Stable Releases

If you are using a client (RDM, PowerShell, etc.), version 2025.3 is required for this DVLS version IMPROVEMENTS Gateway - Gateway list now refreshes automatically after updates FIXES SECURITY Core - Fixed a critical security issue that allowed attackers to bypass Entra ID (Azure AD) authentication using a forged identity token Core - Fixed error preventing infrastructure vault access Core - Replaced unclear error when saving to a non-existent personal vault with an access denied message Gateway - Fixed gateways with custom security not selectable in farms and PAM providers PAM - Fixed domain connection test using wrong domain PAM - Fixed incorrect UPN suffix for JIT-provisioned AD accounts PAM - Fixed password reset failures when associated Gateway was missing PAM - Prevented deletion of checked-out PAM accounts Web - Fixed inconsistent Markdown rendering ** CONSOLE RELEASE NOTES ** FIXES Gateway - Fixed certificate settings being lost when editing a Gateway

If you are using a client (RDM, PowerShell, etc.), version 2025.2 is required for this DVLS version IMPROVEMENTS Core - Update DUO MFA integration ** CONSOLE RELEASE NOTES ** IMPROVEMENTS Minor updates

If you are using a client (RDM, PowerShell, etc.), version 2025.2 is required for this DVLS version FIXES SECURITY CVE-2025-13757 Core - Fixed SQL injection vulnerability in the last usage logs API endpoint SECURITY CVE-2025-13758 Core - Fixed security issue where sensitive credentials were exposed in API responses for certain connection types (SMB, HyperV, WebDav, and others) Core - Fixed erroneous mismatch log messages during SSO authentication from RDM ** CONSOLE RELEASE NOTES ** IMPROVEMENTS Minor updates

If you are using a client (RDM, PowerShell, etc.), version 2025.2 is required for this DVLS version FIXES Core - Fixed an issue where Windows authentication combined with 2FA would fail to work properly ** CONSOLE RELEASE NOTES ** IMPROVEMENTS Minor updates

FIXES SECURITY Core - Fixed authentication bypass vulnerability where "Configure 2FA by user later" could be exploited to access other user accounts SECURITY Core - Fixed password list custom values being visible to users with view-only permissions ** CONSOLE RELEASE NOTES ** IMPROVEMENTS Minor updates

If you are using a client (RDM, PowerShell, etc.), version 2025.2 is required for this DVLS version FIXES SECURITY CVE-2025-11619 Core - Fixed an issue where the Gateway domain in the TLS certificate was not validated Core - Fixed an issue preventing Add/Edit of MFA conditional policies when the result was set to MFA required or MFA skipped Core - Fixed an issue where gateway settings were ignored for local SSH providers Core - Fixed an issue where the syslog server status incorrectly showed as Down on the System dashboard ** CONSOLE RELEASE NOTES ** IMPROVEMENTS Minor updates

If you are using a client (RDM, PowerShell, etc.), version 2025.2 is required for this DVLS version FIXES SECURITY Core - Fixed an issue where unauthorized users could approve temporary access requests SECURITY Core - Fixed an issue where users could self-approve temporary access requests Core - Fixed an error when importing computers from an AD scan Core - Reduced email notifications when Syslog is down or the instance goes offline Core - Upgraded the MailKit library to resolve email sending issues PAM - Fixed a missing "Password template" field in the PAM account password generator ** CONSOLE RELEASE NOTES ** IMPROVEMENTS Minor updates

If you are using a client (RDM, PowerShell, etc.), version 2025.1 is required for this DVLS version FIXES SECURITY CVE-2025-8312 PAM - Resolved an issue where the automatic check-in task could unexpectedly stop PAM - Addressed an issue where PowerShell tasks generated by PAM would remain open after a crash ** CONSOLE RELEASE NOTES ** IMPROVEMENTS Minor updates

If you are using a client (RDM, PowerShell, etc.), version 2025.1 is required for this DVLS version IMPROVEMENTS SECURITY Core - Increased the length of emergency codes to fix a vulnerability and prevent brute-force attacks FIXES SECURITY Core - Fixed an issue where connection permissions could be bypassed through secure messages ** CONSOLE RELEASE NOTES ** IMPROVEMENTS Minor updates

If you are using a client (RDM, PowerShell, etc.), version 2025.1 is required for this DVLS version FIXES SECURITY Core - Added missing HSTS headers on select routes PAM - Fixed an error that was logged when users encountered issues using PAM ** CONSOLE RELEASE NOTES ** FIXES Fixed an issue where the basic installation process was not working

If you are using a client (RDM, PowerShell, etc.), version 2024.3 is required for this DVLS version FIXES SECURITY CVE-2025-4316 PAM - Fixed an issue where an admin could approve their own checkout even if approval was required SECURITY PAM - Fixed an issue where "Assigned provider privileges" in JIT privileged sets would select all available groups when adding a new provider privilege ** CONSOLE RELEASE NOTES ** IMPROVEMENTS Minor updates

If you are using a client (RDM, PowerShell, etc.), version 2024.3 is required for this DVLS version FIXES Core - Fixed an issue with the Free Gateway license that prevented launching any session

If you are using a client (RDM, PowerShell, etc.), version 2024.3 is required for this DVLS version FIXES SECURITY CVE-2025-2277 Core - Fixed an exposure of passwords in the web-based SSH authentication component SECURITY CVE-2025-2278 Core - Fixed improper access control in Temporary Access Requests and Checkout Requests endpoints

If you are using a client (RDM, PowerShell, etc.), version 2024.3 is required for this DVLS version FIXES SECURITY PAM - Fixed an issue where the "Add in Root" permission was not respected in PAM vaults Core - Fixed an error that could occur when exporting login history Core - Fixed an issue where the folder structure could disappear when adding or editing entries/folders in RDM

If you use a client (RDM, PowerShell, etc.), version 2024.2 is required for this DVLS version FIXES Core - Fixed an issue that prevented the Gateway from functioning Core - Fixed an issue in the "Add" window where some connection types were duplicated Core - Fixed an issue where backups would fail if there was a space at the beginning of the folder path Core - Fixed an issue where removing administrator rights from a user would leave all vaults selected Core - Fixed an issue where sending a secure message to multiple recipients would only send to the first one ## CONSOLE RELEASE NOTES ## FIXES Minor updates

If you use a client (RDM, PowerShell, etc.), version 2024.2 is required for this DVLS version IMPROVEMENTS Core - The Entry Security Analyzer report no longer loads all vaults by default, improving initial load time PAM - Enhanced logs to provide more detailed information when a password policy mismatch occurs FIXES SECURITY FIX PAM - Fixed an issue where expired checkouts were still accessible when the scheduler was down SECURITY FIX DEVO-2024-0013 PAM - Fixed an issue where users could approve their own requests even when the option was disabled Core - Fixed an issue that was preventing Devo Send from being used Core - Fixed an issue where custom variables were not resolved for entries configured with a Gateway Core - Fixed an issue where the Reset-DSPamPassword command was not working with the PowerShell module ## CONSOLE RELEASE NOTES ## IMPROVEMENTS Minor updates

If you use a client (RDM, PowerShell, etc.), version 2024.1 is required for this DVLS version FIXES SECURITY FIX CVE-2024-4846  Core - Fixed an issue where a user could be authenticated without being asked for the 2FA via another browser tab Core - Fixed an issue where linked account cause problem in RDM Core - Fixed an issue where user synchronisation was failing ## CONSOLE RELEASE NOTES ## FIXES Minor updates

If you are using RDM as the client, RDM 2023.3 is required for this DVLS version. FIXES SECURITY FIX DEVO-2024-0005  PAM - Fixed a JIT feature issue allowing requests for unauthorized groups SECURITY FIX DEVO-2024-0006  Core - Fixed a security issue where JIT-requested group names could be forged in checkout requests

If you are using RDM as the client, RDM 2023.3 is required for this DVLS version. FIXES SECURITY FIX DEVO-2024-0007 Core - Fixed a potential vulnerability related to LDAP injection ## CONSOLE RELEASE NOTES ## FIXES Minor updates

If you are using RDM as the client, RDM 2023.3 is required for this DVLS version FIXES SECURITY FIX DEVO-2024-0002 PAM - Fixed an issue where PAM Azure account is not removed from groups after JIT elevation Core - Fixed an issue where documentation entry could not be created Core - Fixed an issue where SAP Fronend Server Entry (AddOn) could not be displayed ## CONSOLE RELEASE NOTES ## FIXES Added security warning message to help user to know if advisories DEVO-2024-0002 is applied to them Fixed an issue where Devolutions Gateway installation was failing when version 2024.1 was installed

If you are using RDM as the client, RDM 2023.2 is required for this DVLS version FIXES SECURITY FIX - CVE-2023-5358  Core - Fixed an issue that allows users to retrieve logs from vaults or entries they are not allowed to access ## CONSOLE RELEASE NOTES ## FIXES Fixed an issue when trying to edit a standalone Gateway's configuration

If you are using RDM as the client, RDM 2023.1 is required for this DVLS version FIXES Core - Fixed an issue where emergency access failed and user could not access his server Core - Fixed an issue where HeidiSQL entry type could not be selected ## CONSOLE RELEASE NOTES ## FIXES IIS ASP.NET Core Module (ANCM) version 6.0.16 is now the version installed by prerequisites installation

If you are using RDM as the client, RDM 2022.3 is required for this DVLS version FIXES Security Fix CVE-2023-0951  Core - Fixed a few API endpoints where users without permission were authorized Security Fix   CVE-2023-0952  Core - Fixed an issue where linked credential could be leaked on edit entry Security Fix CVE-2023-0953  Core - Fixed an issue where SQL injection was possible Security Fix CVE-2023-1201  Core - Fixed an issue with improper access control to attachment in secure messages Core - Fixed an issue where an administrator was not able to connect to DVLS through Launcher Core - Fixed an issue where Credential filter could not be used in PAM Checkout notification Core - Fixed an issue where RDM connection failed with Windows Auth and a security policy was configured with an AD group ## CONSOLE RELEASE NOTES ## -

FIXES Added robots.txt for security purpose Fixed an issue where custom user groups can not be created without custom authentication activated Fixed an issue where passwords were lost after sorting passwords in a password list

Changes Core - connections/partial endpoint returns private key although it is Sensitive information Setting Offline mode with User group