Announcement

IMPROVEMENTS Various bug fixes and improvements

NEW FEATURES Rebranding - New Look, to reflect "Devolution Cloud" name change Rebranding - Rebranding, from Hub to Devolutions Cloud IMPROVEMENTS Administration - Added an "Enforce clear clipboard after copy" setting in System Settings for Workspace clients, with a configurable timeout period Administration - Improved the Administration and Reports navigation and a cleaner overall UI layout Administration - Moved high-risk destructive actions (including "Delete Hub") to a dedicated "Danger Zone" tab under System Settings to reduce the risk of accidental execution Authentication - Added social login support for Hub accounts Authentication - Added support for configuring multiple Single Sign-On (SSO) providers for a single Hub Dashboard - Updated the dashboard UI to use consistent and clear terminology for custom widgets and default dashboards Entries - Added the "Allow password in variable" security option for Username and Password credential Entries - Improved the entry view so that the simplified view toggle remembers the user's last-used setting between sessions Entries - Removed the inapplicable "Use Linked Host Credential" credential type option from host-type entries Hub - Added support for reserved names in Hub Personal, allowing hubs to be accessed via a named URL path Hub - Added the ability to reserve a unique hub name and subdomain across regions Import/Export - Added the ability to export entries to an encrypted JSON file with a master password, including a deobfuscate option Logs - Added the platform and product version as a field in Hub log entries, improving diagnostic capability Logs - Added the platform and product version to the audit information displayed in the entry overview, making it easier to trace version-specific issues PAM - Added an option on SSH PAM providers to use the provider account credentials for heartbeat connections, supporting environments where privileged accounts have SSH access disabled PAM - Added checkout duration and requested JIT groups to the PAM checkout request email sent to approvers PAM - Added multi-factor authentication (MFA) verification when launching sensitive entries PAM - Added PAM support for the contractor user type PAM - Added support for Devolutions Gateway rule sets on PAM providers PAM - Added the ability for PAM operators to select group assignments from discovered accounts in scan results and automatically populate the JIT Elevation configuration PAM - Added the JIT Authorization tab to Active Directory and Azure PAM entries to display the configured JIT groups for each entry PAM - Improved the PAM checkout request message for approvers to display full checkout details with inline Approve and Deny actions PAM - Improved the performance of EntraID account discovery when searching large groups PAM - Restored a missing toggle switch in the PAM JIT account configuration Password - Updated the Password Analyzer to remove the password strength bar and show only the occurrence count Reports - Added a Contractor Users report page in the Reports section Sessions - Added session recording support for PowerShell sessions UI - Applied various minor UI improvements and polish across the application UI - Restricted the file types allowed for insertion in documentation attachments to supported formats (PDF, GIF, images) Users - Added an Authentication Type column to contractor reports Users - Added automated email notifications sent to administrators when user or contractor accounts expire Users - Added sorting and filtering by the "Last Used Device" field in the Users administration table, and improved the CSV export to include this field Users - Improved the contractor user type with a user type column in the user list Users - Improved the user table layout and responsiveness for small screen sizes Various bug fixes and improvements Vaults - Added an administrator-controlled setting to disable the export functionality for user vaults Vaults - Added the ability to select and delete multiple vaults simultaneously, with a confirmation prompt before the action is executed FIXES Administration - Fixed a delay where binding an IP address to an Application Identity Administration - Fixed issue where specific permissions assigned to admin users were not displayed in the permissions UI Administration - Fixed the administration section tabs to be visible and accessible on small screens and mobile viewports Authentication - Fixed an issue where removing the Force SSO setting via SRM could break hub access Dashboard - Fixed an issue where creating a system dashboard widget with the correct permissions incorrectly returned an Access Denied error Dashboard - Fixed multiple dashboard widget inconsistencies between RDM and Hub Web Dashboard - Fixed multiple dashboard widget issues including synchronization between RDM and Web Entries - Added support for configuring entries with single, multiple (fixed count), or unlimited simultaneous checkouts Entries - Fixed an issue where the Logs tab showed no entries for users with the Contributor role when viewing a Username and Password credential entry Entries - Fixed credentials to display correctly in the entry overview Entries - Fixed OTP entries to support the colon (":") character in application and account name fields Entries - Fixed the Security Settings tab to be visible for Contributor-role users in the credential entry edit dialog Import/Export - Fixed a regression where the scrollbar and action button were missing on the final step of the import wizard, preventing completion Import/Export - Fixed the "Create Folder" dialog in the Import window to consistently render icons and accept spaces in folder name input Import/Export - Fixed the `-DeobfuscateSensitives` parameter in the PowerShell CSV export to correctly return passwords in clear text Licenses - Fixed an incorrect assigned license count Licenses - Fixed expired licenses in the Users Dashboard to be clearly visually distinguished from active licenses using a badge or color indicator Licenses - Fixed the license assignment list to display both accounts when users are linked PAM - Fixed an "Access Denied" error that occurred for users who received checkout or access request notifications for vaults they do not have access to PAM - Fixed issue where PAM propagation PowerShell scripts were no longer visible in the configuration view PAM - Fixed PAM accounts imported from RDM with "Inherited" account lifecycle policy to correctly display as "Inherited" instead of "Custom" PAM - Fixed the Approve and Deny buttons to be correctly grayed out for the requesting user when the "Yes, Unless JIT" option is selected for own checkout approval PAM - Fixed the Entry dropdown in the Checkout Requests report to display only PAM account names PAM - Fixed the items-per-page display filter in the PAM account import window PAM - Fixed the JIT provisioner username length limit to match Active Directory's 64-character limit instead of the previous 20-character cap Password - Fixed sorting by occurrence count (descending) Password - Fixed the "At Least" field for custom characters in the password generator to act as a minimum threshold, allowing the generator to include more than the specified minimum Reports - Fixed the User Reports CSV export to include user tags Sessions - Fixed a false "Unable to find the VPN session" error that appeared when selecting a Devolutions Gateway in VPN settings before saving an RDP entry Sessions - Fixed an infinite loading state that occurred when entering incorrect credentials when opening a session in the web client Sessions - Fixed an issue where deleting an SSH certificate would reappear after saving; deletions now persist correctly Sessions - Fixed an issue where opening a session with no password in Hub web incorrectly prompted for a password before connecting Sessions - Fixed an issue where SSH sessions failed to launch when credentials were set to "Inherited." Sessions - Fixed clipboard redirection restrictions in web-based RDP sessions to properly enforce the disabled clipboard setting Sessions - Fixed error that prevented launching a session when the Devolutions Gateway was set to "Inherited" from a parent folder Sessions - Fixed session recording to work consistently in the user vault across both Hub Web and Remote Desktop Manager Sessions - Fixed the VNC session view to remove the obsolete empty sidebar Sessions - Fixed various UI issues in the Open in Web feature UI - Fixed severoal translation issues Users - Fixed a SCIM group assignment issue Users - Fixed a UI bug where an invited user's email appeared twice in the list after sending an invitation Users - Fixed connection status icons in the Users administration list to display at a consistent and correct size Users - Fixed the Save button remaining grayed out when changing the offline mode field in the user administration edit dialog

IMPROVEMENTS Various bug fixes and improvements

IMPROVEMENTS Various bug fixes and improvements for PAM

FIXES PAM - Various bug fixes and improvements for PAM

FIXES Various bug fixes and improvements

Tell us what you think! For external users who only need limited, time-bound access, the Contractor user type offers a simpler way to get them connected without treating them like regular internal users. In Devolutions Hub Business , contractors can be invited by email, start with a temporary password, and use a lighter web interface, the compact mode , to open sessions quickly and securely. How are you handling contractor or vendor access today? Would this fit your needs, or is something missing? Try it out and share your thoughts in the comments! [image]

IMPROVEMENTS Translation, various bug fixes and improvements

IMPROVEMENTS Various bug fixes and improvements

IMPROVEMENTS Various bug fixes and improvements

FIXES Various bug fixes and improvements

FIXES Various bug fixes and improvements

FIXES UI displays user twice on invite Various front end issues with the widget/dashboard

NEW FEATURES Core - Added custom vault dashboard widgets with reordering Core - Added new Contractors account type with expiration date support Licenses - Simplified license assignment IMPROVEMENTS Core - Added a credential selection prompt when launching a web session configured with "Prompt on connection" for linked vault credentials Core - Added support for importing entries from .rdm files and exporting entries to .rdm format Core - Added tag inheritance to automatically propagate to all contained entries Core - Added the ability to restore soft-deleted hubs directly through Portal Core - Added the ability to set a display sort priority on vaults Core - Removed the user interface profiles feature Core - Update some semantics and translation Entries - Added support for SSH key certificates Entries - Added support for SSH terminal and SSH port forward connections using credentials stored in linked external vaults Entries - Added support for using Linked (External Vault) credentials as an OTP Entries - Fixed an issue preventing entries from being opened when credentials were configured through User Specific Settings PAM - Added a "Skip TLS validation" option in PowerShell Settings PAM - Added an administrator setting to configure the default behavior for automatically checking in a PAM account when an entry is closed PAM - Improved PAM checkout failure error messages Password Generator - Added an "Exclude ambiguous characters" option to the Password Generator FIXES Core - Fixed - Administration - Logging option visibility PAM - Fixed a validation issue allowing PAM approvers to set a checkout duration below the enforced minimum of 10 minutes PAM - Fixed administrators to configure risk levels for Active Directory / roles and groups PAM - Fixed an issue preventing additional groups from being added to the JIT list in an OU when a group was already selected PAM - Fixed an issue where service failed to start automatically after a machine reboot PAM - Fixed an issue where the "Test Connection" button on a PAM provider was disabled PAM - Fixed an issue where the JIT group name appeared duplicated in the PAM checkout PAM - Fixed an issue where the PAM service token was not being properly enforced when launching sessions via the Gateway using "Open in Web." PAM - Fixed an issue where the password stored in a PAM Propagation Configuration could not be viewed after the configuration was saved PAM - Fixed JIT group selection to include groups located in the Active Directory Built-in organizational unit PAM - Fixed Linux privilege sets section not appearing for local user SSH providers PAM - Fixed PAM task endpoint permissions (infinite loading or access denied errors) PAM - Fixed service updates on Docker to use a simple container restart instead of requiring the Devolutions Agent service PAM - Fixed the default checkout policy indicator not appearing in the PAM accounts list column PAM - Fixed the default checkout policy not being automatically pre-selected in checkout policy PAM - JIT Provisioner account improvements Various bug fixes and improvements

IMPROVEMENTS Various bug fixes and improvements

FIXES Administration - Resolve logging icon visibility issue Licenses - Correct license labels that could cause confusion Various bug fixes and improvements

FIXES Minor bug fixe and improvement

IMPROVEMENTS Core - Added a Verify Account option in the account chooser for improved account management Core - Moved the reset favorites button to the footer for improved user interface organization Core - Removed the User Interface Profiles feature from the application Entries - Add entry tags inheritance from system settings, root to entries Entries - Deprecate entry - Deprecated the Crypto Wallet entry type from the system PAM - Added admin configuration option to set the default behavior for automatically checking in PAM accounts when closing entries FIXES Entries - Fixed an issue where entries could not be opened when credentials were set from User Specific Settings PAM - Fixed missing TriggerType value in webhook payloads for PAM events Various bug fixes and improvements

FIXES Better error handling occurs in certain localization validations

NEW FEATURES Core - Added ability to export vault data to encrypted JSON format protected by master password Licenses - Added license purchase functionality within Hub IMPROVEMENTS BREAKING CHANGE Unlicensed Hubs now start a 30-day trial automatically and will downgrade to Free (single user) if a license is not added before the trial ends Core - Removed automatic creation of application services to provide more manual control Entries - Added documentation link in webhook creation dialog for easier access to help Entries - Added hierarchical tag inheritance system from system settings through root to entries Entries - Removed unnecessary certificate password field from X.509 certificate configuration Gateway - Removed unnecessary Vaults/Groups/Users tabs from virtual gateway interface Various bug fixes and improvements FIXES Core - Fixed "select all" button not saving selected users when assigning permissions Core - Fixed checkout prompt errors and functionality when prompt is enabled Core - Fixed error occurring when editing root-level permissions Core - Fixed privileged account information not being saved in user-specific settings Core - Fixed session recorders not terminating correctly after sessions are closed Entries - Fixed incorrect LDAPS default port changed from 389 to correct port 636 Gateway - Fixed gateway token generation to check if force virtual gateway setting is enabled first Gateway - Fixed SSH credentials not auto-filling when opening sessions through gateway with linked SSH keys Gateway - Fixed virtual gateway not linking to physical gateway in Remote Desktop Manager when added through Hub web interface PAM - Fixed PAM providers incorrectly appearing in account selection for credentials PAM - Fixed PAM vault count not displaying correctly in the dashboard vault widget on web client PAM - Fixed users with "Manage PAM providers" system permission unable to access PAM section Password Generator - Fixed missing space in passphrase generator when appending character to last word

IMPROVEMENTS Better error handling occurs in certain concurrence situations

IMPROVEMENTS Core - Better management of the Client secret expiration date Core - Default Require Valid Hub Key Hash to true Core - Update some semantics and translation Entries - Add "Allow Any port" option in WebSite entry type Entries - Added "Automatically log off when disconnecting" as a user-specific setting Licenses - Better liences management Password Generator - Added characters limit Password Generator - Added special characters in passphrase Password generator - Added symbol to the default template Password management - Added compromised check logic FIXES Core - App identity failure based on the name used Core - Can edit PAM account when checkout Core - Missing folder structure for some import models Entries - Show custom-fields on Document type entry Fixed Various bug fixes and improvements

FIXES Auth - Application identities authentication Core - Issue creating the Application Service

IMPROVEMENTS Core - Update some semantics and translations Licenses - Improved free and trial license workflows FIXES Entries - Checkout message does not update in real time Entries - SSH connection fail when private key as a password override Gateway - Encountering a 500 error when accessing a recording from RDM PAM - Checkout banner don't update automatically PAM - Checkout policy for a root providers with root inherited breaks PAM - Incorrect privileged access permission check PAM - RDP recordings prompt incorrect error PAM - Session not launching in web when using privileged account credentials Various bug fixes and improvements

FIXES Fixed issue where users were being locked out of the web client due to an invalid favorite entry