Release Notes

Per-software release notes for releases with available customer-facing change information.

For a summarized view of monthly changes, see the Monthly Recap.

Date

Software

Version

Description

2025-08-29

CLI

50.38.0

When creating, cloning, or updating resources via the CLI, you can now use `--bind-subdomain` as an alias for `subdomain` to specify a local DNS address.

2025-08-29

CLI

50.35.0

This release includes more debug information about Kubernetes healthcheck failures to the console.

2025-08-28

Control Plane

113.4.0

This release causes access rules with Kubernetes groups whose names are not valid Kubernetes group names to be rejected. This applies to access rules for access workflows, roles, and account grants.

2025-08-28

CLI

50.32.0

Disables a workaround in the StrongDM RDP driver for a Windows 11 24H2 RDP client bug causing rendering issues with RDP sessions through StrongDM. Microsoft released a fix for this issue in the Windows 11 24H2 build version 26100.3323 update on February 25, 2025, making the workaround obsolete. Disabling this unnecessary workaround improves RDP performance through StrongDM, particularly in high latency/low bandwidth client environments.

2025-08-28

Control Plane

112.96.0

This release disables a workaround in the StrongDM RDP driver for a Windows 11 24H2 RDP client bug causing rendering issues with RDP sessions through StrongDM. Microsoft released a fix for this issue in the Windows 11 24H2 build version 26100.3323 update on February 25, 2025, making the workaround obsolete. Disabling this unnecessary workaround improves RDP performance through StrongDM, particularly in high latency/low bandwidth client environments.

2025-08-28

CLI

50.31.0

This release fixes an issue in the Oracle (NNE) driver where the driver would panic and disconnect when connecting to an Oracle server with only one of encryption or data integrity (checksums) enabled in the Oracle server configuration, but not both. The driver now correctly handles all permutations of the encryption and data integrity server settings (both enabled, both disabled, or only one enabled).

2025-08-27

CLI

50.29.0

Enterprise customers will now be able to update their Virtual Network Mode setting via the CLI using the `sdm admin network vnm` command. The `sdm admin ports subnet` command has been removed.

2025-08-25

CLI

50.21.0

When using Virtual Networking Mode or IP Loopback ranges on macOS, the StrongDM System Service now logs information and errors in the running of the service to `/var/log/sdm.log` to assist in troubleshooting issues with this service.

2025-08-25

Control Plane

112.52.0

This release fixes an issue for customers participating in the Microsoft Entra ID resource beta, where Microsoft Entra ID resources could not be updated through the Admin UI.

2025-08-25

Desktop Application

22.59.9

Fixes an issue where locking using the CLI and starting the Desktop application would not show the expected unlock screen.

2025-08-22

Desktop Application

22.59.8

This release fixes an issue that caused occasional desktop app crashes. It also fixes auth verification to allow for slower network adapters to come online

2025-08-22

Desktop Application

22.94.0

Desktop will now retry validating credentials when the network is not available.

2025-08-22

Control Plane

112.31.0

This release improves the discovery experience, adding the ability to dispatch manual scans from connector details, adding the scan status column to scan table, and fixing a small bug in the connector update form.

2025-08-21

Desktop Application

22.59.7

This release fixes an issue where occasionally the desktop app got stuck loading when logging in via SSO.

2025-08-20

CLI

50.14.0

This release adds missing `proxyClusterId` and `secretStoreId` fields to the example resource JSON templates generated by the CLI.

2025-08-20

Control Plane

112.10.0

Tooltip on the setting for allowing non-sso users no longer includes inaccurate reference to user roles.

2025-08-20

CLI

50.12.0

This release adds support for Managed Identity authentication for MySQL.

2025-08-20

Control Plane

112.5.0

This release adds support for Managed Identity authentication for MySQL.

2025-08-20

Terraform Provider

15.8.0

This release adds support for Managed Identity authentication for MySQL.

2025-08-20

Java SDK

15.8.0

This release adds support for Managed Identity authentication for MySQL.

2025-08-20

Python SDK

15.8.0

This release adds support for Managed Identity authentication for MySQL.

2025-08-20

Go SDK

15.8.0

This release adds support for Managed Identity authentication for MySQL.

2025-08-20

Ruby SDK

15.8.0

This release adds support for Managed Identity authentication for MySQL.

2025-08-19

Control Plane

111.92.0

Principal option in the policy editor no longer prefills the search bar with a selection option

2025-08-18

Control Plane

111.85.0

Selection is cleared after bulk deleting approval workflows.

2025-08-18

CLI

50.10.0

The CLI command `sdm config` now displays the non-sensitive portion of the currently logged-in API access key for troubleshooting purposes.

2025-08-15

CLI

50.8.0

When Virtual Networking Mode is enabled, the resource creation form in the Admin UI now defaults the Connectivity Mode to VNM or Loopback based on the configured organization setting to use VNM for resource IP address allocation by default. Previously Loopback was always the default when creating new resources. When Virtual Networking Mode and/or Loopback IP Ranges are configured, the resource create and update forms both allow an IP address to be automatically assigned from the range configured for the selected connectivity mode by leaving the IP address field blank. Previously, this auto-allocation of an available IP address was supported when creating a resource with VNM but not when updating a resource from loopback to VNM. When updating a resource, the Port Overrides field may also be left blank (or set to -1 in the CLI) to automatically allocate a new available port override for the resource.

2025-08-15

Terraform Provider

15.7.0

2025-08-15

Control Plane

111.75.0

2025-08-15

Java SDK

15.7.0

2025-08-15

Python SDK

15.7.0

2025-08-15

Go SDK

15.7.0

2025-08-15

Ruby SDK

15.7.0

2025-08-14

Control Plane

111.64.0

This release adds a new `--default-to-vnm` parameter to the `sdm admin ports subnet` CLI used to configure Virtual Networking Mode (VNM) settings from the CLI. When VNM is enabled, this parameter allows a choice of whether new resources should default to being created with an available IP address in the VNM subnet or in the loopback subnet, when an explicit IP address is not specified. These settings are also exposed through the Network Settings in the Admin UI.

2025-08-14

CLI

50.6.0

2025-08-14

Desktop Application

22.90.0

- [Fix] Prevents the desktop app from getting into a stuck loading state when authenticating with SSO

2025-08-13

Control Plane

111.53.0

When adding secrets in the Admin UI the unique name validation now only checks uniqueness within the secret engine the secret is being added to.

2025-08-13

Control Plane

111.52.0

This release adds support to RDP (Certificate Based) resources for Identity Aliases containing Active Directory user SIDs for authenticating to RDP servers with Full Enforcement mode enabled (see the [Microsoft Support Post](https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16). Previously, Full Enforcement mode was required to be disabled on the domain controllers via the `StrongCertificateBindingEnforcement` registry setting, because StrongDM issued certificates did not contain the user SID required by this mode. Now, user SIDs may be explicitly specified in Identity Aliases by optionally including the SID in the alias, in either the format `USER@DOMAIN:SID`, `DOMAIN\USER:SID`, or `USER:SID`. This is currently only supported for the StrongDM RDP and ADCS certificate authorities.

2025-08-13

CLI

50.3.0

2025-08-13

CLI

50.2.0

RDP resources using certificate authentication with leased credentials now support an optional SID (Security Identifier) field. This allows administrators to explicitly specify the Windows SID for user authentication, providing more precise control over RDP certificate-based access. The SID field is available in the Admin UI, CLI, and all SDKs when configuring RDP certificate resources with leased credentials. Specifying an SID is required to authenticate with an RDP server with Full Enforcement mode enabled (see the [Microsoft Support Post](https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16)

2025-08-13

Control Plane

111.47.0

2025-08-13

Terraform Provider

15.6.0

2025-08-13

Java SDK

15.6.0

2025-08-13

Go SDK

15.6.0

2025-08-13

Python SDK

15.6.0

2025-08-13

Ruby SDK

15.6.0

2025-08-12

Control Plane

111.40.0

Messages to approvers on our Slack integration now automatically update with the latest status when an access request is cancelled by the requester or times out.

2025-08-12

Control Plane

111.36.0

Users will now land on the catalog page after logging in if their org has workflows enabled

2025-08-12

Control Plane

111.33.0

This release addresses a bug that was sometimes causing an infinite loop of paginating on the discovered resources table.

2025-08-11

Control Plane

111.28.0

2025-08-11

Control Plane

111.27.0

Improves the subdomain validation in the StrongDM Admin UI when creating resources with an HTTP or DNS subdomain. Previously, subdomains exceeding the maximum permitted length (63 characters) were incorrectly permitted, resulting in subdomains that were not resolvable on client systems. Existing resources that may have been created with a too-long name can continue to be updated, but new subdomains specified when creating or updating a resource are now validated and invalid subdomains will be rejected. Resource clones will now attempt to set the HTTP/DNS subdomain of a new resource to the original subdomain plus the suffix `-copy`, on a best effort, if a new subdomain for the cloned resource is not explicitly specified. If appending `-copy` would produce an invalid (too long) subdomain, clone now defaults to generating a random subdomain which may be changed after the cloned resource is created.

2025-08-11

Desktop Application

22.59.6

- [Fix] When a user denies an MFA request on unlock an error now is displayed in the desktop app

2025-08-11

Desktop Application

22.88.0

This release addresses a bug where when denying an MFA request on unlock, the app would not show an alert, informing the user of the denial.

2025-08-11

Desktop Application

22.59.5

Polls to keep the authentication session alive while the desktop application is running

2025-08-11

Control Plane

111.22.0

This release updates privilege levels to be able to be applied to Kubernetes pod identities on dynamic access rules.

2025-08-08

Control Plane

111.15.0

This release improves the Slack app experience. Approve/Deny buttons no longer appear when the user is an approver and is unable to supply a decision for an approval step or has already submitted a decision.

2025-08-08

Control Plane

111.12.0

This release adds the update connector form to the Settings tab of connector details pages in the Admin UI and includes a small change to the connector forms.

2025-08-07

CLI

49.92.0

This release fixes an issue with RDP (Certificate Based) resources where in some Windows environments, the invocation of unimplemented SmartCard operations would cause an unexpected disconnection from the RDP server.

2025-08-07

Control Plane

111.3.0

This release adds an additional column to the scans table on connector details pages in the Admin UI.

2025-08-06

CLI

49.86.0

This release fixes an issue with RDP certificate based resources when invoking some ASCII-based smart card operations. In some Windows environments, the invocation of these previously unimplemented operations would cause an unexpected disconnection from the RDP server.

2025-08-06

Control Plane

110.95.0

This release fixes an issue involving updating a secret engine back to a previous value.

2025-08-05

CLI

49.85.0

This release fixes an issue with the Aerospike resource type where the `show sets` command would fail and close the connection against Aerospike versions 6.x and earlier.

2025-08-05

CLI

49.84.0

This release fixes an issue when using Virtual Networking Mode on macOS where the VNM DNS suffix (".sdm.network" in the StrongDM US control plane) was incorrectly added to the client DNS resolver's search domains.

2025-08-05

Control Plane

110.76.0

This release improves the readability of secret engine diagnostics.

2025-08-01

Control Plane

110.67.0

This release fixes an issue where attempting to connect to a resource that is not healthy would incorrectly mark that resource as healthy, until the next periodic background or forced healthcheck ran.

2025-08-01

Control Plane

110.55.0

This release adds a connectors detail page with a paginated scans table showing scan history.

2025-07-31

Control Plane

110.51.0

This release enables access request messages to our Slack integration to now automatically refresh when updates to access request status are made, instead of having to manually click "refresh" to receive updates.

2025-07-31

Control Plane

110.49.0

This release fixes an issue where request listing would fail in Microsoft Teams for access requests for deleted resources.

2025-07-31

Control Plane

110.48.0

This release updates bouncing email notifications to include a link to the StrongDM Help Center (https://help.strongdm.com/hc/en-us).

2025-07-31

Control Plane

110.47.0

This release makes Virtual Networking Mode (VNM) generally available to all organizations on the Enterprise plan. This feature allows clients to optionally connect to StrongDM resources through a virtual software-defined network instead of via loopback addresses.

2025-07-31

Desktop Application

22.59.4

This release allows for the installation of a symlink to the CLI when the VNM adapter is also installed.

2025-07-30

Desktop Application

22.84.0

This release modifies the Windows installer so that, when run by an Administrator, it installs a sdm.exe symlink in the target user's PATH.

2025-07-30

CLI

49.75.0

This release modifies the Windows installer so that, when run by an Administrator, it installs a sdm.exe symlink in the target user's PATH.

2025-07-30

Desktop Application

22.83.0

This release fixes an issue where the desktop app fails to start the listener due to a failure when loading stored credentials.

2025-07-30

Desktop Application

22.59.3

This release fixes an issue where the listener process attempts to spawn repeatedly if credentials fail to be verified due to network issues. Each launch of the listener kills the previous process causing unpredictable behavior.

2025-07-28

Control Plane

110.14.0

This release renames "Assets" to "Discovered Resources" across the Admin UI and moves the assets navigation.

2025-07-28

Control Plane

110.8.0

This release fixes an issue in the newly added email bounce limiters that would flag emails that had an automatic response set up (for example, out of office notifications) as bouncing.

2025-07-28

Control Plane

110.3.0

This release cleans up the Admin UI for filtering entitlements by removing the unused **Policy** reason.

2025-07-26

CLI

49.58.0

This update adds an approver reference to the `sdm audit` output for approval workflows.

2025-07-26

Control Plane

109.99.0

This update adds an approver reference to the `sdm audit` output for approval workflows.

2025-07-25

Control Plane

109.95.0

This release fixes an issue that caused resources not to be accessible on clients when MFA unlocked the client from the CLI.

2025-07-23

Control Plane

109.73.0

This release addresses an issue where ServiceNow resources were being marked inactive incorrectly in the ServiceNow table.

2025-07-23

Control Plane

109.69.0

This release updates Entitlements to request needed conditionally rendered data in a modal.

2025-07-22

CLI

49.55.0

This release fixes an issue where the `sdm doctor` diagnostics report would timeout in organizations with more than 10 gateways configured.

2025-07-21

Control Plane

109.51.0

This release adds RSA ID Plus as a new MFA provider.

2025-07-18

Control Plane

109.44.0

This release deprecates Kubernetes User Impersonation resources.

2025-07-18

Control Plane

109.28.0

This release addresses an issue where provisioned Google groups would stop syncing after a provisioned group was deleted.

2025-07-17

Control Plane

109.19.0

For admins, this release updates the workflow reference on an access request details page to link to that workflow.

2025-07-17

Control Plane

109.17.0

This release adds checks preventing the sending of emails to addresses and domains that bounce. Admins will be notified when an email is limited to allow for remediation.

2025-07-17

Control Plane

109.16.0

This release adds Asset ID support to GraphQL Node resolver to enable proper pagination, adds new managedResources resolver with pagination support, and adds the managed resource table to the Asset Details Page in the Admin UI.

2025-07-16

Control Plane

109.6.0

This release fixes issue where the More option when selecting approvers for a workflow was causing the combobox to break.

2025-07-14

CLI

49.35.0

During scheduled maintenance windows, workers within a proxy cluster now coordinate automatic updates with each other to ensure only one worker at a time is down within the cluster. Every worker within the cluster must be configured with the same maintenance window.

2025-07-14

Control Plane

108.78.0

2025-07-14

Control Plane

108.77.0

This release updates the Access Workflow editor to respect the organization's access rule quota.

2025-07-11

Desktop Application

22.70.0

This release improves rendering changes in the Admin UI's resource list, resulting in reduced layout shift, a more responsive feel, and a more performant UI experience.

2025-07-10

Control Plane

108.52.0

This release adds an extended timeout for the access catalog page and creating access requests in the Admin UI.

2025-07-09

Control Plane

108.41.0

This release changes how unused tags are handled, so any tags that have not been used for 90 days or more will now be automatically deleted.

2025-07-09

CLI

49.26.0

When shutting down for update and configured with `SDM_ORCHESTRATOR_PROBES`, proxy workers now shut down the orchestrator probes and wait 90 seconds for connections to drain before completing the graceful shutdown.

2025-07-08

Control Plane

108.31.0

This release fixes an issue with some log aggregators where 64-bit integers could become truncated by switching to string representations where possible.

2025-07-07

CLI

49.21.0

This release updates many CLI commands so that they now report a more informative error message when permission is denied due to an MFA unlock requirement.

2025-07-07

Control Plane

108.10.0

This release updates the Admin UI with diagnostic download buttons on the Gateways, Relays, and Proxy Clusters pages, which allow administrators to download bulk diagnostics and logs for many nodes at once.

2025-07-07

Control Plane

108.3.0

This release updates secret engines to be automatically health checked.

2025-07-07

CLI

49.18.0

This release updates secret engines to be automatically health checked.

2025-07-03

Control Plane

107.93.0

This release adds a `kind` filter to the Assets table and renames the `type` column to `kind`.

2025-07-03

Control Plane

107.87.0

This release updates resource counts that appear under **Requests** > **Catalog** in the Admin UI to now correctly include only resources from enabled workflows.

2025-07-01

Control Plane

107.76.0

This release fixes an issue where the download for managed secret reports was missing read logs.

2025-07-01

Control Plane

107.74.0

This release fixes the AD Secret Engine configuration form to no longer require the **Password** field.

2025-06-30

Desktop Application

22.63.0

This release fixes an issue that caused the desktop app to get stuck "Waiting for connection" after login.

2025-06-30

Control Plane

107.61.0

This release updates the **Log Encryption** tab under **Settings** > **Security** to allow finer control of what types of logs get stored with StrongDM.

2025-06-30

Control Plane

107.55.0

This release allows organization data structures accessed through the Go, Java, Python, or Ruby SDKs to now expose their logging configuration settings through a nested `log_config` member. This structure will also expose per-log-category configuration for log data stored with StrongDM. The existing fields have been marked deprecated.

2025-06-30

Java SDK

15.2.0

2025-06-30

Python SDK

15.2.0

2025-06-30

Go SDK

15.2.0

2025-06-30

Ruby SDK

15.2.0

2025-06-27

Control Plane

107.48.0

This release updates the Admin UI pages for Users, Gateways, and Relays with Download Diagnostics buttons, which download a zip file containing detailed diagnostic information including logs and metrics. These buttons are only visible to administrators. If the client or node is offline, or if they are running a CLI version below 47.81.0, no information will be reported.

2025-06-26

CLI

48.94.0

This release updates the `sdm kubernetes update-config` command to respect the `KUBECONFIG` environment variable. If `KUBECONFIG` is set, the command updates the first path listed. If not, it defaults to the standard kubeconfig location for your OS.

2025-06-25

Control Plane

107.31.0

This release fixes an issue where certificate authorities were showing up as options when creating secret engines.

2025-06-25

CLI

48.93.0

This release adds support for Aerospike, a distributed NoSQL database. Aerospike resources can now be created through the Admin UI, CLI, SDKs, and Terraform.

2025-06-25

Control Plane

107.30.0

This release adds support for Aerospike, a distributed NoSQL database. Aerospike resources can now be created through the Admin UI, CLI, SDKs, and Terraform.

2025-06-25

Terraform Provider

14.26.0

This release adds support for Aerospike, a distributed NoSQL database. Aerospike resources can now be created through the Admin UI, CLI, SDKs, and Terraform.

2025-06-25

Java SDK

15.1.0

This release adds support for Aerospike, a distributed NoSQL database. Aerospike resources can now be created through the Admin UI, CLI, SDKs, and Terraform.

2025-06-25

Python SDK

15.1.0

This release adds support for Aerospike, a distributed NoSQL database. Aerospike resources can now be created through the Admin UI, CLI, SDKs, and Terraform.

2025-06-25

Ruby SDK

15.1.0

This release adds support for Aerospike, a distributed NoSQL database. Aerospike resources can now be created through the Admin UI, CLI, SDKs, and Terraform.

2025-06-25

Go SDK

15.1.0

This release adds support for Aerospike, a distributed NoSQL database. Aerospike resources can now be created through the Admin UI, CLI, SDKs, and Terraform.

2025-06-24

CLI

48.92.0

This release removes the workflow assignments and workflow assignments history services due to low utilization and server-side design changes. Older versions of the SDK will no longer be able to use these services. Admins can still determine what resources are attached to each workflow by examining the access rules for that workflow. The corresponding CLI commands `sdm admin workflow list workflow-assignments` and `sdm audit workflow-assignments` are also removed.

2025-06-24

Control Plane

107.27.0

2025-06-24

Java SDK

15.0.0

2025-06-24

Go SDK

15.0.0

2025-06-24

Python SDK

15.0.0

2025-06-24

Ruby SDK

15.0.0

2025-06-24

Control Plane

107.21.0

This release adds Secret Engines and Secrets tabs to the Secret Management Settings page. It also adds the ability for admins to create, edit, and delete secret engines and secrets.

2025-06-24

CLI

48.89.0

This release updates the CLI to support installing SDM nodes (gateway and relay) through the node flag `sdm install --node`. This flag supports two aliases, `gateway` and `relay`, in order to install the StrongDM node. Example Usage: `sdm install --node` is the general usage to install a relay or gateway. You can, however, use more specific aliases like `sdm install --relay` or `sdm install --gateway` in order to install StrongDM nodes.

2025-06-23

CLI

48.84.0

This release fixes an issue when using a RDP certificate resource with an Active Directory Certificate Services Certificate Authority where a misconfiguration of the CA preventing certificates from being issued successfully may result in StrongDM nodes incorrectly handling that error and crashing. This has been fixed, so that certificate issue errors from ADCS are now handled and reported as health check errors. This release also fixes an issue where using a RDP Certificate resource with an Active Directory Certificate Services Certificate Authority with an IIS server configured with HTTP/2 enabled would cause resource health checks to fail with a HTTP_1_1_REQUIRED error due to IIS not supporting HTTP/2 with NTLM authentication. Previously, HTTP/2 had to be explicitly disabled in IIS when using ADCS with StrongDM. The StrongDM ADCS client now correctly issues an HTTP/1.1 request so the IIS configuration no longer has to be modified.

2025-06-20

Control Plane

107.2.0

This release fixes an issue that caused the desktop app with locked authentication to unnecessarily require a fresh login on restart.

2025-06-20

CLI

48.81.0

This release fixes an issue where proxy clusters did not determine the source client IP address properly.

2025-06-20

CLI

48.76.0

With this release, Oracle resources now support connecting via JDBC versions that are newer than 23.2.0.0 all the way up to the latest. Versions with newly added support (JDK 8 and 11) are 23.3.0.23.09, 23.4.0.24.05, 23.5.0.24.07, 23.6.0.24.10, 23.7.0.25.01, and 23.8.0.25.04.

2025-06-20

CLI

48.75.0

This release makes the Trino datasource type generally available.

2025-06-20

Control Plane

106.91.0

This release makes the Trino datasource type generally available.

2025-06-20

Terraform Provider

14.25.0

This release makes the Trino datasource type generally available.

2025-06-20

Java SDK

14.25.0

This release makes the Trino datasource type generally available.

2025-06-20

Python SDK

14.25.0

This release makes the Trino datasource type generally available.

2025-06-20

Go SDK

14.25.0

This release makes the Trino datasource type generally available.

2025-06-20

Ruby SDK

14.25.0

This release makes the Trino datasource type generally available.

2025-06-20

Control Plane

106.90.0

This release adds TLS support to DB2 LUW. It can be enabled by checking the `Require TLS` option.

2025-06-20

CLI

48.74.0

This release adds TLS support to DB2 LUW. It can be enabled by checking the `Require TLS` option.

2025-06-20

Terraform Provider

14.24.0

This release adds TLS support to DB2 LUW. It can be enabled by checking the `Require TLS` option.

2025-06-20

Java SDK

14.24.0

This release adds TLS support to DB2 LUW. It can be enabled by checking the `Require TLS` option.

2025-06-20

Python SDK

14.24.0

This release adds TLS support to DB2 LUW. It can be enabled by checking the `Require TLS` option.

2025-06-20

Go SDK

14.24.0

This release adds TLS support to DB2 LUW. It can be enabled by checking the `Require TLS` option.

2025-06-20

Ruby SDK

14.24.0

This release adds TLS support to DB2 LUW. It can be enabled by checking the `Require TLS` option.

2025-06-17

Desktop Application

22.58.0

This release enhances the copy menu for resources in the StrongDM Desktop application to allow copying the IP address, with or without the port, of resources using the Virtual Networking Mode feature. This release also includes the ability to copy only the IP address for all resources, plus minor changes to the names of the menu items to improve clarity.

2025-06-17

Desktop Application

22.57.0

This release fixes an issue where clicking the `Restart` action in an update notification doesn't trigger the desktop app to install and restart.

2025-06-16

Desktop Application

22.56.0

When using the Virtual Networking Mode feature, the StrongDM Desktop application now displays the IP address through which VNM-enabled resources may be accessed, alongside the resource's assigned hostname. There are no changes to the display of loopback and HTTP resources.

2025-06-16

CLI

48.63.0

This release updates `sdm status` to display the fully qualified domain name through which resources using the Virtual Networking Mode feature can be accessed. This field is not displayed when VNM is not enabled. In addition, `sdm status` now displays the status, resource type, and local bind address for website resources, similar to the existing output for other types of resources.

2025-06-16

Terraform Provider

14.23.0

This release updates the SDKs and Terraform provider to expose the PortOverride field in HTTPBasicAuth, HTTPNoAuth, and HTTPAuth resources, allowing the local port used by clients to connect to the resource to be explicitly specified, as with other resource types. Previously this field was exposed in the Admin UI and CLI interfaces for these resource types, but was not available in the SDKs.

2025-06-16

Java SDK

14.23.0

2025-06-16

Python SDK

14.23.0

2025-06-16

Go SDK

14.23.0

2025-06-16

Ruby SDK

14.23.0

2025-06-13

Control Plane

106.33.0

This release adds the ability to delete a connector to the connector actions menu in the Admin UI.

2025-06-13

Control Plane

106.28.0

This release introduces the crawl interval to connector create and update forms.

2025-06-13

Desktop Application

22.54.0

This release fixes an issue where cloud CLI and TCP resources would not display the resource hostname/IP address and port through which those resources can be accessed in the desktop app.

2025-06-13

CLI

48.60.0

This release fixes an issue where cloud CLI and TCP resources would not display the resource hostname/IP address and port through which those resources can be accessed in the desktop app.

2025-06-13

Control Plane

106.24.0

This release fixes an issue where cloud CLI and TCP resources would not display the resource hostname/IP address and port through which those resources can be accessed in the desktop app.

2025-06-12

CLI

48.59.0

This release fixes an issue where Microsoft SQL Server (Azure AD) and Microsoft SQL Server (Kerberos) resources would fail to successfully health check or allow client connections to SQL Server instances configured to redirect rather than proxy client connections to the target SQL Server instance.

2025-06-12

Control Plane

106.1.0

This release adds support for query metadata including backend PID and Session Start Time to be available with the Postgres driver.

2025-06-12

CLI

48.54.0

This release adds support for query metadata including backend PID and Session Start Time to be available with the Postgres driver.

2025-06-12

CLI

48.53.0

This release adds session start time in metadata for MSSQL driver queries.

2025-06-12

Control Plane

106.0.0

This release updates the `legacyResourceFragment` to include `entityId` and updates fragment and generated files from the fragment.

2025-06-11

Control Plane

105.97.0

This release introduces sortable columns to the Connectors table in the Admin UI.

2025-06-11

CLI

48.50.0

This release adds support for key pair authentication for the Snowflake driver.

2025-06-11

Java SDK

14.22.0

This release adds support for key pair authentication for Snowflake.

2025-06-11

Python SDK

14.22.0

This release adds support for key pair authentication for Snowflake.

2025-06-11

Ruby SDK

14.22.0

This release adds support for key pair authentication for Snowflake.

2025-06-11

Go SDK

14.22.0

This release adds support for key pair authentication for Snowflake.

2025-06-09

Control Plane

105.74.0

This release fixes an issue where CLI output could not be displayed after granting temporary access.

2025-06-09

CLI

48.45.0

This release fixes an issue where CLI output could not be displayed after granting temporary access.

2025-06-09

CLI

48.42.0

This release fixes an issue where a failure during an update of the StrongDM client may sometimes leave temporary update files in /tmp.

2025-06-09

Control Plane

105.66.0

This release updates the Network > Gateways and Network > Relays pages of the Admin UI to display the last heartbeat time for nodes that are offline, instead of "unknown".

2025-06-09

Control Plane

105.64.0

This release fixes an issue where the Policies Logs page in the Admin UI may sometimes fail to show any results due to a timeout in retrieving logs from the StrongDM control plane.

2025-06-09

Control Plane

105.63.0

This release fixes incorrect URLs in device trust and user self-sign up notification emails.

2025-06-09

CLI

48.41.0

This release fixes an issue introduced in CLI version 48.5.0 where the CLI may fail to connect to the StrongDM control plane in an environment where the AWS root certificate authorities are not present in the operating system root CA store.

2025-06-05

Control Plane

105.52.0

This release fixes an issue where tags would appear to update in workflows but would not actually get updated.

2025-06-04

Control Plane

105.35.0

This release includes minor improvements to the display of logs in the Admin UI when using public key encryption for remote logs or not storing logs to StrongDM. All logs pages now clearly indicate when logs are encrypted and display the hash of the log when encrypted or not stored, matching the existing behavior of the Queries log page.

2025-06-03

CLI

48.26.0

This release updates Oracle resources to support connecting via JDBC versions that are newer than 23.2.0.0 all the way up to the latest. Versions with the newly added support (JDK 8 and 11) are 23.3.0.23.09, 23.4.0.24.05, 23.5.0.24.07, 23.6.0.24.10, 23.7.0.25.01, and 23.8.0.25.04.

2025-06-02

CLI

48.19.0

This release updates StrongDM to now accept PKCS8-formatted RSA private keys in addition to PKCS1 when decrypting data using the CLI.

2025-05-30

Desktop Application

22.38.0

This release fixes an issue that prevented users with two dots in their email address from logging in.

2025-05-30

CLI

48.15.0

This release updates the CLI so that `sdm install --worker` now sets the worker to send logs to `journald`. Instead of tailing `~/.sdm/sdm.log`, you can now see logs via `journalctl -fu sdm-worker`. `sdm install` and `sdm install --relay` remain unchanged. Workers that have already been installed via `sdm install --worker` will continue to send logs to `~/.sdm/sdm.log`. This release also fixes an issue that prevented workers from rotating this log file.

2025-05-29

CLI

48.13.0

This release fixes an issue with the Kubernetes driver where interactive sessions may continue to consume some memory on nodes and prevent a node from shutting down cleanly after the connection is closed. In addition, this release fixes an issue with the RDP driver where connections aborted early may continue to consume some memory on nodes and prevent a node from shutting down cleanly after the connection is closed.

2025-05-29

Desktop Application

22.37.0

This release fixes an issue with locking. When executing `sdm lock` from the CLI, the desktop app now shows the locked state screen, allowing the user to unlock via the desktop app.

2025-05-28

CLI

48.5.0

This release updates the CLI so that when communicating with the control plane, the CLI now trusts the root certificates stored in the operating system trust store, in addition to the Amazon AWS root certificates that it previously pinned.

2025-05-28

CLI

48.3.0

This release adds the missing Type column to the output of the `sdm admin nodes list` CLI command.

2025-05-27

CLI

48.1.0

This release makes the session ID of query tracking available through metadata for the MSSQL driver. Use the `sdm audit queries` CLI command to check.

2025-05-27

Control Plane

104.69.0

This release makes the session ID of query tracking available through metadata for the MSSQL driver. Use the `sdm audit queries` CLI command to check.

2025-05-23

CLI

47.98.0

This release allows requests that result in a rate limit error to be retried indefinitely until the deadline, if any, is reached. Retries now use exponential backoff to improve reliability.

2025-05-23

Terraform Provider

14.20.0

This release allows requests that result in a rate limit error to be retried indefinitely until the deadline, if any, is reached. Retries now use exponential backoff to improve reliability.

2025-05-23

Python SDK

14.20.0

This release allows requests that result in a rate limit error to be retried indefinitely until the deadline, if any, is reached. Retries now use exponential backoff to improve reliability.

2025-05-23

Go SDK

14.20.0

This release allows requests that result in a rate limit error to be retried indefinitely until the deadline, if any, is reached. Retries now use exponential backoff to improve reliability.

2025-05-23

Ruby SDK

14.20.0

This release allows requests that result in a rate limit error to be retried indefinitely until the deadline, if any, is reached. Retries now use exponential backoff to improve reliability.

2025-05-23

Terraform Provider

14.18.1

This release adds a custom resource type called `sdm_managed_secret_value` that will provide an encrypted value for the creation of managed_secrets. Values of `sdm_secret_engine`, `public_key` attribute, and `sdm_managed_secret.value` are now Base64-encoded.

2025-05-22

CLI

47.93.0

Support for `PasswordAuthenticator` in Cassandra driver.

2025-05-21

Desktop Application

22.32.0

This release fixes an issue where the desktop app login screen would get stuck and the user could not log in.

2025-05-21

Control Plane

104.45.0

This release adds an online status indicator on the proxy cluster details page of the Admin UI. In addition, this release fixes an issue preventing database operators and database administrators from viewing proxy clusters in the Admin UI.

2025-05-21

CLI

47.86.0

This release adds the TLS Required checkbox for Trino. If turned on, StrongDM is able to grant access to Trino running over HTTPS. If disabled it will be able to connect through HTTP.

2025-05-21

Control Plane

104.43.0

This release adds the TLS Required checkbox for Trino. If turned on, StrongDM is able to grant access to Trino running over HTTPS. If disabled it will be able to connect through HTTP.

2025-05-21

Terraform Provider

14.15.0

This release adds a new sdm_rdp_ca_pubkey data source in the Terraform provider, exposing the Public Key of the StrongDM RDP CA for Terraform workflows. No migrations are needed. Users can simply add a new data source for the Terraform provider.

2025-05-20

Desktop Application

22.31.0

This release fixes an issue where, when users freshly installed the desktop app, a failure might occur on load that would prevent the user from logging in for the first time.

2025-05-20

CLI

47.85.0

This release adds support for Oracle JDBC 23.2.0.0 thin clients with the Oracle driver.

2025-05-19

Control Plane

104.31.0

This release enables approval workflows to be defined, which specify an approver by their relationship to the requester. Specifically, the approver can be the requester's manager, and their manager's manager. A user's manager is resolved from SCIM data if present and can be manually overridden or set if needed.

2025-05-19

Control Plane

104.30.0

This release allows you to audit historical data on the SCIM metadata field and the ManagerID field for StrongDM users from the CLI using the `sdm audit users` CLI command.

2025-05-19

CLI

47.83.0

This release allows for auditing of historical data on the SCIM metadata field and the ManagerID field for StrongDM users from the CLI using the `sdm audit users` CLI command.

2025-05-19

CLI

47.81.0

This release fixes an issue with proxy cluster diagnostics that caused them to fail when ICMP was blocked. Bridged proxy workers now refuse to start if they cannot connect to the bridge within 5 seconds. Additional diagnostics have been added specifically for bridged proxy clusters.

2025-05-16

Control Plane

104.24.0

This release adds Proxy Cluster ID as an extended column in resource list CLI commands. In addition, this release fixes an issue where the `sdm admin nodes list` CLI command showed no reachable resources for proxy clusters.

2025-05-16

CLI

47.80.0

This release adds Proxy Cluster ID as an extended column in resource list CLI commands. In addition, this release fixes an issue with the `sdm admin nodes list` CLI command, where no reachable resources for proxy clusters were shown.

2025-05-16

Control Plane

104.21.0

This release allows the history of the managerID field on Accounts Users objects to be audited. The snapshot functionality of the Accounts SDK provides the ability to check the state of the managerID field on accounts at a particular point in time, and the Accounts History SDK provides the ability to check all past states of the managerID field on an account between two points in time.

2025-05-15

CLI

47.77.0

This release fixes an issue with bridge workers and third-party certificates with multiple DNS names.

2025-05-15

Desktop Application

22.27.1

This release fixes an issue where users in organizations using TOTP MFA could not unlock the desktop app. Note that users may have to log out and log back in if the update does not immediately fix the unlock issue. Users can do this by choosing "Logout" from the menu or by running "sdm logout" in the CLI. Closing the desktop app while in a locked state will also cause the user to be logged out.

2025-05-15

CLI

47.65.1

2025-05-15

CLI

47.49.1

This release removes an unused capability from the StrongDM System Service when using the Virtual Networking Mode feature that added the cloud proxy certificate to the system root certificate trust store when logged in to an organization with VNM enabled.

2025-05-15

CLI

47.22.1

This release adds support for IAM role-based authentication for Redshift Cluster and Redshift Serverless.

2025-05-15

Control Plane

103.90.1

2025-05-15

Control Plane

101.95.1

This release exposes the manager id field of a user in `sdm admin users list` and improves the formatting of SCIM data when the `--json` flag is used.

2025-05-15

Control Plane

102.36.1

This release adds support for IAM role-based authentication for Redshift Cluster and Redshift Serverless.

2025-05-15

CLI

47.12.1

This release exposes the manager id field of a user in `sdm admin users list` and improves the formatting of SCIM data when the `--json` flag is used.

2025-05-14

Desktop Application

22.29.0

This release fixes an issue where the resource Lock button was stuck in a disabled state after locking the resource.

2025-05-14

Control Plane

104.5.0

This release adds support for the EC2 and IAM authentication methods for HashiCorp Vault.

2025-05-14

CLI

47.76.0

This release adds support for the EC2 and IAM authentication methods for HashiCorp Vault.

2025-05-14

Terraform Provider

14.14.0

This release adds support for the EC2 and IAM authentication methods for HashiCorp Vault.

2025-05-14

Python SDK

14.14.0

This release adds support for the EC2 and IAM authentication methods for HashiCorp Vault.

2025-05-14

Ruby SDK

14.14.0

This release adds support for the EC2 and IAM authentication methods for HashiCorp Vault.

2025-05-14

Go SDK

14.14.0

This release adds support for the EC2 and IAM authentication methods for HashiCorp Vault.

2025-05-13

Control Plane

104.1.0

This release changes the name of the Trino driver.

2025-05-13

CLI

47.73.0

This release changes the name of the Trino driver.

2025-05-13

CLI

47.72.0

This release fixes an issue in the AWS Management Console resource where opening the resource may redirect to the AWS Console for a region different from what was configured in the resource.

2025-05-13

Control Plane

103.98.0

This release adds support for Oracle database connections via Native Network Encryption (NNE). This can be accessed via the new Oracle (NNE) datasource type.

2025-05-13

CLI

47.71.0

This release adds support for Oracle database connections via Native Network Encryption (NNE). This can be accessed via the new Oracle (NNE) datasource type.

2025-05-13

Terraform Provider

14.13.0

This release adds support for Oracle database connections via Native Network Encryption (NNE). This can be accessed via the new Oracle (NNE) datasource type.

2025-05-13

Python SDK

14.13.0

This release adds support for Oracle database connections via Native Network Encryption (NNE). This can be accessed via the new Oracle (NNE) datasource type.

2025-05-13

Ruby SDK

14.13.0

This release adds support for Oracle database connections via Native Network Encryption (NNE). This can be accessed via the new Oracle (NNE) datasource type.

2025-05-13

Go SDK

14.13.0

This release adds support for Oracle database connections via Native Network Encryption (NNE). This can be accessed via the new Oracle (NNE) datasource type.

2025-05-13

Control Plane

103.97.0

This release improves the wording used on error panels in the Microsoft Teams integration.

2025-05-12

Desktop Application

22.28.0

This release fixes an issue where users in organizations using TOTP MFA could not unlock the desktop app. Note that users may have to log out and log back in if the update does not immediately fix the unlock issue. Users can do this by choosing "Logout" from the menu or by running `sdm logout` in the CLI. Closing the desktop app while in a locked state will also cause the user to be logged out.

2025-05-12

CLI

47.66.0

This release fixes an issue where users in organizations using TOTP MFA could not unlock the desktop app. Note that users may have to log out and log back in if the update does not immediately fix the unlock issue. Users can do this by choosing "Logout" from the menu or by running `sdm logout` in the CLI. Closing the desktop app while in a locked state will also cause the user to be logged out.

2025-05-12

Control Plane

103.90.0

This release adds software and hardware TOTP support for RSA Secure ID Plus.

2025-05-09

CLI

47.63.0

This release fixes an issue that broke connections to Cassandra resources with the "TLS required" checkbox checked.

2025-05-09

Control Plane

103.85.0

This release corrects a previous server-side issue where customers could not unset the "manager_id" field on an accounts user object via the Go, Python, Ruby, or Java SDKs and the Terraform provider.

2025-05-09

Terraform Provider

14.11.0

This release corrects a previous server-side issue where customers could not unset the "manager_id" field on an accounts user object via the Go, Python, Ruby, or Java SDKs and the Terraform provider.

2025-05-09

Python SDK

14.11.0

This release corrects a previous server-side issue where customers could not unset the "manager_id" field on an accounts user object via the Go, Python, Ruby, or Java SDKs and the Terraform provider.

2025-05-09

Ruby SDK

14.11.0

This release corrects a previous server-side issue where customers could not unset the "manager_id" field on an accounts user object via the Go, Python, Ruby, or Java SDKs and the Terraform provider.

2025-05-09

Go SDK

14.11.0

This release corrects a previous server-side issue where customers could not unset the "manager_id" field on an accounts user object via the Go, Python, Ruby, or Java SDKs and the Terraform provider.

2025-05-08

Python SDK

14.10.0

This release updates the accounts users model to have a read-only field for SCIM data of an user. In addition, this release adds a new manager ID field to manually set the account ID of a user's manager. Lastly, the accounts users model now has a read-only field for retrieving the "resolved manager id". This is the ID of the user's manager derived from the manager_id, if present, or from the SCIM metadata. This field is only populated for results from the accounts get and list endpoints and is not returned for create and update, audit list, or history endpoint calls.

2025-05-08

Go SDK

14.10.0

2025-05-08

Ruby SDK

14.10.0

2025-05-07

Desktop Application

22.25.0

This release provides a login update, so login errors no longer require the user to change the email field to log in again when the email is prefilled.

2025-05-07

CLI

47.56.0

This release adds the `--proxy-cluster-id` flag to the `sdm admin servers create rawtcp` and `sdm admin servers update rawtcp` CLI commands, which were previously missing it.

2025-05-05

Control Plane

103.48.0

This release restores the permissions needed for an auditor to create and approve access requests.

2025-05-05

Control Plane

103.46.0

This release ensures that the Standing Access report in the Admin UI will not return undefined data that has the potential to kill the page.

2025-05-02

Control Plane

103.42.0

On-prem installations of the StrongDM Control Plane now require the database to be running at least Postgres 13.

2025-05-02

CLI

47.53.0

This release makes `sdm admin secretengines` and `sdm admin managedsecrets` CLI commands visible.

2025-05-01

CLI

47.50.0

This release removes an unused capability from the StrongDM System Service when using the Virtual Networking Mode (VNM) beta feature that added the cloud proxy certificate to the system root certificate trust store when logged in to an organization with VNM enabled.

2025-04-30

Control Plane

103.21.0

This release follows the recent addition of the `sdm admin approval-workflows-multistep` CLI commands, which make the following commands obsolete and removed: `sdm admin workflow create workflow-approver`, `sdm admin workflow list workflow-approvers`, and `sdm admin workflow delete workflow-approver`. In addition, this release adds a template for the `--access-rules` argument to the help text for the following commands: `sdm admin workflow create workflow` and `sdm admin workflow update workflow`. Lastly, this release adds access rules to text and JSON output of `sdm admin workflow list workflow` and removes the `AutoGrant` field from workflow listings.

2025-04-30

CLI

47.49.0

2025-04-29

Control Plane

103.8.0

New MFA provider with push notifications: RSA ID Plus

2025-04-29

CLI

47.45.0

New MFA provider with push notifications: RSA ID Plus

2025-04-28

CLI

47.42.0

This release makes the Vertica datasource type generally available.

2025-04-28

Control Plane

103.1.0

This release makes the Vertica datasource type generally available.

2025-04-28

Terraform Provider

14.7.0

This release makes the Vertica datasource type generally available.

2025-04-28

Ruby SDK

14.7.0

This release makes the Vertica datasource type generally available.

2025-04-28

Python SDK

14.7.0

This release makes the Vertica datasource type generally available.

2025-04-28

Go SDK

14.7.0

This release makes the Vertica datasource type generally available.

2025-04-28

Desktop Application

22.23.0

This release fixes a login issue for US customers who encountered firewall restrictions that prevented their log in to StrongDM via the desktop app.

2025-04-25

CLI

47.41.0

This release fixes an issue in the rendering of RDP sessions where the cursor color would sometimes be displayed incorrectly in the rendered videos.

2025-04-25

CLI

47.40.0

This release updates the CLI by adding flags to set and unset the ManagerID field on a user account. In addition, this release adds a `--template` option to the `sdm admin user update` CLI command.

2025-04-25

CLI

47.39.0

This release improves DNS subdomain validation in the StrongDM System Service when using the Virtual Networking Mode beta feature to detect and disallow malformed input.

2025-04-25

Control Plane

102.93.0

This release updates the CLI by adding flags to set and unset the ManagerID field on a user account. In addition, this release adds a `--template` option to the `sdm admin user update` CLI command.

2025-04-25

Control Plane

102.92.0

This release fixes an issue where combo boxes on the Policy Editor would not display correctly.

2025-04-25

Control Plane

102.88.0

This release updates approval workflows to be able to be configured to specify a requester's manager or a requester's manager's manager as an approver. The resolution of whom the manager of the requester is is performed when the requester makes an access request.

2025-04-25

Terraform Provider

14.6.0

2025-04-25

Python SDK

14.6.0

2025-04-25

Go SDK

14.6.0

2025-04-25

Ruby SDK

14.6.0

2025-04-23

Desktop Application

22.22.0

This release resolves an issue that prevented the desktop app from logging in via Google SSO, where after authenticating with Google, the user would see a 404 page and not be authenticated in the desktop app.

2025-04-23

Control Plane

102.74.0

2025-04-22

Control Plane

102.71.0

This release fixes an issue with the StrongDM Jira integration where the end date of an access request grant was being incorrectly rendered in Jira.

2025-04-22

Control Plane

102.66.0

This release updates the CLI commands for approval workflows; specifically, the output heading for "ApproverIDs" has been changed to "Approvers" in the listings of approval workflow steps.

2025-04-21

CLI

47.30.0

This release adds the Oracle (NNE) datasource type, which provides support for Oracle datasources that have NNE enabled. StrongDM supports the AES-128, AES-192, AES-256, DES, RC4_40, RC4_128, and RC4_256 encryption algorithms; SHA-256, SHA-384, and SHA-512 checksum algorithms; and Oracle DB versions 12c to 19c.

2025-04-21

Control Plane

102.62.0

2025-04-21

Terraform Provider

14.4.0

This release adds Oracle (NNE) as a resource type. StrongDM supports the AES-128, AES-192, AES-256, DES, RC4_40, RC4_128, and RC4_256 encryption algorithms; SHA-256, SHA-384, and SHA-512 checksum algorithms; and Oracle DB versions 12c to 19c.

2025-04-21

Python SDK

14.4.0

2025-04-21

Go SDK

14.4.0

2025-04-21

Ruby SDK

14.4.0

2025-04-21

Control Plane

102.57.0

This release updates the Admin UI to correctly display Jira or ServiceNow under the Request Details page.

2025-04-17

Control Plane

102.44.0

This release fixes an issue where some approval workflow audit records were associated with a nonexistent activity when using older versions of the CLI or SDK to manage approval workflows.

2025-04-17

CLI

47.26.0

2025-04-17

Control Plane

102.42.0

2025-04-17

Control Plane

102.37.0

This release adds support for Redshift Cluster and Redshift Serverless to use IAM role-based authentication.

2025-04-17

CLI

47.23.0

This release adds support for Redshift Cluster and Redshift Serverless to use IAM role-based authentication.

2025-04-17

Terraform Provider

14.3.0

This release adds support for Redshift Cluster and Redshift Serverless to use IAM role-based authentication.

2025-04-17

Python SDK

14.3.0

This release adds support for Redshift Cluster and Redshift Serverless to use IAM role-based authentication.

2025-04-17

Go SDK

14.3.0

This release adds support for Redshift Cluster and Redshift Serverless to use IAM role-based authentication.

2025-04-17

Ruby SDK

14.3.0

This release adds support for Redshift Cluster and Redshift Serverless to use IAM role-based authentication.

2025-04-15

Terraform Provider

14.2.0

This release fixes an issue with the `sdm admin approval-workflows update` CLI command in CLI versions prior to 47.3.0 and ApprovalWorkflows, where update SDK/Terraform calls in SDK versions prior to 14.0.0 would incorrectly remove all steps from a manual approval workflow. A consequence of this fix is the `sdm admin approval-workflows-multistep update` CLI command in CLI versions between 47.3.0 and 47.20.0 and the ApprovalWorkflows. Update SDK/Terraform call in SDK versions between 14.0.0 and 14.1.0 cannot be used to update the steps of an approval workflow. Please upgrade to CLI version 47.20.0 or higher, or SDK version 14.1.0 or higher.

2025-04-15

Control Plane

102.22.0

2025-04-15

Python SDK

14.2.0

2025-04-15

Go SDK

14.2.0

2025-04-15

Ruby SDK

14.2.0

2025-04-15

CLI

47.20.0

This release updates the CLI to remember the previously selected app domain even after logout.

2025-04-10

Terraform Provider

14.0.0

This release is a major SDK version bump that introduces enhanced approval workflows. The approval workflow steps and approval workflow approvers endpoints have been deprecated to introduce multistep approval workflow functionality through the approval workflow endpoint. Approval workflows can now be created with multiple approval steps and approvers using the approval workflows endpoint. In addition, you can now specify a "skip after" timeout on an approval step so that the step will auto-approve if no approval has been given after the specified time elapses. Another optional "quantifier" specifies whether any or all approvers need to approve for an approval step. The approval workflows history, approval workflows steps history, and approval workflow approvers history endpoints remain as-is for historical data queries.

2025-04-10

Go SDK

14.0.0

2025-04-10

Python SDK

14.0.0

2025-04-10

Ruby SDK

14.0.0

2025-04-10

Control Plane

101.98.0

This release updates the "query" field in Log Stream query logs to include the complete query capture metadata for RDP and interactive SSH and Kubernetes sessions. Previously this field was empty for these queries. Additionally the `sdm replay rdp` CLI command now supports `--format logstream`, which allows auditing of RDP sessions captured by Log Stream.

2025-04-10

CLI

47.15.0

2025-04-09

Control Plane

101.96.0

This release exposes the manager id field of a user in the `sdm admin users list` CLI command and improves the formatting of SCIM data when the `--json` flag is used.

2025-04-09

CLI

47.13.0

This release exposes the `manager id` field of a user in `sdm admin users list` and improves the formatting of SCIM data when the `--json` flag is used.

2025-04-09

Control Plane

101.95.0

This release updates SSH (Customer Managed Key) resources using Identity Aliases with a third-party secret store (not Strong Vault) to optionally use a different SSH private key for each Identity Alias. This is done by configuring the path to the private key in the secret store to include a `$SDM_USERNAME` variable that will be replaced at runtime with the Identity Alias of the connecting user (for example, `secrets/employees/$SDM_USERNAME?key=ssh-key`).

2025-04-08

Desktop Application

22.20.0

This release fixes an issue where when a user would relaunch the SSO login in a browser window, it would show an error that the token was already used.

2025-04-08

CLI

47.12.0

This release adds support for privilege levels on Leased Credentials clusters.

2025-04-08

Control Plane

101.88.0

This release adds SCIM metadata to the output from the `sdm admin users list` CLI command.

2025-04-08

CLI

47.11.0

This release adds SCIM metadata to the output from the `sdm admin users list` CLI command.

2025-04-08

CLI

47.10.0

This release adds support for Secret Engines and Managed Secrets in the SDKs.

2025-04-08

Control Plane

101.87.0

This release adds support for Secret Engines and Managed Secrets in the SDKs.

2025-04-08

Python SDK

13.12.0

This release adds support for Secret Engines and Managed Secrets in the SDKs.

2025-04-08

Ruby SDK

13.12.0

This release adds support for Secret Engines and Managed Secrets in the SDKs.

2025-04-08

Go SDK

13.12.0

This release adds support for Secret Engines and Managed Secrets in the SDKs.

2025-04-07

CLI

47.8.0

SSH (Customer Managed Key) resources now support Identity Aliases in addition to the existing support for leased credentials. Identity Aliases allow a different SSH username to be used for different users connecting to the same resource with the same SSH key. This new configuration is supported across the Admin UI, CLI, SDKs, and Terraform.

2025-04-07

Control Plane

101.81.0

2025-04-07

Terraform Provider

13.11.0

2025-04-07

Python SDK

13.11.0

2025-04-07

Ruby SDK

13.11.0

2025-04-07

Go SDK

13.11.0

2025-04-07

Control Plane

101.78.0

This release updates the access workflow quota limit to be no longer capped at 100.

2025-04-07

Control Plane

101.76.0

This release adds support for the Amazon OpenSearch/Elasticsearch (IAM) datasource type, allowing Opensearch/Elasticsearch to be set up using IAM.

2025-04-07

CLI

47.7.0

This release adds support for the Amazon OpenSearch/Elasticsearch (IAM) datasource type, allowing Opensearch/Elasticsearch to be set up using IAM.

2025-04-07

Python SDK

13.10.0

This release adds support for the Amazon OpenSearch/Elasticsearch (IAM) datasource type, allowing Opensearch/Elasticsearch to be set up using IAM.

2025-04-07

Go SDK

13.10.0

This release adds support for the Amazon OpenSearch/Elasticsearch (IAM) datasource type, allowing Opensearch/Elasticsearch to be set up using IAM.

2025-04-07

Ruby SDK

13.10.0

This release adds support for the Amazon OpenSearch/Elasticsearch (IAM) datasource type, allowing Opensearch/Elasticsearch to be set up using IAM.

2025-04-07

CLI

47.6.0

Add support for Redis Cluster

2025-04-07

Control Plane

101.75.0

Add support for Redis Cluster

2025-04-07

Go SDK

13.9.0

Add support for Redis Cluster

2025-04-04

Terraform Provider

13.8.0

This release allows usernames and passwords for the Vertica resource type to be vaulted with third-party secret stores for our Terraform provider.

2025-04-04

CLI

47.4.0

This release updates the CLI with an interactive login for `sdm login` that prompts users to select an app domain. The default app domain is `app.strongdm.com`. If `SDM_APP_DOMAIN` is set in the environment, it will take precedence instead and no prompt will be shown.

2025-04-03

Control Plane

101.60.0

This release speeds up load times between page and tab navigation in the Admin UI.

2025-04-02

Control Plane

101.58.0

This release makes multistep approval workflows generally available. You can now create approval workflows with multiple approval steps. There are new settings that allow you to skip an approval step after it's been idle for a period of time, or specify whether any or all approvers need to approve that step. In addition, this release adds the new CLI command `sdm admin approval-workflows-multistep`, which takes JSON configuration for a whole approval workflow, including approval steps and approvers. Users can also query and list information about approval workflows through this CLI command. Lastly, this release deprecates the following CLI commands, which will continue to work for existing customers, but without the new multistep approval workflow functionality: `sdm admin approval workflows`, `sdm admin approval-workflow-steps`, and `sdm admin approval-workflow-approvers`.

2025-04-02

CLI

47.3.0

2025-03-31

Desktop Application

22.18.0

This release changes what is displayed in the desktop menu app when logging into or logging out of StrongDM. Now, the "Open app.strongdm.com" option will no longer appear in the menu when logged out. When logged in, the "Open app.strongdm.com" menu option will display as "Open [the control plane domain you are authenticated with]".

2025-03-31

Terraform Provider

13.6.0

The SDKs now send requests to app.strongdm.com by default, rather than api.strongdm.com. The previous address will continue to be supported indefinitely.

2025-03-31

Python SDK

13.6.0

The SDKs now send requests to app.strongdm.com by default, rather than api.strongdm.com. The previous address will continue to be supported indefinitely.

2025-03-31

Ruby SDK

13.6.0

The SDKs now send requests to app.strongdm.com by default, rather than api.strongdm.com. The previous address will continue to be supported indefinitely.

2025-03-31

Go SDK

13.6.0

The SDKs now send requests to app.strongdm.com by default, rather than api.strongdm.com. The previous address will continue to be supported indefinitely.

2025-03-28

Control Plane

101.39.0

This release adds support for the Vertica database in the SDKs.

2025-03-28

CLI

46.99.0

This release adds support for the Vertica database in the SDKs.

2025-03-28

Terraform Provider

13.5.0

This release adds support for the Vertica database in the SDKs.

2025-03-28

Ruby SDK

13.5.0

This release adds support for the Vertica database in the SDKs.

2025-03-28

Python SDK

13.5.0

This release adds support for the Vertica database in the SDKs.

2025-03-28

Go SDK

13.5.0

This release adds support for the Vertica database in the SDKs.

2025-03-27

CLI

46.98.0

This release deprecates the `sdm install --domain` CLI command. Instead, use `--app-domain` and pass the full domain name of the control plane including the `app.` (for example, `sdm install --app-domain app.eu.strongdm.com`). The `--domain` flag will continue to work as-is indefinitely.

2025-03-21

Control Plane

101.17.0

This release mitigates certain instances of hung healthcheck diagnostics in the Admin UI.

2025-03-21

CLI

46.92.0

This release removes `sdm admin managedsecrets validate` and `sdm admin managedsecrets validate` from the CLI. Please use `sdm managedsecrets validate` and `sdm managedsecrets validate` with relevant permission policy instead.

2025-03-20

Control Plane

101.13.0

This release makes proxy clusters generally available as a new deployment option.

2025-03-19

Control Plane

101.9.0

This release adds support for secret engines to enterprise customers. All enterprise customers can now create secret engines and managed secrets.

2025-03-14

Control Plane

100.91.0

This release updates the Relay and Gateway Resources tab in the Admin UI to have search and filtering capabilities. Users can now search by resource name, type filter, status filter, and tags filter.

2025-03-14

Control Plane

100.89.0

This release adds a workflow setting to the Admin UI to specify the number of requests a user can make to a resource.

2025-03-14

Desktop Application

22.15.0

This release enables users with multiple control planes to select which control plane they want to connect to from the desktop app.

2025-03-14

Control Plane

100.86.0

This release introduces an exponential backoff in case of automatic rotation failures for Active Directory secret engines. This will reduce the number of errors that might be observed for misconfigured Active Directory accounts. The interval for retries in case of failures will be increased with each failure until it reaches `max_backoff_duration`. After that retries happen every `max_backoff_duration`. The default value for `max_backoff_duration` is 1 day (24 hours). `max_backoff_duration` can be set using the `--max-backoff-duration` flag when updating a secret engine (`sdm admin secretengines update active_directory <SECRET_ENGINE_ID>`) or creating a secret engine (`sdm admin secretengines create active_directory`).

2025-03-14

CLI

46.87.0

2025-03-11

Control Plane

100.80.0

This release adds the new permission level Database Operator.

2025-03-11

Terraform Provider

13.3.0

This release adds the new permission level Database Operator.

2025-03-11

Ruby SDK

13.3.0

This release adds the new permission level Database Operator.

2025-03-11

Go SDK

13.3.0

This release adds the new permission level Database Operator.

2025-03-11

Python SDK

13.3.0

This release adds the new permission level Database Operator.

2025-03-10

CLI

46.84.0

This release adds support to the `sdm connect` CLI command, allowing it to accept either a resource name or a resource ID as the argument.

2025-03-10

Control Plane

100.75.0

This release adds support to the `sdm connect` CLI command, allowing it to accept either a resource name or a resource ID as the argument.

2025-03-10

Control Plane

100.71.0

This release fixes an issue with the `sdm admin users grant-temporary --template-role` CLI command, in which it would not grant access to resources on that role.

2025-03-08

CLI

46.81.0

This release fixes an issue that could cause unexpected disconnects from RDP (Certificate Based) resources with certain combinations of Windows client and server versions.

2025-03-06

CLI

46.78.0

This release fixes a healthcheck bug for Amazon EKS resources where the wrong namespace was used during the healthcheck when Identity Sets were enabled.

2025-03-06

CLI

46.77.0

This release adds the Kubernetes (Pod Identity) cluster resource type, which supports connection to Kubernetes clusters that have a node (relay or gateway) running inside them, without ever giving StrongDM credentials to the cluster.

2025-03-06

Terraform Provider

13.2.0

2025-03-06

Control Plane

100.63.0

2025-03-06

Python SDK

13.2.0

2025-03-06

Ruby SDK

13.2.0

2025-03-06

Go SDK

13.2.0

2025-03-04

CLI

46.74.0

This release updates the `sdm replay rdp` CLI command to include improved help and usage information, updates `sdm replay rdp` to support rendering RDP sessions older than one week, and updates `sdm replay rdp` to be able to be used to render RDP sessions from local relay log files encrypted with public key encryption (via the `--key` option).

2025-03-03

Control Plane

100.44.0

This releases changes the MS SQL Kerberos SPN field to be a non-credential type. This only changes behavior when using secret stores with MS SQL Kerberos resources. Previously, a secret path needed to be specified for the SPN field when using secret stores. Now the field is always a plaintext string.

2025-03-03

Terraform Provider

13.0.0

2025-03-03

Go SDK

13.0.0

2025-03-03

Ruby SDK

13.0.0

2025-03-03

Python SDK

13.0.0

2025-03-03

Control Plane

100.43.0

This release improves the Cluster Discovery tab in the Admin UI to show a more meaningful message when nothing has been discovered yet.

2025-02-28

Control Plane

100.39.0

This release fixes an issue that caused requesting access to a resource via fixed duration to display "Requested for 0 days" in the access details column.

2025-02-26

CLI

46.69.0

This release fixes an issue for Oracle, where entering a raw IP address as the hostname causes the connection to fail. Additionally, this release fixes a connectivity issue for Oracle 19 in OCI and any other Oracle servers using the same connection format from odbc6.jar (version8i).

2025-02-20

Control Plane

100.16.0

This release updates policies so that `StrongDM::ManagedSecret::Action::"read"` is now granted implicitly as part of `StrongDM::ManagedSecret::Action::"retrieve"`, `StrongDM::ManagedSecret::Action::"rotate"`, and `StrongDM::ManagedSecret::Action::"validate"`. Now users granted those "broader" permissions can also list secrets they can take action upon.

2025-02-19

Control Plane

100.12.0

This release updates the way users are routed to certain Admin UI pages upon login. Users with the User permission level on login will be routed to the Download & Install page. Users with the Database Admin permission level on login will be routed to the Datasources page. Users with the Admin permission level who have expired Enterprise accounts will see an Enterprise purchase banner at the top of the page for pages that are Enterprise-only.

2025-02-19

Control Plane

100.10.0

This release updates the Policy Logs page of the Admin with a new design and filtering capability. Users can now use dropdown filters and search input to reduce the amount of logs displayed based on the requested filters.

2025-02-14

CLI

46.64.0

This release addresses an issue where under periods of heavy load, nodes may potentially run out of memory if remote logging to StrongDM is enabled and query and replay data is being generated faster than it can be logged to StrongDM. Nodes are now limited to consuming no more than about 50 percent of system memory for buffering remote logs, throttling traffic when this limit is reached. While it should not be necessary to do so, these default limits may be overridden via `SDM_RELAY_LOG_REMOTE_BUFFER_BYTES` and `SDM_RELAY_LOG_REMOTE_BUFFER_RETRY_BYTES` environment variables.

2025-02-12

CLI

46.62.0

This release updates the SDKs to support the new AccessRule field for account grants.

2025-02-12

Control Plane

100.1.0

This release updates the SDKs to support the new AccessRule field for account grants.

2025-02-12

Python SDK

12.10.0

This release updates the SDKs to support the new AccessRule field for account grants.

2025-02-12

Go SDK

12.10.0

This release updates the SDKs to support the new AccessRule field for account grants.

2025-02-12

Ruby SDK

12.10.0

This release updates the SDKs to support the new AccessRule field for account grants.

2025-02-11

Control Plane

99.95.0

- Fix dropdown behavior.

2025-02-10

CLI

46.60.0

This release adds support to RDP resources for connecting to Windows 11 and Windows Server 2025 RDP servers with Network Level Authentication (NLA) enabled. Previously, RDP resources required NLA to be disabled on these newer Windows versions.

2025-02-10

CLI

46.59.0

This release fixes an issue where RDP sessions to some Windows target server versions, including Windows 10, may fail to render into video fields. This release also fixes an issue where RDP sessions from Windows 11 24H2 clients to some Windows target server versions, including Windows 10 and 11, may display incorrectly, with heavy pixelation of the screen.

2025-02-07

Control Plane

99.89.0

This release improves resource selection in the temporary access modal to allow better search results.

2025-02-06

Control Plane

99.85.0

Fixed error when accepting user invitations.

2025-02-06

Control Plane

99.78.0

Fixed routing issue when trying to log in while already authenticated.

2025-02-06

Control Plane

99.77.0

This release updates the temporary access table to no longer increment the total count by two when adding a new temporary grant to a user.

2025-02-05

Control Plane

99.74.0

This release fixes an issue where gateways device details text would overflow into other text.

2025-02-04

Control Plane

99.62.0

This release fixes an issue where a newly created role wasn't immediately showing up in the roles table in the Admin UI. It also fixes an issue where the "reason" text field in the access request modal did not capture the first character being typed into it.

2025-02-03

Control Plane

99.60.0

This release ensures that Role IDs no longer show up in the search box of the attach role selector on the access workflow form.

2025-01-31

Terraform Provider

12.9.1

This release updates the Terraform provider docs to include max duration and fixed duration settings for individual access workflows.

2025-01-30

CLI

46.43.0

This release fixes an issue with RDP session video rendering (both in the Admin UI and the CLI) that could potentially result in artifacts in the rendered video due to a rare mis-parsing of bitmap updates in the RDP session data.

2025-01-29

CLI

46.41.0

This release provides the capability for users to append an `-e` flag to their `sdm status` CLI command. This will show privilege levels (if any) for any clusters they currently have privileges for.

2025-01-29

Control Plane

99.38.0

This release provides the capability for users to append an `-e` flag to their `sdm status` CLI command. This will show privilege levels (if any) for any clusters they currently have privileges for.

2025-01-29

Control Plane

99.33.0

This release adds a new logs page to the Admin UI for Credential Management logs.

2025-01-28

CLI

46.40.0

Relays previously output the following non-structured log line every 2 minutes on `stderr`: `link count: %d, stream count: %d, egress count: %d`. This log will now appear in the following structured format on `stdout`, bringing it in compliance with all other log lines: `time="2025-01-28T10:15:56-08:00" level=info msg="link monitor" linkCount=1 streamCount=0 egressCount=0`.

2025-01-28

CLI

46.39.0

This release adds the `PrivilegeGroups` field to `sharedkernel.Capture` model, allowing these to be auditable via `sdm audit k8s` and in query logs. These fields are populated by any groups granted via privileges for a given Kubernetes operation.

2025-01-28

Terraform Provider

12.9.0

2025-01-28

Python SDK

12.9.0

2025-01-28

Ruby SDK

12.9.0

2025-01-28

Go SDK

12.9.0

2025-01-27

CLI

46.38.0

This release adds the `sdm access request <REQUEST_ID>` CLI command that displays a summary of the request and approvals.

2025-01-27

CLI

46.37.0

This release adds support for IAM authentication with Aurora MySQL.

2025-01-27

Control Plane

99.24.0

This release fixes an issue where `sdm access requests --filter="request:<RESOURCE_NAME>""` would not return some access requests when there were matching requests.

2025-01-27

Terraform Provider

12.8.0

This release adds support for IAM authentication with Aurora MySQL.

2025-01-27

Control Plane

99.22.0

This release adds support for IAM authentication with Aurora MySQL.

2025-01-27

Go SDK

12.8.0

This release adds support for IAM authentication with Aurora MySQL.

2025-01-27

Ruby SDK

12.8.0

This release adds support for IAM authentication with Aurora MySQL.

2025-01-27

Python SDK

12.8.0

This release adds support for IAM authentication with Aurora MySQL.

2025-01-24

Control Plane

99.12.0

This release makes the Windows x32 version no longer available for download on the Admin UI Download & Install page.

2025-01-24

Control Plane

99.10.0

This release fixes an issue where resources would not appear for an access request in reports.

2025-01-23

Control Plane

99.4.0

This release updates the Admin UI with new table ordering that allows you to sort by name on Gateway and Relay pages.

2025-01-22

CLI

46.32.0

This release adds support for DocumentDB with IAM authentication.

2025-01-22

Terraform Provider

12.5.0

This release adds support for DocumentDB with IAM authentication.

2025-01-22

Control Plane

98.87.0

This release adds support for DocumentDB with IAM authentication.

2025-01-22

Python SDK

12.5.0

This release adds support for DocumentDB with IAM authentication.

2025-01-22

Go SDK

12.5.0

This release adds support for DocumentDB with IAM authentication.

2025-01-22

Ruby SDK

12.5.0

This release adds support for DocumentDB with IAM authentication.

2025-01-21

Control Plane

98.85.0

This release adds a loading indicator to the policy logs details panel of the Admin UI.

2025-01-21

CLI

46.31.0

This release addresses the following third party CVEs: CVE-2024-45336,CVE-2024-45341

2025-01-21

Control Plane

98.80.0

This release addresses the following third party CVEs: CVE-2024-45336,CVE-2024-45341

2025-01-17

Control Plane

98.74.0

This release fixes a bug where 31 days was the maximum duration access could be requested even if the organization or workflow allowed for more.

2025-01-17

Control Plane

98.71.0

This release updates the modal for granting temporary access to be broken up into multiple steps. The step for selecting resources has been changed from checkboxes to a combobox/search input.

2025-01-17

Desktop Application

22.4.0

This release makes ClickHouse available in the CLI.

2025-01-17

Java SDK

12.4.0

This release adds the ClickHouse resource type.

2025-01-17

CLI

46.26.0

This release adds the ClickHouse resource type.

2025-01-17

Python SDK

12.4.0

This release adds the ClickHouse resource type.

2025-01-17

Ruby SDK

12.4.0

This release adds the ClickHouse resource type.

2025-01-17

Go SDK

12.4.0

This release adds the ClickHouse resource type.

2025-01-16

Control Plane

98.57.0

This release adds the DynamoDB (IAM) resource type.

2025-01-14

Java SDK

12.2.0

This release makes the Google Cloud Platform Workforce Identity Federation resource type generally available.

2025-01-14

CLI

46.19.0

This release makes the Google Cloud Platform Workforce Identity Federation resource type generally available.

2025-01-14

Terraform Provider

12.2.0

This release makes the Google Cloud Platform Workforce Identity Federation resource type generally available.

2025-01-14

Control Plane

98.45.0

This release makes the Google Cloud Platform Workforce Identity Federation resource type generally available.

2025-01-14

Python SDK

12.2.0

This release makes the Google Cloud Platform Workforce Identity Federation resource type generally available.

2025-01-14

Go SDK

12.2.0

This release makes the Google Cloud Platform Workforce Identity Federation resource type generally available.

2025-01-14

Ruby SDK

12.2.0

This release makes the Google Cloud Platform Workforce Identity Federation resource type generally available.

2025-01-13

Control Plane

98.30.0

This release updates the Roles page of the Admin UI to have table ordering on the Roles column.

2025-01-10

CLI

46.14.0

This release adds the CLI command `sdm admin secretengines rotate` for rotating a secret engine's password used for connecting to Active Directory (currently only the `active_directory` secret engine type supports this). Running the command will update `Bindpass` in the Active Directory and store a new password inside the secret engine's configuration stored inside the secret store.

2025-01-10

Control Plane

98.23.0

2025-01-08

CLI

46.11.0

This release adds the ability to set workflow settings at the workflow level via the StrongDM SDKs and CLI.

2025-01-08

Terraform Provider

11.23.0

This release adds the ability to set workflow settings at the workflow level via the StrongDM SDKs and CLI.

2025-01-08

Java SDK

11.23.0

This release adds the ability to set workflow settings at the workflow level via the StrongDM SDKs and CLI.

2025-01-08

Control Plane

98.8.0

This release adds the ability to set workflow settings at the workflow level via the StrongDM SDKs and CLI.

2025-01-08

Python SDK

11.23.0

This release adds the ability to set workflow settings at the workflow level via the StrongDM SDKs and CLI.

2025-01-08

Ruby SDK

11.23.0

This release adds the ability to set workflow settings at the workflow level via the StrongDM SDKs and CLI.

2025-01-08

Go SDK

11.23.0

This release adds the ability to set workflow settings at the workflow level via the StrongDM SDKs and CLI.

2025-01-08

Control Plane

98.6.0

This release updates the Jira Connect button on the Admin UI Integrations page to link to the EU version of the Jira plugin for the EU control plane.

2025-01-04

Control Plane

97.91.0

This release enhances the integration for Slack's display of access requests in the app by adding a summary of the approval steps and approvers.

2025-01-02

Control Plane

97.82.0

This release includes minor updates to the integrations with Microsoft Teams and Jira to support split requested and result duration of access requests.

2024-12-20

Control Plane

97.69.0

This release updates the Jira integration card in the Admin UI to link to the control plane-specific Jira app.

2024-12-19

Control Plane

97.63.0

This release allows admins to adjust settings of a specific access workflow.

2024-12-19

Control Plane

97.59.0

This release changes all Admin UI resource pages to allow columns to be ordered by name and type.

2024-12-18

Control Plane

97.52.0

This release updates credential rotation so that rotating a credential now updates the expiration date, in turn preventing a validation expiration date from showing an "expired" alert.

2024-12-18

CLI

46.3.0

This release updates the CLI command `sdm audit access-requests` to include the approval flow ID.

2024-12-17

Control Plane

97.45.0

This release fixes an issue related to Snowflake resources created via the API/CLI and Terraform. Currently, when not set, the "Port" argument defaults to 0, resulting in the Snowflake driver constructing a request that causes Snowflake to return with an unexpected error. This fix ensures that the default port of 443 is used when not set.

2024-12-17

CLI

46.2.0

This release makes the `--name` parameter visible in the CLI help for the `sdm aws` and `sdm az` CLI commands. This parameter was already documented but hidden in the CLI help.

2024-12-13

Control Plane

97.36.0

This change makes a fix to the Admin UI that allows known healthcheck information to be displayed on the Datasources details page as it comes in rather than waiting for all nodes to report healthcheck information. Prior to this change, if one or more nodes were in a broken state where they were not able to report healthcheck status, the displayed status for all nodes would have been Checking. Now, the healthy nodes' healthcheck status is able to be reported as it comes in and only unhealthy nodes stay in a Checking state.

2024-12-12

Control Plane

97.28.0

This release fixes an issue where failing to retrieve a credential on the **Credentials** page in the Admin UI could only be resolved by first refreshing the page. Now there is a retry button and the credential is always retrieval is always attempted when selecting the retrieve menu option.

2024-12-11

CLI

45.93.0

This release adds a new filter for filtering queries through the `sdm audit` CLI command or through the Queries vertical in the SDK. The `authzAction` filter can filter queries by authorization request action (such as `StrongDM::Action::"connect"` or `SQL::Action::"drop"`). This filter may include wildcards, for example `*sql*drop*`. This filter does not match on queries that were not associated with a policy authorization.

2024-12-11

Control Plane

97.22.0

2024-12-10

Control Plane

97.15.0

This release updates the **Integrations** page in the Admin UI to now link to the EU Microsoft Teams listing for users on the EU control plane.

2024-12-09

CLI

45.90.0

This release fixes an issue introduced in version 45.80.0 of the CLI that could cause `sdm aws terraform` commands to fail with a "tls: failed to verify certificate" error.

2024-12-09

Control Plane

97.10.0

This release enhances the Users page in the Admin UI to make the **Name**, **Email**, and **Permission Level** columns sortable.

2024-12-05

Desktop Application

21.93.0

This release fixes an issue where focus would be removed from the search bar in the desktop app while typing.

2024-12-04

Control Plane

96.98.0

This release updates access requests to now specify the requested duration and the result duration in the request step message.

2024-12-03

Control Plane

96.89.0

This release updates the the Approve/Deny message in the integration with Slack to include a text field where the approver can provide a note back to the requester regarding the outcome.

2024-12-02

CLI

45.80.0

This release updates the `sdm aws`, `sdm azure`, and `sdm gcp` CLI commands to provide a `--name` parameter and an `env` subcommand. It also updates the `sdm azure` and `sdm gcp` CLI commands to support a `run` subcommand and to store on-disk cloud SDK configuration and logs in a per-resource directory of the form `$SDM_HOME/azure-config/<RESOURCE_ID>` and `$SDM_HOME/gcloud-config/<RESOURCE_ID>` respectively, instead of a global configuration directory. In addition, the `sdm gcp` CLI command no longer supports the `activate` and `init` subcommands; To use StrongDM GCP resources, the `gcloud`, `run` and `env` commands to be used instead. Lastly, the `sdm gcp gsutil` CLI command has been deprecated; it continues to be supported but is hidden and may be removed in the future. Google no longer maintains `gsutil` and it is recommended to use `gcloud storage` (`sdm gcp cli storage`) instead.

2024-12-02

Control Plane

96.84.0

This release upgrades the `access to` command in the integration with Teams to support more variations that may be desired in the list of resource names and IDs.

2024-12-02

Control Plane

96.82.0

This release allows users to authenticate to ClickHouse through the driver with a username and private SSH key, when the users are created in the database with their public key.

2024-11-27

CLI

45.79.0

This release fixes an issue where `sdm access to` command in the integration with Slack caused ordinary users to get a permission error when requesting resources by name.

2024-11-27

Control Plane

96.75.0

This release updates the `/sdm access to` command in the integration for Slack to specify a request for multiple resources.

2024-11-27

CLI

45.78.0

This release splits the Duration field on AccessRequest objects in the SDKs and CLI into Requested Duration and Result Duration.

2024-11-27

Control Plane

96.73.0

This release splits the Duration field on AccessRequest objects in the SDKs and CLI into Requested Duration and Result Duration.

2024-11-27

Java SDK

11.20.0

This release splits the Duration field on AccessRequest objects in the SDKs and CLI into Requested Duration and Result Duration.

2024-11-27

Python SDK

11.20.0

This release splits the Duration field on AccessRequest objects in the SDKs and CLI into Requested Duration and Result Duration.

2024-11-27

Go SDK

11.20.0

This release splits the Duration field on AccessRequest objects in the SDKs and CLI into Requested Duration and Result Duration.

2024-11-27

Ruby SDK

11.20.0

This release splits the Duration field on AccessRequest objects in the SDKs and CLI into Requested Duration and Result Duration.

2024-11-26

Control Plane

96.69.0

This release gives the current GCP driver a more descriptive name to contrast it with new GCP functionality currently in beta.

2024-11-26

CLI

45.75.0

This release gives the current GCP driver a more descriptive name to contrast it with new GCP functionality currently in beta.

2024-11-25

Control Plane

96.60.0

This release updates the StrongDM app for Slack to display the requested duration in addition to the duration that the access request would grant upon approval.

2024-11-22

Control Plane

96.55.0

The format of API access keys has changed from a long Base64-encoded string to a hex string in the format `auth-0123abcd`. Existing API keys are unaffected, and the format of the secret portion of the key remains the same.

2024-11-22

Control Plane

96.54.0

This release allows the CLI command `sdm access to` to create requests with multiple resources. The `sdm access to` command no longer has a default duration, so it should normally be specified using the `-duration` flag.

2024-11-21

Control Plane

96.49.0

This release fixes a regression that caused access request creation to fail for organizations with a fixed duration setting.

2024-11-20

Control Plane

96.42.0

With this release, the Request Access page of the Admin UI now shows the StrongDM resource related to the action if present.

2024-11-19

Control Plane

96.32.0

With this release, the Microsoft Teams "Connect" link on the Admin UI Integrations page goes directly to the Teams marketplace listing for StrongDM.

2024-11-15

Control Plane

96.24.0

This release enables StrongDM's integration for Jira.

2024-11-15

CLI

45.66.0

This release fixes an issue with the queries logged for AWS Management Console resource access, including incorrect values for the "region" and "service" fields extracted from the resource's ".sdm.network" HTTP hostname. These fields are now omitted as they are not applicable to this resource. This release also improves the queries logged for Snowsight console resource access to include the full details of the HTTP request, making the queries logged for this resource consistent with other cloud resources. Lastly, this release improves the queries logged for AWS resource access to include the command that was executed from the HTTP request.

2024-11-14

CLI

45.62.0

With this release, Kubernetes drivers now support the latest Kubernetes cluster deployments and use websockets as the transport layer where applicable. The workaround `KUBECTL_REMOTE_COMMAND_WEBSOCKETS=false` is no longer required.

2024-11-12

Control Plane

95.96.0

This release allows users to be able to request multiple resources at the same time in the Admin UI.

2024-11-12

Terraform Provider

11.18.0

This release of the StrongDM Terraform Provider adds support for unstable GCP Workforce Identity Federation based resources.

2024-11-12

CLI

45.60.0

This release adds two new filters applicable to filtering queries through the `sdm audit` CLI or the Queries vertical in the SDKs: `policyID` filters queries affected by the specified policy and `authzDecision` filters queries by authorization decision (either "allow" or "deny"). These filters do not match queries that were not associated with a policy authorization.

2024-11-12

Control Plane

95.90.0

2024-11-09

CLI

45.57.0

This release changes the name of "GCP" resources as displayed in the Admin UI and CLI from "GCP" to "GCP (Service Account)". This change only affects the displayed name and is intended to disambiguate this resource from the future introduction of other GCP resources using different authentication mechanisms.

2024-11-09

Control Plane

95.87.0

2024-11-08

CLI

45.56.0

This release allows customers engaged with us for GCP Workforce Identity Federation based resources to utilize the CLI, SDKs, and Terraform provider to create resources.

2024-11-08

Control Plane

95.84.0

This release allows customers engaged with us for GCP Workforce Identity Federation based resources to utilize the CLI, SDKs, and Terraform provider to create resources.

2024-11-08

Java SDK

11.18.0

This release allows customers engaged with us for GCP Workforce Identity Federation based resources to utilize the CLI, SDKs, and Terraform provider to create resources.

2024-11-08

Python SDK

11.18.0

This release allows customers engaged with us for GCP Workforce Identity Federation based resources to utilize the CLI, SDKs, and Terraform provider to create resources.

2024-11-08

Go SDK

11.18.0

This release allows customers engaged with us for GCP Workforce Identity Federation based resources to utilize the CLI, SDKs, and Terraform provider to create resources.

2024-11-08

Ruby SDK

11.18.0

This release allows customers engaged with us for GCP Workforce Identity Federation based resources to utilize the CLI, SDKs, and Terraform provider to create resources.

2024-11-08

Control Plane

95.83.0

This release adds a new column under the Admin UI Roles page called "Users", which displays how many users are assigned to the role. In addition, the "Managed By" column is always displayed, and results can be filtered by "Managed By" when the organization has a provisioner.

2024-11-08

Control Plane

95.80.0

This release fixes an issue that may cause integration connected service disconnect calls to fail due to deleted StrongDM users.

2024-11-07

Control Plane

95.76.0

This release fixes an occasional issue where the All Requests page would error loading.

2024-11-06

CLI

45.54.0

This release adds a new configuration value to the Active Directory secrets engine that can be changed using: ``` sdm admin secretengines update active_directory -id <eng-id> --do-not-validate-timestamps=true ``` The default value for this configuration option is `false` and is only used in case of `active_directory`.

2024-11-06

Control Plane

95.59.0

2024-11-05

Control Plane

95.56.0

This release fixes an issue with redirection when switching accounts during workflow integration setup process.

2024-11-05

Control Plane

95.53.0

This release improves the login state upon entering a bad password. The login screen no longer refreshes, resetting the login state. Instead, an error appears and the email is retained.

2024-11-01

Control Plane

95.32.0

This release improves lazy loading for the Policy Editor.

2024-11-01

Control Plane

95.31.0

This release fixes an issue where collapsing/expanding Policy Editor columns would increase column width unexpectedly.

2024-10-31

Control Plane

95.27.0

This release fixes an issue where when a user navigates directly to `/app/login` and attempts to log in using a password, they are redirected to `/auth/login`.

2024-10-31

CLI

45.44.0

This release adds support for the AWS (Instance Profile) resource. The AWS (Instance Profile) resource type is generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider. The `sdm aws cli` commands support this resource type.

2024-10-31

Terraform Provider

11.17.0

2024-10-31

Control Plane

95.22.0

2024-10-31

Python SDK

11.17.0

2024-10-31

Go SDK

11.17.0

2024-10-31

Ruby SDK

11.17.0

2024-10-30

CLI

45.43.0

This release adds a new healthcheck service for fetching an organization's most recent healthchecks.

2024-10-30

Control Plane

95.19.0

This release adds a new healthcheck service for fetching an organization's most recent healthchecks.

2024-10-30

Java SDK

11.16.0

This release adds a new healthcheck service for fetching an organization's most recent healthchecks.

2024-10-30

Python SDK

11.16.0

This release adds a new healthcheck service for fetching an organization's most recent healthchecks.

2024-10-30

Go SDK

11.16.0

This release adds a new healthcheck service for fetching an organization's most recent healthchecks.

2024-10-30

Ruby SDK

11.16.0

This release adds a new healthcheck service for fetching an organization's most recent healthchecks.

2024-10-29

Control Plane

95.3.0

This release enables environment variables that set the HTTP/HTTPS proxy specifically for the StrongDM client. If SDM_HTTPS_PROXY is set, the client sets HTTPS_PROXY for itself. If SDM_HTTP_PROXY is set, the client sets HTTP_PROXY for itself.

2024-10-28

Control Plane

94.99.0

This release fixes an issue where an update to organization IDs caused reports to break.

2024-10-28

Control Plane

94.94.0

This release fixes an issue where changes to a resource's health state (and certain other properties, such as the subdomain of HTTP resources) may not be reflected immediately in the desktop app.

2024-10-28

Control Plane

94.93.0

This release fixes the Admin UI Integrations table to update when an integration is disconnected.

2024-10-28

Control Plane

94.92.0

This release fixes an issue where Log Stream may fail to upload large record sets to encrypted S3 buckets due to a lack of "kms:Decrypt" permission.

2024-10-25

Control Plane

94.83.0

This release updates the credential retrieval modal to close after 30 minutes or when the password expires.

2024-10-17

CLI

45.35.0

This release updates Kubernetes drivers to support version 1.31 so that SSH session recordings are properly supported.

2024-10-17

Control Plane

94.64.0

This release makes all actionable buttons under the Identity Aliases tab within the Account Details page of the Admin UI disabled and hidden while logged in with an Auditor account.

2024-10-14

Control Plane

94.40.0

This release fixes an issue where multi-select on table rows incorrectly updated the selected row count.

2024-10-14

Control Plane

94.38.0

This release fixes layout inconsistencies and a scroll issue with policy logs.

2024-10-14

CLI

45.31.0

This release makes the `SSHPassword` resource type available.

2024-10-14

Java SDK

11.15.0

This release makes the `SSHPassword` resource type available.

2024-10-14

Terraform Provider

11.15.0

This release makes the `SSHPassword` resource type available.

2024-10-14

Python SDK

11.15.0

This release makes the `SSHPassword` resource type available.

2024-10-14

Ruby SDK

11.15.0

This release makes the `SSHPassword` resource type available.

2024-10-14

Go SDK

11.15.0

This release makes the `SSHPassword` resource type available.

2024-10-11

Control Plane

94.32.0

This release fixes a bug where an account grant could be considered revoked by an access request when it expires naturally.

2024-10-08

Control Plane

94.22.0

This release updates resource configuration to prohibit `@` and `=` characters in the names of new resources when they are created.

2024-10-08

Control Plane

94.18.0

This release fixes an issue to allow for correct email rerouting to `logs/rdp-replays`.

2024-10-07

CLI

45.22.0

This release adds the `ImpersonationUser` and `ImpersonationGroups` fields to the `sharedkernel.Capture` model, allowing it to be auditable via `sdm audit k8s` and in query logs. These fields are populated when the client performs user and group impersonation in Kubernetes (that is, `--as user --as-group group`).

2024-10-07

Java SDK

11.14.0

2024-10-07

Ruby SDK

11.14.0

2024-10-07

Python SDK

11.14.0

2024-10-07

Go SDK

11.14.0

2024-10-04

CLI

45.20.0

This release updates the `sdm admin users add --csv` CLI command help text to include the necessary tags column.

2024-10-04

Control Plane

94.8.0

This release makes the email Identity Set unable to be edited.

2024-10-03

Control Plane

94.6.0

This release fixes a 404 error that could be encountered when connecting the StrongDM app for Slack to a new workspace.

2024-10-03

Terraform Provider

11.14.1

This release updates the Terraform Provider documentation to include the API `host`.

2024-10-03

CLI

45.15.0

This release enables users to be logged in automatically to Couchbase Web UI resources, so users no longer have to log in with fake credentials.

2024-10-03

Control Plane

94.0.0

This PR adds constants for the API host across different control planes.

2024-10-03

Java SDK

11.13.0

This PR adds constants for the API host across different control planes.

2024-10-03

Terraform Provider

11.14.0

This PR adds constants for the API host across different control planes.

2024-10-03

Python SDK

11.13.0

This PR adds constants for the API host across different control planes.

2024-10-03

Go SDK

11.13.0

This PR adds constants for the API host across different control planes.

2024-10-03

Ruby SDK

11.13.0

This PR adds constants for the API host across different control planes.

2024-10-03

Control Plane

93.99.0

This release fixes an issue where the "Enroll Here" button that appears in the desktop app when the user attempting to log in is not enrolled in Okta MFA was not clickable.

2024-10-02

Control Plane

93.92.0

This release ensures that only nodes that pass healthcheck for a secret store are taken into account when contacting a secret store.

2024-10-01

Terraform Provider

11.13.1

This release fixes an issue that prevented custom timeouts from being respected.

2024-10-01

Terraform Provider

11.13.0

This release adds support for custom timeouts for all operations on all resources in the StrongDM Terraform provider.

2024-10-01

Control Plane

93.87.0

This release fixes an issue where deleting an approval workflow could cause pending requests and access workflows bound to that approval workflow to be unchangeable.

2024-09-30

Terraform Provider

11.12.1

Terraform data sources can now filter by more than one tag. Previously a bug prevented this from working properly.

2024-09-27

Control Plane

93.74.0

This release gives database-admin users read-only access to gateways and relays.

2024-09-27

Control Plane

93.72.0

This release is the one of the few to enable support for email pass through Identity Sets, where all Identity Aliases in the set will be the user's corresponding email address or last name. This release adds Email Identity Alias creation and updates whenever a new account is created or updated. Deletion of Identity Aliases upon account deletion was already supported. The Identity Alias creation and update will only apply to `user` and `service` account types. For users, the Identity Alias username is the user's email address. For service accounts, the Identity Alias username is the last name, which is the nickname for the service account.

2024-09-27

Control Plane

93.69.0

This release fixes an issue so that an error page is no longer shown momentarily while the user is logged out of the Admin UI for stale or invalid credentials.

2024-09-26

Control Plane

93.64.0

This release cleared the name form value for the Add Role form on submission.

2024-09-25

CLI

45.4.0

With the release of time in context attributes, users should expect to see policies being reevaluated, approximately once every minute, even after the initial "Allow" for "connect" actions on Postgres resources. If no time attributes are accessed by relevant policies, and no updates are made to the policies, the evaluation should continue to evaluate to "Allow." If the relevant policies make use of the time attributes, however, reevaluating relevant policies may result in "Deny," in which case, the client will sever the connection.

2024-09-25

Control Plane

93.59.0

2024-09-25

Control Plane

93.58.0

This release fixes an issue where SAML users could not finish logging in when the email they entered did not match the capitalization of the email in the system.

2024-09-24

Desktop Application

21.87.0

This release adds an alert on the desktop app when another user on the machine is currently running the desktop app. The second user will have to quit the app and wait until the other desktop app instance is closed in order to continue. This release also fixes an issue where clicking the dock icon in macOS showed the desktop app's Resource Center window.

2024-09-23

CLI

44.97.0

This release adds a new `context.utcNow.timestamp` attribute for context-based policy allowing policies to be written against properties of the time at which authorization is performed. The value of this attribute is the current time (in UTC) as a Cedar `datetime` value.

2024-09-23

Control Plane

93.46.0

2024-09-19

CLI

44.95.0

This release adds new temporal attributes for context-based policy, allowing policies to be written against properties of the current time (in UTC) when authorization is performed. The new context attributes include `context.utcNow.dayOfWeek` (a number representing the current day of week from 1-7, which is Sun-Sat), `context.utcNow.day` (a number representing the current day of the month, such as 31), `context.utcNow.month` (a number representing the current month from 1-12, which is Jan-Dec), and `context.utcNow.year` (a number representing the current four digit year, such as 2024).

2024-09-19

Control Plane

93.33.0

2024-09-18

Control Plane

93.15.0

This release enables support for email to pass through Identity Sets, so that all Identity Aliases in the Identity Set are the user's corresponding email address. This release also adds the new read-only email Identity Set for new organizations. Existing orgs will be backfilled at a later release.

2024-09-17

Control Plane

93.5.0

This release updates the StrongDM Admin UI with a new navigation menu and updates both the Admin UI and desktop app with a refreshed layout, colors, and styling.

2024-09-16

Control Plane

92.97.0

This release adds a new organization setting, Enforce Single Session. This setting allows organization admins to restrict concurrent sessions for logged in users to a single session for the StrongDM Admin UI and a single session for desktop. With this setting enabled, if a user who is logged in to the Admin UI on one machine (or browser) logs in on another machine (or browser), the first session is revoked and the user is logged out of that session. The second session will still be preserved.

2024-09-16

Java SDK

11.10.1

2024-09-16

Python SDK

11.10.1

2024-09-16

Ruby SDK

11.10.1

2024-09-16

Go SDK

11.10.1

2024-09-13

CLI

44.75.0

This release adds support to the Account update API and SDKs for setting the password of a user account. This ability to set a user password is only permitted by new API keys that have been explicitly assigned a new Password Set permission.

2024-09-11

Control Plane

92.79.0

2024-09-11

Java SDK

11.10.0

2024-09-11

Python SDK

11.10.0

2024-09-11

Ruby SDK

11.10.0

2024-09-11

Go SDK

11.10.0

2024-09-11

CLI

44.65.0

This release adds support for Couchbase resources. The Couchbase and Couchbase (WebUI) resource types are now generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider.

2024-09-11

Terraform Provider

11.9.0

This release adds support for Couchbase resources. The Couchbase and Couchbase (WebUI) resource types are now generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider.

2024-09-11

Control Plane

92.75.0

This release adds support for Couchbase resources. The Couchbase and Couchbase (WebUI) resource types are now generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider.

2024-09-11

Java SDK

11.9.0

This release adds support for Couchbase resources. The Couchbase and Couchbase (WebUI) resource types are now generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider.

2024-09-11

Python SDK

11.9.0

This release adds support for Couchbase resources. The Couchbase and Couchbase (WebUI) resource types are now generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider.

2024-09-11

Go SDK

11.9.0

This release adds support for Couchbase resources. The Couchbase and Couchbase (WebUI) resource types are now generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider.

2024-09-11

Ruby SDK

11.9.0

This release adds support for Couchbase resources. The Couchbase and Couchbase (WebUI) resource types are now generally available across the Admin UI, CLI, SDKs, and StrongDM Terraform Provider.

2024-09-09

CLI

44.60.0

This release makes two changes have been made to the JSON format of the authorization information that is included in the `authz` field in query event logs. The `"policy"` field has been removed in favor of a `"policyId"` field. The type has also changed from an int to a string, which is the appropriate Cedar JSON format for policy IDs. The keys of the `"position"` objects have changed to lower case from Pascal case.

2024-09-09

Control Plane

92.66.0

2024-09-09

Control Plane

92.65.0

This release adds the `support_login_user` filter for listing activities via the `sdm audit activities --filter` command.

2024-09-03

Control Plane

92.46.0

This release adds support for selecting LDAP schema by setting the schema query param in the URL. By default it is `ad` (Active Directory) but can be set to `openldap` by providing the schema query param (`ldaps://127.0.0.1?schema=openldap`).

2024-09-03

CLI

44.55.0

This release updates the GCP Secret Manager to store paths relative to secret manager root path (/projects/<project-id>). It also normalizes the names of managed secrets into the secret path by changing '/' characters into double underscore characters.

2024-09-03

Control Plane

92.43.0

2024-08-29

CLI

44.48.0

This release fixes a rare memory leak in the gateway that can occur when connections are forwarded through a relay and there are repeated egress connection failures to one or more resources on the relay.

2024-08-28

Control Plane

92.22.0

This release fixes an issue with Slack access requests where duplicate resources made granting access impossible.

2024-08-27

CLI

44.44.0

This release fixes potential interoperability issues between the StrongDM CLI and some third-party vendor firewall and packet filtering applications due to a recent change in Go to enable a experimental post-quantum key exchange mechanism in TLS negotiations by default. This mechanism has been temporarily disabled until such issues are resolved.

2024-08-27

Control Plane

92.17.0

2024-08-27

Desktop Application

21.83.0

This release updates the desktop app with new icons and colors, enhances the user experience around layout and filters, and adds tabs for navigation.

2024-08-26

CLI

44.42.0

This change updates the output of `sdm audit access-requests` to add requester name, reason, duration, and account grant(s) information to the output.

2024-08-24

Control Plane

92.9.0

This change updates the output of `sdm audit access-requests` to add requester name, reason, duration, and account grant(s) information to the output.

2024-08-24

Java SDK

11.8.0

This change updates the output of `sdm audit access-requests` to add requester name, reason, duration, and account grant(s) information to the output.

2024-08-24

Ruby SDK

11.8.0

This change updates the output of `sdm audit access-requests` to add requester name, reason, duration, and account grant(s) information to the output.

2024-08-24

Go SDK

11.8.0

This change updates the output of `sdm audit access-requests` to add requester name, reason, duration, and account grant(s) information to the output.

2024-08-24

Python SDK

11.8.0

This change updates the output of `sdm audit access-requests` to add requester name, reason, duration, and account grant(s) information to the output.

2024-08-23

Control Plane

92.4.0

This release fixes an issue in the Policy Editor where incorrect completion suggestions may be provided based on other content in the policy.

2024-08-22

Control Plane

92.1.0

This change adds a new "PingID (OIDC)" SSO provider.

2024-08-21

Control Plane

91.98.0

This release resolves an issue where some resources were not able to be updated due to a unique validation on a field that was not required or visible to the user.

2024-08-20

Control Plane

91.96.0

Policy-based action control for PostgreSQL databases is now supported for Aurora PostgreSQL, Cockroach, GreenPlum, and RDS PostgreSQL IAM resources.

2024-08-14

Control Plane

91.73.0

This release adds a few activity verbs involving workflows to SDKs for completeness. These verbs are no longer used currently, but in audit trails, can still be requested. The verbs in question: `ActivityVerbDeprecatedWorkflowResourceAssigned`, `ActivityVerbDeprecatedWorkflowResourceUnassigned`, `ActivityVerbDeprecatedWorkflowResourceMultipleAssigned`, `ActivityVerbDeprecatedWorkflowResourceMultipleUnassigned`, `ActivityVerbDeprecatedWorkflowApproversUpdated`, `ActivityVerbDeprecatedWorkflowAutoGrantUpdated`, `ActivityVerbDeprecatedWorkflowApprovalCriteriaUpdated`

2024-08-14

Terraform Provider

11.7.0

2024-08-14

Java SDK

11.7.0

2024-08-14

Python SDK

11.7.0

2024-08-14

Go SDK

11.7.0

2024-08-14

Ruby SDK

11.7.0

2024-08-13

Java SDK

11.6.1

This release updates javadocs for the Java SDK.

2024-08-08

Control Plane

91.50.0

This release causes dead relays or gateways that are pruned (30 days old without a heartbeat) to also emit an activity log.

2024-08-07

Control Plane

91.48.0

This release adds policy fields AuthzJSON and Target to the queries API.

2024-08-07

Python SDK

11.5.1

This release adds policy fields AuthzJSON and Target to the queries API.

2024-08-07

Ruby SDK

11.5.1

This release adds policy fields AuthzJSON and Target to the queries API.

2024-08-07

Go SDK

11.5.1

This release adds policy fields AuthzJSON and Target to the queries API.

2024-08-06

CLI

44.28.0

This release adds the `--permissions-help` flag to the `admin tokens add` command to show all available permissions and their descriptions. `sdm admin tokens add --permissions-help` will list all of the allowed permissions.

2024-08-06

Control Plane

91.45.0

2024-08-06

CLI

44.27.0

This release deprecates the `KubernetesBasicAuth` and `AKSBasicAuth` resource types.

2024-08-06

Control Plane

91.44.0

This release deprecates the `KubernetesBasicAuth` and `AKSBasicAuth` resource types.

2024-08-06

Terraform Provider

11.4.0

This release deprecates the `KubernetesBasicAuth` and `AKSBasicAuth` resource types.

2024-08-06

Python SDK

11.4.0

This release deprecates the `KubernetesBasicAuth` and `AKSBasicAuth` resource types.

2024-08-06

Ruby SDK

11.4.0

This release deprecates the `KubernetesBasicAuth` and `AKSBasicAuth` resource types.

2024-08-06

Go SDK

11.4.0

This release deprecates the `KubernetesBasicAuth` and `AKSBasicAuth` resource types.

2024-08-05

CLI

44.25.0

This release adds `sdm audit policies` command to the CLI to list policies existing at a given timestamp.

2024-08-02

CLI

44.23.0

This release adds `sdm admin policies` commands to the CLI to manage policies. It provides create, update, delete and list operations for policies.

2024-08-01

Control Plane

91.29.0

This release resolves a bug introduced in 91.24.0 where users, when unauthenticated via a session timeout, could enter an error page without the ability to log out.

2024-08-01

Control Plane

91.28.0

This adds support for the Policies API.

2024-08-01

Java SDK

11.3.0

This adds support for the Policies API.

2024-08-01

Python SDK

11.3.0

This adds support for the Policies API.

2024-08-01

Go SDK

11.3.0

This adds support for the Policies API.

2024-08-01

Ruby SDK

11.3.0

This adds support for the Policies API.

2024-08-01

Control Plane

91.26.0

This release updates the CrowdStrike integration to use the full set of network interfaces collected from the CrowdStrike API to detect the device agent corresponding to a given StrongDM client. Previously, devices with multiple network interfaces could potentially have been unable to identify a device trust score.

2024-07-29

Control Plane

90.98.0

Policy-Based Action Control (PBAC) is now generally available to all Enterprise customers. Fine-grained authorization is now performed against all PostgreSQL database actions and the Policy Editor in the Admin UI has been enhanced to support creating policies to authorize these actions.

2024-07-29

CLI

44.4.0

This release adds support for the `VAULT_TOKEN_RENEW_BEHAVIOR` environment variable. Supported values are `STOP_ON_ERROR`, which, if the token renewal fails it will stop renewal process, and login will be attempted on the next healthcheck attempt; and `DISABLED`, which will disable token renewal, and login will happen again after the current token is expired.

2024-07-26

Control Plane

90.88.0

This change updates the format of some metadata in various emails sent from the StrongDM control plane.

2024-07-25

Desktop Application

21.80.0

This release updates the desktop app to show the following menu items when the dock icon (on macOS) or the tray icon (for Windows) is right-clicked: **Open app.strongdm.com**, which opens the Admin UI in the web browser; and **Connect All**, which connects to all assigned resources and is only visible when authenticated. In addition, this release fixes the main desktop app menu options in macOS to be **About StrongDM** and **Quit StrongDM** instead of **About desktop** and **Quit desktop**. The main desktop app menu also adds the **Log Out** option when authenticated and **Log In** when unauthenticated.

2024-07-23

Control Plane

90.71.0

This release ensures there will be no more friction for updating resources if your resource has Strong Vault as its default secret store and you have disallowed credentials to be stored with StrongDM.

2024-07-23

CLI

43.94.0

This release fixes a bug in the `sdm audit permissions` CLI command where a filter specified by the `--filter` parameter was being ignored, causing results not to be filtered.

2024-07-23

Control Plane

90.69.0

This release fixes a bug with explicit routing enabled in strict or exclusive enforcement mode, where relays may be incorrectly reported as "isolated" in the Admin UI.

2024-07-23

Control Plane

90.61.0

This release fixes a connection error for Mongo legacy resource types when used with older gateways, reverting to continue using an old behavior mode.

2024-07-22

Control Plane

90.56.0

This change fixes a presentation bug that caused shrunken dashboards in the Reports Library.

2024-07-22

CLI

43.91.0

This release resolves an incompatibility using the RDS PostgreSQL (IAM) resource type with policies, introduced in version 43.84.0.

2024-07-19

Control Plane

90.53.0

When creating a website resource, the subdomain field will provide an error about max length when longer than 256 characters.

2024-07-19

CLI

43.88.0

This change augments `sdm doctor -v` and the desktop app's diagnostic output to include short descriptions of some common problems (for example, inability to reach gateways or api.strongdm.com).

2024-07-19

Control Plane

90.47.0

This release adds an example to the Log Stream page of the Admin UI, indicating how to set up CMK usage.

2024-07-18

Control Plane

90.41.0

This release adjusts StrongDM's syncing logic with CrowdStrike to prevent delays in updates to retrieved device trust scores when invalid API tokens are provided to StrongDM.

2024-07-18

Control Plane

90.40.0

This release fixes an issue where an idle timeout duration greater than 24 days caused users to log out immediately.

2024-07-17

Java SDK

11.1.0

This release updates which Mongo drivers are unstable per their legacy naming.

2024-07-17

Terraform Provider

11.1.0

This release updates which Mongo drivers are unstable per their legacy naming.

2024-07-17

Python SDK

11.1.0

This release updates which Mongo drivers are unstable per their legacy naming.

2024-07-17

Ruby SDK

11.1.0

This release updates which Mongo drivers are unstable per their legacy naming.

2024-07-17

Go SDK

11.1.0

This release updates which Mongo drivers are unstable per their legacy naming.

2024-07-16

Control Plane

90.32.0

This release addresses the following third party CVEs: CVE-2024-36138,CVE-2024-22020,CVE-2024-22018,CVE-2024-36137,CVE-2024-37372

2024-07-16

Control Plane

90.30.0

This change adds support for ALTER EXTENSION statements as parsed SQL actions

2024-07-15

CLI

43.73.0

Fix filters help responses for approval workflows commands

2024-07-12

Control Plane

90.19.0

This release adds the `egressNodeID` field to log stream query outputs, reflecting the final node which processed a query and sent it directly to a resource.

2024-07-12

Control Plane

90.17.0

This release adds Okta Verify as a supported MFA provider.

2024-07-11

CLI

43.69.0

This release removes the outdated flags `--connect-to-replica` and `--replica-set` from the `sdm admin resources create mongo` command.

2024-07-11

Terraform Provider

11.0.0

This release removes some deprecated fields from Mongo resource types.

2024-07-11

Java SDK

11.0.0

This release removes some deprecated fields from Mongo resource types.

2024-07-11

Python SDK

11.0.0

This release removes some deprecated fields from Mongo resource types.

2024-07-11

Go SDK

11.0.0

This release removes some deprecated fields from Mongo resource types.

2024-07-11

Ruby SDK

11.0.0

This release removes some deprecated fields from Mongo resource types.

2024-07-10

Control Plane

90.7.0

This release addresses the following third party CVEs: CVE-2024-6104, CVE-2024-6257 This release addresses the following third party CVEs: CVE-1984-12345,CVE-1984-12346

2024-07-10

CLI

43.65.0

This release adds the loopback range to the organization history API.

2024-07-10

Java SDK

9.7.0

This release adds the loopback range to the organization history API.

2024-07-10

Python SDK

9.7.0

This release adds the loopback range to the organization history API.

2024-07-10

Ruby SDK

9.7.0

This release adds the loopback range to the organization history API.

2024-07-10

Go SDK

9.7.0

This release adds the loopback range to the organization history API.

2024-07-10

CLI

43.63.0

Many CLI commands currently do not have validation against incorrect number of arguments being provided. This release adds those validations.

2024-07-09

Control Plane

89.99.0

In the event an access request has more than one resource associated with it, typically through an approval workflow associated with a policy, all resources will now be listed in the access request details.

2024-07-08

Control Plane

89.92.0

This release fixes an issue in the Admin UI where resources could not be created if there are no Identity Sets.

2024-07-05

CLI

43.58.0

On Linux, "sdm install" has a new -nostart flag that can be used when users want to complete the installation without actually starting the service.

2024-07-03

Terraform Provider

10.5.0

This change adds a resource type for SSH password authentication.

2024-07-03

Java SDK

9.6.0

This change adds a resource type for SSH password authentication.

2024-07-03

Ruby SDK

9.6.0

This change adds a resource type for SSH password authentication.

2024-07-03

Python SDK

9.6.0

This change adds a resource type for SSH password authentication.

2024-07-03

Go SDK

9.6.0

This change adds a resource type for SSH password authentication.

2024-07-02

Control Plane

89.81.0

This release allows the Port Override field to be set when creating or updating a cloud resource, as with other resources. Previously this field was only visible and editable for cloud resources through the CLI or SDKs.

2024-07-01

CLI

43.53.0

This release removes the "alterUser" SQL action, treating such calls as aliases for ALTER ROLE.

2024-07-01

Control Plane

89.74.0

This release removes the "alterUser" SQL action, treating such calls as aliases for ALTER ROLE.

2024-07-01

Desktop Application

21.76.0

This release updates colors within the desktop app.

2024-06-27

Desktop Application

21.74.0

This release updates the desktop app so that when clicking the taskbar icon, the Resource Center window opens or is in focus instead of the Account menu opening. This change also puts the Account menu within the header of the Resource Center window.

2024-06-27

Control Plane

89.59.0

This release fixes a duplicate footer and image for TOTP MFA enrollment success.

2024-06-26

Control Plane

89.54.0

This fixes an issue for DBAs that caused the resource page not to load.

2024-06-26

CLI

43.31.0

This changes the Microsoft Defender Device Trust checks to be evaluated against the required trust level "as expected" (fixing a previously present in the code bug).

2024-06-26

Control Plane

89.52.0

This changes the Microsoft Defender Device Trust checks to be evaluated against the required trust level "as expected" (fixing a previously present in the code bug).

2024-06-25

Control Plane

89.45.0

This release resolves an issue where the navigation layout sometimes flickered before the login screen. It also resolves an issue with idle timeouts not correctly logging users out, and an issue with Parent-Child organization logins via the Admin UI.

2024-06-24

CLI

43.15.0

This release changes connection behavior to proactively close idle connections when proxying HTTP requests in order to reduce the memory profile of high volume HTTP requests for both nodes and clients.

2024-06-21

CLI

43.4.0

This release addresses the following third party CVEs: CVE-2024-35255

2024-06-21

Control Plane

89.22.0

This release addresses the following third party CVEs: CVE-2023-49559

2024-06-18

Java SDK

9.4.0

This release adds the ability to configure the following cluster type resources for discovery to the CLI, SDKs and the SDM Terraform Provider: Kubernetes, KubernetesServiceAccount, AKS, AKSServiceAccount, AmazonEKS, AmazonEKSInstanceProfile, GoogleGKE. The feature is not yet Generally Available and may not be available to your organization yet.

2024-06-18

Control Plane

89.10.0

This release adds more informational links to the MFA settings section in the Admin UI, including separate links for Duo, Okta, and TOTP setup.

2024-06-18

Control Plane

89.5.0

This release updates the text on the Microsoft Defender option for Device Trust in the Admin UI.

2024-06-18

CLI

42.97.0

This release renames the CLI's `admin relays` tree to `admin nodes` with accompanying help text updates. Node is the more generic term that encompasses both gateways and relays. An alias for relays remains to prevent breakage in existing scripts. Similarly, the CLI's `audit relays` command has been renamed to `audit nodes` with accompanying help text updates. An alias for relays remains to prevent breakage in existing scripts.

2024-06-18

CLI

42.96.0

This release adds support for Mongo 7 and Mongo 8 (tested with RC8).

2024-06-18

CLI

42.95.0

This change adds support to parse ALTER DEFAULT PRIVILEGES statements as actions for Postgres resources.

2024-06-18

Control Plane

89.4.0

This change adds support to parse ALTER DEFAULT PRIVILEGES statements as actions for Postgres resources.

2024-06-17

CLI

42.93.0

2024-06-17

Control Plane

89.3.0

2024-06-17

Terraform Provider

10.4.0

2024-06-17

Go SDK

9.4.0

2024-06-17

Python SDK

9.4.0

2024-06-17

Ruby SDK

9.4.0

2024-06-17

Terraform Provider

10.3.0

This release changes the Remote Identity references to Identity Alias in the header and JSON keys for `sdm audit queries`, and for Log Sync.

2024-06-17

CLI

42.92.0

This release changes the Remote Identity references to Identity Alias in the header and JSON keys for `sdm audit queries`, and for Log Sync.

2024-06-17

Control Plane

89.1.0

This release changes the Remote Identity references to Identity Alias in the header and JSON keys for `sdm audit queries`, and for Log Sync.

2024-06-17

Python SDK

9.3.0

This release changes the Remote Identity references to Identity Alias in the header and JSON keys for `sdm audit queries`, and for Log Sync.

2024-06-17

Ruby SDK

9.3.0

This release changes the Remote Identity references to Identity Alias in the header and JSON keys for `sdm audit queries`, and for Log Sync.

2024-06-17

Go SDK

9.3.0

This release changes the Remote Identity references to Identity Alias in the header and JSON keys for `sdm audit queries`, and for Log Sync.

2024-06-17

CLI

42.90.0

This release renames the Remote Identity activities to Identity Alias and Identity Sets. This release also renames the `Remote Identities` header to `Identity Aliases` for `sdm audit users` and `sdm audit queries`.

2024-06-17

CLI

42.91.0

This release updates some CLI commands to now show the correct default value (instead of 0) for the `--page-limit` option.

2024-06-17

Control Plane

89.0.0

2024-06-17

Terraform Provider

10.2.0

2024-06-17

Python SDK

9.2.0

2024-06-17

Ruby SDK

9.2.0

2024-06-17

Go SDK

9.2.0

2024-06-14

CLI

42.81.0

This change causes nodes to restart if they detect they have lost their authentication state, so they can either restore it or sever themselves from the network and cut idle traffic if they cannot (because they were remotely deleted, for example).

2024-06-14

Control Plane

88.91.0

This release implements a default behavior to forbid self-approvals in the workflow settings. Existing configurations will be unaffected.

2024-06-13

Control Plane

88.85.0

This change resolves a bug where deleted nodes would not be notified of their deletion, causing them to continue to fruitlessly send requests to a StrongDM control plane until they were manually cut off.

2024-06-12

Control Plane

88.72.0

This release allows Resources to be filtered by `identityEnabled` and `identitySetID` "identityEnabled" has a Boolean value and indicates if a resource is configured to use an Identity Alias on connection. "identitySetID" has a string value, and is the specific Identity Set that the resource is configured to use. Filtering by `remoteIdentityEnabled` is still supported but is deprecated.

2024-06-11

CLI

42.69.0

This change reveals the sdm admin network subtree for working with peering groups.

2024-06-11

CLI

42.66.0

This PR adds support for special JSON functions and the IS JSON clause to the SQL actions parser.

2024-06-11

Control Plane

88.68.0

This PR adds support for special JSON functions and the IS JSON clause to the SQL actions parser.

2024-06-11

CLI

42.61.0

This changeset supports DROP DATABASE, DROP CAST, DROP TRANSFORM, and DROP OPERATOR CLASS in the PostgreSQL action parser.

2024-06-11

Control Plane

88.64.0

This changeset supports DROP DATABASE, DROP CAST, DROP TRANSFORM, and DROP OPERATOR CLASS in the PostgreSQL action parser.

2024-06-11

CLI

42.59.0

This changeset adds action parsing support for SQL MERGE statements.

2024-06-11

Control Plane

88.63.0

This changeset adds action parsing support for SQL MERGE statements.

2024-06-11

CLI

42.58.0

This change adds support for UESCAPE clauses in PostgreSQL query parsing.

2024-06-11

Control Plane

88.62.0

This change adds support for UESCAPE clauses in PostgreSQL query parsing.

2024-06-10

CLI

42.57.0

This PR augments SQL parsing to correctly handle cases around type copying in function creation and some forms of type casting.

2024-06-10

Control Plane

88.57.0

This PR augments SQL parsing to correctly handle cases around type copying in function creation and some forms of type casting.

2024-06-10

CLI

42.54.0

This release augments the Postgres policy action parser to understand more edge cases of the Postgres grammar.

2024-06-10

Control Plane

88.46.0

This release adds Microsoft Defender as a supported Device Trust provider.

2024-06-06

Control Plane

88.24.0

This release fixes a bug preventing configured Okta MFA settings from appearing in the Admin UI.

2024-06-06

Control Plane

88.23.0

This release updates the error message received when a user is not enrolled in Okta MFA, for clarity.

2024-06-05

Control Plane

88.22.0

This release changes the behavior of the 'default' Identity Set. New organizations will no longer have a 'default' Identity Set automatically created. 'default' Identity Sets will also be able to be deleted.

2024-06-03

Control Plane

88.4.0

SCIM requests can now include a list of identity aliases to be assigned to a user.

2024-06-03

Control Plane

88.3.0

This change deprecates some older forms of creating healthchecks. Specifically, when gateways come online after being offline for over 60 seconds, they would formerly enqueue a healthcheck for every resource at that time; this has been removed. In addition, legacy clients used a less efficient mechanism for healthchecking resources on `sdm connect`; this has been removed. All CLI versions released within the last year, or greater than 38.13.0, will see no change in behavior here. Newer clients will (still) efficiently healthcheck resources on `sdm connect`, for any unhealthy resource, and this in combination with manual checks, checks on resource updates, and periodic automatic checks will keep gaps from causing access problems. Switching to explicit routing is also recommended for users with large, complicated networks.

2024-05-29

CLI

42.34.0

This release adds the Identity Set Create, Update, and Delete commands to the CLI and SDKs. It also changes `sdm admin identities create` to take in a required `identity-set-id` or `identity-set-name`, instead of creating all Identity Aliases with the default Identity Set.

2024-05-29

Control Plane

87.78.0

2024-05-29

Java SDK

9.1.0

2024-05-29

Terraform Provider

10.1.0

2024-05-29

Python SDK

9.1.0

2024-05-29

Go SDK

9.1.0

2024-05-29

Ruby SDK

9.1.0

2024-05-29

Control Plane

87.74.0

This release addresses a race condition in native login that could cause the user to be redirected to the login page when they should not be.

2024-05-22

CLI

42.26.0

This release renames `sdm admin remote-identities` to `sdm admin identities`, the `sdm admin remote-identities` tree is deprecated. Similarly for SDKs, the old Remote Identity and Remote Identity Group surfaces have been deprecated and renamed to Identity Alias and Identity Set. For Drivers, the `RemoteIdentityHealthcheckUsername` and `RemoteIdentityGroupId` have been renamed to `IdentityAliasHealthcheckUsername` and `IdentitySetId`. When creating resources using the CLI, the user would need to use `identityAliasHealthcheckUsername` and `identitySetId`, instead of `remoteIdentityHealthcheckUsername` and `remoteIdentityGroupId` as the JSON keys.

2024-05-22

Control Plane

87.53.0

2024-05-22

Java SDK

9.0.0

2024-05-22

Terraform Provider

10.0.0

2024-05-22

Python SDK

9.0.0

2024-05-22

Ruby SDK

9.0.0

2024-05-22

Go SDK

9.0.0

2024-05-20

Java SDK

8.4.0