI52.38.0This release improves error reporting when an RDP server rejects the initial protocol negotiation.
2025-12-23Ruby SDK15.43.0This release updates the Ruby SDK with several changes. Version 15.43.0 adds automatic encryption/decryption support for managed secret APIs. In addition, the ManagedSecret.value will be automatically encrypted using associated secret_engine key during create/update calls, and ManagedSecret.value will be automatically decrypted using automatically generated Private/Public key pair for Retrieve calls when the provided public_key is empty.
2025-12-23Python SDK15.43.0This release updates the Python SDK with several changes. When creating or updating ManagedSecret its value should be an unencrypted JSON value. It will be automatically encrypted using secret engine's Public Key. When retrieving a secret there is no longer a need to generate an RSA private/public key pair. If the passed public_key value is empty, a new key will be automatically generated and used. This key will be used for any further secret retrievals using the same Client. The returned value doesn't need further decryption. It's already decrypted.
2025-12-22CLI52.34.0This release updates the sdm status CLI command to output a warning to stderr when it cannot detect a running StrongDM listener service.
2025-12-22Control Plane119.66.0This release updates the Admin UI so that tokens can no longer be added to groups.
2025-12-22Control Plane119.65.0This release modifies the labels of the entitlements CSV download to be more verbose.
2025-12-20Control Plane119.59.0This release makes requestable entitlements generally available.
2025-12-20CLI52.31.0This release improves the health check errors for RDP password resources for Network Level Authentication (NLA)-related errors. More informative detailed Windows error messages are now shown where previously only the numeric error code was shown.
2025-12-20Control Plane119.58.0This release prevents API keys and admin tokens from being members of groups.
2025-12-19Desktop Application23.64.0This release updates the Windows CLI location, Windows installer logging, and README files, and adds automatic PATH maintenance and stability improvements. The sdm CLI is now named sdm.exe and is located in SDM\resources (previously sdm32.exe or sdm.amd64.exe). The resources directory is added directly to PATH, so symlinks are no longer needed for the sdm command to work. In addition, the NSIS installer now writes detailed logs to %TEMP%\sdm-install.log for easier troubleshooting. Distribution packages now include README files with installation and uninstallation instructions. On Windows, the desktop app ensures the sdm command PATH is correct on every startup. Lastly, users who install without admin privileges no longer see a crash screen when the VNM service isn't installed.
2025-12-19CLI52.29.0This release improves the health check error message for RDP resources when the configured user is not permitted to access the server via remote desktop. Previously this returned "bad credentials", when in fact this error indicates the credentials were correct but the user is denied access to remote desktop by policy and/or group membership. This now returns `User does not have permission to access the server'.
2025-12-19CLI52.26.0This release updates the Go SDK with the following changes. When creating or updating ManagedSecret its Value should be an unencrypted JSON value. It will be automatically encrypted using the secret engine's Public Key. When retrieving a secret there is no longer a need to generate an RSA private/public key pair. If the passed publicKey value is empty, a new key will be automatically generated and used. This key will be used for any further secret retrievals using the same Client. The returned value doesn't need further decryption, as it is already decrypted.
2025-12-19Go SDK15.43.0This release updates the Go SDK with the following changes. When creating or updating ManagedSecret its Value should be an unencrypted JSON value. It will be automatically encrypted using the secret engine's Public Key. When retrieving a secret there is no longer a need to generate an RSA private/public key pair. If the passed publicKey value is empty, a new key will be automatically generated and used. This key will be used for any further secret retrievals using the same Client. The returned value doesn't need further decryption, as it is already decrypted.
2025-12-18Control Plane119.40.0This release adds functionality to link/unlink existing managed resources to discovered resources.
2025-12-17Control Plane119.24.0This release fixes an issue on the Secrets page of the Admin UI, where the first created secret would not show up in the list.
2025-12-17CLI52.21.0This release allows enabling resource lock on SSH servers.
2025-12-17Control Plane119.20.0This release allows enabling resource lock on SSH servers.
2025-12-17Terraform Provider15.41.0This release allows enabling resource lock on SSH servers.
2025-12-17Java SDK15.41.0This release allows enabling resource lock on SSH servers.
2025-12-17Go SDK15.41.0This release allows enabling resource lock on SSH servers.
2025-12-17Python SDK15.41.0This release allows enabling resource lock on SSH servers.
2025-12-17Ruby SDK15.41.0This release allows enabling resource lock on SSH servers.
2025-12-13Control Plane119.0.0This release adds support for Discovery Connectors to the API.
2025-12-13CLI52.17.0This release adds support for Discovery Connectors to the API.
2025-12-12Go SDK15.40.0This release adds support for Discovery Connectors to the API.
2025-12-12Terraform Provider15.40.0This release adds support for Discovery Connectors to the API.
2025-12-12Ruby SDK15.40.0This release adds support for Discovery Connectors to the API.
2025-12-12Java SDK15.40.0This release adds support for Discovery Connectors to the API.
2025-12-12Python SDK15.40.0This release adds support for Discovery Connectors to the API.
2025-12-12Control Plane118.96.0This release updates the Download CSV dropdown menu items to say "Export all granted rows".
2025-12-12Terraform Provider15.39.0This release fixes an issue causing failures using groups via JSON.
2025-12-12CLI52.16.0This fixes an issue where the wrong certificate would be used when connecting to an RDP (Certificate Based) resource when using NLA with a third-party CA.
2025-12-12Control Plane118.92.0This release fixes an issue causing failures using groups via JSON.
2025-12-12Java SDK15.39.0This release fixes an issue causing failures using groups via JSON.
2025-12-12Python SDK15.39.0This release fixes an issue causing failures using groups via JSON.
2025-12-12Ruby SDK15.39.0This release fixes an issue causing failures using groups via JSON.
2025-12-12Go SDK15.39.0This release fixes an issue causing failures using groups via JSON.
2025-12-11Control Plane118.85.0This release fixes an issue with reports sorting.
2025-12-11CLI52.13.0Kubernetes driver fix for connections not closing when the API requests were done with "Connection: Close" header set.
2025-12-10Control Plane118.78.0This release fixes an issue where the delete role button under Role Settings would disappear.
2025-12-10Control Plane118.77.0This release fixes an issue when dragging a file over a drag and drop file input, such as the certificate fields in Cluster forms. The input now accepts the dropped file as input and outputs the contents of the file in the text area.
2025-12-09Control Plane118.64.0This release addresses an issue that may cause user authorization in the StrongDM App for Slack to be ineffectual for users in the primary workspace of a connected Slack Enterprise Grid account.
2025-12-05Control Plane118.47.0This release adds best-effort command parsing of SSH and Kubernetes exec sessions to Log Stream.
2025-12-04Control Plane118.35.0

Public notes appear on https://strongdm.com/docs. Leave blank if the change is not customer-facing, or if it is a feature that is not yet Generally Available. Do not write "None" or "N/A".

Examples: This release adds support for Neuralink. This release is incompatible with CLI versions below: vA.B.C This release patches the following third-party CVEs: CVE-1984-12345 -->

2025-12-02CLI51.90.0This release implements progressive scanning for discovery of GCP resources.
2025-12-01CLI51.89.0When multiple AD DCs are configured for RDP Certificate resources for LDAP-based user SID lookup of Identity Aliases, the LDAP connections are now randomly distributed across the DCs to improve load balancing. Additionally, the connection timeout for LDAP has been shortened to ensure failover in the presence of a failed/unavailable DC.
2025-11-27Control Plane118.6.0This release allows service accounts to request and manage access via the CLI and the sdm access command tree.
2025-11-27CLI51.86.0This release allows service accounts to request and manage access via the CLI and the sdm access command tree.
2025-11-26Control Plane118.5.0This release enables type:postgres type:mysql syntax to work like id:1 id:2, allowing (type1 or type2) and other_filters in a single clause. This release also changes Type string to Types []string following the existing ID field pattern.
2025-11-26Control Plane118.2.0This release fixes an issue where access request reasons made entirely of whitespace characters was counted as providing a reason.
2025-11-26Control Plane117.98.0This release updates the help text on the Secret Store field on resource forms for better clarity.
2025-11-26CLI51.85.0This release adds support for Network Level Authentication (NLA) for RDP (Certificate Based) resources. NLA may now be enabled for new and existing RDP (Certificate Based) resources by configuring a new optional Server FQDN field in the resource as well as the DC Hostnames. Configuring these fields will cause new connections to those resources to perform NLA using Kerberos. This is only supported in on-premises Active Directory environments; using Microsoft Entra ID still requires that target Windows servers be configured to not require NLA. In addition, this release fixes an issue where creating or updating MySQL and PostgreSQL mTLS resources would incorrectly report a failure to validate the client certificate and key when storing those credentials in a secret store.
2025-11-26Control Plane117.97.0This release adds support for Network Level Authentication (NLA) for RDP (Certificate Based) resources. NLA may now be enabled for new and existing RDP (Certificate Based) resources by configuring a new optional Server FQDN field in the resource as well as the DC Hostnames. Configuring these fields will cause new connections to those resources to perform NLA using Kerberos. This is only supported in on-premises Active Directory environments; using Microsoft Entra ID still requires that target Windows servers be configured to not require NLA. In addition, this release fixes an issue where creating or updating MySQL and PostgreSQL mTLS resources would incorrectly report a failure to validate the client certificate and key when storing those credentials in a secret store.
2025-11-26Terraform Provider15.35.0This release adds support for Network Level Authentication (NLA) for RDP (Certificate Based) resources. NLA may now be enabled for new and existing RDP (Certificate Based) resources by configuring a new optional Server FQDN field in the resource as well as the DC Hostnames. Configuring these fields will cause new connections to those resources to perform NLA using Kerberos. This is only supported in on-premises Active Directory environments; using Microsoft Entra ID still requires that target Windows servers be configured to not require NLA. In addition, this release fixes an issue where creating or updating MySQL and PostgreSQL mTLS resources would incorrectly report a failure to validate the client certificate and key when storing those credentials in a secret store.
2025-11-26Python SDK15.35.0This release adds support for Network Level Authentication (NLA) for RDP (Certificate Based) resources. NLA may now be enabled for new and existing RDP (Certificate Based) resources by configuring a new optional Server FQDN field in the resource as well as the DC Hostnames. Configuring these fields will cause new connections to those resources to perform NLA using Kerberos. This is only supported in on-premises Active Directory environments; using Microsoft Entra ID still requires that target Windows servers be configured to not require NLA. In addition, this release fixes an issue where creating or updating MySQL and PostgreSQL mTLS resources would incorrectly report a failure to validate the client certificate and key when storing those credentials in a secret store.
2025-11-26Java SDK15.35.0This release adds support for Network Level Authentication (NLA) for RDP (Certificate Based) resources. NLA may now be enabled for new and existing RDP (Certificate Based) resources by configuring a new optional Server FQDN field in the resource as well as the DC Hostnames. Configuring these fields will cause new connections to those resources to perform NLA using Kerberos. This is only supported in on-premises Active Directory environments; using Microsoft Entra ID still requires that target Windows servers be configured to not require NLA. In addition, this release fixes an issue where creating or updating MySQL and PostgreSQL mTLS resources would incorrectly report a failure to validate the client certificate and key when storing those credentials in a secret store.
2025-11-26Go SDK15.35.0This release adds support for Network Level Authentication (NLA) for RDP (Certificate Based) resources. NLA may now be enabled for new and existing RDP (Certificate Based) resources by configuring a new optional Server FQDN field in the resource as well as the DC Hostnames. Configuring these fields will cause new connections to those resources to perform NLA using Kerberos. This is only supported in on-premises Active Directory environments; using Microsoft Entra ID still requires that target Windows servers be configured to not require NLA. In addition, this release fixes an issue where creating or updating MySQL and PostgreSQL mTLS resources would incorrectly report a failure to validate the client certificate and key when storing those credentials in a secret store.
2025-11-26Ruby SDK15.35.0This release adds support for Network Level Authentication (NLA) for RDP (Certificate Based) resources. NLA may now be enabled for new and existing RDP (Certificate Based) resources by configuring a new optional Server FQDN field in the resource as well as the DC Hostnames. Configuring these fields will cause new connections to those resources to perform NLA using Kerberos. This is only supported in on-premises Active Directory environments; using Microsoft Entra ID still requires that target Windows servers be configured to not require NLA. In addition, this release fixes an issue where creating or updating MySQL and PostgreSQL mTLS resources would incorrectly report a failure to validate the client certificate and key when storing those credentials in a secret store.
2025-11-24Control Plane117.86.0This release adds support for managing EC2 instances, Azure VMs, and GCE instances on Windows platform as RDP resources in StrongDM.
2025-11-22Control Plane117.79.0This release adds an email address under the user account name in the Resource Entitlements tab of the Admin UI and updates the behavior of the "Search accounts..." functionality to include email addresses as well as user names.
2025-11-21Control Plane117.72.0This release sorts resource filters on their name instead of the database type alias.
2025-11-20CLI51.75.0This release corrects an issue with connecting to Oracle resources using server or client character sets other than AL32UTF8 (the default) from the SQLPlus client. Previously such connections would fail with authentication errors.
2025-11-19CLI51.74.0This release implements progressive scanning for discovery of AWS resources.
2025-11-19Control Plane117.50.0This release introduces a new enterprise secret store type called StrongDM Vault. Additionally this release adds secret engines for managing database credentials for Microsoft SQL Server, MySQL/MariaDB, and PostgreSQL. Admin UI changes include the following: the Strong Vault secret store field on resource settings was renamed to Stored in StrongDM; and the Strong Vault secret store was removed from the secret stores list.
2025-11-19CLI51.73.0This release introduces a new enterprise secret store type called StrongDM Vault. Additionally this release adds secret engines for managing database credentials for Microsoft SQL Server, MySQL/MariaDB, and PostgreSQL. Admin UI changes include the following: the Strong Vault secret store field on resource settings was renamed to Stored in StrongDM; and the Strong Vault secret store was removed from the secret stores list.
2025-11-19Java SDK15.33.0This release introduces a new enterprise secret store type called StrongDM Vault. Additionally this release adds secret engines for managing database credentials for Microsoft SQL Server, MySQL/MariaDB, and PostgreSQL. Admin UI changes include the following: the Strong Vault secret store field on resource settings was renamed to Stored in StrongDM; and the Strong Vault secret store was removed from the secret stores list.
2025-11-19Go SDK15.33.0This release introduces a new enterprise secret store type called StrongDM Vault. Additionally this release adds secret engines for managing database credentials for Microsoft SQL Server, MySQL/MariaDB, and PostgreSQL. Admin UI changes include the following: the Strong Vault secret store field on resource settings was renamed to Stored in StrongDM; and the Strong Vault secret store was removed from the secret stores list.
2025-11-19Terraform Provider15.33.0This release introduces a new enterprise secret store type called StrongDM Vault. Additionally this release adds secret engines for managing database credentials for Microsoft SQL Server, MySQL/MariaDB, and PostgreSQL. Admin UI changes include the following: the Strong Vault secret store field on resource settings was renamed to Stored in StrongDM; and the Strong Vault secret store was removed from the secret stores list.
2025-11-19Python SDK15.33.0This release introduces a new enterprise secret store type called StrongDM Vault. Additionally this release adds secret engines for managing database credentials for Microsoft SQL Server, MySQL/MariaDB, and PostgreSQL. Admin UI changes include the following: the Strong Vault secret store field on resource settings was renamed to Stored in StrongDM; and the Strong Vault secret store was removed from the secret stores list.
2025-11-19Ruby SDK15.33.0This release introduces a new enterprise secret store type called StrongDM Vault. Additionally this release adds secret engines for managing database credentials for Microsoft SQL Server, MySQL/MariaDB, and PostgreSQL. Admin UI changes include the following: the Strong Vault secret store field on resource settings was renamed to Stored in StrongDM; and the Strong Vault secret store was removed from the secret stores list.
2025-11-17Control Plane117.39.0This release updates the user access on the Catalog page for resources that have an account grant that starts in the future to have a status of "Granted by temporary access" rather than "Pending".
2025-11-14Control Plane117.32.0This release fixes an issue where device trust status for new authentications would be unknown for up to a minute.
2025-11-14CLI51.66.0This release adds the created at date for Users, Services, and Tokens to the CLI output, and exposes the data as read-only in the SDKs.
2025-11-14Control Plane117.29.0This release adds the created at date for Users, Services, and Tokens to the CLI output, and exposes the data as read-only in the SDKs.
2025-11-14Terraform Provider15.31.0This release adds the created at date for Users, Services, and Tokens to the CLI output, and exposes the data as read-only in the SDKs.
2025-11-14Ruby SDK15.31.0This release adds the created at date for Users, Services, and Tokens to the CLI output, and exposes the data as read-only in the SDKs.
2025-11-14Java SDK15.31.0This release adds the created at date for Users, Services, and Tokens to the CLI output, and exposes the data as read-only in the SDKs.
2025-11-14Python SDK15.31.0This release adds the created at date for Users, Services, and Tokens to the CLI output, and exposes the data as read-only in the SDKs.
2025-11-14Go SDK15.31.0This release adds the created at date for Users, Services, and Tokens to the CLI output, and exposes the data as read-only in the SDKs.
2025-11-13CLI51.65.0This release adds new VNM-related CLI commands: sdm system vnm install (to install the VNM service, sdm system vnm uninstall (to uninstall the VNM service), sdm system vnm status (to check VNM service status), sdm system vnm files (to extract the VNM files from CLI binary), and sdm system desktop uninstall (general desktop uninstall command.
2025-11-13Control Plane117.19.0This release updates device trust status for active sessions more quickly and reliably when settings related to device trust are changed.
2025-11-13Control Plane117.16.0This release retries Resource Discovery Scans that fail to dispatch 3 times before eventually erroring over approximately 40 minutes.
2025-11-12Control Plane117.8.0This release adds unstable MySQL secret engine support. MySQL secret engine is used to manage MySQL account credentials.
2025-11-12CLI51.63.0This release adds unstable MySQL secret engine support. MySQL secret engine is used to manage MySQL account credentials.
2025-11-12Control Plane117.4.0This release adds a support for EC2 and IAM authentication methods in HashiCorp Vault for RDP and SSH certificate authorities.
2025-11-12CLI51.62.0This release adds a support for EC2 and IAM authentication methods in HashiCorp Vault for RDP and SSH certificate authorities.
2025-11-12Terraform Provider15.28.0This release adds a support for EC2 and IAM authentication methods in HashiCorp Vault for RDP and SSH certificate authorities.
2025-11-12Java SDK15.29.0This release adds a support for EC2 and IAM authentication methods in HashiCorp Vault for RDP and SSH certificate authorities.
2025-11-12Ruby SDK15.29.0This release adds a support for EC2 and IAM authentication methods in HashiCorp Vault for RDP and SSH certificate authorities.
2025-11-12Python SDK15.29.0This release adds a support for EC2 and IAM authentication methods in HashiCorp Vault for RDP and SSH certificate authorities.
2025-11-12Go SDK15.29.0This release adds a support for EC2 and IAM authentication methods in HashiCorp Vault for RDP and SSH certificate authorities.
2025-11-07Desktop Application23.41.0This release updates the desktop app to show a notification when a resource connection fails.
2025-11-07CLI51.56.0This release updates the desktop app to show a notification when a resource connection fails.
2025-11-07Desktop Application23.40.0This release fixes a regression that broke admin installations for a target user using the --SDMUSER flag.
2025-11-07CLI51.55.0This release fixes a regression that broke admin installations for a target user using the --SDMUSER flag.
2025-11-07CLI51.54.0This release fixes an issue that caused certain log messages to be erroneously omitted from the diagnostics.
2025-11-07Control Plane116.91.0This release adds a support for user lookup for Okta MFA by ExternalID.
2025-11-06Control Plane116.88.0This release fixes a race condition where multiple concurrent SCIM requests that all introduce the same new Identity Set would result in multiple creation attempts for that set.
2025-11-05Control Plane116.80.0Fixed bug preventing users from setting a start date on access requests
2025-11-04Control Plane116.75.0This release updates the Admin UI's Lock Status column of lockable resources to show the full user's name.
2025-11-04Control Plane116.72.0This release fixes an issue where the link in the hover text on an account in the policy editor does not link to the correct page.
2025-11-04Control Plane116.71.0This release updates the SCIM provisioning details on the User Management Settings page to show"Token created" instead of "Created" for the label of the token's created date.
2025-11-03Control Plane116.65.0This release updates the token expiry column to have a tool tip with the exact time of the expiration.
2025-11-03Control Plane116.64.0This release fixes a validation bug where the last node associated with a connector could not be removed via the Admin UI. In addition, it updates some SCIM error messages to contain more useful information when modifying Identity Aliases.
2025-11-01CLI51.47.0This release updates discovery scanning in AWS, so it falls back to scanning only the current region if listing all regions fails.
2025-10-31Control Plane116.60.0This release updates access requests so that users can no longer request access to a resource with an empty reason.
2025-10-31Control Plane116.59.0This release fixes an issue where secret engine health checks were showing up for the wrong secret engine.
2025-10-31Control Plane116.57.0This release adds a resource type filter to the managed resources page of the Admin UI that groups the resource by the legacy category.
2025-10-30CLI51.46.0This release ensures that the desktop app version displays in sdm doctor.
2025-10-29CLI51.45.0This release updates the version of Go used to build the product to version 1.25.3. This version of Go fixes a regression in TLS certificate verification introduced in Go 1.25.2 that resulted in TLS certificates containing SAN extension DNS names with trailing periods to fail to parse. This could result in failures to connect to resources that presented server TLS certificates with such DNS names, such as those generated in some Kubernetes environments.
2025-10-29Control Plane116.55.0This release updates the version of Go used to build the product to version 1.25.3. This version of Go fixes a regression in TLS certificate verification introduced in Go 1.25.2 that resulted in TLS certificates containing SAN extension DNS names with trailing periods to fail to parse. This could result in failures to connect to resources that presented server TLS certificates with such DNS names, such as those generated in some Kubernetes environments.
2025-10-24Control Plane116.51.0This release adds activity type icons for connectors.
2025-10-24Control Plane116.49.0This release adds support for storage and retrieval of the username property in the Active Directory secret engine's secrets, and adds support for Identity Set identity mapping for password-based authentication in RDP servers. Identity Aliases should be a name of the secret storing the credentials for the given user and the $SDM_USERNAME variable should be used in the resource's username and password paths.
2025-10-24CLI51.42.0This release adds support for storage and retrieval of the username property in the Active Directory secret engine's secrets, and adds support for Identity Set identity mapping for password-based authentication in RDP servers. Identity Aliases should be a name of the secret storing the credentials for the given user and the $SDM_USERNAME variable should be used in the resource's username and password paths.
2025-10-23Control Plane116.48.0This release adds a small empty state component to porcelain. It uses the empty state component in the managed resources page and refactors the asset and connector table empty states to use this new component. Additionally the totalResourceCount query is moved a level higher so the new empty state can be rendered without any table components.
2025-10-23Control Plane116.46.0This release fixes a scenario where Slack can appear to hang when making a request that fails. Now an informative message will be displayed to the user.
2025-10-23Control Plane116.45.0This release updates activity log icons to have tooltips.
2025-10-23Control Plane116.44.0This release fixes the vertical alignment on the proxy clusters table for the diagnostics button.
2025-10-23CLI51.40.0This release adds ElastiCache IAM authentication.
2025-10-23Terraform Provider15.27.0This release adds ElastiCache IAM authentication.
2025-10-23Go SDK15.27.0This release adds ElastiCache IAM authentication.
2025-10-23Ruby SDK15.27.0This release adds ElastiCache IAM authentication.
2025-10-22Control Plane116.41.0This release updates the icon associated with health status to use checkbox and X icons.
2025-10-22Control Plane116.40.0This release fixes a rare scenario that would cause ServiceNow access request-related functionality to break, or for data to fall out of sync from StrongDM.
2025-10-22Control Plane116.36.0This release updates the sdm__connector_id tag on any nodes associated with Discovery Connectors to contain their respective connector IDs.
2025-10-21Control Plane116.31.0This release adds "No results found" to various comboboxes with static menus.
2025-10-21Control Plane116.27.0This release updates tables with no content to no longer have a dividing bar between the head and body of the table.
2025-10-20Control Plane116.21.0This release updates connectors, so that when modifying the Node IDs field of a discovery connector, the nodes you provide will now be tagged with the relevant sdm__connector_id tag. This tag is used by connectors to select nodes to run scans.
2025-10-20Control Plane116.14.0This release addresses an issue where the client session ID metadata associated with recent queries against resource types supporting this metadata (PostgreSQL, Oracle, SQL Server) was not displayed in the Logs > Queries page of the admin UI. This was caused by this metadata being omitted from a cache of new queries, and so was only displayed in the admin UI for older queries not served from that cache.
2025-10-20Control Plane116.12.0This release wraps credential controls in error boundary.
2025-10-20Control Plane116.10.0This release adds new optional fields (roleArn and roleExternalID) for the AWS Secrets Manager secret store, which enable a gateway to assume an IAM role when accessing AWS Secrets Manager.
2025-10-20Terraform Provider15.25.0This release adds new optional fields (roleArn and roleExternalID) for the AWS Secrets Manager secret store, which enable a gateway to assume an IAM role when accessing AWS Secrets Manager.
2025-10-20Java SDK15.25.0This release adds new optional fields (roleArn and roleExternalID) for the AWS Secrets Manager secret store, which enable a gateway to assume an IAM role when accessing AWS Secrets Manager.
2025-10-20Python SDK15.25.0This release adds new optional fields (roleArn and roleExternalID) for the AWS Secrets Manager secret store, which enable a gateway to assume an IAM role when accessing AWS Secrets Manager.
2025-10-20Go SDK15.25.0This release adds new optional fields (roleArn and roleExternalID) for the AWS Secrets Manager secret store, which enable a gateway to assume an IAM role when accessing AWS Secrets Manager.
2025-10-20Ruby SDK15.25.0This release adds new optional fields (roleArn and roleExternalID) for the AWS Secrets Manager secret store, which enable a gateway to assume an IAM role when accessing AWS Secrets Manager.
2025-10-17Control Plane116.9.0This release improves the performance of deleting resources and accounts that have many open sessions to resources. This situation can occur in particular when frequently using service accounts to access StrongDM resources in short-lived containers.
2025-10-17Control Plane116.6.0This release presents a new "no search results" message on secret engine and secret tabs.
2025-10-17Control Plane116.5.0This release adds the resource type (asset kind) selector to discovery connector forms for configuration. Additionally, it changes the name of Asset.family in GraphQL to Asset.kind to be consistent.
2025-10-16CLI51.34.0This release corrects an issue when using the SQLPlus Oracle Client where sending a username with a shorter length than the actual username on the server would cause error: ORA-03146: invalid buffer length for TTC field.
2025-10-16Control Plane115.97.0This release adds mapped identities (such as Kubernetes privileges) to the account, resource, and role entitlements CSV downloads. These identities are encoded as a comma-separated list with double quotes surrounding the elements if more than one mapped identity is included.
2025-10-15Control Plane115.92.0This release adjusts connector details page break points to accommodate a wider table.
2025-10-15Desktop Application23.24.0This release fixes an issue so that using both @logout and @notify policy annotations no longer cause the desktop app notification popup to hang for 10 seconds.
2025-10-15Control Plane115.88.0This release updates networking tables to use the new "no search results" messaging.
2025-10-14Desktop Application23.23.0This release updates the desktop app copyright.
2025-10-13Control Plane115.81.0This release updates tables in the Admin UI to show a new "no results" message when search results return nothing.
2025-10-13CLI51.26.0This release adds the MySQL (mTLS) resource type.
2025-10-13Terraform Provider15.22.0This release adds the MySQL (mTLS) resource type.
2025-10-13Python SDK15.22.0This release adds the MySQL (mTLS) resource type.
2025-10-13Java SDK15.22.0This release adds the MySQL (mTLS) resource type.
2025-10-13Go SDK15.22.0This release adds the MySQL (mTLS) resource type.
2025-10-13Ruby SDK15.22.0This release adds the MySQL (mTLS) resource type.
2025-10-10CLI51.25.0This release fixes a behavior in the Oracle driver where users would see two connection attempts (first one timing out) when initially using an Oracle resource. Connections to an oracle resource should now only yield one connection attempt (excluding redirects).
2025-10-10CLI51.23.0This release removes obsolete support for Oracle Database versions 8i and 11g (clients and servers) from Oracle resources, which have not been officially supported for several years.
2025-10-10Control Plane115.73.0This release updates Admin UI table loaders to be centered to distinguish them from normal rows.
2025-10-10Control Plane115.72.0This release rearranges tabs on the Admin UI Roles details page tabs to be ordered Access Rules, Entitlements, Groups, Members, Settings.
2025-10-10Control Plane115.71.0This release fixes an issue where API, admin, or SCIM tokens with permissions to update role names but not modify access rules failed to update role names due to a permissions error.
2025-10-09CLI51.20.0This release fixes an issue with Oracle resources where connections from JDBC-based Oracle clients (such as DBeaver and SQL Developer) could fail with a decoding error during authentication. This issue only occurred with certain non-default Oracle client and server configurations, such as having client query result caching enabled.
2025-10-09Control Plane115.69.0This release changes the state of scheduling scans when scans are scheduled using the scan requested field.
2025-10-09Control Plane115.68.0This release updates query logs to correctly show the client's sessionID instead of the internal sessionID.
2025-10-09Desktop Application22.59.15This release fixes an issue so that when the sdm network becomes degraded for short periods but recovers, the alert banner is not shown, but if the network becomes degraded for longer than 15 seconds, the banner is shown.
2025-10-08CLI51.17.0This release reverts changes to Oracle health checks in the StrongDM CLI to perform a full authentication and validation of the username and password as part of the health check. These changes introduced an issue causing health checks to fail in some Oracle environments, and so have been temporarily reverted to the original implementation, which only validated connectivity to the Oracle database server.
2025-10-08Control Plane115.59.0This release updates various comboboxes throughout the Admin UI to have menu items when there are no results found.
2025-10-08Control Plane115.58.0This release updates the Admin UI to display the groups information banner if the user is currently provisioned by roles, not groups, from the identity provider. If a user reaches out to StrongDM and switches provisioning from roles to groups, then the banner will no longer be displayed.
2025-10-07CLI51.15.0This release fixes an issue where both Azure Connectors and Entra ID resources were running the same scan. This release splits Azure Connector scans and Entra ID scans so they only scan relevant resources.
2025-10-07Control Plane115.56.0This release fixes an issue where both Azure Connectors and Entra ID resources were running the same scan. This release splits Azure Connector scans and Entra ID scans so they only scan relevant resources.
2025-10-07Control Plane115.55.0This release updates Admin UI search bars above tables to no longer have a button for triggering the search. The "x" icon for clearing the filters is only visible if there are custom filters active.
2025-10-07Control Plane115.54.0This release adds a copy connector tag button to the connector forms and the connector table. This tag is used by admins to dynamically attach nodes to a connector for discovery.
2025-10-06Desktop Application23.15.0This release adds support to the desktop app for HTTP proxies via the HTTP_PROXY and HTTPS_PROXY headers and excludes paths via NO_PROXY.
2025-10-03Control Plane115.44.0This release improves and adds to connector forms and settings.
2025-10-03Control Plane115.38.0This release fixes an issue where the header for the Admin UI Update Certificate Authority modal was appearing on the bottom instead of the top of the modal, and an issue where the radio panel for Certificate Authorities would not remain updated properly after confirming the switch to a new Certificate Authority.
2025-10-02CLI51.9.0This release exposes the groups subtree under sdm admin for the new Groups feature which is now generally available.
2025-10-02Control Plane115.33.0This release fixes an issue where the Admin UI Integrations page would shift at certain window sizes.
2025-10-02Control Plane115.29.0This release makes StrongDM user groups generally available. Groups in StrongDM provide a way to organize users and manage permissions at scale. Instead of assigning users to roles individually, you can create groups, assign users to those groups, and then assign roles to the entire group. This makes access management more efficient and easier to maintain.
2025-10-01Control Plane115.24.0This release updates query logs to contain session IDs on applicable resources.
2025-09-30CLI51.3.0This release adds more debug logs to Couchbase resources on nodes.
2025-09-28Control Plane114.99.0Scans that find no entities now get properly marked as completed.
2025-09-26CLI50.99.0This release improves the health check for Oracle resources by validating authentication and query execution complete successfully using the configured credentials. Previously, health checks for Oracle resources only performed a basic connectivity check and would not detect some misconfigurations such as an incorrect username or password.
2025-09-26CLI50.97.0This release adds support for connecting to Oracle databases on version 23ai from supported JDBC and SQL*Plus clients.
2025-09-25CLI50.92.0GCP discovery scans will now attempt to scan the current project-ID if the list of all projects can not be obtained (e.g. if permission is not available)
2025-09-25Control Plane114.80.0None
2025-09-25CLI50.90.0This release adds support for PLAIN mode of DSEAuthenticator in Cassandra (DSE).
2025-09-24Control Plane114.73.0This release resolves an issue where installations that use the MSI installer could not autoupdate
2025-09-24Desktop Application23.11.0This release updates the desktop app to no longer make ping calls to determine if the network is online
2025-09-24CLI50.86.0The sdm admin network vnm sub-commands now return more useful information when an error occurs.
2025-09-23CLI50.83.0This release improves detection and logging of authentication errors when connecting to Oracle resources, to assist in the diagnosis of resource configuration errors such as an incorrectly-configured username, password, or service name.
2025-09-23Desktop Application23.9.0This release updates the desktop app to show network offline view when the network is unreachable
2025-09-23Control Plane114.61.0This release fixes a bug where Roles would not sync to Okta as Groups
2025-09-23CLI50.81.0This release adds support for connecting to Oracle databases on version 23ai from the Toad client using its native driver.
2025-09-22Control Plane114.55.0This release exposes Group related permissions for use when creating an API Key or Admin Token
2025-09-22Java SDK15.16.0This release exposes Group related permissions for use when creating an API Key or Admin Token
2025-09-22Terraform Provider15.16.0This release exposes Group related permissions for use when creating an API Key or Admin Token
2025-09-22Go SDK15.16.0This release exposes Group related permissions for use when creating an API Key or Admin Token
2025-09-22Ruby SDK15.16.0This release exposes Group related permissions for use when creating an API Key or Admin Token
2025-09-22Python SDK15.16.0This release exposes Group related permissions for use when creating an API Key or Admin Token
2025-09-19Control Plane114.51.0
  • Proxy cluster health status is now available at a glance on the list page.
2025-09-19Control Plane114.49.0This release adds support for Groups to the SDKs and Terraform provider.
2025-09-19Java SDK15.15.0This release adds support for Groups to the SDKs and Terraform provider.
2025-09-19Terraform Provider15.15.0This release adds support for Groups to the SDKs and Terraform provider.
2025-09-19Python SDK15.15.0This release adds support for Groups to the SDKs and Terraform provider.
2025-09-19Go SDK15.15.0This release adds support for Groups to the SDKs and Terraform provider.
2025-09-19Ruby SDK15.15.0This release adds support for Groups to the SDKs and Terraform provider.
2025-09-19Desktop Application21.96.3This release fixes SSO logins for this version of desktop
2025-09-19CLI50.78.0This release resolves an issue in older desktop versions (21.96.2 and earlier) where authenticating with Azure SSO would fail
2025-09-19Control Plane114.46.0This release makes Google Cloud Storage and Azure Blob Storage available to all users eligible to configure as Log Stream destinations.
2025-09-18Desktop Application22.59.14This release resolves an issue where the desktop application fails to load when installing for everyone via the MSI installer.
2025-09-18Control Plane114.41.0This release adds the type column to the scans table and adds a drawer to provide additional context on click of a scan table row. For large screens the drawer opens from the right and on small screens, a vertical drawer.
2025-09-18Control Plane114.40.0This release adds a search bar to account details role tab for searching assigned roles.
2025-09-18Control Plane114.39.0This release fixes an issue with the Microsoft Teams integration where requesting access to a Microsoft Entra ID resource with privilege levels did not display the privileges input field. It also fixes an issue with the Jira integration where requesting access to a resource with privilege levels did not display the privileges input field.
2025-09-18Desktop Application23.7.0This release resolves an issue where the desktop application fails to load when installing for everyone via the MSI installer
2025-09-18Control Plane114.34.0This release fixes an issue with some discovered resources being unmanageable due to missing a public endpoint. When discovering a resource without a public endpoint we will now attempt to fall back to any configured private endpoints.
2025-09-18CLI50.75.0This release fixes an issue with some discovered resources being unmanageable due to missing a public endpoint. When discovering a resource without a public endpoint we will now attempt to fall back to any configured private endpoints.
2025-09-17Control Plane114.31.0This release fixes an issue that can cause a connector to become undiscoverable when multiple scans complete at the same time. If you are having this issue, creating a new connector with the same configuration will now allow scans to complete.
2025-09-17CLI50.73.0This release adds support for enabling TLS for Oracle NNE resources to allow connectivity to Oracle database servers that require both TLS and NNE.
2025-09-17Control Plane114.28.0This release adds support for enabling TLS for Oracle NNE resources to allow connectivity to Oracle database servers that require both TLS and NNE.
2025-09-17Java SDK15.14.0This release adds support for enabling TLS for Oracle NNE resources to allow connectivity to Oracle database servers that require both TLS and NNE.
2025-09-17Terraform Provider15.14.0This release adds support for enabling TLS for Oracle NNE resources to allow connectivity to Oracle database servers that require both TLS and NNE.
2025-09-17Python SDK15.14.0This release adds support for enabling TLS for Oracle NNE resources to allow connectivity to Oracle database servers that require both TLS and NNE.
2025-09-17Ruby SDK15.14.0This release adds support for enabling TLS for Oracle NNE resources to allow connectivity to Oracle database servers that require both TLS and NNE.
2025-09-17Go SDK15.14.0This release adds support for enabling TLS for Oracle NNE resources to allow connectivity to Oracle database servers that require both TLS and NNE.
2025-09-17Control Plane114.23.0You are now able to assign multiple roles to an account on the account details role tab.
2025-09-16CLI50.71.0Fixes an issue with TLS support in Oracle resources. Previously, configuring an Oracle resource to require TLS would result in a failure to connect to the resource due to an error in handling the Oracle TLS negotiation.
2025-09-16CLI50.70.0Connections to proxy clusters now respect the HTTP_PROXY and HTTPS_PROXY environment variables.
2025-09-16Control Plane114.20.0Fixes a bug where Microsoft Entra ID resources were being selected for discovery by the Kubernetes discovery system.
2025-09-15CLI50.67.0Fixed a bug in the resource discovery scanner for GCP that could cause discovered resources to not get reported if one or more scans for other GCP resource-types fail.
2025-09-15Desktop Application22.59.12Resolves issue where application would get stuck in a degraded state where a network connection error banner would be displayed and the resources appeared to be disabled and erroneous even though the service was online and working.
2025-09-15CLI50.66.0RDP Certificate resources using the Keyfactor CA now support resolving the SID associated with identity aliases for full enforcement mode through LDAP, if configured in the resource.
2025-09-12CLI50.62.0RDP Certificate resources using the AWS Private CA now support resolving the SID associated with identity aliases for full enforcement mode through LDAP, if configured in the resource.
2025-09-12Desktop Application23.4.0Resolves issue where the application could get stuck in a degraded state where a network connection error banner would be displayed and the resources appeared to be disabled and erroneous even though the service was online and working.
2025-09-12Control Plane114.12.0Improved account details role tab searching to match other tables
2025-09-12Control Plane114.9.0Creating identity sets now honors the corresponding limits and can be adjusted by contacting support
2025-09-11Desktop Application22.59.11This release packages the desktop app with version 50.15.0 of the CLI for cases where CLI upgrades are not working
2025-09-10Desktop Application22.59.10This release updates the desktop app to always display common actions in desktop menu and improves auth state flow in situations such as when the network is unavailable or system goes to sleep
2025-09-10CLI50.58.0Vault CA integrations now support just-in-time look up of user SIDs for certificate-based RDP resources. These resources can be configured to use an AD service account to query AD for the specified end user when operating in an AD environment that has full enforcement mode enabled (the default post Sept 2025).
2025-09-09Control Plane113.75.0Fixes an error sometimes encountered when integrating with a small subset of OIDC providers such as SlashID where authorization could fail due to an issue in parsing the upstream OIDC configuration.
2025-09-08CLI50.53.0When using an RDP (Certificate Auth) resource in an on-premises Active Directory environment with identity aliases, the SIDs required for certificate authentication with full enforcement enabled on the AD domain controllers can now be resolved by querying the DCs directly via LDAP. In this optional configuration, which requires an AD service account, its SID, and a list of domain controller addresses to be configured in the resource, SIDs do not need to be explicitly configured in the associated identity aliases. This configuration is currently only supported when using the Active Directory Certificate Services (ADCS) Certificate Authority with RDP resources. Refer to the RDP (Certificate Auth) documentation for additional information on this configuration.
2025-09-08CLI50.52.0Added optional field to RDP certificate-based resources to specify a list of Domain controllers hostnames to allow for just-in-time SID look up for user when generating certificates.
2025-09-08Terraform Provider15.12.0Added optional field to RDP certificate-based resources to specify a list of Domain controllers hostnames to allow for just-in-time SID look up for user when generating certificates.
2025-09-08Control Plane113.66.0When using an RDP (Certificate Auth) resource in an on-premises Active Directory environment with identity aliases, the SIDs required for certificate authentication with full enforcement enabled on the AD domain controllers can now be resolved by querying the DCs directly via LDAP. In this optional configuration, which requires an AD service account, its SID, and a list of domain controller addresses to be configured in the resource, SIDs do not need to be explicitly configured in the associated identity aliases. This configuration is currently only supported when using the Active Directory Certificate Services (ADCS) Certificate Authority with RDP resources. Refer to the RDP (Certificate Auth) documentation for additional information on this configuration.
2025-09-08Control Plane113.63.0Added optional field to RDP certificate-based resources to specify a list of Domain controllers hostnames to allow for just-in-time SID look up for user when generating certificates.
2025-09-08Java SDK15.12.0Added optional field to RDP certificate-based resources to specify a list of Domain controllers hostnames to allow for just-in-time SID look up for user when generating certificates.
2025-09-08Python SDK15.12.0Added optional field to RDP certificate-based resources to specify a list of Domain controllers hostnames to allow for just-in-time SID look up for user when generating certificates.
2025-09-08Go SDK15.12.0Added optional field to RDP certificate-based resources to specify a list of Domain controllers hostnames to allow for just-in-time SID look up for user when generating certificates.
2025-09-08Control Plane113.61.0Key value secrets now have a table view to copy just the value of key value pairs
2025-09-05Control Plane113.56.0Bridged proxy clusters now report more complete health status, including connection status between bridge workers and proxy workers, and the sdm install command now checks for invalid combinations of flags and reports a helpful error message.
2025-09-05CLI50.51.0Bridged proxy clusters now report more complete health status, including connection status between bridge workers and proxy workers, and the sdm install command now checks for invalid combinations of flags and reports a helpful error message.
2025-09-05Control Plane113.55.0Diagnostic zip files now include more useful information in the filename.
2025-09-05Desktop Application23.0.0This release resolves an issue where users were logged out after long periods of unattended use, as well as an issue for 64-bit Windows where the listener was not launching due to a missing binary.
2025-09-05CLI50.50.0Adds support to the Oracle and Oracle (NNE) drivers for connecting to Oracle Real Application Clusters (RAC) through the cluster's Single Client Access Name (SCAN) DNS hostname.
2025-09-05CLI50.49.0HashiCorp Vault is now a supported RDP Certificate-Based Authentication Provider when using RDP Full Enforcement Mode
2025-09-05Control Plane113.50.0Prevent auditors from being able to attempt to change managers of users
2025-09-05CLI50.48.0This release adds an option to choose whether to use the first ACS or the default ACS when connecting to Snowsight
2025-09-05Control Plane113.48.0This release adds an option to choose whether to use the first ACS or the default ACS when connecting to Snowsight
2025-09-05Terraform Provider15.11.0This release adds an option to choose whether to use the first ACS or the default ACS when connecting to Snowsight
2025-09-05Java SDK15.11.0This release adds an option to choose whether to use the first ACS or the default ACS when connecting to Snowsight
2025-09-05Python SDK15.11.0This release adds an option to choose whether to use the first ACS or the default ACS when connecting to Snowsight
2025-09-05Ruby SDK15.11.0This release adds an option to choose whether to use the first ACS or the default ACS when connecting to Snowsight
2025-09-05Go SDK15.11.0This release adds an option to choose whether to use the first ACS or the default ACS when connecting to Snowsight
2025-09-04Control Plane113.43.0This release enables resource discovery in cloud providers for enterprise-tier customers.
2025-09-04CLI50.46.0This release makes the Microsoft Entra ID resource type available to Enterprise customers.
2025-09-04Control Plane113.41.0This release makes the Microsoft Entra ID resource type available to Enterprise customers.
2025-09-04Terraform Provider15.10.0This release makes the Microsoft Entra ID resource type available to Enterprise customers.
2025-09-04Java SDK15.10.0This release makes the Microsoft Entra ID resource type available to Enterprise customers.
2025-09-04Python SDK15.10.0This release makes the Microsoft Entra ID resource type available to Enterprise customers.
2025-09-04Ruby SDK15.10.0This release makes the Microsoft Entra ID resource type available to Enterprise customers.
2025-09-04Go SDK15.10.0This release makes the Microsoft Entra ID resource type available to Enterprise customers.
2025-09-03Control Plane113.35.0Ampersands (&) no longer appear as their unicode form (\u0026) when retrieving managed secrets
2025-09-03Control Plane113.34.0Access request denials that come from the StrongDM system no longer displays as "a-0000000000000000"
2025-09-02CLI50.41.0This release fixes a bug where setting users external id via the SDKs would be ignored. Filtering users by external id has been added.
2025-09-02Control Plane113.21.0This release fixes a bug where setting a user's external id via the SDKs would be ignored. Filtering users by external id has been added.
2025-08-29CLI50.38.0When creating, cloning, or updating resources via the CLI, you can now use --bind-subdomain as an alias for subdomain to specify a local DNS address.
2025-08-29CLI50.35.0This release includes more debug information about Kubernetes healthcheck failures to the console.
2025-08-28Control Plane113.4.0This release causes access rules with Kubernetes groups whose names are not valid Kubernetes group names to be rejected. This applies to access rules for access workflows, roles, and account grants.
2025-08-28CLI50.32.0Disables a workaround in the StrongDM RDP driver for a Windows 11 24H2 RDP client bug causing rendering issues with RDP sessions through StrongDM. Microsoft released a fix for this issue in the Windows 11 24H2 build version 26100.3323 update on February 25, 2025, making the workaround obsolete. Disabling this unnecessary workaround improves RDP performance through StrongDM, particularly in high latency/low bandwidth client environments.
2025-08-28Control Plane112.96.0This release disables a workaround in the StrongDM RDP driver for a Windows 11 24H2 RDP client bug causing rendering issues with RDP sessions through StrongDM. Microsoft released a fix for this issue in the Windows 11 24H2 build version 26100.3323 update on February 25, 2025, making the workaround obsolete. Disabling this unnecessary workaround improves RDP performance through StrongDM, particularly in high latency/low bandwidth client environments.
2025-08-28CLI50.31.0This release fixes an issue in the Oracle (NNE) driver where the driver would panic and disconnect when connecting to an Oracle server with only one of encryption or data integrity (checksums) enabled in the Oracle server configuration, but not both. The driver now correctly handles all permutations of the encryption and data integrity server settings (both enabled, both disabled, or only one enabled).
2025-08-27CLI50.29.0Enterprise customers will now be able to update their Virtual Network Mode setting via the CLI using the sdm admin network vnm command. The sdm admin ports subnet command has been removed.
2025-08-25CLI50.21.0When using Virtual Networking Mode or IP Loopback ranges on macOS, the StrongDM System Service now logs information and errors in the running of the service to /var/log/sdm.log to assist in troubleshooting issues with this service.
2025-08-25Control Plane112.52.0This release fixes an issue for customers participating in the Microsoft Entra ID resource beta, where Microsoft Entra ID resources could not be updated through the Admin UI.
2025-08-25Desktop Application22.59.9Fixes an issue where locking using the CLI and starting the Desktop application would not show the expected unlock screen.
2025-08-22Desktop Application22.59.8This release fixes an issue that caused occasional desktop app crashes. It also fixes auth verification to allow for slower network adapters to come online
2025-08-22Desktop Application22.94.0Desktop will now retry validating credentials when the network is not available.
2025-08-22Control Plane112.31.0This release improves the discovery experience, adding the ability to dispatch manual scans from connector details, adding the scan status column to scan table, and fixing a small bug in the connector update form.
2025-08-21Desktop Application22.59.7This release fixes an issue where occasionally the desktop app got stuck loading when logging in via SSO.
2025-08-20CLI50.14.0This release adds missing proxyClusterId and secretStoreId fields to the example resource JSON templates generated by the CLI.
2025-08-20Control Plane112.10.0Tooltip on the setting for allowing non-sso users no longer includes inaccurate reference to user roles.
2025-08-20CLI50.12.0This release adds support for Managed Identity authentication for MySQL.
2025-08-20Control Plane112.5.0This release adds support for Managed Identity authentication for MySQL.
2025-08-20Terraform Provider15.8.0This release adds support for Managed Identity authentication for MySQL.
2025-08-20Java SDK15.8.0This release adds support for Managed Identity authentication for MySQL.
2025-08-20Python SDK15.8.0This release adds support for Managed Identity authentication for MySQL.
2025-08-20Go SDK15.8.0This release adds support for Managed Identity authentication for MySQL.
2025-08-20Ruby SDK15.8.0This release adds support for Managed Identity authentication for MySQL.
2025-08-19Control Plane111.92.0Principal option in the policy editor no longer prefills the search bar with a selection option
2025-08-18Control Plane111.85.0Selection is cleared after bulk deleting approval workflows.
2025-08-18CLI50.10.0The CLI command sdm config now displays the non-sensitive portion of the currently logged-in API access key for troubleshooting purposes.
2025-08-15CLI50.8.0When Virtual Networking Mode is enabled, the resource creation form in the Admin UI now defaults the Connectivity Mode to VNM or Loopback based on the configured organization setting to use VNM for resource IP address allocation by default. Previously Loopback was always the default when creating new resources. When Virtual Networking Mode and/or Loopback IP Ranges are configured, the resource create and update forms both allow an IP address to be automatically assigned from the range configured for the selected connectivity mode by leaving the IP address field blank. Previously, this auto-allocation of an available IP address was supported when creating a resource with VNM but not when updating a resource from loopback to VNM. When updating a resource, the Port Overrides field may also be left blank (or set to -1 in the CLI) to automatically allocate a new available port override for the resource.
2025-08-15Terraform Provider15.7.0When Virtual Networking Mode is enabled, the resource creation form in the Admin UI now defaults the Connectivity Mode to VNM or Loopback based on the configured organization setting to use VNM for resource IP address allocation by default. Previously Loopback was always the default when creating new resources. When Virtual Networking Mode and/or Loopback IP Ranges are configured, the resource create and update forms both allow an IP address to be automatically assigned from the range configured for the selected connectivity mode by leaving the IP address field blank. Previously, this auto-allocation of an available IP address was supported when creating a resource with VNM but not when updating a resource from loopback to VNM. When updating a resource, the Port Overrides field may also be left blank (or set to -1 in the CLI) to automatically allocate a new available port override for the resource.
2025-08-15Control Plane111.75.0When Virtual Networking Mode is enabled, the resource creation form in the Admin UI now defaults the Connectivity Mode to VNM or Loopback based on the configured organization setting to use VNM for resource IP address allocation by default. Previously Loopback was always the default when creating new resources. When Virtual Networking Mode and/or Loopback IP Ranges are configured, the resource create and update forms both allow an IP address to be automatically assigned from the range configured for the selected connectivity mode by leaving the IP address field blank. Previously, this auto-allocation of an available IP address was supported when creating a resource with VNM but not when updating a resource from loopback to VNM. When updating a resource, the Port Overrides field may also be left blank (or set to -1 in the CLI) to automatically allocate a new available port override for the resource.
2025-08-15Java SDK15.7.0When Virtual Networking Mode is enabled, the resource creation form in the Admin UI now defaults the Connectivity Mode to VNM or Loopback based on the configured organization setting to use VNM for resource IP address allocation by default. Previously Loopback was always the default when creating new resources. When Virtual Networking Mode and/or Loopback IP Ranges are configured, the resource create and update forms both allow an IP address to be automatically assigned from the range configured for the selected connectivity mode by leaving the IP address field blank. Previously, this auto-allocation of an available IP address was supported when creating a resource with VNM but not when updating a resource from loopback to VNM. When updating a resource, the Port Overrides field may also be left blank (or set to -1 in the CLI) to automatically allocate a new available port override for the resource.
2025-08-15Python SDK15.7.0When Virtual Networking Mode is enabled, the resource creation form in the Admin UI now defaults the Connectivity Mode to VNM or Loopback based on the configured organization setting to use VNM for resource IP address allocation by default. Previously Loopback was always the default when creating new resources. When Virtual Networking Mode and/or Loopback IP Ranges are configured, the resource create and update forms both allow an IP address to be automatically assigned from the range configured for the selected connectivity mode by leaving the IP address field blank. Previously, this auto-allocation of an available IP address was supported when creating a resource with VNM but not when updating a resource from loopback to VNM. When updating a resource, the Port Overrides field may also be left blank (or set to -1 in the CLI) to automatically allocate a new available port override for the resource.
2025-08-15Go SDK15.7.0When Virtual Networking Mode is enabled, the resource creation form in the Admin UI now defaults the Connectivity Mode to VNM or Loopback based on the configured organization setting to use VNM for resource IP address allocation by default. Previously Loopback was always the default when creating new resources. When Virtual Networking Mode and/or Loopback IP Ranges are configured, the resource create and update forms both allow an IP address to be automatically assigned from the range configured for the selected connectivity mode by leaving the IP address field blank. Previously, this auto-allocation of an available IP address was supported when creating a resource with VNM but not when updating a resource from loopback to VNM. When updating a resource, the Port Overrides field may also be left blank (or set to -1 in the CLI) to automatically allocate a new available port override for the resource.
2025-08-15Ruby SDK15.7.0When Virtual Networking Mode is enabled, the resource creation form in the Admin UI now defaults the Connectivity Mode to VNM or Loopback based on the configured organization setting to use VNM for resource IP address allocation by default. Previously Loopback was always the default when creating new resources. When Virtual Networking Mode and/or Loopback IP Ranges are configured, the resource create and update forms both allow an IP address to be automatically assigned from the range configured for the selected connectivity mode by leaving the IP address field blank. Previously, this auto-allocation of an available IP address was supported when creating a resource with VNM but not when updating a resource from loopback to VNM. When updating a resource, the Port Overrides field may also be left blank (or set to -1 in the CLI) to automatically allocate a new available port override for the resource.
2025-08-14Control Plane111.64.0This release adds a new --default-to-vnm parameter to the sdm admin ports subnet CLI used to configure Virtual Networking Mode (VNM) settings from the CLI. When VNM is enabled, this parameter allows a choice of whether new resources should default to being created with an available IP address in the VNM subnet or in the loopback subnet, when an explicit IP address is not specified. These settings are also exposed through the Network Settings in the Admin UI.
2025-08-14CLI50.6.0This release adds a new --default-to-vnm parameter to the sdm admin ports subnet CLI used to configure Virtual Networking Mode (VNM) settings from the CLI. When VNM is enabled, this parameter allows a choice of whether new resources should default to being created with an available IP address in the VNM subnet or in the loopback subnet, when an explicit IP address is not specified. These settings are also exposed through the Network Settings in the Admin UI.
2025-08-14Desktop Application22.90.0
  • [Fix] Prevents the desktop app from getting into a stuck loading state when authenticating with SSO
2025-08-13Control Plane111.53.0When adding secrets in the Admin UI the unique name validation now only checks uniqueness within the secret engine the secret is being added to.
2025-08-13Control Plane111.52.0This release adds support to RDP (Certificate Based) resources for Identity Aliases containing Active Directory user SIDs for authenticating to RDP servers with Full Enforcement mode enabled (see the Microsoft Support Post. Previously, Full Enforcement mode was required to be disabled on the domain controllers via the StrongCertificateBindingEnforcement registry setting, because StrongDM issued certificates did not contain the user SID required by this mode. Now, user SIDs may be explicitly specified in Identity Aliases by optionally including the SID in the alias, in either the format USER@DOMAIN:SID, DOMAIN\USER:SID, or USER:SID. This is currently only supported for the StrongDM RDP and ADCS certificate authorities.
2025-08-13CLI50.3.0This release adds support to RDP (Certificate Based) resources for Identity Aliases containing Active Directory user SIDs for authenticating to RDP servers with Full Enforcement mode enabled (see the Microsoft Support Post. Previously, Full Enforcement mode was required to be disabled on the domain controllers via the StrongCertificateBindingEnforcement registry setting, because StrongDM issued certificates did not contain the user SID required by this mode. Now, user SIDs may be explicitly specified in Identity Aliases by optionally including the SID in the alias, in either the format USER@DOMAIN:SID, DOMAIN\USER:SID, or USER:SID. This is currently only supported for the StrongDM RDP and ADCS certificate authorities.
2025-08-13CLI50.2.0RDP resources using certificate authentication with leased credentials now support an optional SID (Security Identifier) field. This allows administrators to explicitly specify the Windows SID for user authentication, providing more precise control over RDP certificate-based access. The SID field is available in the Admin UI, CLI, and all SDKs when configuring RDP certificate resources with leased credentials. Specifying an SID is required to authenticate with an RDP server with Full Enforcement mode enabled (see the Microsoft Support Post
2025-08-13Control Plane111.47.0RDP resources using certificate authentication with leased credentials now support an optional SID (Security Identifier) field. This allows administrators to explicitly specify the Windows SID for user authentication, providing more precise control over RDP certificate-based access. The SID field is available in the Admin UI, CLI, and all SDKs when configuring RDP certificate resources with leased credentials. Specifying an SID is required to authenticate with an RDP server with Full Enforcement mode enabled (see the Microsoft Support Post
2025-08-13Terraform Provider15.6.0RDP resources using certificate authentication with leased credentials now support an optional SID (Security Identifier) field. This allows administrators to explicitly specify the Windows SID for user authentication, providing more precise control over RDP certificate-based access. The SID field is available in the Admin UI, CLI, and all SDKs when configuring RDP certificate resources with leased credentials. Specifying an SID is required to authenticate with an RDP server with Full Enforcement mode enabled (see the Microsoft Support Post
2025-08-13Java SDK15.6.0RDP resources using certificate authentication with leased credentials now support an optional SID (Security Identifier) field. This allows administrators to explicitly specify the Windows SID for user authentication, providing more precise control over RDP certificate-based access. The SID field is available in the Admin UI, CLI, and all SDKs when configuring RDP certificate resources with leased credentials. Specifying an SID is required to authenticate with an RDP server with Full Enforcement mode enabled (see the Microsoft Support Post
2025-08-13Go SDK15.6.0RDP resources using certificate authentication with leased credentials now support an optional SID (Security Identifier) field. This allows administrators to explicitly specify the Windows SID for user authentication, providing more precise control over RDP certificate-based access. The SID field is available in the Admin UI, CLI, and all SDKs when configuring RDP certificate resources with leased credentials. Specifying an SID is required to authenticate with an RDP server with Full Enforcement mode enabled (see the Microsoft Support Post
2025-08-13Python SDK15.6.0RDP resources using certificate authentication with leased credentials now support an optional SID (Security Identifier) field. This allows administrators to explicitly specify the Windows SID for user authentication, providing more precise control over RDP certificate-based access. The SID field is available in the Admin UI, CLI, and all SDKs when configuring RDP certificate resources with leased credentials. Specifying an SID is required to authenticate with an RDP server with Full Enforcement mode enabled (see the Microsoft Support Post
2025-08-13Ruby SDK15.6.0RDP resources using certificate authentication with leased credentials now support an optional SID (Security Identifier) field. This allows administrators to explicitly specify the Windows SID for user authentication, providing more precise control over RDP certificate-based access. The SID field is available in the Admin UI, CLI, and all SDKs when configuring RDP certificate resources with leased credentials. Specifying an SID is required to authenticate with an RDP server with Full Enforcement mode enabled (see the Microsoft Support Post
2025-08-12Control Plane111.40.0Messages to approvers on our Slack integration now automatically update with the latest status when an access request is cancelled by the requester or times out.
2025-08-12Control Plane111.36.0Users will now land on the catalog page after logging in if their org has workflows enabled
2025-08-12Control Plane111.33.0This release addresses a bug that was sometimes causing an infinite loop of paginating on the discovered resources table.
2025-08-11Control Plane111.28.0Improves the subdomain validation in the StrongDM Admin UI when creating resources with an HTTP or DNS subdomain. Previously, subdomains exceeding the maximum permitted length (63 characters) were incorrectly permitted, resulting in subdomains that were not resolvable on client systems.
2025-08-11Control Plane111.27.0Improves the subdomain validation in the StrongDM Admin UI when creating resources with an HTTP or DNS subdomain. Previously, subdomains exceeding the maximum permitted length (63 characters) were incorrectly permitted, resulting in subdomains that were not resolvable on client systems. Existing resources that may have been created with a too-long name can continue to be updated, but new subdomains specified when creating or updating a resource are now validated and invalid subdomains will be rejected. Resource clones will now attempt to set the HTTP/DNS subdomain of a new resource to the original subdomain plus the suffix -copy, on a best effort, if a new subdomain for the cloned resource is not explicitly specified. If appending -copy would produce an invalid (too long) subdomain, clone now defaults to generating a random subdomain which may be changed after the cloned resource is created.
2025-08-11Desktop Application22.59.6
  • [Fix] When a user denies an MFA request on unlock an error now is displayed in the desktop app
2025-08-11Desktop Application22.88.0This release addresses a bug where when denying an MFA request on unlock, the app would not show an alert, informing the user of the denial.
2025-08-11Desktop Application22.59.5Polls to keep the authentication session alive while the desktop application is running
2025-08-11Control Plane111.22.0This release updates privilege levels to be able to be applied to Kubernetes pod identities on dynamic access rules.
2025-08-08Control Plane111.15.0This release improves the Slack app experience. Approve/Deny buttons no longer appear when the user is an approver and is unable to supply a decision for an approval step or has already submitted a decision.
2025-08-08Control Plane111.12.0This release adds the update connector form to the Settings tab of connector details pages in the Admin UI and includes a small change to the connector forms.
2025-08-07CLI49.92.0This release fixes an issue with RDP (Certificate Based) resources where in some Windows environments, the invocation of unimplemented SmartCard operations would cause an unexpected disconnection from the RDP server.
2025-08-07Control Plane111.3.0This release adds an additional column to the scans table on connector details pages in the Admin UI.
2025-08-06CLI49.86.0This release fixes an issue with RDP certificate based resources when invoking some ASCII-based smart card operations. In some Windows environments, the invocation of these previously unimplemented operations would cause an unexpected disconnection from the RDP server.
2025-08-06Control Plane110.95.0This release fixes an issue involving updating a secret engine back to a previous value.
2025-08-05CLI49.85.0This release fixes an issue with the Aerospike resource type where the show sets command would fail and close the connection against Aerospike versions 6.x and earlier.
2025-08-05CLI49.84.0This release fixes an issue when using Virtual Networking Mode on macOS where the VNM DNS suffix (".sdm.network" in the StrongDM US control plane) was incorrectly added to the client DNS resolver's search domains.
2025-08-05Control Plane110.76.0This release improves the readability of secret engine diagnostics.
2025-08-01Control Plane110.67.0This release fixes an issue where attempting to connect to a resource that is not healthy would incorrectly mark that resource as healthy, until the next periodic background or forced healthcheck ran.
2025-08-01Control Plane110.55.0This release adds a connectors detail page with a paginated scans table showing scan history.
2025-07-31Control Plane110.51.0This release enables access request messages to our Slack integration to now automatically refresh when updates to access request status are made, instead of having to manually click "refresh" to receive updates.
2025-07-31Control Plane110.49.0This release fixes an issue where request listing would fail in Microsoft Teams for access requests for deleted resources.
2025-07-31Control Plane110.48.0This release updates bouncing email notifications to include a link to the StrongDM Help Center (https://help.strongdm.com/hc/en-us).
2025-07-31Control Plane110.47.0This release makes Virtual Networking Mode (VNM) generally available to all organizations on the Enterprise plan. This feature allows clients to optionally connect to StrongDM resources through a virtual software-defined network instead of via loopback addresses.
2025-07-31Desktop Application22.59.4This release allows for the installation of a symlink to the CLI when the VNM adapter is also installed.
2025-07-30Desktop Application22.84.0This release modifies the Windows installer so that, when run by an Administrator, it installs a sdm.exe symlink in the target user's PATH.
2025-07-30CLI49.75.0This release modifies the Windows installer so that, when run by an Administrator, it installs a sdm.exe symlink in the target user's PATH.
2025-07-30Desktop Application22.83.0This release fixes an issue where the desktop app fails to start the listener due to a failure when loading stored credentials.
2025-07-30Desktop Application22.59.3This release fixes an issue where the listener process attempts to spawn repeatedly if credentials fail to be verified due to network issues. Each launch of the listener kills the previous process causing unpredictable behavior.
2025-07-28Control Plane110.14.0This release renames "Assets" to "Discovered Resources" across the Admin UI and moves the assets navigation.
2025-07-28Control Plane110.8.0This release fixes an issue in the newly added email bounce limiters that would flag emails that had an automatic response set up (for example, out of office notifications) as bouncing.
2025-07-28Control Plane110.3.0This release cleans up the Admin UI for filtering entitlements by removing the unused Policy reason.
2025-07-26CLI49.58.0This update adds an approver reference to the sdm audit output for approval workflows.
2025-07-26Control Plane109.99.0This update adds an approver reference to the sdm audit output for approval workflows.
2025-07-25Control Plane109.95.0This release fixes an issue that caused resources not to be accessible on clients when MFA unlocked the client from the CLI.
2025-07-23Control Plane109.73.0This release addresses an issue where ServiceNow resources were being marked inactive incorrectly in the ServiceNow table.
2025-07-23Control Plane109.69.0This release updates Entitlements to request needed conditionally rendered data in a modal.
2025-07-22CLI49.55.0This release fixes an issue where the sdm doctor diagnostics report would timeout in organizations with more than 10 gateways configured.
2025-07-21Control Plane109.51.0This release adds RSA ID Plus as a new MFA provider.
2025-07-18Control Plane109.44.0This release deprecates Kubernetes User Impersonation resources.
2025-07-18Control Plane109.28.0This release addresses an issue where provisioned Google groups would stop syncing after a provisioned group was deleted.
2025-07-17Control Plane109.19.0For admins, this release updates the workflow reference on an access request details page to link to that workflow.
2025-07-17Control Plane109.17.0This release adds checks preventing the sending of emails to addresses and domains that bounce. Admins will be notified when an email is limited to allow for remediation.
2025-07-17Control Plane109.16.0This release adds Asset ID support to GraphQL Node resolver to enable proper pagination, adds new managedResources resolver with pagination support, and adds the managed resource table to the Asset Details Page in the Admin UI.
2025-07-16Control Plane109.6.0This release fixes issue where the More option when selecting approvers for a workflow was causing the combobox to break.
2025-07-14CLI49.35.0During scheduled maintenance windows, workers within a proxy cluster now coordinate automatic updates with each other to ensure only one worker at a time is down within the cluster. Every worker within the cluster must be configured with the same maintenance window.
2025-07-14Control Plane108.78.0During scheduled maintenance windows, workers within a proxy cluster now coordinate automatic updates with each other to ensure only one worker at a time is down within the cluster. Every worker within the cluster must be configured with the same maintenance window.
2025-07-14Control Plane108.77.0This release updates the Access Workflow editor to respect the organization's access rule quota.
2025-07-11Desktop Application22.70.0This release improves rendering changes in the Admin UI's resource list, resulting in reduced layout shift, a more responsive feel, and a more performant UI experience.
2025-07-10Control Plane108.52.0This release adds an extended timeout for the access catalog page and creating access requests in the Admin UI.
2025-07-09Control Plane108.41.0This release changes how unused tags are handled, so any tags that have not been used for 90 days or more will now be automatically deleted.
2025-07-09CLI49.26.0When shutting down for update and configured with SDM_ORCHESTRATOR_PROBES, proxy workers now shut down the orchestrator probes and wait 90 seconds for connections to drain before completing the graceful shutdown.
2025-07-08Control Plane108.31.0This release fixes an issue with some log aggregators where 64-bit integers could become truncated by switching to string representations where possible.
2025-07-07CLI49.21.0This release updates many CLI commands so that they now report a more informative error message when permission is denied due to an MFA unlock requirement.
2025-07-07Control Plane108.10.0This release updates the Admin UI with diagnostic download buttons on the Gateways, Relays, and Proxy Clusters pages, which allow administrators to download bulk diagnostics and logs for many nodes at once.
2025-07-07Control Plane108.3.0This release updates secret engines to be automatically health checked.
2025-07-07CLI49.18.0This release updates secret engines to be automatically health checked.
2025-07-03Control Plane107.93.0This release adds a kind filter to the Assets table and renames the type column to kind.
2025-07-03Control Plane107.87.0This release updates resource counts that appear under Requests > Catalog in the Admin UI to now correctly include only resources from enabled workflows.
2025-07-01Control Plane107.76.0This release fixes an issue where the download for managed secret reports was missing read logs.
2025-07-01Control Plane107.74.0This release fixes the AD Secret Engine configuration form to no longer require the Password field.
2025-06-30Desktop Application22.63.0This release fixes an issue that caused the desktop app to get stuck "Waiting for connection" after login.
2025-06-30Control Plane107.61.0This release updates the Log Encryption tab under Settings > Security to allow finer control of what types of logs get stored with StrongDM.
2025-06-30Control Plane107.55.0This release allows organization data structures accessed through the Go, Java, Python, or Ruby SDKs to now expose their logging configuration settings through a nested log_config member. This structure will also expose per-log-category configuration for log data stored with StrongDM. The existing fields have been marked deprecated.
2025-06-30Java SDK15.2.0This release allows organization data structures accessed through the Go, Java, Python, or Ruby SDKs to now expose their logging configuration settings through a nested log_config member. This structure will also expose per-log-category configuration for log data stored with StrongDM. The existing fields have been marked deprecated.
2025-06-30Python SDK15.2.0This release allows organization data structures accessed through the Go, Java, Python, or Ruby SDKs to now expose their logging configuration settings through a nested log_config member. This structure will also expose per-log-category configuration for log data stored with StrongDM. The existing fields have been marked deprecated.
2025-06-30Go SDK15.2.0This release allows organization data structures accessed through the Go, Java, Python, or Ruby SDKs to now expose their logging configuration settings through a nested log_config member. This structure will also expose per-log-category configuration for log data stored with StrongDM. The existing fields have been marked deprecated.
2025-06-30Ruby SDK15.2.0This release allows organization data structures accessed through the Go, Java, Python, or Ruby SDKs to now expose their logging configuration settings through a nested log_config member. This structure will also expose per-log-category configuration for log data stored with StrongDM. The existing fields have been marked deprecated.
2025-06-27Control Plane107.48.0This release updates the Admin UI pages for Users, Gateways, and Relays with Download Diagnostics buttons, which download a zip file containing detailed diagnostic information including logs and metrics. These buttons are only visible to administrators. If the client or node is offline, or if they are running a CLI version below 47.81.0, no information will be reported.
2025-06-26CLI48.94.0This release updates the sdm kubernetes update-config command to respect the KUBECONFIG environment variable. If KUBECONFIG is set, the command updates the first path listed. If not, it defaults to the standard kubeconfig location for your OS.
2025-06-25Control Plane107.31.0This release fixes an issue where certificate authorities were showing up as options when creating secret engines.
2025-06-25CLI48.93.0This release adds support for Aerospike, a distributed NoSQL database. Aerospike resources can now be created through the Admin UI, CLI, SDKs, and Terraform.
2025-06-25Control Plane107.30.0This release adds support for Aerospike, a distributed NoSQL database. Aerospike resources can now be created through the Admin UI, CLI, SDKs, and Terraform.
2025-06-25Terraform Provider14.26.0This release adds support for Aerospike, a distributed NoSQL database. Aerospike resources can now be created through the Admin UI, CLI, SDKs, and Terraform.
2025-06-25Java SDK15.1.0This release adds support for Aerospike, a distributed NoSQL database. Aerospike resources can now be created through the Admin UI, CLI, SDKs, and Terraform.
2025-06-25Python SDK15.1.0This release adds support for Aerospike, a distributed NoSQL database. Aerospike resources can now be created through the Admin UI, CLI, SDKs, and Terraform.
2025-06-25Ruby SDK15.1.0This release adds support for Aerospike, a distributed NoSQL database. Aerospike resources can now be created through the Admin UI, CLI, SDKs, and Terraform.
2025-06-25Go SDK15.1.0This release adds support for Aerospike, a distributed NoSQL database. Aerospike resources can now be created through the Admin UI, CLI, SDKs, and Terraform.
2025-06-24CLI48.92.0This release removes the workflow assignments and workflow assignments history services due to low utilization and server-side design changes. Older versions of the SDK will no longer be able to use these services. Admins can still determine what resources are attached to each workflow by examining the access rules for that workflow. The corresponding CLI commands sdm admin workflow list workflow-assignments and sdm audit workflow-assignments are also removed.
2025-06-24Control Plane107.27.0This release removes the workflow assignments and workflow assignments history services due to low utilization and server-side design changes. Older versions of the SDK will no longer be able to use these services. Admins can still determine what resources are attached to each workflow by examining the access rules for that workflow. The corresponding CLI commands sdm admin workflow list workflow-assignments and sdm audit workflow-assignments are also removed.
2025-06-24Java SDK15.0.0This release removes the workflow assignments and workflow assignments history services due to low utilization and server-side design changes. Older versions of the SDK will no longer be able to use these services. Admins can still determine what resources are attached to each workflow by examining the access rules for that workflow. The corresponding CLI commands sdm admin workflow list workflow-assignments and sdm audit workflow-assignments are also removed.
2025-06-24Go SDK15.0.0This release removes the workflow assignments and workflow assignments history services due to low utilization and server-side design changes. Older versions of the SDK will no longer be able to use these services. Admins can still determine what resources are attached to each workflow by examining the access rules for that workflow. The corresponding CLI commands sdm admin workflow list workflow-assignments and sdm audit workflow-assignments are also removed.
2025-06-24Python SDK15.0.0This release removes the workflow assignments and workflow assignments history services due to low utilization and server-side design changes. Older versions of the SDK will no longer be able to use these services. Admins can still determine what resources are attached to each workflow by examining the access rules for that workflow. The corresponding CLI commands sdm admin workflow list workflow-assignments and sdm audit workflow-assignments are also removed.
2025-06-24Ruby SDK15.0.0This release removes the workflow assignments and workflow assignments history services due to low utilization and server-side design changes. Older versions of the SDK will no longer be able to use these services. Admins can still determine what resources are attached to each workflow by examining the access rules for that workflow. The corresponding CLI commands sdm admin workflow list workflow-assignments and sdm audit workflow-assignments are also removed.
2025-06-24Control Plane107.21.0This release adds Secret Engines and Secrets tabs to the Secret Management Settings page. It also adds the ability for admins to create, edit, and delete secret engines and secrets.
2025-06-24CLI48.89.0This release updates the CLI to support installing SDM nodes (gateway and relay) through the node flag sdm install --node. This flag supports two aliases, gateway and relay, in order to install the StrongDM node. Example Usage: sdm install --node is the general usage to install a relay or gateway. You can, however, use more specific aliases like sdm install --relay or sdm install --gateway in order to install StrongDM nodes.
2025-06-23CLI48.84.0This release fixes an issue when using a RDP certificate resource with an Active Directory Certificate Services Certificate Authority where a misconfiguration of the CA preventing certificates from being issued successfully may result in StrongDM nodes incorrectly handling that error and crashing. This has been fixed, so that certificate issue errors from ADCS are now handled and reported as health check errors. This release also fixes an issue where using a RDP Certificate resource with an Active Directory Certificate Services Certificate Authority with an IIS server configured with HTTP/2 enabled would cause resource health checks to fail with a HTTP_1_1_REQUIRED error due to IIS not supporting HTTP/2 with NTLM authentication. Previously, HTTP/2 had to be explicitly disabled in IIS when using ADCS with StrongDM. The StrongDM ADCS client now correctly issues an HTTP/1.1 request so the IIS configuration no longer has to be modified.
2025-06-20Control Plane107.2.0This release fixes an issue that caused the desktop app with locked authentication to unnecessarily require a fresh login on restart.
2025-06-20CLI48.81.0This release fixes an issue where proxy clusters did not determine the source client IP address properly.
2025-06-20CLI48.76.0With this release, Oracle resources now support connecting via JDBC versions that are newer than 23.2.0.0 all the way up to the latest. Versions with newly added support (JDK 8 and 11) are 23.3.0.23.09, 23.4.0.24.05, 23.5.0.24.07, 23.6.0.24.10, 23.7.0.25.01, and 23.8.0.25.04.
2025-06-20CLI48.75.0This release makes the Trino datasource type generally available.
2025-06-20Control Plane106.91.0This release makes the Trino datasource type generally available.
2025-06-20Terraform Provider14.25.0This release makes the Trino datasource type generally available.
2025-06-20Java SDK14.25.0This release makes the Trino datasource type generally available.
2025-06-20Python SDK14.25.0This release makes the Trino datasource type generally available.
2025-06-20Go SDK14.25.0This release makes the Trino datasource type generally available.
2025-06-20Ruby SDK14.25.0This release makes the Trino datasource type generally available.
2025-06-20Control Plane106.90.0This release adds TLS support to DB2 LUW. It can be enabled by checking the Require TLS option.
2025-06-20CLI48.74.0This release adds TLS support to DB2 LUW. It can be enabled by checking the Require TLS option.
2025-06-20Terraform Provider14.24.0This release adds TLS support to DB2 LUW. It can be enabled by checking the Require TLS option.
2025-06-20Java SDK14.24.0This release adds TLS support to DB2 LUW. It can be enabled by checking the Require TLS option.
2025-06-20Python SDK14.24.0This release adds TLS support to DB2 LUW. It can be enabled by checking the Require TLS option.
2025-06-20Go SDK14.24.0This release adds TLS support to DB2 LUW. It can be enabled by checking the Require TLS option.
2025-06-20Ruby SDK14.24.0This release adds TLS support to DB2 LUW. It can be enabled by checking the Require TLS option.
2025-06-17Desktop Application22.58.0This release enhances the copy menu for resources in the StrongDM Desktop application to allow copying the IP address, with or without the port, of resources using the Virtual Networking Mode feature. This release also includes the ability to copy only the IP address for all resources, plus minor changes to the names of the menu items to improve clarity.
2025-06-17Desktop Application22.57.0This release fixes an issue where clicking the Restart action in an update notification doesn't trigger the desktop app to install and restart.
2025-06-16Desktop Application22.56.0When using the Virtual Networking Mode feature, the StrongDM Desktop application now displays the IP address through which VNM-enabled resources may be accessed, alongside the resource's assigned hostname. There are no changes to the display of loopback and HTTP resources.
2025-06-16CLI48.63.0This release updates sdm status to display the fully qualified domain name through which resources using the Virtual Networking Mode feature can be accessed. This field is not displayed when VNM is not enabled. In addition, sdm status now displays the status, resource type, and local bind address for website resources, similar to the existing output for other types of resources.
2025-06-16Terraform Provider14.23.0This release updates the SDKs and Terraform provider to expose the PortOverride field in HTTPBasicAuth, HTTPNoAuth, and HTTPAuth resources, allowing the local port used by clients to connect to the resource to be explicitly specified, as with other resource types. Previously this field was exposed in the Admin UI and CLI interfaces for these resource types, but was not available in the SDKs.
2025-06-16Java SDK14.23.0This release updates the SDKs and Terraform provider to expose the PortOverride field in HTTPBasicAuth, HTTPNoAuth, and HTTPAuth resources, allowing the local port used by clients to connect to the resource to be explicitly specified, as with other resource types. Previously this field was exposed in the Admin UI and CLI interfaces for these resource types, but was not available in the SDKs.
2025-06-16Python SDK14.23.0This release updates the SDKs and Terraform provider to expose the PortOverride field in HTTPBasicAuth, HTTPNoAuth, and HTTPAuth resources, allowing the local port used by clients to connect to the resource to be explicitly specified, as with other resource types. Previously this field was exposed in the Admin UI and CLI interfaces for these resource types, but was not available in the SDKs.
2025-06-16Go SDK14.23.0This release updates the SDKs and Terraform provider to expose the PortOverride field in HTTPBasicAuth, HTTPNoAuth, and HTTPAuth resources, allowing the local port used by clients to connect to the resource to be explicitly specified, as with other resource types. Previously this field was exposed in the Admin UI and CLI interfaces for these resource types, but was not available in the SDKs.
2025-06-16Ruby SDK14.23.0This release updates the SDKs and Terraform provider to expose the PortOverride field in HTTPBasicAuth, HTTPNoAuth, and HTTPAuth resources, allowing the local port used by clients to connect to the resource to be explicitly specified, as with other resource types. Previously this field was exposed in the Admin UI and CLI interfaces for these resource types, but was not available in the SDKs.
2025-06-13Control Plane106.33.0This release adds the ability to delete a connector to the connector actions menu in the Admin UI.
2025-06-13Control Plane106.28.0This release introduces the crawl interval to connector create and update forms.
2025-06-13Desktop Application22.54.0This release fixes an issue where cloud CLI and TCP resources would not display the resource hostname/IP address and port through which those resources can be accessed in the desktop app.
2025-06-13CLI48.60.0This release fixes an issue where cloud CLI and TCP resources would not display the resource hostname/IP address and port through which those resources can be accessed in the desktop app.
2025-06-13Control Plane106.24.0This release fixes an issue where cloud CLI and TCP resources would not display the resource hostname/IP address and port through which those resources can be accessed in the desktop app.
2025-06-12CLI48.59.0This release fixes an issue where Microsoft SQL Server (Azure AD) and Microsoft SQL Server (Kerberos) resources would fail to successfully health check or allow client connections to SQL Server instances configured to redirect rather than proxy client connections to the target SQL Server instance.
2025-06-12Control Plane106.1.0This release adds support for query metadata including backend PID and Session Start Time to be available with the Postgres driver.
2025-06-12CLI48.54.0This release adds support for query metadata including backend PID and Session Start Time to be available with the Postgres driver.
2025-06-12CLI48.53.0This release adds session start time in metadata for MSSQL driver queries.
2025-06-12Control Plane106.0.0This release updates the legacyResourceFragment to include entityId and updates fragment and generated files from the fragment.
2025-06-11Control Plane105.97.0This release introduces sortable columns to the Connectors table in the Admin UI.
2025-06-11CLI48.50.0This release adds support for key pair authentication for the Snowflake driver.
2025-06-11Java SDK14.22.0This release adds support for key pair authentication for Snowflake.
2025-06-11Python SDK14.22.0This release adds support for key pair authentication for Snowflake.
2025-06-11Ruby SDK14.22.0This release adds support for key pair authentication for Snowflake.
2025-06-11Go SDK14.22.0This release adds support for key pair authentication for Snowflake.
2025-06-09Control Plane105.74.0This release fixes an issue where CLI output could not be displayed after granting temporary access.
2025-06-09CLI48.45.0This release fixes an issue where CLI output could not be displayed after granting temporary access.
2025-06-09CLI48.42.0This release fixes an issue where a failure during an update of the StrongDM client may sometimes leave temporary update files in /tmp.
2025-06-09Control Plane105.66.0This release updates the Network > Gateways and Network > Relays pages of the Admin UI to display the last heartbeat time for nodes that are offline, instead of "unknown".
2025-06-09Control Plane105.64.0This release fixes an issue where the Policies Logs page in the Admin UI may sometimes fail to show any results due to a timeout in retrieving logs from the StrongDM control plane.
2025-06-09Control Plane105.63.0This release fixes incorrect URLs in device trust and user self-sign up notification emails.
2025-06-09CLI48.41.0This release fixes an issue introduced in CLI version 48.5.0 where the CLI may fail to connect to the StrongDM control plane in an environment where the AWS root certificate authorities are not present in the operating system root CA store.
2025-06-05Control Plane105.52.0This release fixes an issue where tags would appear to update in workflows but would not actually get updated.
2025-06-04Control Plane105.35.0This release includes minor improvements to the display of logs in the Admin UI when using public key encryption for remote logs or not storing logs to StrongDM. All logs pages now clearly indicate when logs are encrypted and display the hash of the log when encrypted or not stored, matching the existing behavior of the Queries log page.
2025-06-03CLI48.26.0This release updates Oracle resources to support connecting via JDBC versions that are newer than 23.2.0.0 all the way up to the latest. Versions with the newly added support (JDK 8 and 11) are 23.3.0.23.09, 23.4.0.24.05, 23.5.0.24.07, 23.6.0.24.10, 23.7.0.25.01, and 23.8.0.25.04.
2025-06-02CLI48.19.0This release updates StrongDM to now accept PKCS8-formatted RSA private keys in addition to PKCS1 when decrypting data using the CLI.
2025-05-30Desktop Application22.38.0This release fixes an issue that prevented users with two dots in their email address from logging in.
2025-05-30CLI48.15.0This release updates the CLI so that sdm install --worker now sets the worker to send logs to journald. Instead of tailing ~/.sdm/sdm.log, you can now see logs via journalctl -fu sdm-worker. sdm install and sdm install --relay remain unchanged. Workers that have already been installed via sdm install --worker will continue to send logs to ~/.sdm/sdm.log. This release also fixes an issue that prevented workers from rotating this log file.
2025-05-29CLI48.13.0This release fixes an issue with the Kubernetes driver where interactive sessions may continue to consume some memory on nodes and prevent a node from shutting down cleanly after the connection is closed. In addition, this release fixes an issue with the RDP driver where connections aborted early may continue to consume some memory on nodes and prevent a node from shutting down cleanly after the connection is closed.
2025-05-29Desktop Application22.37.0This release fixes an issue with locking. When executing sdm lock from the CLI, the desktop app now shows the locked state screen, allowing the user to unlock via the desktop app.
2025-05-28CLI48.5.0This release updates the CLI so that when communicating with the control plane, the CLI now trusts the root certificates stored in the operating system trust store, in addition to the Amazon AWS root certificates that it previously pinned.
2025-05-28CLI48.3.0This release adds the missing Type column to the output of the sdm admin nodes list CLI command.
2025-05-27CLI48.1.0This release makes the session ID of query tracking available through metadata for the MSSQL driver. Use the sdm audit queries CLI command to check.
2025-05-27Control Plane104.69.0This release makes the session ID of query tracking available through metadata for the MSSQL driver. Use the sdm audit queries CLI command to check.
2025-05-23CLI47.98.0This release allows requests that result in a rate limit error to be retried indefinitely until the deadline, if any, is reached. Retries now use exponential backoff to improve reliability.
2025-05-23Terraform Provider14.20.0This release allows requests that result in a rate limit error to be retried indefinitely until the deadline, if any, is reached. Retries now use exponential backoff to improve reliability.
2025-05-23Python SDK14.20.0This release allows requests that result in a rate limit error to be retried indefinitely until the deadline, if any, is reached. Retries now use exponential backoff to improve reliability.
2025-05-23Go SDK14.20.0This release allows requests that result in a rate limit error to be retried indefinitely until the deadline, if any, is reached. Retries now use exponential backoff to improve reliability.
2025-05-23Ruby SDK14.20.0This release allows requests that result in a rate limit error to be retried indefinitely until the deadline, if any, is reached. Retries now use exponential backoff to improve reliability.
2025-05-23Terraform Provider14.18.1This release adds a custom resource type called sdm_managed_secret_value that will provide an encrypted value for the creation of managed_secrets. Values of sdm_secret_engine, public_key attribute, and sdm_managed_secret.value are now Base64-encoded.
2025-05-22CLI47.93.0Support for PasswordAuthenticator in Cassandra driver.
2025-05-21Desktop Application22.32.0This release fixes an issue where the desktop app login screen would get stuck and the user could not log in.
2025-05-21Control Plane104.45.0This release adds an online status indicator on the proxy cluster details page of the Admin UI. In addition, this release fixes an issue preventing database operators and database administrators from viewing proxy clusters in the Admin UI.
2025-05-21CLI47.86.0This release adds the TLS Required checkbox for Trino. If turned on, StrongDM is able to grant access to Trino running over HTTPS. If disabled it will be able to connect through HTTP.
2025-05-21Control Plane104.43.0This release adds the TLS Required checkbox for Trino. If turned on, StrongDM is able to grant access to Trino running over HTTPS. If disabled it will be able to connect through HTTP.
2025-05-21Terraform Provider14.15.0This release adds a new sdm_rdp_ca_pubkey data source in the Terraform provider, exposing the Public Key of the StrongDM RDP CA for Terraform workflows. No migrations are needed. Users can simply add a new data source for the Terraform provider.
2025-05-20Desktop Application22.31.0This release fixes an issue where, when users freshly installed the desktop app, a failure might occur on load that would prevent the user from logging in for the first time.
2025-05-20CLI47.85.0This release adds support for Oracle JDBC 23.2.0.0 thin clients with the Oracle driver.
2025-05-19Control Plane104.31.0This release enables approval workflows to be defined, which specify an approver by their relationship to the requester. Specifically, the approver can be the requester's manager, and their manager's manager. A user's manager is resolved from SCIM data if present and can be manually overridden or set if needed.
2025-05-19Control Plane104.30.0This release allows you to audit historical data on the SCIM metadata field and the ManagerID field for StrongDM users from the CLI using the sdm audit users CLI command.
2025-05-19CLI47.83.0This release allows for auditing of historical data on the SCIM metadata field and the ManagerID field for StrongDM users from the CLI using the sdm audit users CLI command.
2025-05-19CLI47.81.0This release fixes an issue with proxy cluster diagnostics that caused them to fail when ICMP was blocked. Bridged proxy workers now refuse to start if they cannot connect to the bridge within 5 seconds. Additional diagnostics have been added specifically for bridged proxy clusters.
2025-05-16Control Plane104.24.0This release adds Proxy Cluster ID as an extended column in resource list CLI commands. In addition, this release fixes an issue where the sdm admin nodes list CLI command showed no reachable resources for proxy clusters.
2025-05-16CLI47.80.0This release adds Proxy Cluster ID as an extended column in resource list CLI commands. In addition, this release fixes an issue with the sdm admin nodes list CLI command, where no reachable resources for proxy clusters were shown.
2025-05-16Control Plane104.21.0This release allows the history of the managerID field on Accounts Users objects to be audited. The snapshot functionality of the Accounts SDK provides the ability to check the state of the managerID field on accounts at a particular point in time, and the Accounts History SDK provides the ability to check all past states of the managerID field on an account between two points in time.
2025-05-15CLI47.77.0This release fixes an issue with bridge workers and third-party certificates with multiple DNS names.
2025-05-15Desktop Application22.27.1This release fixes an issue where users in organizations using TOTP MFA could not unlock the desktop app. Note that users may have to log out and log back in if the update does not immediately fix the unlock issue. Users can do this by choosing "Logout" from the menu or by running "sdm logout" in the CLI. Closing the desktop app while in a locked state will also cause the user to be logged out.
2025-05-15CLI47.65.1This release fixes an issue where users in organizations using TOTP MFA could not unlock the desktop app. Note that users may have to log out and log back in if the update does not immediately fix the unlock issue. Users can do this by choosing "Logout" from the menu or by running "sdm logout" in the CLI. Closing the desktop app while in a locked state will also cause the user to be logged out.
2025-05-15CLI47.49.1This release removes an unused capability from the StrongDM System Service when using the Virtual Networking Mode feature that added the cloud proxy certificate to the system root certificate trust store when logged in to an organization with VNM enabled.
2025-05-15CLI47.22.1This release adds support for IAM role-based authentication for Redshift Cluster and Redshift Serverless.
2025-05-15Control Plane103.90.1This release fixes an issue where users in organizations using TOTP MFA could not unlock the desktop app. Note that users may have to log out and log back in if the update does not immediately fix the unlock issue. Users can do this by choosing "Logout" from the menu or by running "sdm logout" in the CLI. Closing the desktop app while in a locked state will also cause the user to be logged out.
2025-05-15Control Plane101.95.1This release exposes the manager id field of a user in sdm admin users list and improves the formatting of SCIM data when the --json flag is used.
2025-05-15Control Plane102.36.1This release adds support for IAM role-based authentication for Redshift Cluster and Redshift Serverless.
2025-05-15CLI47.12.1This release exposes the manager id field of a user in sdm admin users list and improves the formatting of SCIM data when the --json flag is used.
2025-05-14Desktop Application22.29.0This release fixes an issue where the resource Lock button was stuck in a disabled state after locking the resource.
2025-05-14Control Plane104.5.0This release adds support for the EC2 and IAM authentication methods for HashiCorp Vault.
2025-05-14CLI47.76.0This release adds support for the EC2 and IAM authentication methods for HashiCorp Vault.
2025-05-14Terraform Provider14.14.0This release adds support for the EC2 and IAM authentication methods for HashiCorp Vault.
2025-05-14Python SDK14.14.0This release adds support for the EC2 and IAM authentication methods for HashiCorp Vault.
2025-05-14Ruby SDK14.14.0This release adds support for the EC2 and IAM authentication methods for HashiCorp Vault.
2025-05-14Go SDK14.14.0This release adds support for the EC2 and IAM authentication methods for HashiCorp Vault.
2025-05-13Control Plane104.1.0This release changes the name of the Trino driver.
2025-05-13CLI47.73.0This release changes the name of the Trino driver.
2025-05-13CLI47.72.0This release fixes an issue in the AWS Management Console resource where opening the resource may redirect to the AWS Console for a region different from what was configured in the resource.
2025-05-13Control Plane103.98.0This release adds support for Oracle database connections via Native Network Encryption (NNE). This can be accessed via the new Oracle (NNE) datasource type.
2025-05-13CLI47.71.0This release adds support for Oracle database connections via Native Network Encryption (NNE). This can be accessed via the new Oracle (NNE) datasource type.
2025-05-13Terraform Provider14.13.0This release adds support for Oracle database connections via Native Network Encryption (NNE). This can be accessed via the new Oracle (NNE) datasource type.
2025-05-13Python SDK14.13.0This release adds support for Oracle database connections via Native Network Encryption (NNE). This can be accessed via the new Oracle (NNE) datasource type.
2025-05-13Ruby SDK14.13.0This release adds support for Oracle database connections via Native Network Encryption (NNE). This can be accessed via the new Oracle (NNE) datasource type.
2025-05-13Go SDK14.13.0This release adds support for Oracle database connections via Native Network Encryption (NNE). This can be accessed via the new Oracle (NNE) datasource type.
2025-05-13Control Plane103.97.0This release improves the wording used on error panels in the Microsoft Teams integration.
2025-05-12Desktop Application22.28.0This release fixes an issue where users in organizations using TOTP MFA could not unlock the desktop app. Note that users may have to log out and log back in if the update does not immediately fix the unlock issue. Users can do this by choosing "Logout" from the menu or by running sdm logout in the CLI. Closing the desktop app while in a locked state will also cause the user to be logged out.
2025-05-12CLI47.66.0This release fixes an issue where users in organizations using TOTP MFA could not unlock the desktop app. Note that users may have to log out and log back in if the update does not immediately fix the unlock issue. Users can do this by choosing "Logout" from the menu or by running sdm logout in the CLI. Closing the desktop app while in a locked state will also cause the user to be logged out.
2025-05-12Control Plane103.90.0This release adds software and hardware TOTP support for RSA Secure ID Plus.
2025-05-09CLI47.63.0This release fixes an issue that broke connections to Cassandra resources with the "TLS required" checkbox checked.
2025-05-09Control Plane103.85.0This release corrects a previous server-side issue where customers could not unset the "manager_id" field on an accounts user object via the Go, Python, Ruby, or Java SDKs and the Terraform provider.
2025-05-09Terraform Provider14.11.0This release corrects a previous server-side issue where customers could not unset the "manager_id" field on an accounts user object via the Go, Python, Ruby, or Java SDKs and the Terraform provider.
2025-05-09Python SDK14.11.0This release corrects a previous server-side issue where customers could not unset the "manager_id" field on an accounts user object via the Go, Python, Ruby, or Java SDKs and the Terraform provider.
2025-05-09Ruby SDK14.11.0This release corrects a previous server-side issue where customers could not unset the "manager_id" field on an accounts user object via the Go, Python, Ruby, or Java SDKs and the Terraform provider.
2025-05-09Go SDK14.11.0This release corrects a previous server-side issue where customers could not unset the "manager_id" field on an accounts user object via the Go, Python, Ruby, or Java SDKs and the Terraform provider.
2025-05-08Python SDK14.10.0This release updates the accounts users model to have a read-only field for SCIM data of an user. In addition, this release adds a new manager ID field to manually set the account ID of a user's manager. Lastly, the accounts users model now has a read-only field for retrieving the "resolved manager id". This is the ID of the user's manager derived from the manager_id, if present, or from the SCIM metadata. This field is only populated for results from the accounts get and list endpoints and is not returned for create and update, audit list, or history endpoint calls.
2025-05-08Go SDK14.10.0This release updates the accounts users model to have a read-only field for SCIM data of an user. In addition, this release adds a new manager ID field to manually set the account ID of a user's manager. Lastly, the accounts users model now has a read-only field for retrieving the "resolved manager id". This is the ID of the user's manager derived from the manager_id, if present, or from the SCIM metadata. This field is only populated for results from the accounts get and list endpoints and is not returned for create and update, audit list, or history endpoint calls.
2025-05-08Ruby SDK14.10.0This release updates the accounts users model to have a read-only field for SCIM data of an user. In addition, this release adds a new manager ID field to manually set the account ID of a user's manager. Lastly, the accounts users model now has a read-only field for retrieving the "resolved manager id". This is the ID of the user's manager derived from the manager_id, if present, or from the SCIM metadata. This field is only populated for results from the accounts get and list endpoints and is not returned for create and update, audit list, or history endpoint calls.
2025-05-07Desktop Application22.25.0This release provides a login update, so login errors no longer require the user to change the email field to log in again when the email is prefilled.
2025-05-07CLI47.56.0This release adds the --proxy-cluster-id flag to the sdm admin servers create rawtcp and sdm admin servers update rawtcp CLI commands, which were previously missing it.
2025-05-05Control Plane103.48.0This release restores the permissions needed for an auditor to create and approve access requests.
2025-05-05Control Plane103.46.0This release ensures that the Standing Access report in the Admin UI will not return undefined data that has the potential to kill the page.
2025-05-02Control Plane103.42.0On-prem installations of the StrongDM Control Plane now require the database to be running at least Postgres 13.
2025-05-02CLI47.53.0This release makes sdm admin secretengines and sdm admin managedsecrets CLI commands visible.
2025-05-01CLI47.50.0This release removes an unused capability from the StrongDM System Service when using the Virtual Networking Mode (VNM) beta feature that added the cloud proxy certificate to the system root certificate trust store when logged in to an organization with VNM enabled.
2025-04-30Control Plane103.21.0This release follows the recent addition of the sdm admin approval-workflows-multistep CLI commands, which make the following commands obsolete and removed: sdm admin workflow create workflow-approver, sdm admin workflow list workflow-approvers, and sdm admin workflow delete workflow-approver. In addition, this release adds a template for the --access-rules argument to the help text for the following commands: sdm admin workflow create workflow and sdm admin workflow update workflow. Lastly, this release adds access rules to text and JSON output of sdm admin workflow list workflow and removes the AutoGrant field from workflow listings.
2025-04-30CLI47.49.0This release follows the recent addition of the sdm admin approval-workflows-multistep CLI commands, which make the following commands obsolete and removed: sdm admin workflow create workflow-approver, sdm admin workflow list workflow-approvers, and sdm admin workflow delete workflow-approver. In addition, this release adds a template for the --access-rules argument to the help text for the following commands: sdm admin workflow create workflow and sdm admin workflow update workflow. Lastly, this release adds access rules to text and JSON output of sdm admin workflow list workflow and removes the AutoGrant field from workflow listings.
2025-04-29Control Plane103.8.0New MFA provider with push notifications: RSA ID Plus
2025-04-29CLI47.45.0New MFA provider with push notifications: RSA ID Plus
2025-04-28CLI47.42.0This release makes the Vertica datasource type generally available.
2025-04-28Control Plane103.1.0This release makes the Vertica datasource type generally available.
2025-04-28Terraform Provider14.7.0This release makes the Vertica datasource type generally available.
2025-04-28Ruby SDK14.7.0This release makes the Vertica datasource type generally available.
2025-04-28Python SDK14.7.0This release makes the Vertica datasource type generally available.
2025-04-28Go SDK14.7.0This release makes the Vertica datasource type generally available.
2025-04-28Desktop Application22.23.0This release fixes a login issue for US customers who encountered firewall restrictions that prevented their log in to StrongDM via the desktop app.
2025-04-25CLI47.41.0This release fixes an issue in the rendering of RDP sessions where the cursor color would sometimes be displayed incorrectly in the rendered videos.
2025-04-25CLI47.40.0This release updates the CLI by adding flags to set and unset the ManagerID field on a user account. In addition, this release adds a --template option to the sdm admin user update CLI command.
2025-04-25CLI47.39.0This release improves DNS subdomain validation in the StrongDM System Service when using the Virtual Networking Mode beta feature to detect and disallow malformed input.
2025-04-25Control Plane102.93.0This release updates the CLI by adding flags to set and unset the ManagerID field on a user account. In addition, this release adds a --template option to the sdm admin user update CLI command.
2025-04-25Control Plane102.92.0This release fixes an issue where combo boxes on the Policy Editor would not display correctly.
2025-04-25Control Plane102.88.0This release updates approval workflows to be able to be configured to specify a requester's manager or a requester's manager's manager as an approver. The resolution of whom the manager of the requester is is performed when the requester makes an access request.
2025-04-25Terraform Provider14.6.0This release updates approval workflows to be able to be configured to specify a requester's manager or a requester's manager's manager as an approver. The resolution of whom the manager of the requester is is performed when the requester makes an access request.
2025-04-25Python SDK14.6.0This release updates approval workflows to be able to be configured to specify a requester's manager or a requester's manager's manager as an approver. The resolution of whom the manager of the requester is is performed when the requester makes an access request.
2025-04-25Go SDK14.6.0This release updates approval workflows to be able to be configured to specify a requester's manager or a requester's manager's manager as an approver. The resolution of whom the manager of the requester is is performed when the requester makes an access request.
2025-04-25Ruby SDK14.6.0This release updates approval workflows to be able to be configured to specify a requester's manager or a requester's manager's manager as an approver. The resolution of whom the manager of the requester is is performed when the requester makes an access request.
2025-04-23Desktop Application22.22.0This release resolves an issue that prevented the desktop app from logging in via Google SSO, where after authenticating with Google, the user would see a 404 page and not be authenticated in the desktop app.
2025-04-23Control Plane102.74.0This release resolves an issue that prevented the desktop app from logging in via Google SSO, where after authenticating with Google, the user would see a 404 page and not be authenticated in the desktop app.
2025-04-22Control Plane102.71.0This release fixes an issue with the StrongDM Jira integration where the end date of an access request grant was being incorrectly rendered in Jira.
2025-04-22Control Plane102.66.0This release updates the CLI commands for approval workflows; specifically, the output heading for "ApproverIDs" has been changed to "Approvers" in the listings of approval workflow steps.
2025-04-21CLI47.30.0This release adds the Oracle (NNE) datasource type, which provides support for Oracle datasources that have NNE enabled. StrongDM supports the AES-128, AES-192, AES-256, DES, RC4_40, RC4_128, and RC4_256 encryption algorithms; SHA-256, SHA-384, and SHA-512 checksum algorithms; and Oracle DB versions 12c to 19c.
2025-04-21Control Plane102.62.0This release adds the Oracle (NNE) datasource type, which provides support for Oracle datasources that have NNE enabled. StrongDM supports the AES-128, AES-192, AES-256, DES, RC4_40, RC4_128, and RC4_256 encryption algorithms; SHA-256, SHA-384, and SHA-512 checksum algorithms; and Oracle DB versions 12c to 19c.
2025-04-21Terraform Provider14.4.0This release adds Oracle (NNE) as a resource type. StrongDM supports the AES-128, AES-192, AES-256, DES, RC4_40, RC4_128, and RC4_256 encryption algorithms; SHA-256, SHA-384, and SHA-512 checksum algorithms; and Oracle DB versions 12c to 19c.
2025-04-21Python SDK14.4.0This release adds Oracle (NNE) as a resource type. StrongDM supports the AES-128, AES-192, AES-256, DES, RC4_40, RC4_128, and RC4_256 encryption algorithms; SHA-256, SHA-384, and SHA-512 checksum algorithms; and Oracle DB versions 12c to 19c.
2025-04-21Go SDK14.4.0This release adds Oracle (NNE) as a resource type. StrongDM supports the AES-128, AES-192, AES-256, DES, RC4_40, RC4_128, and RC4_256 encryption algorithms; SHA-256, SHA-384, and SHA-512 checksum algorithms; and Oracle DB versions 12c to 19c.
2025-04-21Ruby SDK14.4.0This release adds Oracle (NNE) as a resource type. StrongDM supports the AES-128, AES-192, AES-256, DES, RC4_40, RC4_128, and RC4_256 encryption algorithms; SHA-256, SHA-384, and SHA-512 checksum algorithms; and Oracle DB versions 12c to 19c.
2025-04-21Control Plane102.57.0This release updates the Admin UI to correctly display Jira or ServiceNow under the Request Details page.
2025-04-17Control Plane102.44.0This release fixes an issue where some approval workflow audit records were associated with a nonexistent activity when using older versions of the CLI or SDK to manage approval workflows.
2025-04-17CLI47.26.0This release adds the Oracle (NNE) datasource type, which provides support for Oracle datasources that have NNE enabled. StrongDM supports the AES-128, AES-192, AES-256, DES, RC4_40, RC4_128, and RC4_256 encryption algorithms; SHA-256, SHA-384, and SHA-512 checksum algorithms; and Oracle DB versions 12c to 19c.
2025-04-17Control Plane102.42.0This release adds the Oracle (NNE) datasource type, which provides support for Oracle datasources that have NNE enabled. StrongDM supports the AES-128, AES-192, AES-256, DES, RC4_40, RC4_128, and RC4_256 encryption algorithms; SHA-256, SHA-384, and SHA-512 checksum algorithms; and Oracle DB versions 12c to 19c.
2025-04-17Control Plane102.37.0This release adds support for Redshift Cluster and Redshift Serverless to use IAM role-based authentication.
2025-04-17CLI47.23.0This release adds support for Redshift Cluster and Redshift Serverless to use IAM role-based authentication.
2025-04-17Terraform Provider14.3.0This release adds support for Redshift Cluster and Redshift Serverless to use IAM role-based authentication.
2025-04-17Python SDK14.3.0This release adds support for Redshift Cluster and Redshift Serverless to use IAM role-based authentication.
2025-04-17Go SDK14.3.0This release adds support for Redshift Cluster and Redshift Serverless to use IAM role-based authentication.
2025-04-17Ruby SDK14.3.0This release adds support for Redshift Cluster and Redshift Serverless to use IAM role-based authentication.
2025-04-15Terraform Provider14.2.0This release fixes an issue with the sdm admin approval-workflows update CLI command in CLI versions prior to 47.3.0 and ApprovalWorkflows, where update SDK/Terraform calls in SDK versions prior to 14.0.0 would incorrectly remove all steps from a manual approval workflow. A consequence of this fix is the sdm admin approval-workflows-multistep update CLI command in CLI versions between 47.3.0 and 47.20.0 and the ApprovalWorkflows. Update SDK/Terraform call in SDK versions between 14.0.0 and 14.1.0 cannot be used to update the steps of an approval workflow. Please upgrade to CLI version 47.20.0 or higher, or SDK version 14.1.0 or higher.
2025-04-15Control Plane102.22.0This release fixes an issue with the sdm admin approval-workflows update CLI command in CLI versions prior to 47.3.0 and ApprovalWorkflows, where update SDK/Terraform calls in SDK versions prior to 14.0.0 would incorrectly remove all steps from a manual approval workflow. A consequence of this fix is the sdm admin approval-workflows-multistep update CLI command in CLI versions between 47.3.0 and 47.20.0 and the ApprovalWorkflows. Update SDK/Terraform call in SDK versions between 14.0.0 and 14.1.0 cannot be used to update the steps of an approval workflow. Please upgrade to CLI version 47.20.0 or higher, or SDK version 14.1.0 or higher.
2025-04-15Python SDK14.2.0This release fixes an issue with the sdm admin approval-workflows update CLI command in CLI versions prior to 47.3.0 and ApprovalWorkflows, where update SDK/Terraform calls in SDK versions prior to 14.0.0 would incorrectly remove all steps from a manual approval workflow. A consequence of this fix is the sdm admin approval-workflows-multistep update CLI command in CLI versions between 47.3.0 and 47.20.0 and the ApprovalWorkflows. Update SDK/Terraform call in SDK versions between 14.0.0 and 14.1.0 cannot be used to update the steps of an approval workflow. Please upgrade to CLI version 47.20.0 or higher, or SDK version 14.1.0 or higher.
2025-04-15Go SDK14.2.0This release fixes an issue with the sdm admin approval-workflows update CLI command in CLI versions prior to 47.3.0 and ApprovalWorkflows, where update SDK/Terraform calls in SDK versions prior to 14.0.0 would incorrectly remove all steps from a manual approval workflow. A consequence of this fix is the sdm admin approval-workflows-multistep update CLI command in CLI versions between 47.3.0 and 47.20.0 and the ApprovalWorkflows. Update SDK/Terraform call in SDK versions between 14.0.0 and 14.1.0 cannot be used to update the steps of an approval workflow. Please upgrade to CLI version 47.20.0 or higher, or SDK version 14.1.0 or higher.
2025-04-15Ruby SDK14.2.0This release fixes an issue with the sdm admin approval-workflows update CLI command in CLI versions prior to 47.3.0 and ApprovalWorkflows, where update SDK/Terraform calls in SDK versions prior to 14.0.0 would incorrectly remove all steps from a manual approval workflow. A consequence of this fix is the sdm admin approval-workflows-multistep update CLI command in CLI versions between 47.3.0 and 47.20.0 and the ApprovalWorkflows. Update SDK/Terraform call in SDK versions between 14.0.0 and 14.1.0 cannot be used to update the steps of an approval workflow. Please upgrade to CLI version 47.20.0 or higher, or SDK version 14.1.0 or higher.
2025-04-15CLI47.20.0This release updates the CLI to remember the previously selected app domain even after logout.
2025-04-10Terraform Provider14.0.0This release is a major SDK version bump that introduces enhanced approval workflows. The approval workflow steps and approval workflow approvers endpoints have been deprecated to introduce multistep approval workflow functionality through the approval workflow endpoint. Approval workflows can now be created with multiple approval steps and approvers using the approval workflows endpoint. In addition, you can now specify a "skip after" timeout on an approval step so that the step will auto-approve if no approval has been given after the specified time elapses. Another optional "quantifier" specifies whether any or all approvers need to approve for an approval step. The approval workflows history, approval workflows steps history, and approval workflow approvers history endpoints remain as-is for historical data queries.
2025-04-10Go SDK14.0.0This release is a major SDK version bump that introduces enhanced approval workflows. The approval workflow steps and approval workflow approvers endpoints have been deprecated to introduce multistep approval workflow functionality through the approval workflow endpoint. Approval workflows can now be created with multiple approval steps and approvers using the approval workflows endpoint. In addition, you can now specify a "skip after" timeout on an approval step so that the step will auto-approve if no approval has been given after the specified time elapses. Another optional "quantifier" specifies whether any or all approvers need to approve for an approval step. The approval workflows history, approval workflows steps history, and approval workflow approvers history endpoints remain as-is for historical data queries.
2025-04-10Python SDK14.0.0This release is a major SDK version bump that introduces enhanced approval workflows. The approval workflow steps and approval workflow approvers endpoints have been deprecated to introduce multistep approval workflow functionality through the approval workflow endpoint. Approval workflows can now be created with multiple approval steps and approvers using the approval workflows endpoint. In addition, you can now specify a "skip after" timeout on an approval step so that the step will auto-approve if no approval has been given after the specified time elapses. Another optional "quantifier" specifies whether any or all approvers need to approve for an approval step. The approval workflows history, approval workflows steps history, and approval workflow approvers history endpoints remain as-is for historical data queries.
2025-04-10Ruby SDK14.0.0This release is a major SDK version bump that introduces enhanced approval workflows. The approval workflow steps and approval workflow approvers endpoints have been deprecated to introduce multistep approval workflow functionality through the approval workflow endpoint. Approval workflows can now be created with multiple approval steps and approvers using the approval workflows endpoint. In addition, you can now specify a "skip after" timeout on an approval step so that the step will auto-approve if no approval has been given after the specified time elapses. Another optional "quantifier" specifies whether any or all approvers need to approve for an approval step. The approval workflows history, approval workflows steps history, and approval workflow approvers history endpoints remain as-is for historical data queries.
2025-04-10Control Plane101.98.0This release updates the "query" field in Log Stream query logs to include the complete query capture metadata for RDP and interactive SSH and Kubernetes sessions. Previously this field was empty for these queries. Additionally the sdm replay rdp CLI command now supports --format logstream, which allows auditing of RDP sessions captured by Log Stream.
2025-04-10CLI47.15.0This release updates the "query" field in Log Stream query logs to include the complete query capture metadata for RDP and interactive SSH and Kubernetes sessions. Previously this field was empty for these queries. Additionally the sdm replay rdp CLI command now supports --format logstream, which allows auditing of RDP sessions captured by Log Stream.
2025-04-09Control Plane101.96.0This release exposes the manager id field of a user in the sdm admin users list CLI command and improves the formatting of SCIM data when the --json flag is used.
2025-04-09CLI47.13.0This release exposes the manager id field of a user in sdm admin users list and improves the formatting of SCIM data when the --json flag is used.
2025-04-09Control Plane101.95.0This release updates SSH (Customer Managed Key) resources using Identity Aliases with a third-party secret store (not Strong Vault) to optionally use a different SSH private key for each Identity Alias. This is done by configuring the path to the private key in the secret store to include a $SDM_USERNAME variable that will be replaced at runtime with the Identity Alias of the connecting user (for example, secrets/employees/$SDM_USERNAME?key=ssh-key).
2025-04-08Desktop Application22.20.0This release fixes an issue where when a user would relaunch the SSO login in a browser window, it would show an error that the token was already used.
2025-04-08CLI47.12.0This release adds support for privilege levels on Leased Credentials clusters.
2025-04-08Control Plane101.88.0This release adds SCIM metadata to the output from the sdm admin users list CLI command.
2025-04-08CLI47.11.0This release adds SCIM metadata to the output from the sdm admin users list CLI command.
2025-04-08CLI47.10.0This release adds support for Secret Engines and Managed Secrets in the SDKs.
2025-04-08Control Plane101.87.0This release adds support for Secret Engines and Managed Secrets in the SDKs.
2025-04-08Python SDK13.12.0This release adds support for Secret Engines and Managed Secrets in the SDKs.
2025-04-08Ruby SDK13.12.0This release adds support for Secret Engines and Managed Secrets in the SDKs.
2025-04-08Go SDK13.12.0This release adds support for Secret Engines and Managed Secrets in the SDKs.
2025-04-07CLI47.8.0SSH (Customer Managed Key) resources now support Identity Aliases in addition to the existing support for leased credentials. Identity Aliases allow a different SSH username to be used for different users connecting to the same resource with the same SSH key. This new configuration is supported across the Admin UI, CLI, SDKs, and Terraform.
2025-04-07Control Plane101.81.0SSH (Customer Managed Key) resources now support Identity Aliases in addition to the existing support for leased credentials. Identity Aliases allow a different SSH username to be used for different users connecting to the same resource with the same SSH key. This new configuration is supported across the Admin UI, CLI, SDKs, and Terraform.
2025-04-07Terraform Provider13.11.0SSH (Customer Managed Key) resources now support Identity Aliases in addition to the existing support for leased credentials. Identity Aliases allow a different SSH username to be used for different users connecting to the same resource with the same SSH key. This new configuration is supported across the Admin UI, CLI, SDKs, and Terraform.
2025-04-07Python SDK13.11.0SSH (Customer Managed Key) resources now support Identity Aliases in addition to the existing support for leased credentials. Identity Aliases allow a different SSH username to be used for different users connecting to the same resource with the same SSH key. This new configuration is supported across the Admin UI, CLI, SDKs, and Terraform.
2025-04-07Ruby SDK13.11.0SSH (Customer Managed Key) resources now support Identity Aliases in addition to the existing support for leased credentials. Identity Aliases allow a different SSH username to be used for different users connecting to the same resource with the same SSH key. This new configuration is supported across the Admin UI, CLI, SDKs, and Terraform.
2025-04-07Go SDK13.11.0SSH (Customer Managed Key) resources now support Identity Aliases in addition to the existing support for leased credentials. Identity Aliases allow a different SSH username to be used for different users connecting to the same resource with the same SSH key. This new configuration is supported across the Admin UI, CLI, SDKs, and Terraform.
2025-04-07Control Plane101.78.0This release updates the access workflow quota limit to be no longer capped at 100.
2025-04-07Control Plane101.76.0This release adds support for the Amazon OpenSearch/Elasticsearch (IAM) datasource type, allowing Opensearch/Elasticsearch to be set up using IAM.
2025-04-07CLI47.7.0This release adds support for the Amazon OpenSearch/Elasticsearch (IAM) datasource type, allowing Opensearch/Elasticsearch to be set up using IAM.
2025-04-07Python SDK13.10.0This release adds support for the Amazon OpenSearch/Elasticsearch (IAM) datasource type, allowing Opensearch/Elasticsearch to be set up using IAM.
2025-04-07Go SDK13.10.0This release adds support for the Amazon OpenSearch/Elasticsearch (IAM) datasource type, allowing Opensearch/Elasticsearch to be set up using IAM.
2025-04-07Ruby SDK13.10.0This release adds support for the Amazon OpenSearch/Elasticsearch (IAM) datasource type, allowing Opensearch/Elasticsearch to be set up using IAM.
2025-04-07CLI47.6.0Add support for Redis Cluster
2025-04-07Control Plane101.75.0Add support for Redis Cluster
2025-04-07Go SDK13.9.0Add support for Redis Cluster
2025-04-04Terraform Provider13.8.0This release allows usernames and passwords for the Vertica resource type to be vaulted with third-party secret stores for our Terraform provider.
2025-04-04CLI47.4.0This release updates the CLI with an interactive login for sdm login that prompts users to select an app domain. The default app domain is app.strongdm.com. If SDM_APP_DOMAIN is set in the environment, it will take precedence instead and no prompt will be shown.
2025-04-03Control Plane101.60.0This release speeds up load times between page and tab navigation in the Admin UI.
2025-04-02Control Plane101.58.0This release makes multistep approval workflows generally available. You can now create approval workflows with multiple approval steps. There are new settings that allow you to skip an approval step after it's been idle for a period of time, or specify whether any or all approvers need to approve that step. In addition, this release adds the new CLI command sdm admin approval-workflows-multistep, which takes JSON configuration for a whole approval workflow, including approval steps and approvers. Users can also query and list information about approval workflows through this CLI command. Lastly, this release deprecates the following CLI commands, which will continue to work for existing customers, but without the new multistep approval workflow functionality: sdm admin approval workflows, sdm admin approval-workflow-steps, and sdm admin approval-workflow-approvers.
2025-04-02CLI47.3.0This release makes multistep approval workflows generally available. You can now create approval workflows with multiple approval steps. There are new settings that allow you to skip an approval step after it's been idle for a period of time, or specify whether any or all approvers need to approve that step. In addition, this release adds the new CLI command sdm admin approval-workflows-multistep, which takes JSON configuration for a whole approval workflow, including approval steps and approvers. Users can also query and list information about approval workflows through this CLI command. Lastly, this release deprecates the following CLI commands, which will continue to work for existing customers, but without the new multistep approval workflow functionality: sdm admin approval workflows, sdm admin approval-workflow-steps, and sdm admin approval-workflow-approvers.
2025-03-31Desktop Application22.18.0This release changes what is displayed in the desktop menu app when logging into or logging out of StrongDM. Now, the "Open app.strongdm.com" option will no longer appear in the menu when logged out. When logged in, the "Open app.strongdm.com" menu option will display as "Open [the control plane domain you are authenticated with]".
2025-03-31Terraform Provider13.6.0The SDKs now send requests to app.strongdm.com by default, rather than api.strongdm.com. The previous address will continue to be supported indefinitely.
2025-03-31Python SDK13.6.0The SDKs now send requests to app.strongdm.com by default, rather than api.strongdm.com. The previous address will continue to be supported indefinitely.
2025-03-31Ruby SDK13.6.0The SDKs now send requests to app.strongdm.com by default, rather than api.strongdm.com. The previous address will continue to be supported indefinitely.
2025-03-31Go SDK13.6.0The SDKs now send requests to app.strongdm.com by default, rather than api.strongdm.com. The previous address will continue to be supported indefinitely.
2025-03-28Control Plane101.39.0This release adds support for the Vertica database in the SDKs.
2025-03-28CLI46.99.0This release adds support for the Vertica database in the SDKs.
2025-03-28Terraform Provider13.5.0This release adds support for the Vertica database in the SDKs.
2025-03-28Ruby SDK13.5.0This release adds support for the Vertica database in the SDKs.
2025-03-28Python SDK13.5.0This release adds support for the Vertica database in the SDKs.
2025-03-28Go SDK13.5.0This release adds support for the Vertica database in the SDKs.
2025-03-27CLI46.98.0This release deprecates the sdm install --domain CLI command. Instead, use --app-domain and pass the full domain name of the control plane including the app. (for example, sdm install --app-domain app.eu.strongdm.com). The --domain flag will continue to work as-is indefinitely.
2025-03-21Control Plane101.17.0This release mitigates certain instances of hung healthcheck diagnostics in the Admin UI.
2025-03-21CLI46.92.0This release removes sdm admin managedsecrets validate and sdm admin managedsecrets validate from the CLI. Please use sdm managedsecrets validate and sdm managedsecrets validate with relevant permission policy instead.
2025-03-20Control Plane101.13.0This release makes proxy clusters generally available as a new deployment option.
2025-03-19Control Plane101.9.0This release adds support for secret engines to enterprise customers. All enterprise customers can now create secret engines and managed secrets.
2025-03-14Control Plane100.91.0This release updates the Relay and Gateway Resources tab in the Admin UI to have search and filtering capabilities. Users can now search by resource name, type filter, status filter, and tags filter.
2025-03-14Control Plane100.89.0This release adds a workflow setting to the Admin UI to specify the number of requests a user can make to a resource.
2025-03-14Desktop Application22.15.0This release enables users with multiple control planes to select which control plane they want to connect to from the desktop app.
2025-03-14Control Plane100.86.0This release introduces an exponential backoff in case of automatic rotation failures for Active Directory secret engines. This will reduce the number of errors that might be observed for misconfigured Active Directory accounts. The interval for retries in case of failures will be increased with each failure until it reaches max_backoff_duration. After that retries happen every max_backoff_duration. The default value for max_backoff_duration is 1 day (24 hours). max_backoff_duration can be set using the --max-backoff-duration flag when updating a secret engine (sdm admin secretengines update active_directory <SECRET_ENGINE_ID>) or creating a secret engine (sdm admin secretengines create active_directory).
2025-03-14CLI46.87.0This release introduces an exponential backoff in case of automatic rotation failures for Active Directory secret engines. This will reduce the number of errors that might be observed for misconfigured Active Directory accounts. The interval for retries in case of failures will be increased with each failure until it reaches max_backoff_duration. After that retries happen every max_backoff_duration. The default value for max_backoff_duration is 1 day (24 hours). max_backoff_duration can be set using the --max-backoff-duration flag when updating a secret engine (sdm admin secretengines update active_directory <SECRET_ENGINE_ID>) or creating a secret engine (sdm admin secretengines create active_directory).
2025-03-11Control Plane100.80.0This release adds the new permission level Database Operator.
2025-03-11Terraform Provider13.3.0This release adds the new permission level Database Operator.
2025-03-11Ruby SDK13.3.0This release adds the new permission level Database Operator.
2025-03-11Go SDK13.3.0This release adds the new permission level Database Operator.
2025-03-11Python SDK13.3.0This release adds the new permission level Database Operator.
2025-03-10CLI46.84.0This release adds support to the sdm connect CLI command, allowing it to accept either a resource name or a resource ID as the argument.
2025-03-10Control Plane100.75.0This release adds support to the sdm connect CLI command, allowing it to accept either a resource name or a resource ID as the argument.
2025-03-10Control Plane100.71.0This release fixes an issue with the sdm admin users grant-temporary --template-role CLI command, in which it would not grant access to resources on that role.
2025-03-08CLI46.81.0This release fixes an issue that could cause unexpected disconnects from RDP (Certificate Based) resources with certain combinations of Windows client and server versions.
2025-03-06CLI46.78.0This release fixes a healthcheck bug for Amazon EKS resources where the wrong namespace was used during the healthcheck when Identity Sets were enabled.
2025-03-06CLI46.77.0This release adds the Kubernetes (Pod Identity) cluster resource type, which supports connection to Kubernetes clusters that have a node (relay or gateway) running inside them, without ever giving StrongDM credentials to the cluster.
2025-03-06Terraform Provider13.2.0This release adds the Kubernetes (Pod Identity) cluster resource type, which supports connection to Kubernetes clusters that have a node (relay or gateway) running inside them, without ever giving StrongDM credentials to the cluster.
2025-03-06Control Plane100.63.0This release adds the Kubernetes (Pod Identity) cluster resource type, which supports connection to Kubernetes clusters that have a node (relay or gateway) running inside them, without ever giving StrongDM credentials to the cluster.
2025-03-06Python SDK13.2.0This release adds the Kubernetes (Pod Identity) cluster resource type, which supports connection to Kubernetes clusters that have a node (relay or gateway) running inside them, without ever giving StrongDM credentials to the cluster.
2025-03-06Ruby SDK13.2.0This release adds the Kubernetes (Pod Identity) cluster resource type, which supports connection to Kubernetes clusters that have a node (relay or gateway) running inside them, without ever giving StrongDM credentials to the cluster.
2025-03-06Go SDK13.2.0This release adds the Kubernetes (Pod Identity) cluster resource type, which supports connection to Kubernetes clusters that have a node (relay or gateway) running inside them, without ever giving StrongDM credentials to the cluster.
2025-03-04CLI46.74.0This release updates the sdm replay rdp CLI command to include improved help and usage information, updates sdm replay rdp to support rendering RDP sessions older than one week, and updates sdm replay rdp to be able to be used to render RDP sessions from local relay log files encrypted with public key encryption (via the --key option).
2025-03-03Control Plane100.44.0This releases changes the MS SQL Kerberos SPN field to be a non-credential type. This only changes behavior when using secret stores with MS SQL Kerberos resources. Previously, a secret path needed to be specified for the SPN field when using secret stores. Now the field is always a plaintext string.
2025-03-03Terraform Provider13.0.0This releases changes the MS SQL Kerberos SPN field to be a non-credential type. This only changes behavior when using secret stores with MS SQL Kerberos resources. Previously, a secret path needed to be specified for the SPN field when using secret stores. Now the field is always a plaintext string.
2025-03-03Go SDK13.0.0This releases changes the MS SQL Kerberos SPN field to be a non-credential type. This only changes behavior when using secret stores with MS SQL Kerberos resources. Previously, a secret path needed to be specified for the SPN field when using secret stores. Now the field is always a plaintext string.
2025-03-03Ruby SDK13.0.0This releases changes the MS SQL Kerberos SPN field to be a non-credential type. This only changes behavior when using secret stores with MS SQL Kerberos resources. Previously, a secret path needed to be specified for the SPN field when using secret stores. Now the field is always a plaintext string.
2025-03-03Python SDK13.0.0This releases changes the MS SQL Kerberos SPN field to be a non-credential type. This only changes behavior when using secret stores with MS SQL Kerberos resources. Previously, a secret path needed to be specified for the SPN field when using secret stores. Now the field is always a plaintext string.
2025-03-03Control Plane100.43.0This release improves the Cluster Discovery tab in the Admin UI to show a more meaningful message when nothing has been discovered yet.
2025-02-28Control Plane100.39.0This release fixes an issue that caused requesting access to a resource via fixed duration to display "Requested for 0 days" in the access details column.
2025-02-26CLI46.69.0This release fixes an issue for Oracle, where entering a raw IP address as the hostname causes the connection to fail. Additionally, this release fixes a connectivity issue for Oracle 19 in OCI and any other Oracle servers using the same connection format from odbc6.jar (version8i).
2025-02-20Control Plane100.16.0This release updates policies so that StrongDM::ManagedSecret::Action::"read" is now granted implicitly as part of StrongDM::ManagedSecret::Action::"retrieve", StrongDM::ManagedSecret::Action::"rotate", and StrongDM::ManagedSecret::Action::"validate". Now users granted those "broader" permissions can also list secrets they can take action upon.
2025-02-19Control Plane100.12.0This release updates the way users are routed to certain Admin UI pages upon login. Users with the User permission level on login will be routed to the Download & Install page. Users with the Database Admin permission level on login will be routed to the Datasources page. Users with the Admin permission level who have expired Enterprise accounts will see an Enterprise purchase banner at the top of the page for pages that are Enterprise-only.
2025-02-19Control Plane100.10.0This release updates the Policy Logs page of the Admin with a new design and filtering capability. Users can now use dropdown filters and search input to reduce the amount of logs displayed based on the requested filters.
2025-02-14CLI46.64.0This release addresses an issue where under periods of heavy load, nodes may potentially run out of memory if remote logging to StrongDM is enabled and query and replay data is being generated faster than it can be logged to StrongDM. Nodes are now limited to consuming no more than about 50 percent of system memory for buffering remote logs, throttling traffic when this limit is reached. While it should not be necessary to do so, these default limits may be overridden via SDM_RELAY_LOG_REMOTE_BUFFER_BYTES and SDM_RELAY_LOG_REMOTE_BUFFER_RETRY_BYTES environment variables.
2025-02-12CLI46.62.0This release updates the SDKs to support the new AccessRule field for account grants.
2025-02-12Control Plane100.1.0This release updates the SDKs to support the new AccessRule field for account grants.
2025-02-12Python SDK12.10.0This release updates the SDKs to support the new AccessRule field for account grants.
2025-02-12Go SDK12.10.0This release updates the SDKs to support the new AccessRule field for account grants.
2025-02-12Ruby SDK12.10.0This release updates the SDKs to support the new AccessRule field for account grants.
2025-02-11Control Plane99.95.0
  • Fix dropdown behavior.
2025-02-10CLI46.60.0This release adds support to RDP resources for connecting to Windows 11 and Windows Server 2025 RDP servers with Network Level Authentication (NLA) enabled. Previously, RDP resources required NLA to be disabled on these newer Windows versions.
2025-02-10CLI46.59.0This release fixes an issue where RDP sessions to some Windows target server versions, including Windows 10, may fail to render into video fields. This release also fixes an issue where RDP sessions from Windows 11 24H2 clients to some Windows target server versions, including Windows 10 and 11, may display incorrectly, with heavy pixelation of the screen.
2025-02-07Control Plane99.89.0This release improves resource selection in the temporary access modal to allow better search results.
2025-02-06Control Plane99.85.0Fixed error when accepting user invitations.
2025-02-06Control Plane99.78.0Fixed routing issue when trying to log in while already authenticated.
2025-02-06Control Plane99.77.0This release updates the temporary access table to no longer increment the total count by two when adding a new temporary grant to a user.
2025-02-05Control Plane99.74.0This release fixes an issue where gateways device details text would overflow into other text.
2025-02-04Control Plane99.62.0This release fixes an issue where a newly created role wasn't immediately showing up in the roles table in the Admin UI. It also fixes an issue where the "reason" text field in the access request modal did not capture the first character being typed into it.
2025-02-03Control Plane99.60.0This release ensures that Role IDs no longer show up in the search box of the attach role selector on the access workflow form.
2025-01-31Terraform Provider12.9.1This release updates the Terraform provider docs to include max duration and fixed duration settings for individual access workflows.
2025-01-30CLI46.43.0This release fixes an issue with RDP session video rendering (both in the Admin UI and the CLI) that could potentially result in artifacts in the rendered video due to a rare mis-parsing of bitmap updates in the RDP session data.
2025-01-29CLI46.41.0This release provides the capability for users to append an -e flag to their sdm status CLI command. This will show privilege levels (if any) for any clusters they currently have privileges for.
2025-01-29Control Plane99.38.0This release provides the capability for users to append an -e flag to their sdm status CLI command. This will show privilege levels (if any) for any clusters they currently have privileges for.
2025-01-29Control Plane99.33.0This release adds a new logs page to the Admin UI for Credential Management logs.
2025-01-28CLI46.40.0Relays previously output the following non-structured log line every 2 minutes on stderr: link count: %d, stream count: %d, egress count: %d. This log will now appear in the following structured format on stdout, bringing it in compliance with all other log lines: time="2025-01-28T10:15:56-08:00" level=info msg="link monitor" linkCount=1 streamCount=0 egressCount=0.
2025-01-28CLI46.39.0This release adds the PrivilegeGroups field to sharedkernel.Capture model, allowing these to be auditable via sdm audit k8s and in query logs. These fields are populated by any groups granted via privileges for a given Kubernetes operation.
2025-01-28Terraform Provider12.9.0This release adds the PrivilegeGroups field to sharedkernel.Capture model, allowing these to be auditable via sdm audit k8s and in query logs. These fields are populated by any groups granted via privileges for a given Kubernetes operation.
2025-01-28Python SDK12.9.0This release adds the PrivilegeGroups field to sharedkernel.Capture model, allowing these to be auditable via sdm audit k8s and in query logs. These fields are populated by any groups granted via privileges for a given Kubernetes operation.
2025-01-28Ruby SDK12.9.0This release adds the PrivilegeGroups field to sharedkernel.Capture model, allowing these to be auditable via sdm audit k8s and in query logs. These fields are populated by any groups granted via privileges for a given Kubernetes operation.
2025-01-28Go SDK12.9.0This release adds the PrivilegeGroups field to sharedkernel.Capture model, allowing these to be auditable via sdm audit k8s and in query logs. These fields are populated by any groups granted via privileges for a given Kubernetes operation.
2025-01-27CLI46.38.0This release adds the sdm access request <REQUEST_ID> CLI command that displays a summary of the request and approvals.
2025-01-27CLI46.37.0This release adds support for IAM authentication with Aurora MySQL.
2025-01-27Control Plane99.24.0This release fixes an issue where sdm access requests --filter="request:<RESOURCE_NAME>"" would not return some access requests when there were matching requests.
2025-01-27Terraform Provider12.8.0This release adds support for IAM authentication with Aurora MySQL.
2025-01-27Control Plane99.22.0This release adds support for IAM authentication with Aurora MySQL.
2025-01-27Go SDK12.8.0This release adds support for IAM authentication with Aurora MySQL.
2025-01-27Ruby SDK12.8.0This release adds support for IAM authentication with Aurora MySQL.
2025-01-27Python SDK12.8.0This release adds support for IAM authentication with Aurora MySQL.
2025-01-24Control Plane99.12.0This release makes the Windows x32 version no longer available for download on the Admin UI Download & Install page.
2025-01-24Control Plane99.10.0This release fixes an issue where resources would not appear for an access request in reports.
2025-01-23Control Plane99.4.0This release updates the Admin UI with new table ordering that allows you to sort by name on Gateway and Relay pages.
2025-01-22CLI46.32.0This release adds support for DocumentDB with IAM authentication.
2025-01-22Terraform Provider12.5.0This release adds support for DocumentDB with IAM authentication.
2025-01-22Control Plane98.87.0This release adds support for DocumentDB with IAM authentication.
2025-01-22Python SDK12.5.0This release adds support for DocumentDB with IAM authentication.
2025-01-22Go SDK12.5.0This release adds support for DocumentDB with IAM authentication.
2025-01-22Ruby SDK12.5.0This release adds support for DocumentDB with IAM authentication.
2025-01-21Control Plane98.85.0This release adds a loading indicator to the policy logs details panel of the Admin UI.
2025-01-21CLI46.31.0This release addresses the following third party CVEs: CVE-2024-45336,CVE-2024-45341
2025-01-21Control Plane98.80.0This release addresses the following third party CVEs: CVE-2024-45336,CVE-2024-45341
2025-01-17Control Plane98.74.0This release fixes a bug where 31 days was the maximum duration access could be requested even if the organization or workflow allowed for more.
2025-01-17Control Plane98.71.0This release updates the modal for granting temporary access to be broken up into multiple steps. The step for selecting resources has been changed from checkboxes to a combobox/search input.
2025-01-17Desktop Application22.4.0This release makes ClickHouse available in the CLI.
2025-01-17Java SDK12.4.0This release adds the ClickHouse resource type.
2025-01-17CLI46.26.0This release adds the ClickHouse resource type.
2025-01-17Python SDK12.4.0This release adds the ClickHouse resource type.
2025-01-17Ruby SDK12.4.0This release adds the ClickHouse resource type.
2025-01-17Go SDK12.4.0This release adds the ClickHouse resource type.
2025-01-16Control Plane98.57.0This release adds the DynamoDB (IAM) resource type.
2025-01-14Java SDK12.2.0This release makes the Google Cloud Platform Workforce Identity Federation resource type generally available.
2025-01-14CLI46.19.0This release makes the Google Cloud Platform Workforce Identity Federation resource type generally available.
2025-01-14Terraform Provider12.2.0This release makes the Google Cloud Platform Workforce Identity Federation resource type generally available.
2025-01-14Control Plane98.45.0This release makes the Google Cloud Platform Workforce Identity Federation resource type generally available.
2025-01-14Python SDK12.2.0This release makes the Google Cloud Platform Workforce Identity Federation resource type generally available.
2025-01-14Go SDK12.2.0This release makes the Google Cloud Platform Workforce Identity Federation resource type generally available.
2025-01-14Ruby SDK12.2.0This release makes the Google Cloud Platform Workforce Identity Federation resource type generally available.
2025-01-13Control Plane98.30.0This release updates the Roles page of the Admin UI to have table ordering on the Roles column.
2025-01-10CLI46.14.0This release adds the CLI command sdm admin secretengines rotate for rotating a secret engine's password used for connecting to Active Directory (currently only the active_directory secret engine type supports this). Running the command will update Bindpass in the Active Directory and store a new password inside the secret engine's configuration stored inside the secret store.
2025-01-10Control Plane98.23.0This release adds the CLI command sdm admin secretengines rotate for rotating a secret engine's password used for connecting to Active Directory (currently only the active_directory secret engine type supports this). Running the command will update Bindpass in the Active Directory and store a new password inside the secret engine's configuration stored inside the secret store.
2025-01-08CLI46.11.0This release adds the ability to set workflow settings at the workflow level via the StrongDM SDKs and CLI.
2025-01-08Terraform Provider11.23.0This release adds the ability to set workflow settings at the workflow level via the StrongDM SDKs and CLI.
2025-01-08Java SDK11.23.0This release adds the ability to set workflow settings at the workflow level via the StrongDM SDKs and CLI.
2025-01-08Control Plane98.8.0This release adds the ability to set workflow settings at the workflow level via the StrongDM SDKs and CLI.
2025-01-08Python SDK11.23.0This release adds the ability to set workflow settings at the workflow level via the StrongDM SDKs and CLI.
2025-01-08Ruby SDK11.23.0This release adds the ability to set workflow settings at the workflow level via the StrongDM SDKs and CLI.
2025-01-08Go SDK11.23.0This release adds the ability to set workflow settings at the workflow level via the StrongDM SDKs and CLI.
2025-01-08Control Plane98.6.0This release updates the Jira Connect button on the Admin UI Integrations page to link to the EU version of the Jira plugin for the EU control plane.
2025-01-04Control Plane97.91.0This release enhances the integration for Slack's display of access requests in the app by adding a summary of the approval steps and approvers.
2025-01-02Control Plane97.82.0This release includes minor updates to the integrations with Microsoft Teams and Jira to support split requested and result duration of access requests.
2024-12-20Control Plane97.69.0This release updates the Jira integration card in the Admin UI to link to the control plane-specific Jira app.
2024-12-19Control Plane97.63.0This release allows admins to adjust settings of a specific access workflow.
2024-12-19Control Plane97.59.0This release changes all Admin UI resource pages to allow columns to be ordered by name and type.
2024-12-18Control Plane97.52.0This release updates credential rotation so that rotating a credential now updates the expiration date, in turn preventing a validation expiration date from showing an "expired" alert.
2024-12-18CLI46.3.0This release updates the CLI command sdm audit access-requests to include the approval flow ID.
2024-12-17Control Plane97.45.0This release fixes an issue related to Snowflake resources created via the API/CLI and Terraform. Currently, when not set, the "Port" argument defaults to 0, resulting in the Snowflake driver constructing a request that causes Snowflake to return with an unexpected error. This fix ensures that the default port of 443 is used when not set.
2024-12-17CLI46.2.0This release makes the --name parameter visible in the CLI help for the sdm aws and sdm az CLI commands. This parameter was already documented but hidden in the CLI help.
2024-12-13Control Plane97.36.0

This change makes a fix to the Admin UI that allows known healthcheck information to be displayed on the Datasources details page as it comes in rather than waiting for all nodes to report healthcheck information. Prior to this change, if one or more nodes were in a broken state where they were not able to report healthcheck status, the displayed status for all nodes would have been Checking.

Now, the healthy nodes' healthcheck status is able to be reported as it comes in and only unhealthy nodes stay in a Checking state.

2024-12-12Control Plane97.28.0This release fixes an issue where failing to retrieve a credential on the Credentials page in the Admin UI could only be resolved by first refreshing the page. Now there is a retry button and the credential is always retrieval is always attempted when selecting the retrieve menu option.
2024-12-11CLI45.93.0This release adds a new filter for filtering queries through the sdm audit CLI command or through the Queries vertical in the SDK. The authzAction filter can filter queries by authorization request action (such as StrongDM::Action::"connect" or SQL::Action::"drop"). This filter may include wildcards, for example *sql*drop*. This filter does not match on queries that were not associated with a policy authorization.
2024-12-11Control Plane97.22.0This release adds a new filter for filtering queries through the sdm audit CLI command or through the Queries vertical in the SDK. The authzAction filter can filter queries by authorization request action (such as StrongDM::Action::"connect" or SQL::Action::"drop"). This filter may include wildcards, for example *sql*drop*. This filter does not match on queries that were not associated with a policy authorization.
2024-12-10Control Plane97.15.0This release updates the Integrations page in the Admin UI to now link to the EU Microsoft Teams listing for users on the EU control plane.
2024-12-09CLI45.90.0This release fixes an issue introduced in version 45.80.0 of the CLI that could cause sdm aws terraform commands to fail with a "tls: failed to verify certificate" error.
2024-12-09Control Plane97.10.0This release enhances the Users page in the Admin UI to make the Name, Email, and Permission Level columns sortable.
2024-12-05Desktop Application21.93.0This release fixes an issue where focus would be removed from the search bar in the desktop app while typing.
2024-12-04Control Plane96.98.0This release updates access requests to now specify the requested duration and the result duration in the request step message.
2024-12-03Control Plane96.89.0This release updates the the Approve/Deny message in the integration with Slack to include a text field where the approver can provide a note back to the requester regarding the outcome.
2024-12-02CLI45.80.0This release updates the sdm aws, sdm azure, and sdm gcp CLI commands to provide a --name parameter and an env subcommand. It also updates the sdm azure and sdm gcp CLI commands to support a run subcommand and to store on-disk cloud SDK configuration and logs in a per-resource directory of the form $SDM_HOME/azure-config/<RESOURCE_ID> and $SDM_HOME/gcloud-config/<RESOURCE_ID> respectively, instead of a global configuration directory. In addition, the sdm gcp CLI command no longer supports the activate and init subcommands; To use StrongDM GCP resources, the gcloud, run and env commands to be used instead. Lastly, the sdm gcp gsutil CLI command has been deprecated; it continues to be supported but is hidden and may be removed in the future. Google no longer maintains gsutil and it is recommended to use gcloud storage (sdm gcp cli storage) instead.
2024-12-02Control Plane96.84.0This release upgrades the access to command in the integration with Teams to support more variations that may be desired in the list of resource names and IDs.
2024-12-02Control Plane96.82.0This release allows users to authenticate to ClickHouse through the driver with a username and private SSH key, when the users are created in the database with their public key.
2024-11-27CLI45.79.0This release fixes an issue where sdm access to command in the integration with Slack caused ordinary users to get a permission error when requesting resources by name.
2024-11-27Control Plane96.75.0This release updates the /sdm access to command in the integration for Slack to specify a request for multiple resources.
2024-11-27CLI45.78.0This release splits the Duration field on AccessRequest objects in the SDKs and CLI into Requested Duration and Result Duration.
2024-11-27Control Plane96.73.0This release splits the Duration field on AccessRequest objects in the SDKs and CLI into Requested Duration and Result Duration.
2024-11-27Java SDK11.20.0This release splits the Duration field on AccessRequest objects in the SDKs and CLI into Requested Duration and Result Duration.
2024-11-27Python SDK11.20.0This release splits the Duration field on AccessRequest objects in the SDKs and CLI into Requested Duration and Result Duration.
2024-11-27Go SDK11.20.0This release splits the Duration field on AccessRequest objects in the SDKs and CLI into Requested Duration and Result Duration.
2024-11-27Ruby SDK11.20.0This release splits the Duration field on AccessRequest objects in the SDKs and CLI into Requested Duration and Result Duration.
2024-11-26Control Plane96.69.0This release gives the current GCP driver a more descriptive name to contrast it with new GCP functionality currently in beta.
2024-11-26CLI45.75.0This release gives the current GCP driver a more descriptive name to contrast it with new GCP functionality currently in beta.
2024-11-25Control Plane96.60.0This release updates the StrongDM app for Slack to display the requested duration in addition to the duration that the access request would grant upon approval.
2024-11-22Control Plane96.55.0The format of API access keys has changed from a long Base64-encoded string to a hex string in the format auth-0123abcd. Existing API keys are unaffected, and the format of the secret portion of the key remains the same.
2024-11-22Control Plane96.54.0This release allows the CLI command sdm access to to create requests with multiple resources. The sdm access to command no longer has a default duration, so it should normally be specified using the -duration flag.
2024-11-21Control Plane96.49.0This release fixes a regression that caused access request creation to fail for organizations with a fixed duration setting.
2024-11-20Control Plane96.42.0With this release, the Request Access page of the Admin UI now shows the StrongDM resource related to the action if present.
2024-11-19Control Plane96.32.0With this release, the Microsoft Teams "Connect" link on the Admin UI Integrations page goes directly to the Teams marketplace listing for StrongDM.
2024-11-15Control Plane96.24.0This release enables StrongDM's integration for Jira.
2024-11-15CLI45.66.0This release fixes an issue with the queries logged for AWS Management Console resource access, including incorrect values for the "region" and "service" fields extracted from the resource's ".sdm.network" HTTP hostname. These fields are now omitted as they are not applicable to this resource. This release also improves the queries logged for Snowsight console resource access to include the full details of the HTTP request, making the queries logged for this resource consistent with other cloud resources. Lastly, this release improves the queries logged for AWS resource access to include the command that was executed from the HTTP request.
2024-11-14CLI45.62.0With this release, Kubernetes drivers now support the latest Kubernetes cluster deployments and use websockets as the transport layer where applicable. The workaround KUBECTL_REMOTE_COMMAND_WEBSOCKETS=false is no longer required.
2024-11-12Control Plane95.96.0This release allows users to be able to request multiple resources at the same time in the Admin UI.
2024-11-12Terraform Provider11.18.0This release of the StrongDM Terraform Provider adds support for unstable GCP Workforce Identity Federation based resources.
2024-11-12CLI45.60.0This release adds two new filters applicable to filtering queries through the sdm audit CLI or the Queries vertical in the SDKs: policyID filters queries affected by the specified policy and authzDecision filters queries by authorization decision (either "allow" or "deny"). These filters do not match queries that were not associated with a policy authorization.
2024-11-12Control Plane95.90.0This release adds two new filters applicable to filtering queries through the sdm audit CLI or the Queries vertical in the SDKs: policyID filters queries affected by the specified policy and authzDecision filters queries by authorization decision (either "allow" or "deny"). These filters do not match queries that were not associated with a policy authorization.
2024-11-09CLI45.57.0This release changes the name of "GCP" resources as displayed in the Admin UI and CLI from "GCP" to "GCP (Service Account)". This change only affects the displayed name and is intended to disambiguate this resource from the future introduction of other GCP resources using different authentication mechanisms.
2024-11-09Control Plane95.87.0This release changes the name of "GCP" resources as displayed in the Admin UI and CLI from "GCP" to "GCP (Service Account)". This change only affects the displayed name and is intended to disambiguate this resource from the future introduction of other GCP resources using different authentication mechanisms.
2024-11-08CLI45.56.0This release allows customers engaged with us for GCP Workforce Identity Federation based resources to utilize the CLI, SDKs, and Terraform provider to create resources.
2024-11-08Control Plane95.84.0This release allows customers engaged with us for GCP Workforce Identity Federation based resources to utilize the CLI, SDKs, and Terraform provider to create resources.
2024-11-08Java SDK11.18.0This release allows customers engaged with us for GCP Workforce Identity Federation based resources to utilize the CLI, SDKs, and Terraform provider to create resources.
2024-11-08Python SDK11.18.0This release allows customers engaged with us for GCP Workforce Identity Federation based resources to utilize the CLI, SDKs, and Terraform provider to create resources.
2024-11-08Go SDK11.18.0This release allows customers engaged with us for GCP Workforce Identity Federation based resources to utilize the CLI, SDKs, and Terraform provider to create resources.
2024-11-08Ruby SDK11.18.0This release allows customers engaged with us for GCP Workforce Identity Federation based resources to utilize the CLI, SDKs, and Terraform provider to create resources.
2024-11-08Control Plane95.83.0This release adds a new column under the Admin UI Roles page called "Users", which displays how many users are assigned to the role. In addition, the "Managed By" column is always displayed, and results can be filtered by "Managed By" when the organization has a provisioner.
2024-11-08Control Plane95.80.0This release fixes an issue that may cause integration connected service disconnect calls to fail due to deleted StrongDM users.
2024-11-07Control Plane95.76.0This release fixes an occasional issue where the All Requests page would error loading.
2024-11-06CLI45.54.0This release adds a new configuration value to the Active Directory secrets engine that can be changed using: 
sdm admin secretengines update active_directory -id <eng-id> --do-not-validate-timestamps=true
 The default value for this configuration option is false and is only used in case of active_directory.
2024-11-06Control Plane95.59.0This release adds a new configuration value to the Active Directory secrets engine that can be changed using: 
sdm admin secretengines update active_directory -id <eng-id> --do-not-validate-timestamps=true
 The default value for this configuration option is false and is only used in case of active_directory.
2024-11-05Control Plane95.56.0This release fixes an issue with redirection when switching accounts during workflow integration setup process.
2024-11-05Control Plane95.53.0This release improves the login state upon entering a bad password. The login screen no longer refreshes, resetting the login state. Instead, an error appears and the email is retained.
2024-11-01Control Plane95.32.0This release improves lazy loading for the Policy Editor.
2024-11-01Control Plane95.31.0This release fixes an issue where collapsing/expanding Policy Editor columns would increase column width unexpectedly.
2024-10-31Control Plane95.27.0This release fixes an issue where when a user navigates directly to /app/login and attempts to log in using a password, they are redirected to /auth/login.
2024-10-31CLI45.44.0This release adds support for the AWS (Instance Profile) resource. The AWS (Instance Profile) resource type is generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider. The sdm aws cli commands support this resource type.
2024-10-31Terraform Provider11.17.0This release adds support for the AWS (Instance Profile) resource. The AWS (Instance Profile) resource type is generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider. The sdm aws cli commands support this resource type.
2024-10-31Control Plane95.22.0This release adds support for the AWS (Instance Profile) resource. The AWS (Instance Profile) resource type is generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider. The sdm aws cli commands support this resource type.
2024-10-31Python SDK11.17.0This release adds support for the AWS (Instance Profile) resource. The AWS (Instance Profile) resource type is generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider. The sdm aws cli commands support this resource type.
2024-10-31Go SDK11.17.0This release adds support for the AWS (Instance Profile) resource. The AWS (Instance Profile) resource type is generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider. The sdm aws cli commands support this resource type.
2024-10-31Ruby SDK11.17.0This release adds support for the AWS (Instance Profile) resource. The AWS (Instance Profile) resource type is generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider. The sdm aws cli commands support this resource type.
2024-10-30CLI45.43.0This release adds a new healthcheck service for fetching an organization's most recent healthchecks.
2024-10-30Control Plane95.19.0This release adds a new healthcheck service for fetching an organization's most recent healthchecks.
2024-10-30Java SDK11.16.0This release adds a new healthcheck service for fetching an organization's most recent healthchecks.
2024-10-30Python SDK11.16.0This release adds a new healthcheck service for fetching an organization's most recent healthchecks.
2024-10-30Go SDK11.16.0This release adds a new healthcheck service for fetching an organization's most recent healthchecks.
2024-10-30Ruby SDK11.16.0This release adds a new healthcheck service for fetching an organization's most recent healthchecks.
2024-10-29Control Plane95.3.0This release enables environment variables that set the HTTP/HTTPS proxy specifically for the StrongDM client. If SDM_HTTPS_PROXY is set, the client sets HTTPS_PROXY for itself. If SDM_HTTP_PROXY is set, the client sets HTTP_PROXY for itself.
2024-10-28Control Plane94.99.0This release fixes an issue where an update to organization IDs caused reports to break.
2024-10-28Control Plane94.94.0This release fixes an issue where changes to a resource's health state (and certain other properties, such as the subdomain of HTTP resources) may not be reflected immediately in the desktop app.
2024-10-28Control Plane94.93.0This release fixes the Admin UI Integrations table to update when an integration is disconnected.
2024-10-28Control Plane94.92.0This release fixes an issue where Log Stream may fail to upload large record sets to encrypted S3 buckets due to a lack of "kms:Decrypt" permission.
2024-10-25Control Plane94.83.0This release updates the credential retrieval modal to close after 30 minutes or when the password expires.
2024-10-17CLI45.35.0This release updates Kubernetes drivers to support version 1.31 so that SSH session recordings are properly supported.
2024-10-17Control Plane94.64.0This release makes all actionable buttons under the Identity Aliases tab within the Account Details page of the Admin UI disabled and hidden while logged in with an Auditor account.
2024-10-14Control Plane94.40.0This release fixes an issue where multi-select on table rows incorrectly updated the selected row count.
2024-10-14Control Plane94.38.0This release fixes layout inconsistencies and a scroll issue with policy logs.
2024-10-14CLI45.31.0This release makes the SSHPassword resource type available.
2024-10-14Java SDK11.15.0This release makes the SSHPassword resource type available.
2024-10-14Terraform Provider11.15.0This release makes the SSHPassword resource type available.
2024-10-14Python SDK11.15.0This release makes the SSHPassword resource type available.
2024-10-14Ruby SDK11.15.0This release makes the SSHPassword resource type available.
2024-10-14Go SDK11.15.0This release makes the SSHPassword resource type available.
2024-10-11Control Plane94.32.0This release fixes a bug where an account grant could be considered revoked by an access request when it expires naturally.
2024-10-08Control Plane94.22.0This release updates resource configuration to prohibit @ and = characters in the names of new resources when they are created.
2024-10-08Control Plane94.18.0This release fixes an issue to allow for correct email rerouting to logs/rdp-replays.
2024-10-07CLI45.22.0This release adds the ImpersonationUser and ImpersonationGroups fields to the sharedkernel.Capture model, allowing it to be auditable via sdm audit k8s and in query logs. These fields are populated when the client performs user and group impersonation in Kubernetes (that is, --as user --as-group group).
2024-10-07Java SDK11.14.0This release adds the ImpersonationUser and ImpersonationGroups fields to the sharedkernel.Capture model, allowing it to be auditable via sdm audit k8s and in query logs. These fields are populated when the client performs user and group impersonation in Kubernetes (that is, --as user --as-group group).
2024-10-07Ruby SDK11.14.0This release adds the ImpersonationUser and ImpersonationGroups fields to the sharedkernel.Capture model, allowing it to be auditable via sdm audit k8s and in query logs. These fields are populated when the client performs user and group impersonation in Kubernetes (that is, --as user --as-group group).
2024-10-07Python SDK11.14.0This release adds the ImpersonationUser and ImpersonationGroups fields to the sharedkernel.Capture model, allowing it to be auditable via sdm audit k8s and in query logs. These fields are populated when the client performs user and group impersonation in Kubernetes (that is, --as user --as-group group).
2024-10-07Go SDK11.14.0This release adds the ImpersonationUser and ImpersonationGroups fields to the sharedkernel.Capture model, allowing it to be auditable via sdm audit k8s and in query logs. These fields are populated when the client performs user and group impersonation in Kubernetes (that is, --as user --as-group group).
2024-10-04CLI45.20.0This release updates the sdm admin users add --csv CLI command help text to include the necessary tags column.
2024-10-04Control Plane94.8.0This release makes the email Identity Set unable to be edited.
2024-10-03Control Plane94.6.0This release fixes a 404 error that could be encountered when connecting the StrongDM app for Slack to a new workspace.
2024-10-03Terraform Provider11.14.1This release updates the Terraform Provider documentation to include the API host.
2024-10-03CLI45.15.0This release enables users to be logged in automatically to Couchbase Web UI resources, so users no longer have to log in with fake credentials.
2024-10-03Control Plane94.0.0This release adds constants for the API host across different control planes.
2024-10-03Java SDK11.13.0This release adds constants for the API host across different control planes.
2024-10-03Terraform Provider11.14.0This release adds constants for the API host across different control planes.
2024-10-03Python SDK11.13.0This release adds constants for the API host across different control planes.
2024-10-03Go SDK11.13.0This release adds constants for the API host across different control planes.
2024-10-03Ruby SDK11.13.0This release adds constants for the API host across different control planes.
2024-10-03Control Plane93.99.0This release fixes an issue where the "Enroll Here" button that appears in the desktop app when the user attempting to log in is not enrolled in Okta MFA was not clickable.
2024-10-02Control Plane93.92.0This release ensures that only nodes that pass healthcheck for a secret store are taken into account when contacting a secret store.
2024-10-01Terraform Provider11.13.1This release fixes an issue that prevented custom timeouts from being respected.
2024-10-01Terraform Provider11.13.0This release adds support for custom timeouts for all operations on all resources in the StrongDM Terraform provider.
2024-10-01Control Plane93.87.0This release fixes an issue where deleting an approval workflow could cause pending requests and access workflows bound to that approval workflow to be unchangeable.
2024-09-30Terraform Provider11.12.1Terraform data sources can now filter by more than one tag. Previously a bug prevented this from working properly.
2024-09-27Control Plane93.74.0This release gives database-admin users read-only access to gateways and relays.
2024-09-27Control Plane93.72.0This release is the one of the few to enable support for email pass through Identity Sets, where all Identity Aliases in the set will be the user's corresponding email address or last name. This release adds Email Identity Alias creation and updates whenever a new account is created or updated. Deletion of Identity Aliases upon account deletion was already supported. The Identity Alias creation and update will only apply to user and service account types. For users, the Identity Alias username is the user's email address. For service accounts, the Identity Alias username is the last name, which is the nickname for the service account.
2024-09-27Control Plane93.69.0This release fixes an issue so that an error page is no longer shown momentarily while the user is logged out of the Admin UI for stale or invalid credentials.
2024-09-26Control Plane93.64.0This release cleared the name form value for the Add Role form on submission.
2024-09-25CLI45.4.0With the release of time in context attributes, users should expect to see policies being reevaluated, approximately once every minute, even after the initial "Allow" for "connect" actions on Postgres resources. If no time attributes are accessed by relevant policies, and no updates are made to the policies, the evaluation should continue to evaluate to "Allow." If the relevant policies make use of the time attributes, however, reevaluating relevant policies may result in "Deny," in which case, the client will sever the connection.
2024-09-25Control Plane93.59.0With the release of time in context attributes, users should expect to see policies being reevaluated, approximately once every minute, even after the initial "Allow" for "connect" actions on Postgres resources. If no time attributes are accessed by relevant policies, and no updates are made to the policies, the evaluation should continue to evaluate to "Allow." If the relevant policies make use of the time attributes, however, reevaluating relevant policies may result in "Deny," in which case, the client will sever the connection.
2024-09-25Control Plane93.58.0This release fixes an issue where SAML users could not finish logging in when the email they entered did not match the capitalization of the email in the system.
2024-09-24Desktop Application21.87.0This release adds an alert on the desktop app when another user on the machine is currently running the desktop app. The second user will have to quit the app and wait until the other desktop app instance is closed in order to continue. This release also fixes an issue where clicking the dock icon in macOS showed the desktop app's Resource Center window.
2024-09-23CLI44.97.0This release adds a new context.utcNow.timestamp attribute for context-based policy allowing policies to be written against properties of the time at which authorization is performed. The value of this attribute is the current time (in UTC) as a Cedar datetime value.
2024-09-23Control Plane93.46.0This release adds a new context.utcNow.timestamp attribute for context-based policy allowing policies to be written against properties of the time at which authorization is performed. The value of this attribute is the current time (in UTC) as a Cedar datetime value.
2024-09-19CLI44.95.0This release adds new temporal attributes for context-based policy, allowing policies to be written against properties of the current time (in UTC) when authorization is performed. The new context attributes include context.utcNow.dayOfWeek (a number representing the current day of week from 1-7, which is Sun-Sat), context.utcNow.day (a number representing the current day of the month, such as 31), context.utcNow.month (a number representing the current month from 1-12, which is Jan-Dec), and context.utcNow.year (a number representing the current four digit year, such as 2024).
2024-09-19Control Plane93.33.0This release adds new temporal attributes for context-based policy, allowing policies to be written against properties of the current time (in UTC) when authorization is performed. The new context attributes include context.utcNow.dayOfWeek (a number representing the current day of week from 1-7, which is Sun-Sat), context.utcNow.day (a number representing the current day of the month, such as 31), context.utcNow.month (a number representing the current month from 1-12, which is Jan-Dec), and context.utcNow.year (a number representing the current four digit year, such as 2024).
2024-09-18Control Plane93.15.0This release enables support for email to pass through Identity Sets, so that all Identity Aliases in the Identity Set are the user's corresponding email address. This release also adds the new read-only email Identity Set for new organizations. Existing orgs will be backfilled at a later release.
2024-09-17Control Plane93.5.0This release updates the StrongDM Admin UI with a new navigation menu and updates both the Admin UI and desktop app with a refreshed layout, colors, and styling.
2024-09-16Control Plane92.97.0This release adds a new organization setting, Enforce Single Session. This setting allows organization admins to restrict concurrent sessions for logged in users to a single session for the StrongDM Admin UI and a single session for desktop. With this setting enabled, if a user who is logged in to the Admin UI on one machine (or browser) logs in on another machine (or browser), the first session is revoked and the user is logged out of that session. The second session will still be preserved.
2024-09-16Java SDK11.10.1This release adds a new organization setting, Enforce Single Session. This setting allows organization admins to restrict concurrent sessions for logged in users to a single session for the StrongDM Admin UI and a single session for desktop. With this setting enabled, if a user who is logged in to the Admin UI on one machine (or browser) logs in on another machine (or browser), the first session is revoked and the user is logged out of that session. The second session will still be preserved.
2024-09-16Python SDK11.10.1This release adds a new organization setting, Enforce Single Session. This setting allows organization admins to restrict concurrent sessions for logged in users to a single session for the StrongDM Admin UI and a single session for desktop. With this setting enabled, if a user who is logged in to the Admin UI on one machine (or browser) logs in on another machine (or browser), the first session is revoked and the user is logged out of that session. The second session will still be preserved.
2024-09-16Ruby SDK11.10.1This release adds a new organization setting, Enforce Single Session. This setting allows organization admins to restrict concurrent sessions for logged in users to a single session for the StrongDM Admin UI and a single session for desktop. With this setting enabled, if a user who is logged in to the Admin UI on one machine (or browser) logs in on another machine (or browser), the first session is revoked and the user is logged out of that session. The second session will still be preserved.
2024-09-16Go SDK11.10.1This release adds a new organization setting, Enforce Single Session. This setting allows organization admins to restrict concurrent sessions for logged in users to a single session for the StrongDM Admin UI and a single session for desktop. With this setting enabled, if a user who is logged in to the Admin UI on one machine (or browser) logs in on another machine (or browser), the first session is revoked and the user is logged out of that session. The second session will still be preserved.
2024-09-13CLI44.75.0This release adds support to the Account update API and SDKs for setting the password of a user account. This ability to set a user password is only permitted by new API keys that have been explicitly assigned a new Password Set permission.
2024-09-11Control Plane92.79.0This release adds support to the Account update API and SDKs for setting the password of a user account. This ability to set a user password is only permitted by new API keys that have been explicitly assigned a new Password Set permission.
2024-09-11Java SDK11.10.0This release adds support to the Account update API and SDKs for setting the password of a user account. This ability to set a user password is only permitted by new API keys that have been explicitly assigned a new Password Set permission.
2024-09-11Python SDK11.10.0This release adds support to the Account update API and SDKs for setting the password of a user account. This ability to set a user password is only permitted by new API keys that have been explicitly assigned a new Password Set permission.
2024-09-11Ruby SDK11.10.0This release adds support to the Account update API and SDKs for setting the password of a user account. This ability to set a user password is only permitted by new API keys that have been explicitly assigned a new Password Set permission.
2024-09-11Go SDK11.10.0This release adds support to the Account update API and SDKs for setting the password of a user account. This ability to set a user password is only permitted by new API keys that have been explicitly assigned a new Password Set permission.
2024-09-11CLI44.65.0This release adds support for Couchbase resources. The Couchbase and Couchbase (WebUI) resource types are now generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider.
2024-09-11Terraform Provider11.9.0This release adds support for Couchbase resources. The Couchbase and Couchbase (WebUI) resource types are now generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider.
2024-09-11Control Plane92.75.0This release adds support for Couchbase resources. The Couchbase and Couchbase (WebUI) resource types are now generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider.
2024-09-11Java SDK11.9.0This release adds support for Couchbase resources. The Couchbase and Couchbase (WebUI) resource types are now generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider.
2024-09-11Python SDK11.9.0This release adds support for Couchbase resources. The Couchbase and Couchbase (WebUI) resource types are now generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider.
2024-09-11Go SDK11.9.0This release adds support for Couchbase resources. The Couchbase and Couchbase (WebUI) resource types are now generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider.
2024-09-11Ruby SDK11.9.0This release adds support for Couchbase resources. The Couchbase and Couchbase (WebUI) resource types are now generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider.
2024-09-09CLI44.60.0This release makes two changes have been made to the JSON format of the authorization information that is included in the authz field in query event logs. The "policy" field has been removed in favor of a "policyId" field. The type has also changed from an int to a string, which is the appropriate Cedar JSON format for policy IDs. The keys of the "position" objects have changed to lower case from Pascal case.
2024-09-09Control Plane92.66.0This release makes two changes have been made to the JSON format of the authorization information that is included in the authz field in query event logs. The "policy" field has been removed in favor of a "policyId" field. The type has also changed from an int to a string, which is the appropriate Cedar JSON format for policy IDs. The keys of the "position" objects have changed to lower case from Pascal case.
2024-09-09Control Plane92.65.0This release adds the support_login_user filter for listing activities via the sdm audit activities --filter command.
2024-09-03Control Plane92.46.0This release adds support for selecting LDAP schema by setting the schema query param in the URL. By default it is ad (Active Directory) but can be set to openldap by providing the schema query param (ldaps://127.0.0.1?schema=openldap).
2024-09-03CLI44.55.0This release updates the GCP Secret Manager to store paths relative to secret manager root path (/projects/<project-id>). It also normalizes the names of managed secrets into the secret path by changing '/' characters into double underscore characters.
2024-09-03Control Plane92.43.0This release updates the GCP Secret Manager to store paths relative to secret manager root path (/projects/<project-id>). It also normalizes the names of managed secrets into the secret path by changing '/' characters into double underscore characters.
2024-08-29CLI44.48.0This release fixes a rare memory leak in the gateway that can occur when connections are forwarded through a relay and there are repeated egress connection failures to one or more resources on the relay.
2024-08-28Control Plane92.22.0This release fixes an issue with Slack access requests where duplicate resources made granting access impossible.
2024-08-27CLI44.44.0This release fixes potential interoperability issues between the StrongDM CLI and some third-party vendor firewall and packet filtering applications due to a recent change in Go to enable a experimental post-quantum key exchange mechanism in TLS negotiations by default. This mechanism has been temporarily disabled until such issues are resolved.
2024-08-27Control Plane92.17.0This release fixes potential interoperability issues between the StrongDM CLI and some third-party vendor firewall and packet filtering applications due to a recent change in Go to enable a experimental post-quantum key exchange mechanism in TLS negotiations by default. This mechanism has been temporarily disabled until such issues are resolved.
2024-08-27Desktop Application21.83.0This release updates the desktop app with new icons and colors, enhances the user experience around layout and filters, and adds tabs for navigation.
2024-08-26CLI44.42.0This change updates the output of sdm audit access-requests to add requester name, reason, duration, and account grant(s) information to the output.
2024-08-24Control Plane92.9.0This change updates the output of sdm audit access-requests to add requester name, reason, duration, and account grant(s) information to the output.
2024-08-24Java SDK11.8.0This change updates the output of sdm audit access-requests to add requester name, reason, duration, and account grant(s) information to the output.
2024-08-24Ruby SDK11.8.0This change updates the output of sdm audit access-requests to add requester name, reason, duration, and account grant(s) information to the output.
2024-08-24Go SDK11.8.0This change updates the output of sdm audit access-requests to add requester name, reason, duration, and account grant(s) information to the output.
2024-08-24Python SDK11.8.0This change updates the output of sdm audit access-requests to add requester name, reason, duration, and account grant(s) information to the output.
2024-08-23Control Plane92.4.0This release fixes an issue in the Policy Editor where incorrect completion suggestions may be provided based on other content in the policy.
2024-08-22Control Plane92.1.0This change adds a new "PingID (OIDC)" SSO provider.
2024-08-21Control Plane91.98.0This release resolves an issue where some resources were not able to be updated due to a unique validation on a field that was not required or visible to the user.
2024-08-20Control Plane91.96.0Policy-based action control for PostgreSQL databases is now supported for Aurora PostgreSQL, Cockroach, GreenPlum, and RDS PostgreSQL IAM resources.
2024-08-14Control Plane91.73.0This release adds a few activity verbs involving workflows to SDKs for completeness. These verbs are no longer used currently, but in audit trails, can still be requested. The verbs in question: ActivityVerbDeprecatedWorkflowResourceAssigned, ActivityVerbDeprecatedWorkflowResourceUnassigned, ActivityVerbDeprecatedWorkflowResourceMultipleAssigned, ActivityVerbDeprecatedWorkflowResourceMultipleUnassigned, ActivityVerbDeprecatedWorkflowApproversUpdated, ActivityVerbDeprecatedWorkflowAutoGrantUpdated, ActivityVerbDeprecatedWorkflowApprovalCriteriaUpdated
2024-08-14Terraform Provider11.7.0This release adds a few activity verbs involving workflows to SDKs for completeness. These verbs are no longer used currently, but in audit trails, can still be requested. The verbs in question: ActivityVerbDeprecatedWorkflowResourceAssigned, ActivityVerbDeprecatedWorkflowResourceUnassigned, ActivityVerbDeprecatedWorkflowResourceMultipleAssigned, ActivityVerbDeprecatedWorkflowResourceMultipleUnassigned, ActivityVerbDeprecatedWorkflowApproversUpdated, ActivityVerbDeprecatedWorkflowAutoGrantUpdated, ActivityVerbDeprecatedWorkflowApprovalCriteriaUpdated
2024-08-14Java SDK11.7.0This release adds a few activity verbs involving workflows to SDKs for completeness. These verbs are no longer used currently, but in audit trails, can still be requested. The verbs in question: ActivityVerbDeprecatedWorkflowResourceAssigned, ActivityVerbDeprecatedWorkflowResourceUnassigned, ActivityVerbDeprecatedWorkflowResourceMultipleAssigned, ActivityVerbDeprecatedWorkflowResourceMultipleUnassigned, ActivityVerbDeprecatedWorkflowApproversUpdated, ActivityVerbDeprecatedWorkflowAutoGrantUpdated, ActivityVerbDeprecatedWorkflowApprovalCriteriaUpdated
2024-08-14Python SDK11.7.0This release adds a few activity verbs involving workflows to SDKs for completeness. These verbs are no longer used currently, but in audit trails, can still be requested. The verbs in question: ActivityVerbDeprecatedWorkflowResourceAssigned, ActivityVerbDeprecatedWorkflowResourceUnassigned, ActivityVerbDeprecatedWorkflowResourceMultipleAssigned, ActivityVerbDeprecatedWorkflowResourceMultipleUnassigned, ActivityVerbDeprecatedWorkflowApproversUpdated, ActivityVerbDeprecatedWorkflowAutoGrantUpdated, ActivityVerbDeprecatedWorkflowApprovalCriteriaUpdated
2024-08-14Go SDK11.7.0This release adds a few activity verbs involving workflows to SDKs for completeness. These verbs are no longer used currently, but in audit trails, can still be requested. The verbs in question: ActivityVerbDeprecatedWorkflowResourceAssigned, ActivityVerbDeprecatedWorkflowResourceUnassigned, ActivityVerbDeprecatedWorkflowResourceMultipleAssigned, ActivityVerbDeprecatedWorkflowResourceMultipleUnassigned, ActivityVerbDeprecatedWorkflowApproversUpdated, ActivityVerbDeprecatedWorkflowAutoGrantUpdated, ActivityVerbDeprecatedWorkflowApprovalCriteriaUpdated
2024-08-14Ruby SDK11.7.0This release adds a few activity verbs involving workflows to SDKs for completeness. These verbs are no longer used currently, but in audit trails, can still be requested. The verbs in question: ActivityVerbDeprecatedWorkflowResourceAssigned, ActivityVerbDeprecatedWorkflowResourceUnassigned, ActivityVerbDeprecatedWorkflowResourceMultipleAssigned, ActivityVerbDeprecatedWorkflowResourceMultipleUnassigned, ActivityVerbDeprecatedWorkflowApproversUpdated, ActivityVerbDeprecatedWorkflowAutoGrantUpdated, ActivityVerbDeprecatedWorkflowApprovalCriteriaUpdated
2024-08-13Java SDK11.6.1This release updates javadocs for the Java SDK.
2024-08-08Control Plane91.50.0This release causes dead relays or gateways that are pruned (30 days old without a heartbeat) to also emit an activity log.
2024-08-07Control Plane91.48.0This release adds policy fields AuthzJSON and Target to the queries API.
2024-08-07Python SDK11.5.1This release adds policy fields AuthzJSON and Target to the queries API.
2024-08-07Ruby SDK11.5.1This release adds policy fields AuthzJSON and Target to the queries API.
2024-08-07Go SDK11.5.1This release adds policy fields AuthzJSON and Target to the queries API.
2024-08-06CLI44.28.0This release adds the --permissions-help flag to the admin tokens add command to show all available permissions and their descriptions. sdm admin tokens add --permissions-help will list all of the allowed permissions.
2024-08-06Control Plane91.45.0This release adds the --permissions-help flag to the admin tokens add command to show all available permissions and their descriptions. sdm admin tokens add --permissions-help will list all of the allowed permissions.
2024-08-06CLI44.27.0This release deprecates the KubernetesBasicAuth and AKSBasicAuth resource types.
2024-08-06Control Plane91.44.0This release deprecates the KubernetesBasicAuth and AKSBasicAuth resource types.
2024-08-06Terraform Provider11.4.0This release deprecates the KubernetesBasicAuth and AKSBasicAuth resource types.
2024-08-06Python SDK11.4.0This release deprecates the KubernetesBasicAuth and AKSBasicAuth resource types.
2024-08-06Ruby SDK11.4.0This release deprecates the KubernetesBasicAuth and AKSBasicAuth resource types.
2024-08-06Go SDK11.4.0This release deprecates the KubernetesBasicAuth and AKSBasicAuth resource types.
2024-08-05CLI44.25.0This release adds sdm audit policies command to the CLI to list policies existing at a given timestamp.
2024-08-02CLI44.23.0This release adds sdm admin policies commands to the CLI to manage policies. It provides create, update, delete and list operations for policies.
2024-08-01Control Plane91.29.0This release resolves a bug introduced in 91.24.0 where users, when unauthenticated via a session timeout, could enter an error page without the ability to log out.
2024-08-01Control Plane91.28.0This adds support for the Policies API.
2024-08-01Java SDK11.3.0This adds support for the Policies API.
2024-08-01Python SDK11.3.0This adds support for the Policies API.
2024-08-01Go SDK11.3.0This adds support for the Policies API.
2024-08-01Ruby SDK11.3.0This adds support for the Policies API.
2024-08-01Control Plane91.26.0This release updates the CrowdStrike integration to use the full set of network interfaces collected from the CrowdStrike API to detect the device agent corresponding to a given StrongDM client. Previously, devices with multiple network interfaces could potentially have been unable to identify a device trust score.
2024-07-29Control Plane90.98.0Policy-Based Action Control (PBAC) is now generally available to all Enterprise customers. Fine-grained authorization is now performed against all PostgreSQL database actions and the Policy Editor in the Admin UI has been enhanced to support creating policies to authorize these actions.
2024-07-29CLI44.4.0This release adds support for the VAULT_TOKEN_RENEW_BEHAVIOR environment variable. Supported values are STOP_ON_ERROR, which, if the token renewal fails it will stop renewal process, and login will be attempted on the next healthcheck attempt; and DISABLED, which will disable token renewal, and login will happen again after the current token is expired.
2024-07-26Control Plane90.88.0This change updates the format of some metadata in various emails sent from the StrongDM control plane.
2024-07-25Desktop Application21.80.0This release updates the desktop app to show the following menu items when the dock icon (on macOS) or the tray icon (for Windows) is right-clicked: Open app.strongdm.com, which opens the Admin UI in the web browser; and Connect All, which connects to all assigned resources and is only visible when authenticated. In addition, this release fixes the main desktop app menu options in macOS to be About StrongDM and Quit StrongDM instead of About desktop and Quit desktop. The main desktop app menu also adds the Log Out option when authenticated and Log In when unauthenticated.
2024-07-23Control Plane90.71.0This release ensures there will be no more friction for updating resources if your resource has Strong Vault as its default secret store and you have disallowed credentials to be stored with StrongDM.
2024-07-23CLI43.94.0This release fixes a bug in the sdm audit permissions CLI command where a filter specified by the --filter parameter was being ignored, causing results not to be filtered.
2024-07-23Control Plane90.69.0This release fixes a bug with explicit routing enabled in strict or exclusive enforcement mode, where relays may be incorrectly reported as "isolated" in the Admin UI.
2024-07-23Control Plane90.61.0This release fixes a connection error for Mongo legacy resource types when used with older gateways, reverting to continue using an old behavior mode.
2024-07-22Control Plane90.56.0This change fixes a presentation bug that caused shrunken dashboards in the Reports Library.
2024-07-22CLI43.91.0This release resolves an incompatibility using the RDS PostgreSQL (IAM) resource type with policies, introduced in version 43.84.0.
2024-07-19Control Plane90.53.0When creating a website resource, the subdomain field will provide an error about max length when longer than 256 characters.
2024-07-19CLI43.88.0This change augments sdm doctor -v and the desktop app's diagnostic output to include short descriptions of some common problems (for example, inability to reach gateways or api.strongdm.com).
2024-07-19Control Plane90.47.0This release adds an example to the Log Stream page of the Admin UI, indicating how to set up CMK usage.
2024-07-18Control Plane90.41.0This release adjusts StrongDM's syncing logic with CrowdStrike to prevent delays in updates to retrieved device trust scores when invalid API tokens are provided to StrongDM.
2024-07-18Control Plane90.40.0This release fixes an issue where an idle timeout duration greater than 24 days caused users to log out immediately.
2024-07-17Java SDK11.1.0This release updates which Mongo drivers are unstable per their legacy naming.
2024-07-17Terraform Provider11.1.0This release updates which Mongo drivers are unstable per their legacy naming.
2024-07-17Python SDK11.1.0This release updates which Mongo drivers are unstable per their legacy naming.
2024-07-17Ruby SDK11.1.0This release updates which Mongo drivers are unstable per their legacy naming.
2024-07-17Go SDK11.1.0This release updates which Mongo drivers are unstable per their legacy naming.
2024-07-16Control Plane90.32.0This release addresses the following third party CVEs: CVE-2024-36138,CVE-2024-22020,CVE-2024-22018,CVE-2024-36137,CVE-2024-37372
2024-07-16Control Plane90.30.0This change adds support for ALTER EXTENSION statements as parsed SQL actions
2024-07-15CLI43.73.0Fix filters help responses for approval workflows commands
2024-07-12Control Plane90.19.0This release adds the egressNodeID field to log stream query outputs, reflecting the final node which processed a query and sent it directly to a resource.
2024-07-12Control Plane90.17.0This release adds Okta Verify as a supported MFA provider.
2024-07-11CLI43.69.0This release removes the outdated flags --connect-to-replica and --replica-set from the sdm admin resources create mongo command.
2024-07-11Terraform Provider11.0.0This release removes some deprecated fields from Mongo resource types.
2024-07-11Java SDK11.0.0This release removes some deprecated fields from Mongo resource types.
2024-07-11Python SDK11.0.0This release removes some deprecated fields from Mongo resource types.
2024-07-11Go SDK11.0.0This release removes some deprecated fields from Mongo resource types.
2024-07-11Ruby SDK11.0.0This release removes some deprecated fields from Mongo resource types.
2024-07-10Control Plane90.7.0This release addresses the following third party CVEs: CVE-2024-6104, CVE-2024-6257
2024-07-10CLI43.65.0This release adds the loopback range to the organization history API.
2024-07-10Java SDK9.7.0This release adds the loopback range to the organization history API.
2024-07-10Python SDK9.7.0This release adds the loopback range to the organization history API.
2024-07-10Ruby SDK9.7.0This release adds the loopback range to the organization history API.
2024-07-10Go SDK9.7.0This release adds the loopback range to the organization history API.
2024-07-10CLI43.63.0Many CLI commands currently do not have validation against incorrect number of arguments being provided. This release adds those validations.
2024-07-09Control Plane89.99.0In the event an access request has more than one resource associated with it, typically through an approval workflow associated with a policy, all resources will now be listed in the access request details.
2024-07-08Control Plane89.92.0This release fixes an issue in the Admin UI where resources could not be created if there are no Identity Sets.
2024-07-05CLI43.58.0On Linux, "sdm install" has a new -nostart flag that can be used when users want to complete the installation without actually starting the service.
2024-07-03Terraform Provider10.5.0This change adds a resource type for SSH password authentication.
2024-07-03Java SDK9.6.0This change adds a resource type for SSH password authentication.
2024-07-03Ruby SDK9.6.0This change adds a resource type for SSH password authentication.
2024-07-03Python SDK9.6.0This change adds a resource type for SSH password authentication.
2024-07-03Go SDK9.6.0This change adds a resource type for SSH password authentication.
2024-07-02Control Plane89.81.0This release allows the Port Override field to be set when creating or updating a cloud resource, as with other resources. Previously this field was only visible and editable for cloud resources through the CLI or SDKs.
2024-07-01CLI43.53.0This release removes the "alterUser" SQL action, treating such calls as aliases for ALTER ROLE.
2024-07-01Control Plane89.74.0This release removes the "alterUser" SQL action, treating such calls as aliases for ALTER ROLE.
2024-07-01Desktop Application21.76.0This release updates colors within the desktop app.
2024-06-27Desktop Application21.74.0This release updates the desktop app so that when clicking the taskbar icon, the Resource Center window opens or is in focus instead of the Account menu opening. This change also puts the Account menu within the header of the Resource Center window.
2024-06-27Control Plane89.59.0This release fixes a duplicate footer and image for TOTP MFA enrollment success.
2024-06-26Control Plane89.54.0This fixes an issue for DBAs that caused the resource page not to load.
2024-06-26CLI43.31.0This changes the Microsoft Defender Device Trust checks to be evaluated against the required trust level "as expected" (fixing a previously present in the code bug).
2024-06-26Control Plane89.52.0This changes the Microsoft Defender Device Trust checks to be evaluated against the required trust level "as expected" (fixing a previously present in the code bug).
2024-06-25Control Plane89.45.0This release resolves an issue where the navigation layout sometimes flickered before the login screen. It also resolves an issue with idle timeouts not correctly logging users out, and an issue with Parent-Child organization logins via the Admin UI.
2024-06-24CLI43.15.0This release changes connection behavior to proactively close idle connections when proxying HTTP requests in order to reduce the memory profile of high volume HTTP requests for both nodes and clients.
2024-06-21CLI43.4.0This release addresses the following third party CVEs: CVE-2024-35255
2024-06-21Control Plane89.22.0This release addresses the following third party CVEs: CVE-2023-49559
2024-06-18Java SDK9.4.0This release adds the ability to configure the following cluster type resources for discovery to the CLI, SDKs and the SDM Terraform Provider: Kubernetes, KubernetesServiceAccount, AKS, AKSServiceAccount, AmazonEKS, AmazonEKSInstanceProfile, GoogleGKE. The feature is not yet Generally Available and may not be available to your organization yet.
2024-06-18Control Plane89.10.0This release adds more informational links to the MFA settings section in the Admin UI, including separate links for Duo, Okta, and TOTP setup.
2024-06-18Control Plane89.5.0This release updates the text on the Microsoft Defender option for Device Trust in the Admin UI.
2024-06-18CLI42.97.0This release renames the CLI's admin relays tree to admin nodes with accompanying help text updates. Node is the more generic term that encompasses both gateways and relays. An alias for relays remains to prevent breakage in existing scripts. Similarly, the CLI's audit relays command has been renamed to audit nodes with accompanying help text updates. An alias for relays remains to prevent breakage in existing scripts.
2024-06-18CLI42.96.0This release adds support for Mongo 7 and Mongo 8 (tested with RC8).
2024-06-18CLI42.95.0This change adds support to parse ALTER DEFAULT PRIVILEGES statements as actions for Postgres resources.
2024-06-18Control Plane89.4.0This change adds support to parse ALTER DEFAULT PRIVILEGES statements as actions for Postgres resources.
2024-06-17CLI42.93.0

This release adds the ability to configure the following cluster type resources for discovery to the CLI, SDKs and the SDM Terraform Provider: Kubernetes, KubernetesServiceAccount, AKS, AKSServiceAccount, AmazonEKS, AmazonEKSInstanceProfile, GoogleGKE.

The feature is not yet Generally Available and may not be available to your organization yet.

2024-06-17Control Plane89.3.0

This release adds the ability to configure the following cluster type resources for discovery to the CLI, SDKs and the SDM Terraform Provider: Kubernetes, KubernetesServiceAccount, AKS, AKSServiceAccount, AmazonEKS, AmazonEKSInstanceProfile, GoogleGKE.

The feature is not yet Generally Available and may not be available to your organization yet.

2024-06-17Terraform Provider10.4.0

This release adds the ability to configure the following cluster type resources for discovery to the CLI, SDKs and the SDM Terraform Provider: Kubernetes, KubernetesServiceAccount, AKS, AKSServiceAccount, AmazonEKS, AmazonEKSInstanceProfile, GoogleGKE.

The feature is not yet Generally Available and may not be available to your organization yet.

2024-06-17Go SDK9.4.0

This release adds the ability to configure the following cluster type resources for discovery to the CLI, SDKs and the SDM Terraform Provider: Kubernetes, KubernetesServiceAccount, AKS, AKSServiceAccount, AmazonEKS, AmazonEKSInstanceProfile, GoogleGKE.

The feature is not yet Generally Available and may not be available to your organization yet.

2024-06-17Python SDK9.4.0

This release adds the ability to configure the following cluster type resources for discovery to the CLI, SDKs and the SDM Terraform Provider: Kubernetes, KubernetesServiceAccount, AKS, AKSServiceAccount, AmazonEKS, AmazonEKSInstanceProfile, GoogleGKE.

The feature is not yet Generally Available and may not be available to your organization yet.

2024-06-17Ruby SDK9.4.0

This release adds the ability to configure the following cluster type resources for discovery to the CLI, SDKs and the SDM Terraform Provider: Kubernetes, KubernetesServiceAccount, AKS, AKSServiceAccount, AmazonEKS, AmazonEKSInstanceProfile, GoogleGKE.

The feature is not yet Generally Available and may not be available to your organization yet.

2024-06-17Terraform Provider10.3.0This release changes the Remote Identity references to Identity Alias in the header and JSON keys for sdm audit queries, and for Log Sync.
2024-06-17CLI42.92.0This release changes the Remote Identity references to Identity Alias in the header and JSON keys for sdm audit queries, and for Log Sync.
2024-06-17Control Plane89.1.0This release changes the Remote Identity references to Identity Alias in the header and JSON keys for sdm audit queries, and for Log Sync.
2024-06-17Python SDK9.3.0This release changes the Remote Identity references to Identity Alias in the header and JSON keys for sdm audit queries, and for Log Sync.
2024-06-17Ruby SDK9.3.0This release changes the Remote Identity references to Identity Alias in the header and JSON keys for sdm audit queries, and for Log Sync.
2024-06-17Go SDK9.3.0This release changes the Remote Identity references to Identity Alias in the header and JSON keys for sdm audit queries, and for Log Sync.
2024-06-17CLI42.90.0This release renames the Remote Identity activities to Identity Alias and Identity Sets. This release also renames the Remote Identities header to Identity Aliases for sdm audit users and sdm audit queries.
2024-06-17CLI42.91.0This release updates some CLI commands to now show the correct default value (instead of 0) for the --page-limit option.
2024-06-17Control Plane89.0.0This release renames the Remote Identity activities to Identity Alias and Identity Sets. This release also renames the Remote Identities header to Identity Aliases for sdm audit users and sdm audit queries.
2024-06-17Terraform Provider10.2.0This release renames the Remote Identity activities to Identity Alias and Identity Sets. This release also renames the Remote Identities header to Identity Aliases for sdm audit users and sdm audit queries.
2024-06-17Python SDK9.2.0This release renames the Remote Identity activities to Identity Alias and Identity Sets. This release also renames the Remote Identities header to Identity Aliases for sdm audit users and sdm audit queries.
2024-06-17Ruby SDK9.2.0This release renames the Remote Identity activities to Identity Alias and Identity Sets. This release also renames the Remote Identities header to Identity Aliases for sdm audit users and sdm audit queries.
2024-06-17Go SDK9.2.0This release renames the Remote Identity activities to Identity Alias and Identity Sets. This release also renames the Remote Identities header to Identity Aliases for sdm audit users and sdm audit queries.
2024-06-14CLI42.81.0This change causes nodes to restart if they detect they have lost their authentication state, so they can either restore it or sever themselves from the network and cut idle traffic if they cannot (because they were remotely deleted, for example).
2024-06-14Control Plane88.91.0This release implements a default behavior to forbid self-approvals in the workflow settings. Existing configurations will be unaffected.
2024-06-13Control Plane88.85.0This change resolves a bug where deleted nodes would not be notified of their deletion, causing them to continue to fruitlessly send requests to a StrongDM control plane until they were manually cut off.
2024-06-12Control Plane88.72.0This release allows Resources to be filtered by identityEnabled and identitySetID "identityEnabled" has a Boolean value and indicates if a resource is configured to use an Identity Alias on connection. "identitySetID" has a string value, and is the specific Identity Set that the resource is configured to use. Filtering by remoteIdentityEnabled is still supported but is deprecated.
2024-06-11CLI42.69.0This change reveals the sdm admin network subtree for working with peering groups.
2024-06-11CLI42.66.0This release adds support for special JSON functions and the IS JSON clause to the SQL actions parser.
2024-06-11Control Plane88.68.0This release adds support for special JSON functions and the IS JSON clause to the SQL actions parser.
2024-06-11CLI42.61.0This changeset supports DROP DATABASE, DROP CAST, DROP TRANSFORM, and DROP OPERATOR CLASS in the PostgreSQL action parser.
2024-06-11Control Plane88.64.0This changeset supports DROP DATABASE, DROP CAST, DROP TRANSFORM, and DROP OPERATOR CLASS in the PostgreSQL action parser.
2024-06-11CLI42.59.0This changeset adds action parsing support for SQL MERGE statements.
2024-06-11Control Plane88.63.0This changeset adds action parsing support for SQL MERGE statements.
2024-06-11CLI42.58.0This change adds support for UESCAPE clauses in PostgreSQL query parsing.
2024-06-11Control Plane88.62.0This change adds support for UESCAPE clauses in PostgreSQL query parsing.
2024-06-10CLI42.57.0This release augments SQL parsing to correctly handle cases around type copying in function creation and some forms of type casting.
2024-06-10Control Plane88.57.0This release augments SQL parsing to correctly handle cases around type copying in function creation and some forms of type casting.
2024-06-10CLI42.54.0This release augments the Postgres policy action parser to understand more edge cases of the Postgres grammar.
2024-06-10Control Plane88.46.0This release adds Microsoft Defender as a supported Device Trust provider.
2024-06-06Control Plane88.24.0This release fixes a bug preventing configured Okta MFA settings from appearing in the Admin UI.
2024-06-06Control Plane88.23.0This release updates the error message received when a user is not enrolled in Okta MFA, for clarity.
2024-06-05Control Plane88.22.0This release changes the behavior of the 'default' Identity Set. New organizations will no longer have a 'default' Identity Set automatically created. 'default' Identity Sets will also be able to be deleted.
2024-06-03Control Plane88.4.0SCIM requests can now include a list of identity aliases to be assigned to a user.
2024-06-03Control Plane88.3.0This change deprecates some older forms of creating healthchecks. Specifically, when gateways come online after being offline for over 60 seconds, they would formerly enqueue a healthcheck for every resource at that time; this has been removed. In addition, legacy clients used a less efficient mechanism for healthchecking resources on sdm connect; this has been removed. All CLI versions released within the last year, or greater than 38.13.0, will see no change in behavior here. Newer clients will (still) efficiently healthcheck resources on sdm connect, for any unhealthy resource, and this in combination with manual checks, checks on resource updates, and periodic automatic checks will keep gaps from causing access problems. Switching to explicit routing is also recommended for users with large, complicated networks.
2024-05-29CLI42.34.0This release adds the Identity Set Create, Update, and Delete commands to the CLI and SDKs. It also changes sdm admin identities create to take in a required identity-set-id or identity-set-name, instead of creating all Identity Aliases with the default Identity Set.
2024-05-29Control Plane87.78.0This release adds the Identity Set Create, Update, and Delete commands to the CLI and SDKs. It also changes sdm admin identities create to take in a required identity-set-id or identity-set-name, instead of creating all Identity Aliases with the default Identity Set.
2024-05-29Java SDK9.1.0This release adds the Identity Set Create, Update, and Delete commands to the CLI and SDKs. It also changes sdm admin identities create to take in a required identity-set-id or identity-set-name, instead of creating all Identity Aliases with the default Identity Set.
2024-05-29Terraform Provider10.1.0This release adds the Identity Set Create, Update, and Delete commands to the CLI and SDKs. It also changes sdm admin identities create to take in a required identity-set-id or identity-set-name, instead of creating all Identity Aliases with the default Identity Set.
2024-05-29Python SDK9.1.0This release adds the Identity Set Create, Update, and Delete commands to the CLI and SDKs. It also changes sdm admin identities create to take in a required identity-set-id or identity-set-name, instead of creating all Identity Aliases with the default Identity Set.
2024-05-29Go SDK9.1.0This release adds the Identity Set Create, Update, and Delete commands to the CLI and SDKs. It also changes sdm admin identities create to take in a required identity-set-id or identity-set-name, instead of creating all Identity Aliases with the default Identity Set.
2024-05-29Ruby SDK9.1.0This release adds the Identity Set Create, Update, and Delete commands to the CLI and SDKs. It also changes sdm admin identities create to take in a required identity-set-id or identity-set-name, instead of creating all Identity Aliases with the default Identity Set.
2024-05-29Control Plane87.74.0This release addresses a race condition in native login that could cause the user to be redirected to the login page when they should not be.
2024-05-22CLI42.26.0

This release renames sdm admin remote-identities to sdm admin identities, the sdm admin remote-identities tree is deprecated.

Similarly for SDKs, the old Remote Identity and Remote Identity Group surfaces have been deprecated and renamed to Identity Alias and Identity Set.

For Drivers, the RemoteIdentityHealthcheckUsername and RemoteIdentityGroupId have been renamed to IdentityAliasHealthcheckUsername and IdentitySetId.

When creating resources using the CLI, the user would need to use identityAliasHealthcheckUsername and identitySetId, instead of remoteIdentityHealthcheckUsername and remoteIdentityGroupId as the JSON keys.

2024-05-22Control Plane87.53.0

This release renames sdm admin remote-identities to sdm admin identities, the sdm admin remote-identities tree is deprecated.

Similarly for SDKs, the old Remote Identity and Remote Identity Group surfaces have been deprecated and renamed to Identity Alias and Identity Set.

For Drivers, the RemoteIdentityHealthcheckUsername and RemoteIdentityGroupId have been renamed to IdentityAliasHealthcheckUsername and IdentitySetId.

When creating resources using the CLI, the user would need to use identityAliasHealthcheckUsername and identitySetId, instead of remoteIdentityHealthcheckUsername and remoteIdentityGroupId as the JSON keys.

2024-05-22Java SDK9.0.0

This release renames sdm admin remote-identities to sdm admin identities, the sdm admin remote-identities tree is deprecated.

Similarly for SDKs, the old Remote Identity and Remote Identity Group surfaces have been deprecated and renamed to Identity Alias and Identity Set.

For Drivers, the RemoteIdentityHealthcheckUsername and RemoteIdentityGroupId have been renamed to IdentityAliasHealthcheckUsername and IdentitySetId.

When creating resources using the CLI, the user would need to use identityAliasHealthcheckUsername and identitySetId, instead of remoteIdentityHealthcheckUsername and remoteIdentityGroupId as the JSON keys.

2024-05-22Terraform Provider10.0.0

This release renames sdm admin remote-identities to sdm admin identities, the sdm admin remote-identities tree is deprecated.

Similarly for SDKs, the old Remote Identity and Remote Identity Group surfaces have been deprecated and renamed to Identity Alias and Identity Set.

For Drivers, the RemoteIdentityHealthcheckUsername and RemoteIdentityGroupId have been renamed to IdentityAliasHealthcheckUsername and IdentitySetId.

When creating resources using the CLI, the user would need to use identityAliasHealthcheckUsername and identitySetId, instead of remoteIdentityHealthcheckUsername and remoteIdentityGroupId as the JSON keys.

2024-05-22Python SDK9.0.0

This release renames sdm admin remote-identities to sdm admin identities, the sdm admin remote-identities tree is deprecated.

Similarly for SDKs, the old Remote Identity and Remote Identity Group surfaces have been deprecated and renamed to Identity Alias and Identity Set.

For Drivers, the RemoteIdentityHealthcheckUsername and RemoteIdentityGroupId have been renamed to IdentityAliasHealthcheckUsername and IdentitySetId.

When creating resources using the CLI, the user would need to use identityAliasHealthcheckUsername and identitySetId, instead of remoteIdentityHealthcheckUsername and remoteIdentityGroupId as the JSON keys.

2024-05-22Ruby SDK9.0.0

This release renames sdm admin remote-identities to sdm admin identities, the sdm admin remote-identities tree is deprecated.

Similarly for SDKs, the old Remote Identity and Remote Identity Group surfaces have been deprecated and renamed to Identity Alias and Identity Set.

For Drivers, the RemoteIdentityHealthcheckUsername and RemoteIdentityGroupId have been renamed to IdentityAliasHealthcheckUsername and IdentitySetId.

When creating resources using the CLI, the user would need to use identityAliasHealthcheckUsername and identitySetId, instead of remoteIdentityHealthcheckUsername and remoteIdentityGroupId as the JSON keys.

2024-05-22Go SDK9.0.0

This release renames sdm admin remote-identities to sdm admin identities, the sdm admin remote-identities tree is deprecated.

Similarly for SDKs, the old Remote Identity and Remote Identity Group surfaces have been deprecated and renamed to Identity Alias and Identity Set.

For Drivers, the RemoteIdentityHealthcheckUsername and RemoteIdentityGroupId have been renamed to IdentityAliasHealthcheckUsername and IdentitySetId.

When creating resources using the CLI, the user would need to use identityAliasHealthcheckUsername and identitySetId, instead of remoteIdentityHealthcheckUsername and remoteIdentityGroupId as the JSON keys.

2024-05-20Java SDK8.4.0Added support for Hashicorp Vault AWS IAM and EC2 authentication methods for use as a secret store.
2024-05-20Python SDK8.4.0Added support for Hashicorp Vault AWS IAM and EC2 authentication methods for use as a secret store.
2024-05-20Go SDK8.4.0Added support for Hashicorp Vault AWS IAM and EC2 authentication methods for use as a secret store.
2024-05-20Ruby SDK8.4.0Added support for Hashicorp Vault AWS IAM and EC2 authentication methods for use as a secret store.
2024-05-20Desktop Application21.71.0Added support for Hashicorp Vault AWS IAM and EC2 authentication methods for use as a secret store.
2024-05-20CLI42.25.0Added support for Hashicorp Vault AWS IAM and EC2 authentication methods for use as a secret store.
2024-05-20Control Plane87.49.0Added support for Hashicorp Vault AWS IAM and EC2 authentication methods for use as a secret store.
2024-05-17Control Plane87.44.0This release updates the display and visibility of the Log Stream Admin UI component based on payment tier.
2024-05-16Control Plane87.32.0When using the Context-Based Policy feature, the default "Global Access" policy shown in the Policy Library in the Admin UI can now be modified or deleted. Modifying or deleting this policy may prevent users with pre-assigned role or temporary account grants from accessing resources, as access to resources must be permitted by both grants and by policy. In addition, when using the Context-Based Policy feature, the policy editor in the Admin UI can now be used to create permit policies without specifying a location, device trust, or user requirements. Such policies can be used to permit access to resources in conjunction with existing role and account grants.
2024-05-16Control Plane87.30.0This release fixes an issue where queries logged for context-based policy were not populating the source and client IP address fields in the query. The source and client IP address information was still present in the authorization data included with the logged query.
2024-05-15Control Plane87.25.0This release fixes a bug where SCIM token rotation would not present a new token to copy.
2024-05-13Control Plane87.13.0This release fixes a bug related to opening app.strongdm.com from the desktop app and fixes a bug related to SSO logins.
2024-05-13CLI42.9.0sdm install now supports the --domain flag, which allows you to instruct the client or relay to connect to a StrongDM control plane other than strongdm.com. For example, customers using GovCloud should connect to strongdm-gov.com.
2024-05-13Control Plane87.8.0

This release adds the ability to reference Identity Aliases and Identity Sets in the context of policies. It also adds Identity Set as an entity (that is, StrongDM::IdentitySet).

Example usage: &#xA;@justify(&#34;Please provide justification&#34;)&#xA;permit (&#xA; principal,&#xA; action in [StrongDM::Action::&#34;dial&#34;],&#xA; resource == StrongDM::Resource::&#34;rs-25599cd76579dac5&#34;&#xA;) when {&#xA; context.identityAlias.username == &#34;ssh_superuser&#34; &amp;&amp; &#xA; context.identitySet == StrongDM::IdentitySet::&#34;is-111111111111&#34;&#xA;};&#xA;

2024-05-09Control Plane86.98.0Added support for a new certificate authority integration: Keyfactor EJBCA SSH CA
2024-05-09Java SDK8.3.0Added support for a new certificate authority integration: Keyfactor EJBCA SSH CA
2024-05-09Terraform Provider9.3.0Added support for a new certificate authority integration: Keyfactor EJBCA SSH CA
2024-05-09Ruby SDK8.3.0Added support for a new certificate authority integration: Keyfactor EJBCA SSH CA
2024-05-09Python SDK8.3.0Added support for a new certificate authority integration: Keyfactor EJBCA SSH CA
2024-05-09Go SDK8.3.0Added support for a new certificate authority integration: Keyfactor EJBCA SSH CA
2024-05-09CLI42.4.0This release addresses the following third party CVEs: CVE-2024-28180
2024-05-09Control Plane86.97.0This release addresses the following third party CVEs: CVE-2024-28180
2024-05-08Control Plane86.91.0This release resolves a bug where timed out Admin UI sessions would not redirect users back to the login screen.
2024-05-08CLI41.98.0This release removes the client key password environment variable field for configuration of Keyfactor RDP CAs.
2024-05-08Control Plane86.86.0This release removes the client key password environment variable field for configuration of Keyfactor RDP CAs.
2024-05-06Control Plane86.79.0This release adds a page in the Admin UI that informs users that they are logging out prior to showing the login screen.
2024-05-06Control Plane86.76.0This release addresses the following third party CVEs: CVE-2024-33883
2024-05-06CLI41.94.0This release changes the Request Access form in the integration for Slack so that the duration component now allows times that are less than 1 hour.
2024-05-06Control Plane86.75.0This release changes the Request Access form in the integration for Slack so that the duration component now allows times that are less than 1 hour.
2024-05-02Control Plane86.64.0This release fixes a bug in the rendering of the query panel for policy logs, where it would take some time to fill the screen on large displays.
2024-05-02Control Plane86.62.0Fixes a bug in integration with Slack where non-approvers could mark channel-based request as approved, which would result in no actual access to the resource since they are not approvers.
2024-04-30Control Plane86.55.0This release fixes a bug in the rendering of routes via sdm admin network topology.
2024-04-30CLI41.82.0The FIPS-compliant variant of our linux CLI binary is now compatible with glibc versions as old as 2.27. This does not affect normal, non-FIPS-compliant linux binaries.
2024-04-30Control Plane86.48.0The Download & Install page on the Admin UI now directs Docker users to public.ecr.aws/strongdm instead of quay.io/sdmrepo. quay.io will continue to be supported.
2024-04-25Java SDK8.1.0This release adds support for the Keyfactor EJBCA Certificate authority type.
2024-04-25Terraform Provider9.1.0This release adds support for the Keyfactor EJBCA Certificate authority type.
2024-04-25Python SDK8.1.0This release adds support for the Keyfactor EJBCA Certificate authority type.
2024-04-25Go SDK8.1.0This release adds support for the Keyfactor EJBCA Certificate authority type.
2024-04-25Ruby SDK8.1.0This release adds support for the Keyfactor EJBCA Certificate authority type.
2024-04-23CLI41.70.0This release addresses the following third party CVEs: CVE-2023-45288
2024-04-23Control Plane86.25.0This release addresses the following third party CVEs: CVE-2023-45288
2024-04-23Control Plane86.23.0This release adds the Remote Identity group ID (i.e. ig-123) field to the resource filters.
2024-04-23CLI41.67.0This release adds support for a new third party certificate authority: Keyfactor for RDP.
2024-04-23Control Plane86.22.0This release adds support for a new third party certificate authority: Keyfactor for RDP.
2024-04-23Desktop Application21.69.0This release updates the installers to provide better support for managed installations where the SDM user may be a standard user, not an administrator. To allow auto-updates to work without requiring an administrator, the SDM application is now installed by default into the user's program directory ($HOME/Applications on macOS and $PROFILE/AppData/Local/Programs on Windows). The Windows and macOS installers both provide a way for an administrator to install the application on behalf of a standard user and both install the latest StrongDM System Service when the installation is performed with administrator privileges.
2024-04-22CLI41.64.0This release enhances proxied HTTP requests for website resources to now include the X-Forwarded-Proto header indicating the protocol scheme (HTTP or HTTPS). Some HTTP servers may relay on this header being present.
2024-04-22CLI41.63.0This release enables the ability to refer to a resource by name when requesting access via the CLI (sdm access to &lt;resource name&gt;). This release also fixes a bug where the requested resource IDs would not populate in the sdm access requests command.
2024-04-22Control Plane86.20.0This release enables the ability to refer to a resource by name when requesting access via the CLI (sdm access to &lt;resource name&gt;). This release also fixes a bug where the requested resource IDs would not populate in the sdm access requests command.
2024-04-22CLI41.62.0This release augments logging for the Snowsight driver to include any UUIDs that are found in responses when connection attempts fail. Snowsight documentation indicates that these may be used to query the LOGIN_HISTORY or LOGIN_HISTORY_BY_USER views to get more details about the error.
2024-04-22Control Plane86.17.0This release augments logging for the Snowsight driver to include any UUIDs that are found in responses when connection attempts fail. Snowsight documentation indicates that these may be used to query the LOGIN_HISTORY or LOGIN_HISTORY_BY_USER views to get more details about the error.
2024-04-18Control Plane86.5.0This release addresses the following third party CVEs: CVE-2024-29041,CVE-2024-28863
2024-04-17Control Plane86.2.0This release fixes a bug that caused the minimum CrowdStrike score not to appear correctly in the Admin UI.
2024-04-15CLI41.52.0This release fixes a bug with context-based policy where justification and MFA prompts may no longer appear through the desktop app when logging back in to the client after a log out or session expiration.
2024-04-15Control Plane85.95.0This release fixes a bug with context-based policy where justification and MFA prompts may no longer appear through the desktop app when logging back in to the client after a log out or session expiration.
2024-04-12Terraform Provider9.0.0This release adds the ability to query tokens on the sdm_account resource type in the StrongDM Terraform provider.
2024-04-09Control Plane85.88.0This release refactors Slack token refreshes to be more tolerant of Slack outages.
2024-04-09Control Plane85.87.0

This release includes the following changes:

  • Write operations are limited to Create and Delete operations for API keys and tokens. Furthermore, Update is valid for changing the name of these token types, but no other fields are allowed to be updated.
  • Read operations support all token types (API Key, Admin Token, SCIM Token, and ServiceNow Tokens) in addition to the existing users and service account types. Note that the default behavior of the List operation on all accounts without any filters on account type will now return token types in addition to the users and service account types.
  • API keys and admin tokens now can be attached with permissions to create new tokens. The permissions on the tokens created must be a subset of the permissions that the parent token has.
2024-04-09Java SDK8.0.0

This release includes the following changes:

  • Write operations are limited to Create and Delete operations for API keys and tokens. Furthermore, Update is valid for changing the name of these token types, but no other fields are allowed to be updated.
  • Read operations support all token types (API Key, Admin Token, SCIM Token, and ServiceNow Tokens) in addition to the existing users and service account types. Note that the default behavior of the List operation on all accounts without any filters on account type will now return token types in addition to the users and service account types.
  • API keys and admin tokens now can be attached with permissions to create new tokens. The permissions on the tokens created must be a subset of the permissions that the parent token has.
2024-04-09Python SDK8.0.0

This release includes the following changes:

  • Write operations are limited to Create and Delete operations for API keys and tokens. Furthermore, Update is valid for changing the name of these token types, but no other fields are allowed to be updated.
  • Read operations support all token types (API Key, Admin Token, SCIM Token, and ServiceNow Tokens) in addition to the existing users and service account types. Note that the default behavior of the List operation on all accounts without any filters on account type will now return token types in addition to the users and service account types.
  • API keys and admin tokens now can be attached with permissions to create new tokens. The permissions on the tokens created must be a subset of the permissions that the parent token has.
2024-04-09Ruby SDK8.0.0

This release includes the following changes:

  • Write operations are limited to Create and Delete operations for API keys and tokens. Furthermore, Update is valid for changing the name of these token types, but no other fields are allowed to be updated.
  • Read operations support all token types (API Key, Admin Token, SCIM Token, and ServiceNow Tokens) in addition to the existing users and service account types. Note that the default behavior of the List operation on all accounts without any filters on account type will now return token types in addition to the users and service account types.
  • API keys and admin tokens now can be attached with permissions to create new tokens. The permissions on the tokens created must be a subset of the permissions that the parent token has.
2024-04-09Go SDK8.0.0

This release includes the following changes:

  • Write operations are limited to Create and Delete operations for API keys and tokens. Furthermore, Update is valid for changing the name of these token types, but no other fields are allowed to be updated.
  • Read operations support all token types (API Key, Admin Token, SCIM Token, and ServiceNow Tokens) in addition to the existing users and service account types. Note that the default behavior of the List operation on all accounts without any filters on account type will now return token types in addition to the users and service account types.
  • API keys and admin tokens now can be attached with permissions to create new tokens. The permissions on the tokens created must be a subset of the permissions that the parent token has.
2024-04-09Control Plane85.86.0This release fixes a regression where user agents weren't being populated for requests originating from Slack requests or anonymous HTTP requests.
2024-04-02Desktop Application21.65.0This release fixes a bug where failing MFA during login would require quitting the application to re-attempt login.
2024-03-26Control Plane85.70.0This release fixes some broken documentation links in the Admin UI.
2024-03-26Control Plane85.68.0This release fixes a bug where retrieving large replays through the API could fail with a resource exhausted error due to exceeding maximum GRPC message size limits.
2024-03-26Python SDK7.1.1This release fixes a bug where retrieving large replays through the API could fail with a resource exhausted error due to exceeding maximum GRPC message size limits.
2024-03-25Control Plane85.64.0This release adds a new Default Service Account Enforcement setting in the Admin UI Device Trust security settings in the Settings > Security page and a matching Service Account level setting in the Access > Users > Service Account > Settings page. The new settings allow for setting the default Device Trust enforcement policy for service accounts to be either required or exempt at the organization level, and also to set an overriding setting on individual service accounts. The effective Device Trust state is now shown for service accounts on the Access > Users page in the Device Trust column.
2024-03-21Control Plane85.63.0This release fixes an issue that could cause a manual approval flow to be converted to an automatic one that would fail to save.
2024-03-21Control Plane85.62.0This release fixes an issue where automatic approval workflows couldn't be saved unless an approver was selected.
2024-03-21Control Plane85.61.0This release reduces the number of error emails that may be sent due to Device Trust provider issues. In addition, a "resolved" email will now be sent when the issue is no longer present.
2024-03-19Control Plane85.59.0This release fixes an issue where only the first 25 Approval Workflows would list in the Admin UI.
2024-03-19Control Plane85.58.0This release fixes an issue where the MFA screen did not take up the whole screen in the desktop app.
2024-03-19Control Plane85.56.0

Third Party Certificate Authorities are generally available, including AWS Private CA RDP, Active Directory Certificate Services, GCP Certificate Authority Service RDP, HashiCorp Vault SSH, HashiCorp Vault SSH (AppRole), HashiCorp Vault SSH (Token), HashiCorp Vault RDP, HashiCorp Vault RDP (AppRole), HashiCorp Vault RDP (Token)

Each third party Certificate Authority has a details page which includes Diagnostics, Settings, and Resources (if resources have been applied).

2024-03-19Control Plane85.55.0If an access request is automatically denied due to there being no approvers on the bound workflow a reason is added to indicate why the request was denied.
2024-03-18Control Plane85.53.0This release fixes an issue where the IP Allowlist settings page could not be accessed even with the feature enabled.
2024-03-18Desktop Application21.64.0

The installer for Windows (EXE file) and macOS (PKG file) have been changed.

When the installer is run by a privileged user (run as Administrator on Windows; with sudo or as root on macOS), the installation also includes a virtual networking component.

The installer now provides a way for an administrator to install the application for the use of specified standard user that makes auto-updates work properly for that end user. To do this on Windows, run the installer as Administrator with an extra --SDMUSER=&lt;OtherUserName&gt; on the command line. On MacOS, run the command HOME=/Users/&lt;OtherUserName&gt; sudo installer -pkg &lt;SDMInstaller.pkg&gt; -target /.

Standard (non-admin) users can still run the installer. When executed without admin, the installer acts as it did before. It installs the SDM application to a per-user location and does not install the virtual networking component.

2024-03-15CLI41.34.0This release fixes an issue with AWS resources where where retrieving objects through S3 with certain special characters in the object key could fail with a signature error.
2024-03-15Desktop Application21.63.0This release addresses the following third party CVEs: CVE-2024-24786,CVE-2024-27303
2024-03-15CLI41.33.0This release addresses the following third party CVEs: CVE-2024-24786,CVE-2024-27303
2024-03-15Control Plane85.49.0This release addresses the following third party CVEs: CVE-2024-24786,CVE-2024-27303
2024-03-15CLI41.32.0

This release adds the Issued Certificate TTL Minutes field, as a required field, to the Certificate Authorities configurations for AWS Private CA, Google Certificate Authority Service and HashiCorp Vault SSH and PKI. This field allows for the specification of the lifetime of the requested certificate.

This release also marks the Certificate Authority category Secret Stores as stable.

2024-03-15Control Plane85.48.0

This release adds the Issued Certificate TTL Minutes field, as a required field, to the Certificate Authorities configurations for AWS Private CA, Google Certificate Authority Service and HashiCorp Vault SSH and PKI. This field allows for the specification of the lifetime of the requested certificate.

This release also marks the Certificate Authority category Secret Stores as stable.

2024-03-15Java SDK7.1.0

This release adds the Issued Certificate TTL Minutes field, as a required field, to the Certificate Authorities configurations for AWS Private CA, Google Certificate Authority Service and HashiCorp Vault SSH and PKI. This field allows for the specification of the lifetime of the requested certificate.

This release also marks the Certificate Authority category Secret Stores as stable.

2024-03-15Terraform Provider8.1.0

This release adds the Issued Certificate TTL Minutes field, as a required field, to the Certificate Authorities configurations for AWS Private CA, Google Certificate Authority Service and HashiCorp Vault SSH and PKI. This field allows for the specification of the lifetime of the requested certificate.

This release also marks the Certificate Authority category Secret Stores as stable.

2024-03-15Python SDK7.1.0

This release adds the Issued Certificate TTL Minutes field, as a required field, to the Certificate Authorities configurations for AWS Private CA, Google Certificate Authority Service and HashiCorp Vault SSH and PKI. This field allows for the specification of the lifetime of the requested certificate.

This release also marks the Certificate Authority category Secret Stores as stable.

2024-03-15Ruby SDK7.1.0

This release adds the Issued Certificate TTL Minutes field, as a required field, to the Certificate Authorities configurations for AWS Private CA, Google Certificate Authority Service and HashiCorp Vault SSH and PKI. This field allows for the specification of the lifetime of the requested certificate.

This release also marks the Certificate Authority category Secret Stores as stable.

2024-03-15Go SDK7.1.0

This release adds the Issued Certificate TTL Minutes field, as a required field, to the Certificate Authorities configurations for AWS Private CA, Google Certificate Authority Service and HashiCorp Vault SSH and PKI. This field allows for the specification of the lifetime of the requested certificate.

This release also marks the Certificate Authority category Secret Stores as stable.

2024-03-15CLI41.31.0This release adds the ability to modify user permission levels via the SDKs.
2024-03-15Control Plane85.46.0This release adds the ability to modify user permission levels via the SDKs.
2024-03-15Terraform Provider8.0.0This release adds the ability to modify user permission levels via the SDKs.
2024-03-15Java SDK7.0.0This release adds the ability to modify user permission levels via the SDKs.
2024-03-15Python SDK7.0.0This release adds the ability to modify user permission levels via the SDKs.
2024-03-15Go SDK7.0.0This release adds the ability to modify user permission levels via the SDKs.
2024-03-15Ruby SDK7.0.0This release adds the ability to modify user permission levels via the SDKs.
2024-03-15Control Plane85.43.0This release replaces Support chat links during organization trials with documentation links.
2024-03-14Control Plane85.39.0This release changes the Admin UI Access Workflows page's table header checkbox to show an indeterminate state when some but not all rows have been selected.
2024-03-12Control Plane85.35.0This release makes approval workflows unable to be saved unless an approver is selected.
2024-03-12Control Plane85.33.0This release updates the Device Trust settings in the Admin UI with more flexible controls globally and per user.
2024-03-08CLI41.26.0This release sets the TTL for issued certificates using certain third-party CAs to a lower default TTL of 5 minutes.
2024-03-08Control Plane85.24.0This release makes new Policy features available to Enterprise customers in the Admin UI. These features allow admins to require MFA or text justifications or to require approval workflows to be followed for some access. Policies can consider conditions such as the geographic location of the user and the device trust score of the user's machine when making access decisions.
2024-03-08CLI41.25.0This change hides the account field returned by sdm ready by default, replacing it with account_info, a new object containing more specific information about the logged in account. This also adds the -v or verbose flag to sdm ready which restores this deprecated field temporarily, and adds additional fields as well.
2024-03-07Control Plane85.21.0This release fixes a bug where access workflows did not save when unlinking a manual approval flow.
2024-03-07Control Plane85.19.0In this release, the default value of the Access filter in the Access Catalog has been changed from "Any" to "Available", so that the default results will now be restricted to resources that are currently available for the user to request.
2024-03-06Control Plane85.18.0This release modifies the presentation of user and global settings for device trust in the Admin UI.
2024-03-05Control Plane85.15.0This adds an Access component to the Catalog Search form in the Slack app. The default value for the Access filter is still "Available", but users now have the option to change it.
2024-03-04Control Plane85.10.0This release adds Approval Workflows permissions and Approval Workflows audit permissions for API token creation and admin token creation.
2024-03-04Terraform Provider7.7.0This release adds support for managing approval workflows. Using the SDKs/CLI, users can now Create, Update, List, Get, and Delete approval workflows. Users can also Create, List, Get, and Delete approval workflow steps and approval workflow approvers.
2024-03-04Ruby SDK6.9.0This release adds support for managing approval workflows. Using the SDKs/CLI, users can now Create, Update, List, Get, and Delete approval workflows. Users can also Create, List, Get, and Delete approval workflow steps and approval workflow approvers.
2024-03-04Python SDK6.9.0This release adds support for managing approval workflows. Using the SDKs/CLI, users can now Create, Update, List, Get, and Delete approval workflows. Users can also Create, List, Get, and Delete approval workflow steps and approval workflow approvers.
2024-03-04Java SDK6.9.0This release adds support for managing approval workflows. Using the SDKs/CLI, users can now Create, Update, List, Get, and Delete approval workflows. Users can also Create, List, Get, and Delete approval workflow steps and approval workflow approvers.
2024-03-04Go SDK6.9.0This release adds support for managing approval workflows. Using the SDKs/CLI, users can now Create, Update, List, Get, and Delete approval workflows. Users can also Create, List, Get, and Delete approval workflow steps and approval workflow approvers.
2024-03-04Control Plane85.7.0This release adds the ability to create, update, and delete Approval Workflows.
2024-03-04Terraform Provider7.6.0This change adds Approval Workflows and related verticals.
2024-03-04Java SDK6.8.0This change adds Approval Workflows and related verticals.
2024-03-04Python SDK6.8.0This change adds Approval Workflows and related verticals.
2024-03-04Go SDK6.8.0This change adds Approval Workflows and related verticals.
2024-03-04Ruby SDK6.8.0This change adds Approval Workflows and related verticals.
2024-03-04Control Plane85.4.0This release adds a link to the settings page on the access workflows page of the Admin UI.
2024-03-02Control Plane85.3.0This release fixes an issue where the resource catalog might appear empty when fetched in ServiceNow.
2024-03-01CLI41.20.0

The release fixes a bug where the SourceIP field of queries as returned in the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries incorrectly included a port number in addition to an IP. Queries created since this fix will contain only an IP address in the SourceIP field.

In addition, this release adds a new ClientIP field to the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries. This is the public-facing IP address that the client that performed a query used to authenticate with the StrongDM servers. This may differ from the SourceIP which is the IP address the client used to connect to the gateway through which the query was performed. These IP addresses may differ when the gateways are on a different network, such as behind a VPN.

Lastly, this release adds the --extended option to the sdm audit k8s|rdp|ssh CLI commands, which includes some additional extended fields in the query output.

2024-03-01Control Plane85.2.0

The release fixes a bug where the SourceIP field of queries as returned in the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries incorrectly included a port number in addition to an IP. Queries created since this fix will contain only an IP address in the SourceIP field.

In addition, this release adds a new ClientIP field to the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries. This is the public-facing IP address that the client that performed a query used to authenticate with the StrongDM servers. This may differ from the SourceIP which is the IP address the client used to connect to the gateway through which the query was performed. These IP addresses may differ when the gateways are on a different network, such as behind a VPN.

Lastly, this release adds the --extended option to the sdm audit k8s|rdp|ssh CLI commands, which includes some additional extended fields in the query output.

2024-03-01Java SDK6.7.1

The release fixes a bug where the SourceIP field of queries as returned in the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries incorrectly included a port number in addition to an IP. Queries created since this fix will contain only an IP address in the SourceIP field.

In addition, this release adds a new ClientIP field to the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries. This is the public-facing IP address that the client that performed a query used to authenticate with the StrongDM servers. This may differ from the SourceIP which is the IP address the client used to connect to the gateway through which the query was performed. These IP addresses may differ when the gateways are on a different network, such as behind a VPN.

Lastly, this release adds the --extended option to the sdm audit k8s|rdp|ssh CLI commands, which includes some additional extended fields in the query output.

2024-03-01Python SDK6.7.1

The release fixes a bug where the SourceIP field of queries as returned in the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries incorrectly included a port number in addition to an IP. Queries created since this fix will contain only an IP address in the SourceIP field.

In addition, this release adds a new ClientIP field to the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries. This is the public-facing IP address that the client that performed a query used to authenticate with the StrongDM servers. This may differ from the SourceIP which is the IP address the client used to connect to the gateway through which the query was performed. These IP addresses may differ when the gateways are on a different network, such as behind a VPN.

Lastly, this release adds the --extended option to the sdm audit k8s|rdp|ssh CLI commands, which includes some additional extended fields in the query output.

2024-03-01Go SDK6.7.1

The release fixes a bug where the SourceIP field of queries as returned in the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries incorrectly included a port number in addition to an IP. Queries created since this fix will contain only an IP address in the SourceIP field.

In addition, this release adds a new ClientIP field to the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries. This is the public-facing IP address that the client that performed a query used to authenticate with the StrongDM servers. This may differ from the SourceIP which is the IP address the client used to connect to the gateway through which the query was performed. These IP addresses may differ when the gateways are on a different network, such as behind a VPN.

Lastly, this release adds the --extended option to the sdm audit k8s|rdp|ssh CLI commands, which includes some additional extended fields in the query output.

2024-03-01Ruby SDK6.7.1

The release fixes a bug where the SourceIP field of queries as returned in the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries incorrectly included a port number in addition to an IP. Queries created since this fix will contain only an IP address in the SourceIP field.

In addition, this release adds a new ClientIP field to the sdm audit queries and associated CLI commands, the Queries API, and Log Stream query log entries. This is the public-facing IP address that the client that performed a query used to authenticate with the StrongDM servers. This may differ from the SourceIP which is the IP address the client used to connect to the gateway through which the query was performed. These IP addresses may differ when the gateways are on a different network, such as behind a VPN.

Lastly, this release adds the --extended option to the sdm audit k8s|rdp|ssh CLI commands, which includes some additional extended fields in the query output.

2024-03-01Control Plane85.0.0This release fixes an issue that caused the Request Access page and its tabs not to load properly in the Admin UI.
2024-03-01Control Plane84.98.0This change adds a notification email sent to organization admins for non-transient Device Trust API failures.
2024-02-29Control Plane84.93.0This release fixes an issue with dynamic access rules on access workflows, where they couldn't be updated under certain conditions.
2024-02-28Control Plane84.88.0

This release introduces a change to the file format and path location of replay data stored to Amazon S3 with Log Stream enabled, to improve the performance of storing that data. Replay data is no longer stored under individual objects (one object per chunk), but is instead aggregated so that multiple chunks from different replays may be stored in the same object, up to a limit of 1000 entries or 100 MB per object.

Replay data from Log Stream is now stored similarly to activity and query data. Specifically:

  • The path under which replays are stored in S3 changes from &lt;prefix&gt;/replays/YYYY/MM/DD/HH/MM/&lt;queryUUID&gt;/&lt;chunkID&gt;.json to &lt;prefix&gt;/replays/YYYY/MM/DD/HH/MM/&lt;randomUUID&gt;.json.
  • The content of each JSON object changes from a single chunk per object ({&#34;formatVersion&#34;:&#34;v1.0.0&#34;, &#34;chunkID&#34;:&#34;1&#34; ...}) to N chunks separated by new lines (that is, in JSON lines format, as with queries and activities).
2024-02-28Control Plane84.87.0This changeset clarifies text for access workflows and approval workflows throughout the Admin UI.
2024-02-28Terraform Provider7.5.0This change introduces the new AWS Private CA X.509 Certificate secret store. This secret store is marked as unstable and, as such, is not available for general use yet.
2024-02-27CLI41.18.0This change introduces the new AWS Private CA X.509 Certificate secret store. This secret store is marked as unstable and, as such, is not available for general use yet.
2024-02-27Java SDK6.7.0This change introduces the new AWS Private CA X.509 Certificate secret store. This secret store is marked as unstable and, as such, is not available for general use yet.
2024-02-27Python SDK6.7.0This change introduces the new AWS Private CA X.509 Certificate secret store. This secret store is marked as unstable and, as such, is not available for general use yet.
2024-02-27Go SDK6.7.0This change introduces the new AWS Private CA X.509 Certificate secret store. This secret store is marked as unstable and, as such, is not available for general use yet.
2024-02-27Ruby SDK6.7.0This change introduces the new AWS Private CA X.509 Certificate secret store. This secret store is marked as unstable and, as such, is not available for general use yet.
2024-02-27Control Plane84.75.0This change reports a mocked version of a legacy variable to CLI versions older than 37.0.0 (released February 14, 2023). This variable was removed on February 24, 2024. The absence of this variable could cause the CLI to fail to respect port overrides on new connections.
2024-02-26Java SDK6.6.0This release adds the approval flow ID field to access workflows.
2024-02-26Go SDK6.6.0This release adds the approval flow ID field to access workflows.
2024-02-26Python SDK6.6.0This release adds the approval flow ID field to access workflows.
2024-02-26Ruby SDK6.6.0This release adds the approval flow ID field to access workflows.
2024-02-26Desktop Application21.58.0

Installer behavior has changed to allow silent installations on macOS and Windows and for installations to include updates to Virtual Networking Mode.

On macOS, all PKG installers always require admin privilege, always install StrongDM in /Applications (but are owned by the end user so that update-in-place can still work), and always install the Virtual Networking Mode helper application.

If macOS users want to install the desktop app without Virtual Networking Mode, they should use the DMG distribution. For a silent installation, macOS users should run the installer command line tool with the PKG file as a command line argument.

On Windows, the EXE installers now install Virtual Networking Mode whenever the installer runs as Administrator. If the EXE installer is run as a non-administrator, StrongDM gets installed, but Virtual Networking Mode is not installed or updated.

If Windows users want to install the desktop app without Virtual Networking Mode, they should run the installer as a non-administrator.

Note that the EXE installers on Windows can be executed from the Command Prompt, and the installation will be in silent mode if the /S flag is used with the command.

2024-02-23Control Plane84.67.0This release adds the Update Admins scope to API keys. This is a sensitive scope that allows your key to update admin users.
2024-02-23CLI41.15.0This change removes some deprecated capabilities around disabling port overrides. In particular, some CLI commands under sdm admin ports have been removed.
2024-02-23Control Plane84.63.0This release updates the StrongDM app for Slack with improved tag search functionality that matches the way tag searching works in the Admin UI.
2024-02-23CLI41.14.0This change adds the --download option to the sdm replay rdp CLI command, which allows users to download formatted query logs from StrongDM and immediately render an MP4 from them. Previously, the logs had to be manually retrieved from a relay's logs directory. This does not currently support user-encrypted RDP logs.
2024-02-22Control Plane84.61.0This release fixes a bug that caused resources assigned to peering groups to sometimes incorrectly show as reachable from nodes not in the resource's peering group on the Resources tab of the Admin UI Network > Relays page, the Admin UI Network > Gateways page, and the output of the sdm admin relays list in the CLI. In addition, this release fixes a bug that caused resources shown on the Resources tab of those Admin UI pages not to be ordered by name.
2024-02-22Control Plane84.55.0This release adds support for all filters documented by the CLI help text for sdm admin resources list --filters-help.
2024-02-22CLI41.10.0This release adds support for all filters documented by the CLI help text for sdm admin resources list --filters-help.
2024-02-21Control Plane84.53.0This change fixes a bug in device trust calculations which would prevent assessment storage from CrowdStrike for a CrowdStrike account with over 500 agents.
2024-02-21Control Plane84.51.0User names will no longer prevent creation of service accounts with the same name.
2024-02-20CLI41.8.0This release introduces the GCP Certificate Authority Service, which is not yet available for general use.
2024-02-20Terraform Provider7.3.0This release introduces the GCP Certificate Authority Service, which is not yet available for general use.
2024-02-20Control Plane84.42.0This release introduces the GCP Certificate Authority Service, which is not yet available for general use.
2024-02-20Java SDK6.5.0This release introduces the GCP Certificate Authority Service, which is not yet available for general use.
2024-02-20Go SDK6.5.0This release introduces the GCP Certificate Authority Service, which is not yet available for general use.
2024-02-20Python SDK6.5.0This release introduces the GCP Certificate Authority Service, which is not yet available for general use.
2024-02-20Ruby SDK6.5.0This release introduces the GCP Certificate Authority Service, which is not yet available for general use.
2024-02-20Control Plane84.40.0This release fixes an issue where access requests which were automatically approved would not show the correct approved timestamp when viewing the request details page in the Admin UI.
2024-02-20Control Plane84.38.0This release fixes an issue where activities would not live feed into the Admin UI page on initial load.
2024-02-16Control Plane84.36.0This release fixes an issue where the access requests page of the Admin UI would not load in some instances.
2024-02-16CLI41.6.0This release fixes an issue with the CLI where the sdm doctor -v command did not return any output.
2024-02-12Control Plane84.6.0This release fixes the access details text shown on the Admin UI Request Access page to not reference a reason if there is none.
2024-02-09Control Plane84.2.0This release fixes a bug that caused the /sdm access to command in the StrongDM integration for Slack not to work for non-admin users.
2024-02-09Ruby SDK6.4.0This release adds the new resource type, RDP (Certificate Based) server, which supports Remote Identities.
2024-02-09Java SDK6.4.0This release adds the new resource type, RDP (Certificate Based) server, which supports Remote Identities.
2024-02-09Terraform Provider7.2.0This release adds the new resource type, RDP (Certificate Based) server, which supports Remote Identities.
2024-02-09Python SDK6.4.0This release adds the new resource type, RDP (Certificate Based) server, which supports Remote Identities.
2024-02-09Go SDK6.4.0This release adds the new resource type, RDP (Certificate Based) server, which supports Remote Identities.
2024-02-08Control Plane83.93.0This release adds the Request timeout duration setting to the Settings > Workflows page of the Admin UI.
2024-02-07Control Plane83.83.0The StrongDM integration for Slack has been updated to a new version. This version offers: - Channel-based approvals - Multiple-resource requests - Easier request/resource filtering - UI/UX improvements
2024-02-07Control Plane83.79.0Creating an access request with a reason now has max length validation that matches the server.
2024-02-05Control Plane83.59.0

This release adds the Certificate Authority field to the RDP (Certificate Based) and SSH (Certificate Based) resource forms, allowing users to select a desired Certificate Authority (default is Strong CA). Strong CA is the StrongDM RDP Certificate Authority or StrongDM SSH Certificate Authority, depending on the selected server type.

Strong CA is selected by default and is always the default, even if the Allow Credentials to be Stored with StrongDM option is set in the Admin UI > Settings > Security. Strong CA may be managed in the Admin UI > Network > Certificate Authorities.

2024-02-03Control Plane83.52.0This release fixes a bug when running the sdm audit queries and related CLI commands, where including a filter using the query field to filter by query content would return an error that the filter was invalid.
2024-02-02Control Plane83.49.0This release changes the application of the security setting "Allow Credentials to be Stored with StrongDM." Certificate-based resources, such as SSH (Certificate Based) and RDP (Certificate Based), may be created without assigning a secret store, even if the "Allow Credentials to be Stored with StrongDM" security setting is set to "No."
2024-02-01Control Plane83.43.0This release adjusts the text in the enterprise banner at the top of workflow related pages to no longer reference Reports Library but rather Access Workflows.
2024-02-01CLI40.89.0This release adds secret stores that will request signed x509 certificates from the PKI configured in the secret store. The initially supported PKI is HashiCorp Vault PKI. This new secret store is marked unstable and, as such, is not available for use yet.
2024-02-01Control Plane83.40.0This release adds secret stores that will request signed x509 certificates from the PKI configured in the secret store. The initially supported PKI is HashiCorp Vault PKI. This new secret store is marked unstable and, as such, is not available for use yet.
2024-01-31Control Plane83.34.0This release removes the option to select suspended users as approvers for access workflows.
2024-01-31Java SDK6.3.2This release upgrades the GRPC dependency of the Java SDK to version 1.59.1. This version of the GRPC library fixes an incompatibility with newer versions of the Netty library, which may prevent the SDK from working with frameworks such as recent versions of Spring Boot.
2024-01-31Control Plane83.32.0This release adjusts the logout condition for SentinelOne Device Trust. Previously devices would be logged out if SentinelOne reported them as not live, but testing revealed this value was not being consistently reported; live agents would sometimes be marked offline, causing random logouts. The replacement for this condition requires that a device is offline for 15 minutes before that results in an automatic logout.
2024-01-30Control Plane83.24.0This release allows new certificates to be created for both SSH and RDP without immediately making them active. You can create a certificate, add it to your infrastructure, and then make it active in StrongDM. This enables the certificate rotation process to happen without downtime due to the delay from adding a new certificate. Additionally, previous certificates may be reactivated as a rollback option until they are removed. Certificate Authorities can be managed in the new Network > Certificate Authorities section of the Admin UI.
2024-01-29Desktop Application21.54.0This release restores the missing Connect All menu item to the desktop app menu.
2024-01-29Control Plane83.9.0This release fixes an issue where some organizations could not see reports in the Reports Library.
2024-01-26Control Plane83.4.0This release marks the standing access report as no longer in beta.
2024-01-26Control Plane83.3.0This release fixes a bug in filter functionality for the Access Workflows dashboard.
2024-01-25Java SDK6.3.0This release adds an SDK vertical to request checks for and retrieve the healthiness of the connections between nodes and secret stores.
2024-01-25Go SDK6.3.0This release adds an SDK vertical to request checks for and retrieve the healthiness of the connections between nodes and secret stores.
2024-01-25Python SDK6.3.0This release adds an SDK vertical to request checks for and retrieve the healthiness of the connections between nodes and secret stores.
2024-01-25Ruby SDK6.3.0This release adds an SDK vertical to request checks for and retrieve the healthiness of the connections between nodes and secret stores.
2024-01-25Control Plane82.90.0Add pkg and msi installers to the downloads page
2024-01-25Control Plane82.89.0This release fixes a bug where in rare cases a valid authentication with an admin token or API key would return an unauthenticated error.
2024-01-25Control Plane82.88.0Slack tokens are no longer revoked after a failed refresh attempt.
2024-01-25Control Plane82.87.0Update the default filter on the Standing Access Dashboard.
2024-01-25Control Plane82.86.0

This release augments resource update validation in the case when the secret store of the resource is modified.

See also Server 82.80.0.

2024-01-24CLI40.78.0This release allows the Secret Store field on resources to be updated after creation. When transitioning from using a non-Strong Vault secret store to any other, or vice versa, all sensitive credential field values (those hidden in the AdminUI) are reset to ensure they are not exposed in plaintext. The Terraform Provider still recreates resources when their secret store is updated to ensure it doesn't lose track of its state because of the reset sensitive fields.
2024-01-24Control Plane82.80.0This release allows the Secret Store field on resources to be updated after creation. When transitioning from using a non-Strong Vault secret store to any other, or vice versa, all sensitive credential field values (those hidden in the AdminUI) are reset to ensure they are not exposed in plaintext. The Terraform Provider still recreates resources when their secret store is updated to ensure it doesn't lose track of its state because of the reset sensitive fields.
2024-01-23Control Plane82.75.0This release fixes a broken banner link for StrongDM email alerts.
2024-01-23Control Plane82.74.0This release fixes a condition where authentications could take up to several seconds before they were available to use after logging in.
2024-01-23Control Plane82.73.0This change fixes the filter parameters for the Approvers list in the Access Workflows dashboard.
2024-01-23Control Plane82.70.0This release overhauls the presentation of Reports Library dashboards.
2024-01-22Control Plane82.68.0This change fixes a bug with a deprecated authentication mode used by clients beneath 33.17.0, where those authentications were frequently revoked without reason.
2024-01-19Java SDK6.2.1This change removes some unimplemented snapshot APIs.
2024-01-19Python SDK6.2.1This change removes some unimplemented snapshot APIs.
2024-01-19Ruby SDK6.2.1This change removes some unimplemented snapshot APIs.
2024-01-19Go SDK6.2.1This change removes some unimplemented snapshot APIs.
2024-01-18CLI40.73.0This release fixes an issue that prevented successful authentication for SSH certificate-based resources that had Secret Store IDs set.
2024-01-18CLI40.59.1This release fixes an issue that prevented successful authentication for SSH certificate-based resources that had Secret Store IDs set.
2024-01-18Control Plane82.54.0Added a checkbox in the Admin UI to allow requesters to approve their own requests when they meet the approval criteria for the associated workflow.
2024-01-16Java SDK6.2.0This release updates the SDKs to enable retrieving configured RDP CAs.
2024-01-16CLI40.67.0This release adds the 'sdm admin rdp view-ca' CLI command to retrieve the CA used for certificate-based RDP connections.
2024-01-16Python SDK6.2.0This release updates the SDKs to enable retrieving configured RDP CAs.
2024-01-16Go SDK6.2.0This release updates the SDKs to enable retrieving configured RDP CAs.
2024-01-16Ruby SDK6.2.0This release updates the SDKs to enable retrieving configured RDP CAs.
2024-01-16Terraform Provider7.1.0This release updates the SDKs to enable retrieving configured RDP CAs.
2024-01-12Control Plane82.35.0This release modifies the behavior of the integration with Slack, including help text and welcome message frequency changes.
2024-01-12Control Plane82.30.0This release restores the presence of some missing release notes from the /release-notes endpoint.
2024-01-11CLI40.63.0This release renames the columns of CSV query output to be more consistent between query categories. It also adds three new fields for features in development.
2024-01-11CLI40.61.0This release adds a new, non-stable server type: SSH (Cert Based with User Provisioning). This new server type is in closed beta and not available at this time.
2024-01-09CLI40.57.0This release deprecates the sdm admin ssh rotate-ca command. The correct way to rotate SSH CA is through the credential management area in the Admin UI.
2024-01-09Control Plane82.11.0Admins can now set a fixed duration for access requests on the Workflows settings page of the Admin UI.
2024-01-08CLI40.55.0This release updates the permissions checked when calling sdm ssh resource-name, fixing a recent regression which prevented user-level accounts from executing this action.
2024-01-08CLI40.54.0This release fixes an issue that prevented connections to certain resources with an "unable to load credential type for db type" error. This error is resolved.
2024-01-08Python SDK6.1.0This release adds a Healthcheck verb to the SDKs and the sdm admin &lt;resource-category&gt; CLI trees. From the CLI, one may request a healthcheck via a resource's ID or its name. Note admin tokens are not able to request checks by name if they lack the permission to list resources, as they will not be able to look up the resource.
2024-01-08CLI40.51.0This release adds a Healthcheck verb to the SDKs and the sdm admin &lt;resource-category&gt; CLI trees. From the CLI, one may request a healthcheck via a resource's ID or its name. Note admin tokens are not able to request checks by name if they lack the permission to list resources, as they will not be able to look up the resource.
2024-01-08Java SDK6.1.0This release adds a Healthcheck verb to the SDKs and the sdm admin &lt;resource-category&gt; CLI trees. From the CLI, one may request a healthcheck via a resource's ID or its name. Note admin tokens are not able to request checks by name if they lack the permission to list resources, as they will not be able to look up the resource.
2024-01-08Go SDK6.1.0This release adds a Healthcheck verb to the SDKs and the sdm admin &lt;resource-category&gt; CLI trees. From the CLI, one may request a healthcheck via a resource's ID or its name. Note admin tokens are not able to request checks by name if they lack the permission to list resources, as they will not be able to look up the resource.
2024-01-08Ruby SDK6.1.0This release adds a Healthcheck verb to the SDKs and the sdm admin &lt;resource-category&gt; CLI trees. From the CLI, one may request a healthcheck via a resource's ID or its name. Note admin tokens are not able to request checks by name if they lack the permission to list resources, as they will not be able to look up the resource.
2024-01-05Control Plane82.2.0This changeset adds support for IDP initiated logins for SAML, if enabled within one's StrongDM SSO configuration.
2024-01-04adminui86.20.0This release makes some minor bug fixes for filters within dashboards.
2024-01-04Ruby SDK6.0.1This release unlocks the gemspec for the strongdm ruby SDK expanding openssl from ~> 3.1.0 to ~> 3.1.
2024-01-03adminui86.19.0This release adjusts and improves the user experience for filters within dashboards.
2024-01-02Control Plane81.81.0This release adds a feature to alert organization admins for when the StrongDM RDP CA is close to expiring. It will send alert emails for the following stages: 30 days before expiration, 2 weeks before expiration, 1 week before expiration, 2 days before expiration, 1 day before expiration, and 2 days after expiration.
For changes from previous years, see the Release Notes Archive --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.strongdm.com/changelog/release-notes.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.