Current Releases

If you are using a client (RDM, PowerShell, etc.), version 2026.2 is required for this DVLS version IMPROVEMENTS Core - Website Legacy entries can no longer be edited and must be converted before use. The option to permanently dismiss the conversion notice has also been removed PAM - Added requested elevation details to reports PAM - Added visibility into which approvers received temporary access and PAM checkout requests PAM - Prevented users from approving their own checkout requests through linked accounts when self-approval is disabled FIXES SECURITY Core - Fixed a security issue where duplicating a folder could expose attachments and handbook pages to users without access to the original content SECURITY Core - Fixed a security issue where ticketing service credentials (ServiceNow and Jira) could be viewed by authenticated users through data source settings SECURITY PAM - Fixed missing permission checks on discovery scan results, ensuring only authorized users can access discovery data SECURITY Core - Fixed a privilege escalation issue that could allow users creating vaults or PAM providers to assign themselves System Administrator rights SECURITY Core - Fixed an issue where social-login entry metadata could be visible to vault members who were explicitly denied access to those entries Core - Fixed a performance regression that caused system permission changes to take longer than expected to save Core - Fixed a synchronizer error that occurred when nested groups were deleted in Entra ID (Azure AD) Core - Fixed an issue preventing orders from being created when they contained both a starter pack and additional licenses Core - Fixed an issue where changing a password on first login after a basic installation could fail Core - Fixed an issue where exported attachments and documents could become unusable after re-importing with attachments included Core - Fixed an issue where the "Template list only" mode was not enforced, allowing entries to be created without a template Core - Fixed an issue where variables were not resolved when unsealing entries or sending related notifications Core - Fixed false password-change audit logs and notification emails when updating non-credential Website entry settings Core - Improved loading performance for repository assignments, including the Batch Grant Access window PAM - Fixed PostgreSQL accounts incorrectly appearing out of sync after successful password resets PAM - Fixed the "MFA on checkout" default setting not being saved Web - Fixed a JavaScript error when viewing entry details containing deserialization errors under Reports > Diagnostic > Entries Web - Fixed an issue where deleting an entry could trigger an error and leave the connections tree in an incorrect state until the page was refreshed Web - Fixed an issue where unsupported AI Assistant providers appeared blank in the edit dialog and could cause the wrong provider to be saved Web - Fixed Synchronizer entries becoming unusable in the web interface when the synchronization mode was set to manual or inherited manual Web - UI fixes ** CONSOLE RELEASE NOTES ** IMPROVEMENTS Minor updates

If you are using a client (RDM, PowerShell, etc.), version 2026.2 is required for this DVLS version IMPROVEMENTS Core - Added a global setting to disable the AI Assistant for all users Core - Added AI Assistant controls to Entry Type Availability settings for easier administration Core - API messages now match the language used in the web interface PAM - Password Rotation Schedules now follow your configured date and time format Web - DVLS now automatically uses your browser's language when you sign in, unless you have selected a different language FIXES SECURITY Core - Restricted access to deleted user group details to authorized administrators only SECURITY Core - Secured ticketing integration credentials so they are no longer visible to non-administrative users SECURITY PAM - Fixed a script injection vulnerability in built-in PAM provider scripts Core - Fixed an issue where updating the server could cause valid licenses to disappear when an expired license was present Core - Fixed password rotation issues affecting shared SQL accounts across multiple DVLS instances Core - Fixed SQL connection string passwords being written to logs in plain text during configuration reloads PAM - Fixed adding PAM accounts to existing vaults without a valid PAM license PAM - Fixed an issue where Azure SQL accounts in the infrastructure vault were incorrectly shown as out of sync PAM - Fixed an issue where scans of unresponsive Windows targets could block future account scans PAM - Fixed SSH provider connections through the Gateway PAM - Fixed the Default Security section appearing for administrators without System Settings access PAM - Improved the message shown when a password update is still pending, replacing provider errors with clearer information Web - Fixed an error when closing web remote sessions and corrected the displayed hostname on disconnect ** CONSOLE RELEASE NOTES ** IMPROVEMENTS Minor updates

If you are using a client (RDM, PowerShell, etc.), version 2026.2 is required for this DVLS version NEW FEATURES Core - Added a certificate-based Conditional Access Policy for certificate authentication Core - Added a dedicated AI Assistant entry in DVLS Core - Added a new credential mode to save and autofill social logins with the Password Manager extension Core - Added in-app notifications when a new DVLS server version is available Core - Added support for Microsoft Entra ID authentication using delegated permissions Core - Added the ability to configure the number of simultaneous checkouts allowed for an entry PAM - Added the ability to configure a default elevation group during checkout PAM - Added the option to require MFA when checking out a PAM account Web - Added Brandfetch auto-complete support when creating website entries IMPROVEMENTS Core - Added a search bar in the user selection dialog when creating a new domain user, searchable by sAMAccountName, displayName and OU Core - Added CVE vulnerability checks on the security dashboard with upgrade recommendations Core - Added the ability to filter entries by connection type through the REST API Core - Email notifications now use the user's configured language preference Core - Improved contractor user management with a redesigned onboarding experience, automatic password generation, and clearer disabled user indicators Core - Reduced the in-app trial period from 30 days to 14 days PAM - Added a "Skip TLS validation" option for the Windows provider PAM - Added support for using the provider account for SSH password heartbeat when target accounts have SSH access disabled PAM - Enhanced password rotation scheduling with more flexible configuration options PAM - Improved access requests to include the full hierarchy of linked connections Web - Added a button to clear all user notifications Web - Added a Convert button to the legacy website banner for faster entry conversion Web - Added a notification in the Administration Dashboard when a new DVLS version is available Web - Added vertical navigation in the Administration and Reports areas to make settings easier to find Web - Extended user synchronizer support in the web interface FIXES Core - Fixed a missing translation when requesting access to available vaults Core - Fixed a NullReferenceException that could occur when a deleted connection notification was processed Core - Fixed a portable license error ("Invalid license: RDM") on first login Core - Fixed a regression where Custom permissions behaved as Denied in web and RDM clients Core - Fixed a regression where vault assignments were not applied during user group import Core - Fixed a SQL timeout when renaming folders containing a large number of entries Core - Fixed an Access Denied error when non-admin users tried to add an entry from a template Core - Fixed an error when opening Duo MFA settings and improved invalid credential validation Core - Fixed an error when starting a trial with an no email address Core - Fixed an issue where duplicating a folder did not copy sub-entries Core - Fixed an issue where entry types disappeared from Type Availability when the last selected vault was content-restricted Core - Fixed an issue where removing an expired license incorrectly prompted for DVLS Free Core - Fixed attachments being lost when moving entries to another vault Core - Fixed DVLS being unable to connect to SQL Server on Linux when TLS encryption was enabled Core - Fixed Entra App Proxy pre-authentication failing when the DVLS account had MFA enforced Core - Fixed linked external vault information not being saved when linking an SSH key Core - Fixed missing translation and username details in temporary access approval emails Core - Fixed Syslog over TCP messages not being RFC 6587 compliant, preventing ingestion by some collectors Core - Fixed the "Do not show again" option not working in the Clipboard Privacy warning dialog Core - Fixed trailing spaces being saved in Tags and in Notification Subscription "Exact expression" parameters Core - Fixed User Settings Vault and Global settings not working for non-admin users in RDM Gateway - Fixed an issue where "Ping all Gateways" incorrectly reported failures Gateway - Fixed an issue where Gateway vault security incorrectly applied to PAM providers Gateway - Fixed GatewayManager creating a short-lived, undisposed HTTP client for every request, which could lead to socket exhaustion Gateway - Fixed the Update button remaining disabled after deleting a configured Gateway PAM - Fixed a regression where inherited OTP no longer worked on PAM accounts PAM - Fixed an issue where admins appeared as approvers even when disabled in settings PAM - Fixed an issue where approval through role/group permissions did not work PAM - Fixed checkout approvers not appearing in the approvers list when no PAM license is assigned PAM - Fixed having to scroll to access buttons in Reports > PAM Check-out requests PAM - Fixed incorrect "license required" messages shown to licensed PAM users PAM - Fixed PAM account details remaining visible while the account was checked out PAM - Fixed the PAM scheduler hanging on local Windows account scans when the target stopped responding PAM - Fixed the Windows Local Account provider template scan returning no results Web - Fixed a toast notification incorrectly showing "Not found" when deleting entries Web - Fixed a TypeError when opening Advanced Search as a user without a user vault Web - Fixed RDP/VNC/ARD left mouse clicks triggering a right-click in the web client when running in Firefox Web - Fixed the SSH web app not prompting for the private key passphrase when one was required Web - Fixed unnecessary icon cache fetches caused by virtual scrolling Web - Fixed web RDP sessions not invoking the KDC Proxy, causing Kerberos authentication to fall back to NTLM Web - Multiple UI fixes Web - Multiple UI fixes ** CONSOLE RELEASE NOTES ** IMPROVEMENTS The passwords file generated during a Basic Install now includes the SQL Express server/instance name for easier follow-up installs FIXES Core - Fixed additional access URIs not being editable in the Kestrel PAM - Fixed an issue where account discovery results were not always re-encrypted after an encryption key change

If you are using a client (RDM, PowerShell, etc.), version 2026.1 is required for this DVLS version FIXES SECURITY [CVE-2026-9522]PAM - Fixed an access control issue affecting account discovery scan configurations SECURITY [CVE-2026-9590]Core - Fixed a permission issue that could allow asset sections to be modified through the API without proper authorization SECURITY Core - Fixed synchronizers running against sealed credentials without prompting for unsealing first Core - Fixed an error that prevented starting a trial when an invalid email address was entered Core - Fixed sign-in issues when using Entra App Proxy with MFA and pre-authentication enabled PAM - Fixed a regression where the OTP field was not displayed for checked-out accounts using inherited OTP settings Web - Fixed the Clipboard Privacy warning dialog's "Do not show again" option not being respected Web - Fixed trailing spaces being saved in Tags and Notification Subscription exact-match filters ** CONSOLE RELEASE NOTES ** FIXES Core - Fixed the inability to edit additional access URIs in the Kestrel configuration

If you are using a client (RDM, PowerShell, etc.), version 2026.1 is required for this DVLS version IMPROVEMENTS SECURITY Core - Added audit logging for Send Copy actions so administrators can track who shared entries and with whom SECURITY Core - Improved authentication security to prevent external-provider sessions from bypassing password authentication under a different login method Core - Improved Active Directory user creation performance PAM - Added an option to skip TLS validation for the Windows Provider Web - Added Command key support for multi-selection in the web interface, allowing Mac users to extend selections with Cmd-click FIXES SECURITY [CVE-2026-5171 ]Core - Fixed an issue where users without Activity Logs permission could still retrieve entry logs through the API SECURITY [CVE-2026-7325]PAM - Fixed an LDAP coercion issue that could force DVLS to authenticate against a malicious LDAP server SECURITY [CVE-2026-8477]Core - Fixed a security issue where sealed entries could be accessed through the partial sensitive-data endpoint without triggering unseal notifications SECURITY [Le CVE-2026-9047]Core - Fixed an issue where adding an additional MFA factor could remove an existing MFA key SECURITY Core - Fixed a missing permission check that could allow users to create a new vault when importing an `.rdx` file referencing a non-existent vault SECURITY Core - Fixed a password change bypass that allowed users to change passwords without providing the previous password SECURITY Core - Fixed an access-rights cache issue that could allow a privileged user to retrieve another user's credentials SECURITY Core - Fixed an issue where Active Directory accounts could modify their own profile data through the API despite UI restrictions SECURITY Core - Fixed an issue where duplicating a connection could copy handbooks and attachments from entries the user could not access SECURITY Core - Fixed an issue where handbook content and attachment metadata from sealed entries could be accessed without following the unseal workflow SECURITY Core - Fixed an issue where non-admin users could bypass the Pending Approval flow by changing an entry's status SECURITY Core - Fixed an issue where sealed credentials could be unsealed in another DVLS instance without notifying administrators, and improved handling of linked sealed credentials after import SECURITY Core - Fixed an open redirect vulnerability during external OAuth sign-in failures or cancellations Core - Fixed a `NullReferenceException` in the notification processing service that could leave notifications stuck in an unprocessed state Core - Fixed an issue where Linked (External) credentials were not saved correctly on SSH entries linked to an SSH Key Core - Fixed attachments being lost when moving an entry to another vault Core - Fixed folder duplication so sub-entries are duplicated along with the parent folder Web - Fixed a `TypeError` when opening the Advanced Search dialog as a user without a User Vault ** CONSOLE RELEASE NOTES ** IMPROVEMENTS Minor updates

If you are using a client (RDM, PowerShell, etc.), version 2026.1 is required for this DVLS version FIXES SECURITY [CVE-2026-5146] Core - Closed a security gap allowing notification actions without authentication Core - Fixed a configuration error causing app settings to fail loading Core - Fixed admins receiving expiration alerts for other users' vault items Core - Fixed an issue where deleting a user could remove all users from the list Core - Fixed incorrect backup failure alerts and cleanup issues on Linux/Docker Core - Fixed unreliable installation of IIS ASP.NET Core Module on new Windows Server setups PAM - Fixed visibility selector closing too early when creating a new vault Web - Fixed "Disable MFA" dialog not closing after confirmation Web - Fixed default authentication method being ignored in Domain mode Web - Fixed empty notification banners appearing across admin pages Web - Fixed error dialogs showing blank content instead of messages Web - Fixed incorrect warning when saving entries with compromised passwords Web - Fixed login page defaulting to Domain authentication when set to "None" Web - Fixed reveal/copy actions targeting the wrong field after sorting entries Web - Fixed Security Dashboard crash when navigating after resolving ignored issues Web - Multiple UI improvements and fixes ** CONSOLE RELEASE NOTES ** IMPROVEMENTS Core - Added a support package generator to quickly collect diagnostics and configuration for faster issue resolution

If you are using a client (RDM, PowerShell, etc.), version 2026.1 is required for this DVLS version IMPROVEMENTS Core - Renamed Read-Only and Restricted user types to Legacy and removed Read-Only from default user templates Web - Updated third-party dependencies to address security issues, including a reported lodash vulnerability FIXES SECURITY Core - Added missing authorization check to prevent unauthorized access to handbook pages Core - Allowed CyberArk entries to be saved without a username when using OIDC authentication Core - Fixed the Buy a License flow so licenses can be purchased and retrieved properly Core - Prevented permission set changes from being lost when saving after navigation Core - Resolved issue preventing administrators from removing user subscriptions Web - Ensured Reset Password prompt appears above Emergency Login prompt Web - Fixed Hide/Reveal behavior on sensitive fields after table sorting Web - Hid unsupported System Dashboard options in Customize Layout dialog for restricted vaults ** CONSOLE RELEASE NOTES ** IMPROVEMENTS Minor updates

If you are using a client (RDM, PowerShell, etc.), version 2026.1 is required for this DVLS version IMPROVEMENTS Core - Added option for admins to reset a user's dashboard layout Core - Improved LDAP group handling to support users with over 1,000 groups Web - Session names now show the connection name instead of the host name for better consistency FIXES Core - Fixed error preventing MFA settings from being saved in user administration Core - Fixed false nightly "user modified" alerts during directory sync (Entra ID, AD, Okta, PingOne) Core - Fixed Linux issue where access URL didn't update after setting a custom domain Core - Fixed login failure after upgrade caused by improperly migrated security key data Core - Fixed login issue for contractor users when Devolutions authentication was disabled Core - Fixed MFA policy bypass allowing users to delete their own MFA methods Core - Fixed unintended default vault access granted to imported domain users PAM - Improved loading speed of Azure AD groups and user auto-creation RestAPI - Fixed sort order parameter not applying correctly in vault endpoint RestAPI - Fixed vault filter to correctly return Infrastructure vaults Web - Fixed authentication filter not resetting properly in Users list Web - Fixed error when clicking info icon in Entra ID configuration Web - Fixed Linux issue causing repeated dashboard widget duplication Web - Multiple UI fixes and improvements ** CONSOLE RELEASE NOTES ** IMPROVEMENTS Minor updates

If you are using a client (RDM, PowerShell, etc.), version 2026.1 is required for this DVLS version IMPROVEMENTS Core - Added "Show Release News" preference to control release notification visibility Core - Free License users now appear disabled with a clear visual indicator to explain login restriction Core - Renamed "System Dashboard" to "Administration Dashboard" for clearer terminology FIXES Core - Fixed "Allow API Key" setting not persisting after save Core - Fixed "Apply Least Permissions" failing when permissions were preconfigured Core - Fixed "Unable to save" error when users customize dashboards with a default dashboard set Core - Fixed clipboard restrictions not applying in RDP web sessions Core - Fixed contractor users unable to launch RDP sessions via permalink Core - Fixed error when running Last Usage Logs report for regular users Core - Fixed inability to update password generator templates Core - Fixed inability to view inherited OTP codes from root Core - Fixed intermittent dashboard widget reordering not applying Core - Fixed missing activity logs for User Group restore and delete actions Core - Fixed new users not being enabled by default when created Core - Fixed performance issues with Conditional Access Policies enabled Core - Fixed session termination redirecting incorrectly in Active Sessions view Core - Fixed user edits unintentionally removing assigned licenses Core - Fixed vault permissions appearing disabled for non-admin users Core - Resolved SQL collation issues during database and web backups Gateway - Added update notification to System Dashboard Gateway - Fixed advanced domain settings not saving Gateway - Fixed drain mode and scan option issues in Gateway farms Gateway - Fixed inability to terminate sessions using credential injection Gateway - Fixed session launch failures with inherited Gateway Rule Sets PAM - Fixed duplicated parent folders during account import PAM - Fixed incorrect error title on recurrent SSH key scan failure PAM - Fixed missing out-of-sync icon for SSH key accounts PAM - Fixed module admins unable to see external vaults during import PAM - Fixed PAM logs and rotation reports stuck loading on refresh PAM - Fixed SSH checkout approval error with "Yes, unless it's JIT" option PAM - Fixed unauthorized users appearing in checkout approver list PAM - Restored custom fields visibility in connection overview Web - Fixed "Access Denied" error for non-admin session launches with credential injection Web - Fixed PAM checkout redirect causing 404 error Web - Fixed Remote PowerShell entries not launching in web client ** CONSOLE RELEASE NOTES ** IMPROVEMENTS Core - Hid certificate passwords when updating Gateway certificates FIXES Core - Fixed error when editing Certificate Store locations Gateway - Fixed inability to add certificates when editing Gateway

If you are using a client (RDM, PowerShell, etc.), version 2026.1 is required for this DVLS version IMPROVEMENTS Core - Added dashboard layout reset capability allowing administrators to reset a user's corrupted or misconfigured dashboard layout back to defaults FIXES SECURITY CVE-2026-4828 Core - Fixed a security issue where MFA check could be bypassed when Emergency Code authentication was disabled SECURITY CVE-2026-4829 Core - Fixed an issue where OAuth session reuse could allow user impersonation, including administrators SECURITY CVE-2026-4924 Core - Fixed a security issue where MFA could be bypassed using an alternate authentication cookie SECURITY CVE-2026-4925 Core - Fixed an issue allowing users to remove their own MFA despite enforced restrictions SECURITY CVE-2026-4927 Core - Fixed an issue where users with management permissions could access other users' MFA secrets SECURITY CVE-2026-4989 Core - Fixed an issue where the gateway health check could be exploited for server-side request forgery (SSRF) Core - Fixed a regression where Microsoft User synchronization failed with an error reading 'UserCleanupDelta' Core - Fixed an issue where approving temporary access requests did not work when only groups were set as approvers Core - Fixed an issue where the contractor welcome email redirect did not work if the user was already logged in Core - Fixed KeePass XML import incorrectly creating Legacy Website entries instead of the correct entry type Core - Fixed Public API path query parameter filtering to work correctly with encoded URLs and nested paths Core - Fixed the scheduler service crashing when custom log retention policy configuration contained invalid data Gateway - Fixed a server-side request forgery vulnerability in the gateway health check route Gateway - Fixed an issue where new vaults could not be selected when changing the member filter in a gateway farm Gateway - Fixed session recording not working when the session does not connect through a gateway Gateway - Fixed the gateway going offline when a connection to a session fails due to a Virtual Gateway rule or other reason Web - Fixed a regression where the "All vault" button in the search stopped working Web - Fixed an issue where Domain/AD users could not be added by browsing and selecting them Web - Fixed normal users receiving an "Unable to save" error in the customize dashboard layout when a default dashboard exists Web - Fixed the credit card edit component missing a reveal sensitive data button Web - Fixed the entry security analyzer where the "Pwned" password filter was not working Web - Fixed the TOTP window display being broken ** CONSOLE RELEASE NOTES ** FIXES Core - Fixed a regression where SQL-to-DVLS migration silently failed to decrypt User Vault (private) entries, causing users to see empty vaults after migration

If you are using a client (RDM, PowerShell, etc.), version 2026.1 is required for this DVLS version IMPROVEMENTS Core - Added an option to hide the domain login method when domain SSO is enabled Core - Dynamic IP Lists are now generated by the server so they work correctly in the web interface and all clients Core - Expired entry lists and scheduled reports now display the full folder path for better context Core - Fixed path filtering behavior in the Public API, including support for empty paths returning root entries Gateway - Gateway-managed sessions from user vaults now correctly display the user's identity Gateway - In RDM, the Gateway section is only available for vaults with Gateway access FIXES Core - Fixed a crash when editing unsupported entry types Core - Fixed a failure when moving entries between vaults with folders sharing the same name in RDM Core - Fixed activity logs showing identical active time and duration values when switching tabs Core - Fixed an incorrect message indicating DVLS would revert to the free version after deleting a license Core - Fixed errors triggered by the "Buy now" button in the licenses section Core - Fixed missing activity log events when deleting or restoring user groups PAM - Fixed an empty approver list in the checkout approval dialog for certain SSH account configurations PAM - Fixed an issue where the default Gateway was not saved when enabling Gateway usage on a PAM provider PAM - Fixed domain PAM provider connection tests incorrectly falling back to the parent domain PAM - Fixed missing password reset after failed JIT elevation for non-provisioning accounts PAM - Fixed OTP prompt appearing for brokering-only PAM accounts PAM - Fixed vault owners missing from checkout request approver lists PAM - Fixed visual issues in the propagation template interface Web - Fixed a blank tree view that appeared when editing entries near the bottom of the scroll position Web - Fixed a Content Security Policy issue preventing RDP connections in the web client Web - Fixed an error when saving user vault entries for accounts without a user vault Web - Fixed live session recordings showing an empty dialog in the web client Web - Fixed SSH session recordings not opening in the web interface Web - Fixed the "Reveal password" button failing when creating a Password List entry ** CONSOLE RELEASE NOTES ** IMPROVEMENTS Added SQL database compatibility level verification during updates to prevent upgrade failures FIXES Fixed an installation failure during SQL Server Express setup caused by generated passwords containing single quotes

If you are using a client (RDM, PowerShell, etc.), version 2026.1 is required for this DVLS version NEW FEATURES Core - Added custom vault dashboard widgets with drag-and-drop reordering Core - Added Just-in-Time (JiT) access for SSH (sudo) sessions Core - Added new Contractors account type with expiration date support Core - Added support for SSH key certificates in the web Core - Added vault priority sorting Core - Admins can create preset dashboards for users Core - Licenses can now be purchased directly within DVLS Core - Multiple Improved and fixed with the synchronizer where they was mismatch with RDM Core - Users can now request a trial directly from the application Core - Users can now request sudo access when requesting checkout Gateway - Added RDP credential injection for more secure session launches Gateway - Added traffic event logs to privileged session monitoring PAM - Added MongoDB provider support PAM - Added PowerShell session recording PAM - Added the ability to automatically terminate active sessions when a PAM account is checked in PAM - Added UI to assign and manage risk levels for roles IMPROVEMENTS Core - Added "Prompt on connection" support for linked VPN/SSH/Gateway sessions, matching the behavior already available for linked credentials Core - Added launch links on connections for quick session sharing Core - Added missing fields in the "Advanced" tab for SFTP connections Core - Added OTP support for linked external vaults Core - Added support for editing Delinea Secret Server entries directly within DVLS Core - Admins can set the default behavior for automatically checking in PAM accounts when closing entries Core - Corrected inaccurate syslog messages that reported successful logins incorrectly Core - Entra ID now enforces secret expiration with banner and email warnings Core - Entry security settings now use inherited values by default Core - Error reports now include connection type details Core - Improve Entry Security Analyzer report to include all relevant fields, matching the information already available in RDM Core - Improved license management — disabling a user now automatically removes their assigned licenses Core - Improved performance for access requests in RDM Core - Linked vaults can now point to entries in the same folder Core - Public API now supports CRUD operations for folders and vaults Core - Renamed Log Retention Policies to Database Retention Policies and added retention options for connection history, remote sessions, and traffic events Core - Simplified license assignment in data sources Core - Synchronizers now support scheduling by hour Core - Tags can now be used with inheritance rules Core - The public API now supports full CRUD operations for vaults, allowing administrators to create, read, update, and delete vaults programmatically Core - Users can now configure multiple MFA methods at once Gateway - Renamed "Virtual Gateway" to "Gateway ruleset" Gateway - Sessions can now be recorded on a different gateway than the launch gateway Gateway - The Gateway Diagnostic window now displays whether Devolutions Agent is installed and running Gateway - The gateway list now automatically refreshes after an update request completes PAM - Added "Create folder" option when importing PAM accounts PAM - Added "Skip TLS validation" option in PowerShell provider settings PAM - Added "Workspace" as a supported application option in the PAM usage policies admin section PAM - Improved error message when no provider is specified on a PAM account PAM - Renamed "Scan" to "Account Discovery" PAM - Users without a PAM license can now perform basic PAM operations, such as checking out PAM credentials, without requiring a full PAM license Assignment Web - Added a warning in the web interface when an OTP account name contains a colon (":"), consistent with existing behavior in RDM Web - Administrators can now set permissions on entry types that are not technically supported on the web Web - Users can now customize the "Add connection" favorites section Web Client - Multiple UI improvements Web Client - Updated dark theme FIXES Core - Fixed a regression where it was no longer possible to set a user as an administrator Core - Fixed a scheduler timeout error that could cause scheduled tasks to fail intermittently Core - Fixed an error occurring when too many vaults were present Core - Fixed an error that occurred when editing account login information on a deprecated entry type Core - Fixed an issue where exported logs from the DVLS Console were being cropped and truncated Core - Fixed an issue where forbidden passwords could still be saved in a password list entry Core - Fixed an issue where new Active Directory user accounts were not appearing in DVLS, preventing the auto-create on first login feature from Working correctly Core - Fixed an issue where OAuth token rejections were incorrectly returning HTTP 200 with an empty response instead of a proper error code Core - Fixed duplicate vault cards appearing on the dashboard Core - Fixed notification emails being sent in English for users configured in French Core - Fixed repeated migration attempts after SQL migration and server restart Gateway - Fixed a issue where clicking "Close" from the session kebab menu did not always close the session on the first attempt Gateway - Fixed a missing configuration option in the Web UI for allowing additional hosts through Devolutions Gateway Gateway - Fixed an inconsistency in how Gateway tunnels were configured and displayed between RDM and the Web UI Gateway - Fixed an issue where enabling vault-level security on a gateway prevented it from being used in gateway farms and PAM providers Gateway - Fixed an issue where virtual gateways were not automatically deleted when their associated physical gateway was removed, leaving orphaned entries that no longer functioned PAM - Fixed "Nobody" account appearing when "Ignore system users" was enabled PAM - Fixed a security issue where non-administrator users could view other users' PAM actions in the Privileged Access logs PAM - Fixed account discovery failure caused by circular security group membership PAM - Fixed an error that occurred when attempting to add a folder to a newly created PAM vault during the import process PAM - Fixed an issue where Domain Quick Scan was no longer working PAM - Fixed an issue where groups located in the Builtin organizational unit were not visible when selecting groups for JIT (Just-In-Time) elevation PAM - Fixed Local Windows scan failure when credentials were linked PAM - Fixed SSH scan failure when sudo was configured with NOPASSWORD Web - Fixed inconsistent rendering of secure notes set as Markdown across different platforms Web - Fixed the Notification Subscriptions filter not working correctly Web - Multiple UI fixes ** CONSOLE RELEASE NOTES ** IMPROVEMENTS Core - Improved performance for static resource loading by enabling HTTP/2 support when anonymous authentication is configured in IIS Core - Renamed the "Stable" release channel to "Extended maintenance" in the console to better reflect its support lifecycle Gateway - Added a new System Certificate Store configuration key for Devolutions Gateway in the console FIXES Core - Fixed basic installation failure when a generated password contained a single quote (') Gateway - Fixed an issue in the console where certificate configuration was cleared when editing a gateway, requiring users to re-enter the certificate

If you are using a client (RDM, PowerShell, etc.), version 2025.3 is required for this DVLS version IMPROVEMENTS SECURITY Core - Enhanced database security by encrypting previously cleartext personal credentials storage FIXES SECURITY Core - Fixed sensitive credential exposure through API endpoints for users with View-only permissions Core - Fixed crash in Reports > Entry Diagnostic page caused Core - Fixed credential prompt appearing unexpectedly when sessions inherit credentials from parent folders Core - Fixed issue where MFA reset option was not working properly for user accounts Core - Fixed issue where some user vault entries were permanently lost when deleting a user and transferring their vault Gateway - Fixed PAM sessions remaining open in Gateway when PAM operations fail, preventing session accumulation Linux - Fixed error when configuring Active Directory authentication on Linux servers PAM - Fixed password reset not being triggered after importing Entra ID accounts Web - Fixed character encoding issues in Active Directory Console displaying special characters incorrectly Web - Fixed infinite resize loop causing flickering or grey screen when switching from Dynamic Resizing to Actual Size mode Web - Fixed tag autocomplete not filling in the rest of the tag name when selecting from dropdown suggestions Web - Fixed tree view crash ** CONSOLE RELEASE NOTES ** IMPROVEMENTS Minor updates

If you are using a client (RDM, PowerShell, etc.), version 2025.3 is required for this DVLS version NEW FEATURES Core - Added ability to request a trial directly from the application IMPROVEMENTS Core - Added connection type information to error reports for better troubleshooting Core - Update DUO MFA integration FIXES SECURITY Core - Fixed sensitive credentials being exposed via API endpoints for users with view-only permissions SECURITY Core - Fixed SQL injection vulnerability in remote sessions API SECURITY Gateway - Fixed virtual gateway deny IP and DNS rules being bypassed using linked host entries in user vaults Core - Fixed server crash when non-admin users manage temporary access requests through RDM secure messages Core - Fixed Syslog timestamp format being invalid in certain locales such as Finland Core - Fixed vault filter not being applied correctly in PAM recent activities scheduled reports Gateway - Fixed variables not being resolved in privileged session monitoring PAM - Fixed password being updated in database even when scheduled reset fails on the target system PAM - Fixed Windows local account scans failing on non-English operating systems Web - Fixed sessions failing to launch from web interface when user-specific settings are disabled globally ** CONSOLE RELEASE NOTES ** FIXES Minor update

If you are using a client (RDM, PowerShell, etc.), version 2025.3 is required for this DVLS version IMPROVEMENTS Core - Enabled password history for Secret entry types FIXES SECURITY Core - Fixed user and role restore API endpoints being accessible without proper UserManager or Admin permissions Core - Fixed notifications being sent for deleted entries that had expired Core - Fixed OTP code viewing being logged as "Password viewed" instead of "OTP code viewed" in the web interface PAM - Fixed builtin organizational units not appearing in PAM account discovery scans PAM - Fixed LDAPS heartbeat and password rotation failures for accounts in Active Directory Protected Users Group Web - Fixed vaults failing to load after performing a force refresh on the entry templates page Web - Fixed website becoming completely unresponsive when typing the expiration date for certificate entries ** CONSOLE RELEASE NOTES ** FIXES Core - Fixed error when generating recovery kit with Azure Key Vault

If you are using a client (RDM, PowerShell, etc.), version 2025.3 is required for this DVLS version NEW FEATURES [BC] Core - DVLS Free now limited to a single user but includes Remote Desktop Manager access IMPROVEMENTS PAM - Added create folder button when importing PAM accounts for easier organization FIXES SECURITY Core - Core - Fixed SQL injection vulnerability in the last usage logs API endpoint Privileged Sessions Monitoring PAM - Fixed password rotation not respecting configured password policies Web - Fixed browser RDP sessions disconnecting after 5-10 seconds for non-administrator users ** CONSOLE RELEASE NOTES ** IMPROVEMENTS Minor updates

If you are using a client (RDM, PowerShell, etc.), version 2025.3 is required for this DVLS version IMPROVEMENTS Core - Added requirement for Entra ID secret expiration date during configuration to prevent unexpected login failures Core - Improved Entra ID authentication by displaying warning banners and sending email alerts to administrators when secrets approach expiration PAM - Added ability to create folders directly during PAM account import process PAM - Improved PAM administrator access to automatically grant access to all PAM vaults without manual assignment PAM - Reduced notification frequency for PAM health checks by sending alerts only once when accounts become out of sync FIXES SECURITY CVE-2025-13757 Core - Fixed SQL injection vulnerability in the last usage logs API endpoint SECURITY CVE-2025-13758 Core - Fixed security issue where sensitive credentials were exposed in API responses for certain connection types (SMB, HyperV, WebDav, and others) SECURITY CVE-2025-13765 Core - Fixed security issue where SMTP configuration with passwords could be viewed through the API without administrator permissions Core - Fixed database permission errors for scheduler service on notification group subscriber tables Core - Fixed database permission errors for scheduler service when inserting telemetry events Core - Fixed duplicate key violations that occurred during server startup when users had both administrator and vault owner roles Core - Fixed erroneous mismatch log messages during SSO authentication from RDM Core - Fixed issue where configured additional access URIs were no longer accessible Core - Fixed login failures and server crashes when new users attempted to authenticate Web - Fixed issue where PAM account approval requests in the messages UI would freeze the interface and require page refresh ** CONSOLE RELEASE NOTES ** FIXES Minor update

If you are using a client (RDM, PowerShell, etc.), version 2025.3 is required for this DVLS version FIXES Core - Fixed an issue where Windows authentication combined with 2FA would fail to work properly Core - Fixed infrastructure vault accounts not being deleted when switching console authentication to Windows authentication Core - Fixed LDAP synchronization sending unnecessary email notifications when user emails are modified during provider refresh Core - Fixed LDAPS authentication failing when using domain\username format in credentials while LDAP worked correctly Core - Fixed refresh token failures when using Entra ID proxy app authentication with RDM PAM - Fixed account names being incorrectly overwritten by usernames during domain heartbeat operations PAM - Fixed an error that occurred when accessing PAM vaults with active checkouts by other users PAM - Fixed an error when checking out credentials for SSH sessions using "My Privileged Account" with Local User (SSH) PAM accounts PAM - Fixed an error when importing SSH Key accounts that prevented successful account import PAM - Fixed PAM vaults created through scan import not being properly identified as PAM vaults PAM - Fixed password reset failures on imported local accounts when the provider domain uses a linked account PAM - Fixed SSH scan results not properly marking already imported PAM accounts as imported Web - Fixed dynamic resolution setting being ignored when opening RDP sessions in the web interface Web - Fixed RD Gateway parameters being reset to default values after saving RDP entry configurations ** CONSOLE RELEASE NOTES ** IMPROVEMENTS Minor updates

If you are using a client (RDM, PowerShell, etc.), version 2025.3 is required for this DVLS version IMPROVEMENTS Core - Added folder column to the expired entries report for better organization and tracking Core - Improved application secret generation by excluding problematic special characters ($ ` ' ") that caused issues with PowerShell scripts FIXES Core - Fixed access denied error when creating conditional access policies for non-administrator users restricted to specific subnets Core - Fixed crash when non-admin users managed temporary access requests through secure messages in RDM Core - Fixed Jira ticketing integration by updating to API v3 to support the latest Atlassian API changes Core - Fixed LDAPS handling and port mapping for Active Directory entries to correctly use the isLDAPS property and default to port Core - Fixed notification subscription emails for backup jobs showing "user was not found" when the scheduler triggered the backup Core - Prevented adding semicolons when editing folder names to avoid duplicate shortcut issues Gateway - Fixed issue where terminated ARD sessions remained visible in the Sessions left menu as if still active PAM - Fixed missing "Elevate as" option when granting checkout for temporary JIT accounts Web - Fixed AD Sync OU container checkbox synchronization issue where checking the option in RDM didn't reflect as checked in DVLS Web ** CONSOLE RELEASE NOTES ** IMPROVEMENTS Core - Fixed missing table permissions in scheduler service's SQL least permissions script for PassphraseDictionary and TelemetryEvents tables Core - Fixed SQL permissions issue in scheduler service least permissions script by adding INSERT permission for RemoteSession table

If you are using a client (RDM, PowerShell, etc.), version 2025.3 is required for this DVLS version IMPROVEMENTS PAM - Auto-selected PAM content type when creating a PAM vault to streamline the workflow FIXES SECURITY Core - Fixed authentication bypass vulnerability where "Configure 2FA by user later" could be exploited to access other user accounts SECURITY Core - Fixed password list custom values being visible to users with view-only permissions Core - Fixed issue where custom date/time format was not displayed in user preferences when forced by admin Core - Fixed null reference error occurring in Administration logs and Diagnostics reports PAM - Fixed AnyIdentity provider not allowing linked credentials when using custom credential type Web - Fixed SSH private keys not being fetched when using "Prompt on Connection" with linked credentials Web - Fixed TypeError preventing editing of older scheduled reports Web - UI fixes ** CONSOLE RELEASE NOTES ** IMPROVEMENTS Minor updates

If you are using a client (RDM, PowerShell, etc.), version 2025.3 is required for this DVLS version IMPROVEMENTS BREAKING CHANGE REST API - Custom field output now returns an array with all associated data Core - Added support for linked vault credentials pointing to their own folder entry Core - Improved session recording permission label to clarify it controls viewing recordings rather than the recording feature itself Gateway - Changed gateway token generation logging from information to debug level to reduce log verbosity FIXES Core - Fixed issue preventing editing of vault settings and 'Add in root' permissions dropdown values Core - Fixed issue preventing selection of users, groups, or apps in entry permissions when they weren't allowed on the vault Core - Fixed issue preventing vault owners from restoring deleted entries Core - Fixed move to vault functionality that was no longer working PAM - Fixed heartbeat check not being performed after resetting PAM account passwords via PowerShell PAM - Fixed JIT elevation failing after switching username format PAM - Fixed pagination issue preventing navigation through SSH key scan results ** CONSOLE RELEASE NOTES ** IMPROVEMENTS Minor updates

If you are using a client (RDM, PowerShell, etc.), version 2025.3 is required for this DVLS version NEW FEATURES Core - Added option to require a passphrase when using Devolutions Send, enhancing security for shared sensitive information IMPROVEMENTS Core - Improved OTP display by color-coding based on remaining time (blue for 20+ seconds, yellow for 11-20 seconds, red for 1-10 seconds) FIXES Core - Fixed an error that occurred when no entry types were available for creation Core - Fixed an error when browsing domain containers in domain authentication settings Core - Fixed an issue where "Add in Root" and "Vault Settings" permissions displayed as "Default (Custom)" instead of the correct resolved value Core - Fixed an issue where Pleasant Password Server entry configurations were incorrectly saved to My Account settings instead of the entry itself Core - Fixed an issue where the tilde (~) character was not recognized as a special character in password template validation Core - Fixed an issue where users appeared twice when filtering by group in the Import Users from Domain feature Core - Fixed sorting and moving conditional access policies on page 2 and beyond PAM - Fixed an issue where account names were incorrectly overwritten by usernames during domain heartbeat operations PAM - Fixed an issue where deleted PAM entries were not accessible in Remote Desktop Manager PAM - Fixed an issue where editing Infrastructure Vault accounts incorrectly prompted for a PAM license PAM - Fixed an issue where gateway settings were ignored when using local SSH providers Web - Fixed an issue where user-specific display resolution settings were not applied in the Web RDP client Web - Removed unnecessary tabs (Permissions, Temporary Access, Time Based Usage, Checkout Mode) from User Vault settings in the web interface ** CONSOLE RELEASE NOTES ** IMPROVEMENTS Minor updates

If you are using a client (RDM, PowerShell, etc.), version 2025.3 is required for this DVLS version IMPROVEMENTS Core - Improved the clarity of virtual access denied log entries FIXES SECURITY CVE-2025-11619 Core - Fixed an issue where the Gateway domain in the TLS certificate was not validated Core - Fixed an issue preventing Add/Edit of MFA conditional policies when the result was set to MFA required or MFA skipped Core - Fixed an issue where AD users were locked out after a single failed login attempt Core - Fixed an issue where DUO automatic login actions were no longer triggered Core - Fixed an issue where recordings could no longer be viewed in the web interface Core - Fixed an issue where the syslog server status incorrectly showed as Down on the System dashboard Core - Fixed an issue where updating the DVLS server instance could duplicate certain PAM folders Core - Fixed broken clipboard integration in the SSH web client PAM - Fixed an error when applying a custom date filter in the Recent Activity report ** CONSOLE RELEASE NOTES ** IMPROVEMENTS Minor updates

If you are using a client (RDM, PowerShell, etc.), version 2025.3 is required for this DVLS version NEW FEATURES Core - Added a "Linked (External Vault)" option for entries, allowing sessions to reference credentials stored in an external vault Core - Added an onboarding experience for new installations to simplify initial setup Core - Added an option to enable biometric lock for the Workspace app Core - Added support for a custom, editable dictionary for passphrase generation Core - Added the ability for users to create an API key for their account Core - Added webhook support for specific trigger events Core - Require re-authentication before allowing users to change MFA Core - Users can now configure their own MFA Gateway - Added a new setting to enable RDP reconnection Gateway - Added network access rules for virtual gateways, with scoping by IP address, IP range, subnet, and DNS name Gateway - Added virtual gateways, enabling different permissions on the same physical gateway PAM - Added "Account Life Policies," consolidating PAM options and enabling inheritance at all levels (entry, folder, root) PAM - Added conditional policies based on JIT elevation status Web - Added support to disconnect WBEX sessions on close and when idle IMPROVEMENTS BREAKING CHANGE Core - Changed default of password policy and password validation to be handled as "Inherited" - Make sure your inheritance structure is appropriate Core - Added password expiration to password policies Core - Added support for attachments when sending via Devo Send in DVLS Core - Editing an entry now triggers the checkout option Core - Improved image management with the ability to merge duplicate images Core - Improved LDAP domain controller fallback for faster failover Core - Improved the Entry Properties menu to align with RDM, making options easier to find Core - Removed the ability to grant permissions on entries in vaults the user cannot access Core - Renamed "Cleanup Log" to "Log Retention Policies" Core - Renamed "Password Templates" to "Password Policies" Core - Temporary access on a folder now extends to entries created in that folder after the request PAM - Added tier detection during account discovery for domain and Entra ID accounts PAM - Local Account scan results now exclude provider service accounts FIXES Core - Fixed an issue where renaming a folder with a backslash (\) would break the folder Core - Fixed an issue where the password generator would not open when editing an entry Core - Reduced the number of emails sent when Syslog is down PAM - Fixed an error that occurred when adding JIT elevation to a PAM checkout PAM - Fixed an error when importing computers from an AD scan PAM - Fixed an issue where editing Account Life Policies could result in an infinite loading state Web - Fixed an issue where SSH sessions returned "The authentication sequence has failed" when launched in the web client with a linked-to-vault private key Web - Fixed an issue where web sessions could not be opened with a PAM credential Web - Restored the top menu button when opening ARD web sessions Web - Various user interface fixes and improvements ** CONSOLE RELEASE NOTES ** IMPROVEMENTS Improved performance when loading the DVLS instances list Renamed "Standalone Installation" to "Basic Installation" in the Gateway installer

If you are using a client (RDM, PowerShell, etc.), version 2025.2 is required for this DVLS version FIXES SECURITY Core - Fixed an issue where unauthorized users could approve temporary access requests SECURITY Core - Fixed an issue where users could self-approve temporary access requests Core - Fixed an error when importing computers from an AD scan Core - Reduced email notifications when Syslog is down or the instance goes offline Core - Upgraded the MailKit library to resolve email sending issues PAM - Fixed a missing "Password template" field in the PAM account password generator ** CONSOLE RELEASE NOTES ** IMPROVEMENTS Minor updates