# Vault Version 14.9.4

## Features & Benefits

* Support for 2FA using Duo + Yubikey hardware security keys in OTP mode. When presented with Duo authentication, simply tap the Yubikey device and the OTP code is verified by the Duo Auth API integration.<br>
* Improved the search algorithm of KeeperFill for Apps to mirror the search results of the Keeper Desktop main screen. This includes finding records stored within shared folders as well as custom fields.<br>
* Upgraded the electron framework from 6.0.7 to 6.0.11.<br>
* Upgraded the Keeper Safari Extension version to mirror the latest features and enhancements of KeeperFill Browser Extension v12.5.8.<br>
* Enhanced the Import/Export capabilities to include stored Two-Factor Codes.<br>
* Added color codes at the record level inside "Grid View".<br>
* After auto-logout, user can tap on Touch ID in touch bar to activate biometric login.<br>
* In the Folder View, you can now click on the chevron icon to expand/collapse the folder without selecting the folder.

## Bug Fixes

* **Fixed:** When IP allowlisting on a role is enabled, logging into Keeper Desktop gets a dialog that has "Work Offline" as an option, but this does not work.

  If offline mode is allowed, the user should be able to work offline if IP is blocked.<br>
* **Fixed:** Small UI and visual alignments.<br>
* **Fixed:** When using KeeperFill for Apps over a remote connection (e.g. Remote Desktop or other remote access tools), the password injection sometimes sends the wrong character codes.<br>
* **Fixed:** Push notifications received while editing a record cancel the operation.<br>
* **Fixed:** Some competitor imports are not mapping every field.<br>
* **Fixed:** Shared folder names are not included in PDF export feature.<br>
* **Fixed:** Account recovery fails with confusing error message when the user is attempting the recovery within the wrong data center login domain.

## Security Updates

* **Resolved:** A potential cross-site scripting exploit was found by Adam Roberts of NCC Group in one of the Keeper Desktop application popups related to the security certificate warning when connecting to a network proxy. The popup message on the Keeper Desktop application included information from the signed certificate to the user via the proxy. An iFrame in the certificate warning pulled information from the network proxy which could contain injected content.\
  \
  Although Keeper's Content-Security-Policy disallows inline scripts from executing, Adam pointed out that an iFrame can open a local asset and potentially be a source of vulnerability. In order to exploit this, a user would need to first download a file to their local desktop and then connect to a network proxy which injected content via the certificate content. To prevent this from becoming a vulnerability, we now disallow iFrames via the Content-Security-Policy.\
  \
  Special thanks to Adam Roberts of NCC Group for reporting this bug.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.keeper.io/release-notes/jp/desktop/web-vault-+-desktop-app/older/vault-version-14.9.4.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.