Backend API 17.7.0

New Features

• Workflow API for KeeperPAM - This feature enables a KeeperPAM admin to mandate approval requests before initiating a connection or tunnel.

• Expanded workflow notifications so requestors and approvers get timely updates on access status and check-in/check-out events.

• Added new ARAM event messages and logging for workflow actions, approvals, denials, session changes, and escalations to improve audit ability and compliance reporting.

• Introduced new API endpoints and enforcement options to manage who can configure workflow settings and to support bulk approval-status updates.

• Enhanced two‑factor authentication workflows with new router-based 2FA operations and audit events for failed 2FA attempts.

Improvements

KA-7750: Added new API endpoints to support 2FA operations via the Keeper Router, including push, validation, and WebAuthn challenge to support Workflow capabilities.

KA-7814: Added notifications for access request workflows and check-in/check-out events. Both requestors and approvers receive timely updates about access status and resource availability.

KA-7962: Introduced standardized ARAM event messages for workflow actions such as approvals, denials, and session changes. These events enhance monitoring and compliance reporting for workflow activities.

KA-8025: Share approval notifications now include the "request" category tag. This ensures that user action-required items appear correctly in the Notification Center "Requests" tab.

KA-8042: Added a role enforcement policy for managing workflow settings under the Privileged Access enforcement screen. Admins can now assign or remove this permission to control workflow configuration access.

KA-8099: Implemented a new API endpoint to update Notification Center approval statuses. Supports bulk updates and improves notification handling for workflow approvals and denials.

KA-8295: Upgraded Netty libraries to address recent security vulnerabilities. This update resolves CVE-2026-33870 (HTTP smuggling) and CVE-2026-33871 (HTTP/2 DoS).

KA-4870: Enhanced ARAM to generate events for failed two-factor authentication attempts. This provides better visibility for security-related login failures.

Bug Fixes

KA-7729: Improved Notification Center to ensure all relevant notifications, including account creation, are displayed. This update enhances user awareness of important account events.

KA-7798: Fixed an issue where sharing requests did not trigger notification syncs. Notifications for sharing actions now appear instantly without manual refresh.

KA-8023: Resolved an issue where re-sending the "last read" status for a notification caused errors. Notifications now handle repeated read status updates gracefully.