Vault Release 16.10.10

Features

• VAUL-6175: Added thousands of popular website logos to the Vault user interface.

The implementation of website logos preserves full zero knowledge encryption and privacy. The entire library of logo files are embedded within the vault application.

• KDE-1403: Optional SSO login method through default web browser

If the new "Use Default Browser for SSO" option is enabled from the desktop application menu, the user will be routed to their default web browser on the device in order to login with their configured identity provider.

The primary reason for implementing this feature is to support SSO identity providers who support FIDO2 security keys or other authentication methods that are not technically supported from the Keeper Desktop embedded browser.

For Admins who would like to enforce this to all desktops, a new Enterprise Configuration item called UseDefaultBrowserSSO is available.

• DR-265: Ability to specify time zone and hour of day for scheduled password rotations

• VAUL-5620: Enhancements for Recently Deleted page

• VAUL-5686: Security Audit screen now has a "Last Change" column

• VAUL-6138: New "Advanced" settings menu which contains the following features:

  1. Search overlay controls

  2. Syncing delay to improve overall performance in high volume enterprise tenants

  3. Showing numbering in the record list view

Bug Fixes

• VAUL-6135: Currently only owner and share admin can update permissions, add/remove users, set/update expiration timers. User with can_share right should be also able to manage users up to its own level of privilege.

• VAUL-5659: Multiple Record Selection is not working in Deleted Items

• KDE-1421: Records created while in offline mode are not syncing properly when going online

• KDE-1373: KeeperFill for Apps Window opens in wrong location when tray is not in visible dock

• KDE-1395: Memory leak on Mac App from repeat launching through cmd+tab, clicking the dock item, etc. This leads to unintended event handlers being enabled.

• VAUL-5675: User is not able to delete forever a Lost Record shared via Shared folder from Lost Access

• VAUL-5737: Missing 'Add to My Vault' button for records details panel in Lost Access tab

• VAUL-6009: If you have a role enforcement set to restrict all record types in the vault, the import option during onboarding is now hidden.

• VAUL-6083: Filename not being added to title when drag-and-drop attachment in Chrome/Edge

• VAUL-6204: Import from Thycotic / Delinea Secret Server missing notes field and SecretTemplates section

• VAUL-6213: Record title auto-suggestion not working when there are multiple words

• VAUL-6214: Date formatting error when Arabic language selected

• KDE-1411: On Mac, keyboard layout is cached on first use. When filling a password with KeeperFill for Apps on Mac, a map of key codes to character mappings is generated and cached. This cache is not released when the keyboard layout changed with the app running, resulting in incorrect key codes being sent for some characters.

• KDE-1422: The "Create Record" hot key is turned on when the app is initially not in focus, preventing that hotkey from being used by other apps.

• KDE-1385: KeeperFill for Apps is not able to detect secure fields when a record uses the "native app filler" field type.

• KDE-1426: After importing files, KeeperFill for Apps doesn’t show the records. This leads to assertion failures with BreachWatch data which require record keys to decrypt the data.

Security Updates

• VAUL-6170: Security improvements using CryptoKey storage on Firefox browsers for device keys

• VAUL-6179: Convert ECIES-encrypted Record Keys to Data Key-encrypted Record Keys upon login.

• KDE-1406: New desktop app installs will now store device private keys in the Apple Keychain or Windows Credential Locker instead of Chrome CryptoKey local storage, for improved security for native app installation. Existing keys will not be transferred until a reset takes place.

• KDE-1412: Upgraded Electron platform to v26.2.4. This was actually released to production already in version 16.10.9 on a standalone basis.

Other Improvements

• KDE-1417: When filling into a remote desktop session using mstsc.exe, incorrect characters are used with a different keyboard layout than the host machine.

• VAUL-6219: Improved the automatic team-user approvals upon logging in. This new method handles a large number of pending users.

• VAUL-6200: When viewing a deleted record, file attachments cannot be downloaded until the record is restored.

• DR-348: Hide or gray out "Rotate now" button on modifying rotation settings

• VAUL-5926: Shared Folder and Direct Share screens will only list those Share Admins who are explicitly shared to the object, to reduce confusion.

• VAUL-5738: Allow free trial users to view record history

• VAUL-6128: Show long folder names on-hover

• KDE-1399: Return focus to previous app/window when KeeperFill for Apps is closed

• 508 Compliance: Over 20 tickets related to 508 compliance / ergonomics improvements

• VAUL-5875: Create Duplicate UI changes to support various use cases:

  • If privacy screen is enabled, do not allow duplication

  • If a user duplicates a record that has linked records such as address or payment records, allow duplication of the record, disallow duplication of linked records, and present a notification: “The record you are duplicating contains links to other records. The linked records will not duplicated.”

  • If a user duplicates a record that has attachments, allow duplication of the record, disallow duplication of the attachment, and present a notification: “The record you are duplicating contains attachments. Attachments will not be duplicated. In order to duplicate attachments, download the attachment from the original record and re-upload to the newly created record.”

• KDE-1414: New font type "Outfit" to replace "Overpass". This is Keeper's new font that is being slow-rolled across all platforms and interfaces.

Known Issues

• Migrating from LastPass using Okta SSO saying "Import Error"

In the Okta Admin portal under Applications, locate your "LastPass Okta Login" application. Under the "Sign-in redirect URIs" section, add the following URI: http://localhost/ then click "Save".