# Commander 17.2.14

#### PAM

New: Privileged Workflow Commands

Fixes & polish

* pam launch performance
* pam launch MySQL: spinner + CR/LF normalization option ([#1963](https://github.com/Keeper-Security/Commander/pull/1963)).
* pam config list: verbose JSON now includes single-config details.
* pam-debug: corrected IIS pool text.
* Remote Browser: GET now returns JSON response data.

#### EPM / PEDM

* kepm scim now supports Kerberos (KC-1228).
* PEDM policy creation requires --policy-name and, for elevation / file\_access / command policies, at least one user, machine, and application collection — matching the admin console ([#1940](https://github.com/Keeper-Security/Commander/pull/1940), [#1950](https://github.com/Keeper-Security/Commander/pull/1950)).
* \--machine-filter accepts UIDs not in the local collection cache; adds type 201 (CustomMachineCollection) and fixes a KeyError on missing keys ([#1971](https://github.com/Keeper-Security/Commander/pull/1971)).
* Automator Create now warns and lists conflicting enabled Automators in the same node before proceeding.

#### Vault / Records

* rm --purge flag (KC-625, [#1965](https://github.com/Keeper-Security/Commander/pull/1965)): default rm unlinks the record from the current user's vault; --purge hard-deletes for all users (owner-only). Adds post-purge sync\_down, ambiguous-title UID listing, and a global fallback search for records in shared folders.
* Fixed ambiguous title-match check so it applies to all record-lookup paths.
* Added missing record field ([#1964](https://github.com/Keeper-Security/Commander/pull/1964)).

#### Import / Integrations

* CyberArk portal: fixed authentication, added folder import, restored legacy support.
* JSON import methods now support stringified JSON as filename instead of a local file, for SDK integrations

#### Service Mode

* Security hardening of parser responses; improved tree -s -v structure; added share-report, ls, and tree to Slack/Teams setup command lists; corrected flag handling in convert / convert-all ([#1945](https://github.com/Keeper-Security/Commander/pull/1945)).
* Removed sync-down from service mode.

#### Other

* Fixed Keeper server hostname parsing; deduplicated test module names; security-audit tests migrated to typed records only ([#1980](https://github.com/Keeper-Security/Commander/pull/1980)).
* Minor spelling fix.
* Enterprise Node --wipeout flag now deletes Automator objects and checks for pam gateways in the node (doesn't delete them, suggests moving them)

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.keeper.io/release-notes/developer-tools/commander/commander-17.2.14.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.