Version 7.0.21 (Stable)
With KeePass Client v6.0.14 (no change)
Aug 17, 2015
These Release Notes detail the differences between this release and the last Stable Release (6.4.13). For information about the "Latest" versions inbetween, see Older And Inbetween Versions.
- Two factor authentication is now supported on both the web client and KeePass client.
- Refer to Two-factor Authentication for more information
- Self-Serve Active Directory Password Resets
- Provide self-serve Active Directory password resets/changing by allowing Password Server to set user passwords in a synced directory
- Refer to Quick Active Directory and OpenLDAP User Guide for more information
Mac Client: Pleasant Password Server Client is now available for OSX on the Mac App Store
Mandatory Usage Comments: Improves auditability of credential access
Allows Adminstrators or those with applicable permissions to require users to provide a comment when performing actions such as modifying a credential or viewing a password.
The comments are recorded in the Audit Logs.
Refer to Usage Comments for more information.
- Scheduled Password Auto Changer
- Schedule automated password changing for your Unix, Active Directory and Open LDAP servers
- Refer to Password Auto Changer for more information.
- SSO Proxy support for SSH (Single Sign-On Proxy)
- Refer to SSO Proxy for SSH for more information
- Offline Mode via Keepass: It will default to enabled, so upgrading users should disable it if they wish.
- Time limited access: Access to Entries and Folders can now be Granted with a time limit, allowing temporary access that automatically expires based on an inputted time. Can be as short as an hour.
- Refer to Setting Access Rules for more information.
- Email Notifications based on Access Levels
- Allows Adminstrators or those with applicable permissions to setup automatic Email Notifications when a selected Role and/or User carry out Triggering Actions.
- Adminstrators and Users with applicable permisson are able to customize Notification Triggers that are used to determine which actions or accesses should trigger a Notification. Notification Triggers are capable of being resused.
- Refer to Setting Up Notifications for more information.
- New Reports added
- Access Frequence Report: Displays all User activity on Pleasant Password Server between the inputted dates.
- Password Expiry Report: Display all passwords that will expire on or before the inputted date. Refer to
- Password Age Report: Display all passwords that are older than or equal to the inputted age value (in days).
- Load Report: Displays information regarding Pleasant Password Server Usage and server load based on the Logging information.
- Password Strength: Displays all passwords with a strength below a given threshold.
- Role Report: See which users have been assigned to which roles, broken down by direct assignment and inheritance through sub-roles.
- Refer to Reports for more information on the above reports.
- Skinning: Customization of Web Client with Company Name and Logos is now capable through the Settings Page.
- Refer to Web Client Customization for more information.
- Logging to SysLog: Password Server can be configured to log events to a SysLog server.
- Refer to Logging to SysLog for more information
- Password Generation
- Select from preset Password Profiles or use a custom set of parameters to generate random passwords
- Refer to Password Generation for more information
- Custom Fields are now accessible from the Web Client
- View and edit Cutoms Fields set in KeePass
- Include important fields in the grid to see them at a glance.
- Refer to Custom Fields for more information
- Attached Files are now available from the Web Client.
- Download attachments uploaded from KeePass
- Upload new attachments through the Web Client
- Tagging is now accessible from the Web Client
- View and edit Tags set in KeePass
- Quickly access Entries with a tag through the Tag folders.
Version 7.0.8 disallowed the use of ' / ' characters in Folder and Entry names. Version 7.0.21 contains a database upgrade that will replace the ' / ' characters in existing names with ' \ ' characters. The URLs and password data itself is unaffected
- Numerous UI improvements and fixes
- User Display Names are now shown in the Security, Notifications and Comment Requirements dialogs
- Columns on the Entry Table can now be resized and hidden.
- Clicking on a credential's name in the grid will open the credential.
- Notes field now expands as you type up to a maximum height.
- Restoring Entry from History has been improved to restore all available information from the History Database.
- Will restore Title, Username, Password, URL, Notes, Expiration Enabled, Expiration date, Custom Fields, and Attached Files.
- Will not affect Security, SSO Proxy, Notification, or Comment Settings.
- Refer to Credential History for more information.
- It is now possible to drag and drop credentials to change the location of a credential from one folder to another in the webclient.
- Made the UI behaviour in the security dialog more consitent when switching between adding Access for Roles, for Users, or for Blocking Inheirentance.
- When searching for a specific folder using the search feature it is now possible to click on the folder in the search result to navigate to that folder.
- The feedback form (accessible from the bottom of the page) has been improved.
- Support for Open LDAP and AD has improved
- User management has been improved with more configuration options
- Password Profiles can be created
- Lockout Policies can be created, locking or disabling accounts after a set amount of consecutive failed login attempts
- Two-Factor authentication is now supported
- Users can have policies directly assigned to them
- Timeout Policies can be configured from the Admin section of the Web Client
- Refer to User Policies for more information.
- Users can no longer delete their own permissions on the Root folder. This prevents a case where no one would have access to the Root.
- Users with "Use Via Proxy" permissions for an Entry can now view but not edit the SSO Proxy Settings so that they may know which placeholders and/or unique identifiers to use.
The database connection string placeholder [AppDataRoamingPleasant] has been replaced with [DataFolder] which represents the sub-path:
C:\ProgramData\Pleasant Solutions\Password Server
- Credential History convenience link added.
- When importing Entries and Folders that do not fit the Password Server naming conventions, the user will be given the option to have the client rename those Entries and Folders for them.
- KeePass now automatically refreshes an Entry every time it is opened to avoid displaying out of date information.
- Fixed an issue where changing password in KeePass would ignore the servers complexity setting
- Fixed an issue where going to the Admin Site from the KeePass client would direct you to the wrong URL
- Fixed an issue where the Desktop Client download page would display the wrong URL
- Various UI bugs
- Bugs related to various Active Directory operations should be fixed.
- Web Client will no longer save Folder or Entry names that contain '/' characters, users will be asked to use a different name.
- Corrected KeePass import behavior to reject imports containing invalid object names (Folders with no names or Folders and Entry with names containing '/' characters)
- Search results in the Web Client are now grouped by folder.
- Adding a custom field deletes all of an entry's attachments. Workaround: add attachments after adding custom fields, saving, and re-opening. Recover deleted attachments by restoring a revision that does have the attachment (Actions->History), downloading the attachment, restoring the current revision, then re-uploading the attachment.
- There is an issue where install that do not have a user called 'admin' with the 'Administer Users' permission will fail to start up after updating. This issue will be fixed in the next release.
- Old versions of Client apps that do not support the Usage Comment feature will not be able to perform actions that have "require comments" turned on. Make sure you also have the latest KeePass Client if you wish to use these features.
- This is a significant release and Password Server may take a long time to start back up (only the first time) after the install completes as your database is upgraded. Remember to back up your database before beginning the upgrade as interrupting this process could leave the database in an unusable state.
- Windows XP and Windows Server 2003 are no longer supported in Pleasant KeePass Client Version ≥ 6.0.1 (because of the .NET Framework ≥ 4.5 requirement). Users of those legacy operating systems should use Client Version 5.0.3 and Password Server Version 6.4.13 (the most recent to support Client Version 5.0.3) until they upgrade.
- Nested AD/LDAP groups cannot be imported in Password Server Version 7.0.1 - 7.3.5.
- Internet Explorer 8 is no longer supported in Password Server Version ≥ 7.0.1.
- In Internet Explorer, The Password Server must be viewed with Compatability Mode turned off. Some IE settings force intranet sites to be viewed in Compatability Mode; if these settings cannot be disabled, accessing the Web Client using its fully qualified domain name can get around these settings.