|Director Version||Agent Version||What's New|
|14.3||14.3|| - The Windows Agent (32-bit & 64-bit) now supports SSH TrustAuthority and TrustForce.
- Support for PuTTY private keys in addition to OpenSSL keys
- RSA1 keys are now discovered by Venafi Agent and reported by Venafi Trust Protection Platform as “Vulnerable Protocol” violations. The reporting can be switched off by turning the new “Allow SSH1” policy setting to “Yes”.
- Encrypted private keys are now discovered by Venafi Agent and matched to existing public and authorized keys by Venafi Platform. As a security feature, to enable rotations for the keyset, the matching still requires manual confirmation by reviewing the keyset and marking as OK
-It is now possible to see Agent discovery result sets in the Web Administration console.
|14.2||14.2||REST agent with both SSH and SSL functionality|
|14.1||14.1||New REST agent containing only SSH discovery capability|
1) 64-bit agent for Linux. The Linux agent is now delivered in both 32-bit and 64-bit versions. *Upgrade from a 32 bit agent to a 64 bit agent is not supported. An uninstall of the 32 bit agent is required before the install of the 64 bit agent.
NFS/CIFS Exclusions. Improves performance and reduces resource load by providing the option to configure the Director agent to exclude searching on NFS or CIFS mount points for certificates and SSH keys during discovery operations.
1) Selecting 'Use Agent Configuration' for 'Scan Certificates' value will no longer disable scanning on all agents that call home.
2) Resolved an issue where upgrade could fail as a result of unpacking libvevent.dll on Windows agents.
3) Agents now report version information back to the Director. A new column in the Base Agent Discovery grid allows for easy sorting of results.
4) A failed upgrade resulting from a library not matching its checksum no longer results in a broken agent. The agent now successfully rolls back to previous bundle.
5) The Windows installer now has a checkbox to start the agent after installation completion.
6) Base Agent configuration now supports multiple call home addresses.
7) Updated libapr to 1.4.6 as response to libapr security fix.
8) Fixed an issue where the agent would fall into an infinite loop if a user without local administrator rights attempted to force a call home.
9) Resolved a resource leak where process handles could possibly be duplicated and not released.
10) The KMIP Server will no longer offer an update package, if the package does not match it's checksum.
11) A forced upgrade no longer results in the agent falling into an infinite loop.
12) *NIX agent uninstall is now cleaning up all files and agent databases, except config. Previously, if the Agent was running, there would be leftover files and the potential of corrupted databases.
13) Upgrade now replaces files based on versioning. This resolves an issue where a higher version update was not applied.
14) *NIX agent init scripts now display status of starting agent service.15) Fixed an issue where Windows agents would crash if configured to use an empty configuration XML file.
1) Fixed an issue where on some distributions of Linux the installer would fail to create the /etc/venafi directory.
2) Improved installer error messaging.
3) Upgrade now uses file versioning when laying files down atop existing files.
4) The init scripts now display status on restart/stop/start.
5) Improved wildcarding error handling and messaging.
6) The GUID of the agent is now shown in logs and in version information.
|8.0||3.2.1||Agent scanners can now be configured to exclude folders using wildcard patterns that are commonly used in Unix/Windows scripting. You can also use wildcards for file targeting of keystores. Wildcard syntax is based on file pattern glob rules.|
Results delivered from agents can now be split into multiple discovery results tables.
1) Now provides the ability to push updated agent modules from the server.