Client cert memory leak fix from FortiProxy.

Wad crash when trying to allocate a zero length object.

MySQL typo.

Port from FPX: EMS Cloud Fabric Connector not working.

Display create secret button in personal folder.

WinSCP video file deleted if user clicks reconnect when current connection closed.

Password changer crash.

`FortiProduct (SSH Key) ` passphrase field is password type.

wad crash when server side is disconnected

Format string bug in httpsd and cli - automation test.

Secret cannot be edited.

Secret upload improvement.

FortiPAM crashes when launching an associated secret to a Cisco server.

Improved user authentication log and replacement message page.

Refactor launch prompt error.

Remove none option in template permission.

Hide AV scan if no file launcher.

wad crash when SFTP/SMB authentication request is expired or manually modified.

Add upgrade function for alertemail mail to.

Change the default value of inherit-folder-ztna to disable to avoid configuration lost in upgrade.

Null pointer check to access permission table.

The user does not have permission to use email service and other GUI issues.

Folder permission validation.

Fix HA sync issue when user password policy is enabled.

SSH auto password delivery fails with server Cisco_7200.

Hide SSL_ERROR_SSL error messages from console.

LDAP/RADIUS 2FA authentication failure.

Format address array.

Use the original client IP for trusted host checking.

Bypass approval feature.

folder list clone update count.

WAD crash was observed.

Launching web account (FortiGate+DNS+FQDN) logs out the current user

In a folder with `Add Secret` and Secret `List` permission; clone a secret shows empty fields.

Automatically identify the correct remote server to authenticate a remote user.

Hide unnecessary service.

User info daemon crash.

In target-only, target-address field cannot be empty.

Request enforced for all secrets

Non-proxy PuTTy should be disabled when using an SSH key.

Invalid 'Approved Access' in secret.

WAD crash observed on CM build 0418.

miglogd crash observed on CM build 0418.

FortiPAM hardware license.

Provide an extra customized http header for extension to indicate video has finished.

Support totp in SSH authentication.

Optimize the navbar menu structure.

Add PAM disk conserve mode.

When installing FortiPAM for the first time, incorrect prompt when enabling email notification.

Allow % in secret url field.

Edit totp html.

Occasionally, server list is stuck unless refreshed.

Enable WebSMB service by default when creating a secret with template ' Unix Account (Web CIFS)'.

api-user cannot add a secret job.

Include email notification setting in the user wizard.

Add new radio for user defined role in the user wizard.

Job execution time display format issue.

Add regex and logic options to automation-trigger.

Web app launching failure.

Secret request refactor for multiple requests in one email.

Add secret name on the title of edit page.

Update template in upload xlsm.

Add settings related to combine multiple requests into one email; support custom port for baseurl.

Add authentication failure prompt to Web SSH.

Add user guide information for secret request email and vnc display number.

HA heartbeat port mimics admin access configuration of port1.

Combine multiple secret request notifications in one email to the approver.

Mask password on release build.

Display sudo disclaimer to user with SSH AUTO password.

Update secret wad cache when template gets updated.

PAM launching failure when NAT is in between.

Job list execution status.

Image restore from CLI failed when GUI pages are opened.

Provide download blocking replacement message page to users for file blocked by av/dlp.

Support AD restriction.

Hide DLP settings in secret when AVDB license expires.

Notify user when user number exceed licensed seats.

License expiration notification and restriction.

Enable editing the launcher for default secret templates.

Secret edits fail after cloning.

FortiPAM HTTP video storage backend refactor.

Allow creation of api-user with schedule.

Check secret duplication before clone.

Add CLI launchers.

Client software integrity check CLI support.

Support multiple requests

SSH auto password does not support sudo with disclaimer.

Support Logs of AV and DLP on GUI.

Support AntiVirus and DLP license validation check in the scan procedure of file transfer launchers.

Grey out non-editable DLP default sensors.

Missing DLP uploading file logs for Content_Archive and Content_Summary when launching WebSFTP and WebSMB.

Add target only secret template.

Multiple file transfer launchers cannot be launched within a single browser at the same time.

Remove disclaimer failed login information.

Modify table size for a different platform.

User unable see secret when they do not have access to the template.

Allow owner to bypass secret approval process.

Improvements on user delete.

Provide a way to explicitly download a secret video from the log page.

Prohibit deleting a root personal folder from the GUI.

Add validators for checking ssh private and public key format.

Hide address types not needed when creating a new address or an address group.

Web Launcher restriction not working.

AWS account creation requires more validation.

Add file size unit for DLP large-file.

Multiple launchings with customized templates.

Unnecessary 'Launch' button.

Adding field type check for sensitive information field when switching templates.

wad crash is observed; wad_aio_module_close closes during stress.

Inherited folder permission should show up in details.

Template and database user filter.

Change all the FortiGate names in VMware ovf files.

If the first firewall policy is disabled, FortiPAM GUI becomes unavailable.

Display remaining time for approved requests.

SSH launching fails after password change for the SSH key using template with password and passphrase.

Optimize secret approval flag in the GUI API.

Add two buttons that could go to the secret /secret video log page with targeted Token ID.

Check RAID disk status every 5 minutes.

PuTTY SSH connecting failure with the FortiTester server.

Add a new parameter for the WinSCP launcher: /newinstance.

Add status column for the job listing page.

After running the execute shutdown CLI command on FortiPAM 3000G, it does not powered off and its console still echoes the received characters even after being halted.

Format tje string bug in Fclicense daemon.

DLP profile is invisible to standard users.

Grey out the default password changers from the GUI.

WebSFTP and WebSMB cannot be controlled from Service Setting.

Failed to create a customized launcher.

Add the Hyper-V faceplate layout.

Application type in the log for WebSFTP and WebSMB is missing.

Add the certificate related attribute and test connection to server button.

After the factory reset, the GUI is not available from the default IP address.

Single concurrent session to logout from all wad workers.

The SSH logs page is showing previously displayed secret logs.

Upgrade liburing to latest release version 2.3.

Current system time is not correct when manually setting the time.

The FortiPAM HTTP module is unable to receive complete HTTP POST body from FortiClient's uploaded video.

Fatal error: unable to find "node_mod_common.h" during parallel build.

Unable to delete the last entry of IPv4 trusted hosts for the user.

Correct the typo in New user Definition(1.1).

Able to create identical folder in FortiPAM.

GUI stuck while opening a file with auto-password enabled.

Option to enable/disable the admin login disclaimer and modify the corresponding text.

Extesion Only: If launching a secret with Web SSH or Web FTP; only one session is recorded.

Update the secret name on the favorite menu after changing the secret name in the edit page.

LibGD to 2.3.3.

Failed to create a new user.

Enhance to forbid empty cluster password.

RDP connection failure on the hardware box when recording.

tcpdump vulnerabilities - precaution upgrade to 4.99.1.

Add ZTNA secret launch control on folder.

Separate settings for RADIUS/FAZ when using DR.

Add SFTP service control.

Include email notification setting in the user wizard.

Upgrade OpenSSL to 3.0.8.

Add a hint message for `Cisco Enable Secret` when no user secret is associated.

New everyone default user group.

Extend the shell prompt.

When the admin is under the glass breaking mode, request status is not correct after the admin approves the request.

Return the correct port media for FortiPAM3000G/1000G.

SSH procedure needs at least one 'expect' field to work.

When disabling the proxy mode on an SSH key secret, all the default launchers should be disabled.

New access control option for disabling the non-proxy mode.

VNC display variable support.

When the FortiPAM feature is disabled in the EMS, the GUI should display an error message.

Invalid alarm for a secret launching from a non-certificate client.

When failed to connect to FortiClient; no prompt on Chrome.

When there is no ForitClient and the user tries to launch the native launcher; should report an error.

Support logs for AV and DLP on the GUI.

Support DLP configuration on the GUI.

Add "device control by ZTNA Tag" for folders.

WAD SSH proxy could not connect to the Cisco router with KEX "diffie-hellman-group-exchange-sha1" + cipher "aes192-cbc".

Timestamp of log when it is in DST.

Use the correct package signatures.

Update log summary time frame to 7 days.

Change the faceplate port type to fiber to fit the appearance.

Send test emails.

Show "warning" or "disclaimer" when the admin logins to the interface IP address.

Edge case for secret editing.

Remove auto add LDAP/RADIUS server into the default authentication scheme database.

Add FortiPAM upgrade code (template srv-info).

Upgrade the KRB5 version to 1.19.4.

Remove the downgrade configuration migration function.

Upgrade sqlite version to 3.39.2.

Template permission control.

RDP restricted admin mode cannot auto log in to Windows 10/11.

Upgrade curl to 7.86.

Add certificate validation to automatic backup.

Accept FortiPAM 1.0.x HA member if HA group passwd is empty.

ZTNA layout enhancement.

Upgrade OpenLDAP version to 2.6.3.

New SecureCRT launcher.

Only display the entry of public folder list and personal folder; routing enhancement.

Delete 'SSH Auto-Password' tooltips and delete the job page web API text.

Change FortiGate to FortiPAM on VMware ovf files.

Adding the network diagnose tools support.

FortiPAM 1000G/ 3000G: No disk information, disk health, disk attributes, and disk errors commands on FortiPAM OS.

Add port option to the backup server.

When creating a new role, present the standard user's setting.

Enhancement for Secret List view.

Secret search under associated secret does not work.

Enhancement on managing auto password changing.

View button disappears for credential history.

Allow launching secrets when admin is in the glass breaking mode.

Add SFTP service setting.

Update secret verification status after verification.

Edit View tabs: Place actions above tabs.

Add secret policy clone functionality.

Syntax limitation: The format of [Variable] or Variable# is not allowed.

Remove web launchers from the launcher type drowdown.

Hardcode initial seats to 1000G/3000G.

Support GPT partitions and EXT4 file systems for KVM and VMware platforms.

Update API version to match the firmware version.

Support template clone and add permission flag for template response.

Rearrange port to fit machine appearance.

Rename 'Launch Device Control' to 'ZTNA Control'.

FortiPAM 1000G/3000G hardware RAID CLI execute raid create-and-format and diagnose system raid status commands.

Fix FortiToken cloud issue on manually inputting a wrong token.

Escape special characters in navigation URL.

Use reply-to email as sender address.

Support FortiToken mobile push configured on the FortiAuthenticator side.

Change password visibility process.

SSH auto password does not work when both key and password exist for a secret without an associated secret.

Command log shows the wrong Login user for Web SSH.

Moving multiple secrets and give the option of displaying failed secrets.

Template permission support.

Improve upload procedure to support other templates.

Add commands for web launcher proxy (web-authentication).

Add clone flag to secret policy.

Limit the number of characters in name and email fields to 64.

Prevent job new-line from reverting to the default password changer.

Support GPT partitions and EXT4 file systems for KVM and VMware platforms.

Adjust the secret list API handler so the GUI does not fail.

Set maximum body size for the internal API.

Authentication configuration mandatory field need to be highlighted.

Secret creation/cloning attribute not maintained.

GUI should show the full log message and would be better if the log messages only show changed configurations.

Web SSH crashes when using associated secret authentication.

SSH secret with PuTTY launcher in the proxy mode fails when authenticated with an associate secret.

New access control option for disabling the non-proxy mode.

Fix the secret UUID in the log.

Remove the domain field in the login page when SAML is not configured.

Rename 'Edit Secret' and 'Undo Changes'.

Delete the 16-bit option recording color depth.

When launching on the Cisco OS with Web SSH, the behavior of 'space' and '?' in keyboard are different with normal PuTTY or console.

Web SSH cursor issues.

Web SSH cursor is not at the correct position.

The Launch Secret button and the pwd-chg-sch-start-date field are not acting correctly for the secrets created from CLI with automatic password changing set up.

Information error for Web SSH/RDP/VNC.

Secret list improvements.

Wad trace GUI API support.

Send test backup function to apache.

Upgrade libssh2 to project trunk build.

Web proxy keywords table.

Revise layout in secret field so it is easier to edit.

User with view permission to a secret with the 'View Encrypted information' role should be able to view secret password and key.

New Secret > Allow for template switching without field conversion slide.

SSH filter issues.

Allow glass breaking user to launch any secret.

Restrict the user from upgrading the account profile to a permission higher than they have.

Prevent cmdb from adding a concurrent request.

Allow check-out after check-in.

Support right click to disable/enable a user.

WebSFTP and WebSMB cannot be controlled from Service Setting.

Password policy should not be available when the password changer type is 'SSH with Public Key'.

Hide the Expires column by default in Monitor > Active Sessions.

Add test email function to FortiPAM.

Prevent blocklist and allowlist from being set at the same time.

Port FortiOS ECO 218884: Openssl 3.0.

When creating or cloning a launcher, 'File Launcher' setting is not available on the GUI.

Add FQDN information in email notifications.

VNC dsplay variable support.

Add blocklist/allowlist to GUI API.

Prevent user from setting up a web-app launcher to non-default launcher.

Dynamic FQDN sometimes does not work for Web RDP.

Enable SMS option in the user wizard.

AV Profile not loading value.

Wad crash when no passphrase field in the template.

CLI does not show the FortiClient EMS endpoint in the available options to configure. Also, the CLI is missing 'autocomplete' for the feature.

FortiPAM 1.1.0 is no longer vulnerable to the following CVE-Reference(s):

• CVE-2023-37934