Please click on the navigation to the left in order to read each release note.

Keeperブリッジをアップグレードするには、以下の手順を行います。

1. すべてのブリッジ設定、特にドメインフィルタを確認します。各セクション (ノード、ロール、チーム、ユーザー) のドメインフィルタ設定をテキストファイルに保存します。

2. ブリッジのSQLite データベースのコピーを保存します。通常はC:\ProgramData\Keeper Enterprise Bridge\ks_enterprise.sqliteにあります。

3. ブリッジインストーラの新しいバージョンを実行します。これにより、旧バージョンの ブリッジがアンインストールされ、新しいバージョンがインストールされます。ブリッジは管理コンソールの以下の場所からダウンロードできます。

1. 構成セクションに設定を入力し、すべてのパラメータと設定が新しいバージョンで正しく維持されていることを確かにします。

2. 設定が全て正常になっている場合は、準備完了です。何かご不明な点がございましたら、エンタープライズサポートまでお問い合わせください。

アップデートと変更点

• EB-474: 新しいECCモードの採用で、RSA PKCS1 バージョン1.5は非推奨となりました。

バグ修正

• ありません

バグ修正

• EB-466: アンインストール時にすべてが削除されるように修正

• EB-470: enterprise_user_add_alias APIでユーザーをリストとして送信するように変更

• EB-471: エラーが6回発生した後にブリッジがリクエストの処理を停止したことをログに記録すように修正

• EB-472: ログイン時に発生するすべての例外を記録するよう修正

• EB-473: 米国外のリージョンで新規アカウントの登録が失敗する不具合を修正

バグ修正

• EB-467: 管理対象企業としてのログインが機能しない不具合を修正

• EB-468: ツリー構造が複雑な場合に管理コンソールでノード作成が失敗する不具合を修正

• EB-469: Forest/GCクエリ中にユーザーを削除またはロックしてしまう不具合を修正

Bug Fixes

• EB-463: Bridge is unresponsive when trying to register in new JP, CA regions

• EB-461: Verify user email field and reject LDAP users with invalid emails

• EB-465: Support for Domain Alias: When a customer introduces a domain alias in Keeper and users change their Email to the new domain, the Bridge will revert the primary email to the original AD domain. This is not desired behavior. The Bridge shall recognize and honor the primary domain in Keeper.

Bug Fixes

• EB-458: Privileged Escalation vulnerability reported by Bugcrowd researcher Rémi ESCOURROU (@remiescourrou). Special thanks to Rémi for detailed reproduction steps. Keeper works with Bugcrowd to manage the bug bounty and vulnerability disclosure program at https://bugcrowd.com/keepersecurity

• EB-456: Improved popup message when the login session has expired

• EB-459: Bridge is generating unnecessary node update requests

• EB-460: Bridge is not auto-starting on a fresh install

Bug Fixes

• EB-452: Change Primary Email on Keeper when Email Attribute changes in AD

• EB-453: Bridge client cannot setup a bridge on the MSP enterprise account

• EB-455: Admin Team Approval Authentication fails with Proxy Operation

New Features

• 🇱🇷 Support for the Amazon AWS GovCloud environment. Keeper is currently FedRAMP in-process and public sector entities can now establish their Keeper tenant in the GovCloud environment. Contact the public sector sales team at govsales@keepersecurity.com for more information.

Bug Fixes

• EB-448: Registration failing with System proxy in use

Features & Improvements

• EB-445: Support for Australia (AU) data center

Bug Fixes

• EB-441: Member range doesn't process for groups with >1500 users

Improvements

• Updated to the latest Keeper .Net SDK supporting the new Login API V3 and SSO Connect Cloud

Features & Enhancements

• New Login API - Support provided for new Login API flow and device token.

• Bridge Proxy Operation - Support provided for Keeper Bridge to work across TLS proxy.

• LDAP Server Reset - Admins now have the ability to reset the LDAP connection.

Bug Fixes

• Fixed: Various Admin login issues.

Bug Fixes

• Fixed: Bridge reverts to OpenLDAP server setting for Active Directory.

Features & Enhancements

• Support for OpenLDAP - This release introduces a major enhancement to the existing Keeper Bridge. In addition to support for Active Directory, Keeper Bridge now supports open-source implementation of the Lightweight Directory Access Protocol (OpenLDAP). Businesses running OpenLDAP are now able to integrate Keeper password management software within their current systems.

• Delete Override Configuration Option - This override configuration allows the Bridge to delete users and teams if they are not in the designated LDAP filter. By default, this is disabled, which prevents accidental deletion of users and teams in Keeper.

Bug Fixes

• Fixed: Bridge clients are reported as "Commander" in ARAM.

• Fixed: Logging in with a service account causes Bridge Client to crash.

Benefits & Enhancements

• Securely Store Admin Login - The admin login required for team approvals is now securely stored, making the login process automatic. Previously, the admin login was lost upon service restart.

Bug Fixes

• Fixed: Changes to a user's email address in AD Bridge causes a lockout. Users are now flagged in the bridge logs as needing a manual change and are otherwise, left unaffected.

• Fixed: DUO push and RSA SecureID for 2FA (two-factor authentication) fail in certain environments.

• Fixed: Client is unable to communicate with AD Bridge service after following a service restart.

Bug Fixes

• Fixed: Bridge Administrators are being logged out after 30 days due to the session token expiring.

• Fixed: An issue causing Administrative Role Provisioning to not work correctly for a Managed Company.

Benefits & Enhancements

• Non-Bridge Created Roles and Teams Excluded from Bridge Operation - Unless non-Bridge created Roles and Teams match an identically named Security Group in the AD Bridge, those Roles and Teams will now be excluded from Bridge operations. Roles with a matching Security Group will be moved to the relevant node in the Keeper node tree.

Bug Fixes

• Fixed: Bridge reverts Region back to US after upgrading the version in EU data center.

This is a major bug fix and stability update to the Keeper AD Bridge.

Bug Fixes & Performance Improvements

• Complete rewrite/refactor of the AD parsing and query engine

• Resolved all customer reported issues with team membership syncing

• Resolved connectivity issues after bridge upgrade process

• Resolved team approvals after inactive user detected

• Resolved processing percentages listed over 100%

• Resolved UI issues related to accounts with over 100,000 users

• Lock user accounts when user has expired in AD

• Resolved crash after creating empty Top Level Node Filter

Features & Benefits

• Bridge can now provision users to a role with elevated privileges

• Sorting alphabetical

• Change Install Directory to "Keeper Security"\"Keeper Bridge"

Features & Benefits

• Refreshed UI and branding

Bug Fixes

• Syncing improvements and optimizations

Security Updates

• Implement LAN IP Address Checking LAN IP address adds another level of security by enforcing that all communication contains the LAN IP address of the local system and must match the value the user provides in the data setup for bridge in the admin console.

• Encryption Key Protection Added additional layer of protection against a malicious trusted server from manipulating the salt and iterations against the Bridge.

Bug Fixes

• ​We corrected a workflow which generated corrupt Team Keys when the Bridge was configured to automatically approve team key distribution. A corrupt team key caused an error when logging into the vault displaying "RSA Key Error". Note: Any previously created corrupt team keys require that the team is deleted and re-created either through the Admin Console or through the new Keeper Bridge v10.5.4 application.

• Fixed issue with "One or more domains could not be contacted" that made the bridge unable to communicate or authenticate with AD

Enhancements & Benefits

• Improved performance

Installation

The latest version of the Keeper Bridge can be downloaded from the below URL:

https://keepersecurity.com/bridge/KeeperBridge.zip

Or, download from the Admin Console > Provisioning > Download Bridge

This release was issued to address a backend version check between Keeper Active Directory Bridge and Keeper Backend API.

Coming Soon

Version 10.5.4 is being released soon to address customer issue "one or more domains could not be contacted."