This topic describes the release notes for Bastionhost and provides links to the relevant references.
2023
Version | Feature | Type | Description | Involved edition | Release date | References |
V3.2.37 | O&M on PolarDB clusters | New | O&M on PolarDB clusters is supported. | Enterprise | 2023-08-30 | |
User list export | New | The user list can be exported. The user list contains usernames, email addresses, mobile phone numbers, and creation time of users. | Basic and Enterprise | |||
O&M token | Optimized | The management and control mechanism of O&M tokens is optimized. You can configure the validity period and number of usage times of O&M tokens. O&M engineers can renew O&M tokens. | Basic and Enterprise | |||
Update of API operations | Optimized | The O&M review and command review API operations are available. | Basic and Enterprise | None | ||
Asset network check | Optimized |
| Basic and Enterprise | |||
O&M duration limit | Optimized | The maximum duration of a single O&M session can be configured. The maximum duration of a single O&M session is seven days. | Basic and Enterprise | |||
V3.2.36 | Stability optimization | Optimized | Overload protection is optimized and component stability is improved. | Basic and Enterprise | 2023-07-18 | None |
V3.2.35 | Multi-zone configuration | New | Zones can be configured for vSwitchs. | Enterprise | 2023-05-30 | |
Notification | New | The following notifications are supported:
| Basic and Enterprise | |||
Two-factor authentication | New | The mobile phone numbers in Thailand (+66), Vietnam (+84), and Cambodia (+855) are supported by the two-factor authentication feature. | Basic and Enterprise | |||
Asset authorization process | Optimized | After you grant permissions on assets to users, you are redirected to the page on which you can grant permissions on asset accounts to the users. | Basic and Enterprise | None | ||
Snapshot synchronization of AD and LDAP-authenticated users | Optimized | Active Directory (AD)-authenticated users and Lightweight Directory Access Protocol (LDAP)-authenticated users can be synchronized on a regular basis. | Basic and Enterprise | |||
V3.2.33 | Connectivity test | New | The connectivity diagnostics feature is provided. You can use the feature to troubleshoot issues that are related to O&M connections between a client and a bastion host and between a bastion and an asset. | Basic and Enterprise | 2023-02-21 | None |
Asset risk monitoring | New | The asset risk monitoring feature is provided. The feature displays information about asset risks that are detected by Security Center. The information includes the alerts, vulnerabilities, and baseline risks that are detected on assets and the numbers of the alerts, vulnerabilities, and baseline risks. You can go to the Security Center console to handle the asset risks in a convenient manner. | Basic and Enterprise | None |
Release notes in 2022
Version | Feature | Type | Description | Involved edition | Release date | References |
V3.2.31 | Oracle database O&M | New | O&M operations can be performed on Oracle databases. | Enterprise | 2022-12-22 | |
Management of third-party asset sources | Optimized | Third-party asset sources, such as Amazon Web Services (AWS) and Tencent Cloud, can be imported and managed. | Basic and Enterprise | |||
Optimization of the O&M portal | Optimized | The O&M portal can be used by local users, AD-authenticated users, and LDAP-authenticated users to modify keys and user information. | Basic and Enterprise | |||
Asset connectivity check | New | The asset connectivity is automatically checked. The status of the asset connectivity is updated every 4 hours. | Basic and Enterprise | |||
Management of AD and LDAP settings | Optimized | AD and LDAP settings can be cleared. | Basic and Enterprise | |||
Update of API operations | Optimized | An API operation is released to manage the public key of a user. When a user is created or edited, the following settings can be configured: user's validity period, two-factor authentication, and whether the user must reset the password upon the next logon. | Basic and Enterprise | None | ||
Host key | New | ED25519 keys can be used as host keys. | Basic and Enterprise | None | ||
V3.2.30 | O&M application review | New | The O&M application review feature is supported. After the feature is enabled, an O&M engineer can log on to the required assets and perform O&M operations only after the Bastionhost administrator approves the O&M application submitted by the O&M engineer. | Basic and Enterprise | 2022-11-21 | |
Host O&M token | New | O&M tokens can be obtained on the Host O&M page. You can use an O&M token to perform client-based O&M. | Basic and Enterprise | None | ||
Notification | New | Text messages and emails are supported as notification methods. In addition to internal messages, you can receive text messages and emails that notify you of O&M address changes and alerts that are triggered by command execution and storage usage. | Basic and Enterprise | |||
Asset monitoring | New | Assets on which no O&M operations are performed for the last seven or 30 days can be filtered. | Basic and Enterprise | None | ||
User logon settings | New | Users can be configured to use only key pairs for authentication when they log on to a bastion host. | Basic and Enterprise | |||
Two-factor authentication | New | The mobile phone numbers in Saudi Arabia (+966) are supported by the two-factor authentication feature. | Basic and Enterprise | |||
Settings for two-factor authentication | Optimized | Two-factor authentication settings for multiple users can be modified at a time on the Users page. | Basic and Enterprise | |||
Access control policies | Optimized | The logic for creating access control policies is optimized. | Basic and Enterprise | |||
User status monitoring | Optimized | Tags are added for deleted RAM users. | Basic and Enterprise | |||
Stability optimization | Optimized | The overload protection mechanism is supported to improve the stability of O&M sessions. | Basic and Enterprise | None | ||
V3.2.28 | Database O&M and audit | New | Database O&M and audit are supported. You can perform O&M and audit operations on ApsaraDB RDS for MySQL instances, ApsaraDB RDS for SQL Server instances, ApsaraDB RDS for PostgreSQL instances, and self-managed databases. | Enterprise | 2022-07-27 | |
O&M portal | New | The O&M portal is added. You can log on to the O&M portal to maintain assets on which you have permissions on a web page. You can also use a one-time password (OTP) token to log on to the O&M portal as local user. | Basic and Enterprise | |||
OTP tokens for local users to implement two-factor authentication | New | OTP tokens are provided for local users to implement two-factor authentication. Local users can scan the quick response (QR) code that is displayed in the O&M portal to implement two-factor authentication. | Basic and Enterprise | |||
Custom ports for hosts | New | Custom ports are supported for hosts. If you import multiple hosts by using an Excel file, you can specify custom ports for the hosts. | Basic and Enterprise | |||
V3.2.26 | Management of third-party asset sources | New | Third-party asset sources can be managed. You can import assets from third-party asset sources. | Basic and Enterprise | 2022-04-06 | |
Verification codes of two-factor authentication | New | Verification codes can be sent by using notifications in DingTalk during two-factor authentication. You can select Chinese or English in which you want to send a verification code. | Basic and Enterprise | |||
User settings for two-factor authentication | New | Two-factor authentication can be configured for a single user. | Basic and Enterprise | |||
API operations | New | API operations are released to configure AD authentication, two-factor authentication, and shared keys. | Basic and Enterprise | |||
Search conditions for password change tasks | Optimized | Host IP addresses and host names can be used to search for password change tasks. | Enterprise | None | ||
Text messages for two-factor authentication | New | The mobile phone numbers in Poland (+48) and Spain (+34) are supported by the two-factor authentication feature. | Basic and Enterprise | Which countries and regions support the SMS-based two-factor authentication feature of Bastionhost? | ||
Regular updates of the configurations and status of AD-authenticated and LDAP-authenticated users | Iterated | The configurations and status of AD-authenticated and LDAP-authenticated users can be regularly updated. | Basic and Enterprise |
Release notes in 2021
Version | Feature | Type | Description | Involved edition | Release date | References |
V3.2.22 | Authorization rules | New | Authorization rules can be created. You can create authorization rules to authorize multiple users to manage assets. You can also specify a validity period for an authorization rule. | Basic and Enterprise | 2021-11-22 | Create an authorization rule and Manage an authorization rule |
Import and export of bastion host configurations | New | The import and export of bastion host configurations are supported. You can export the configurations of a bastion host and import the exported configurations for use on other bastion hosts. | Basic and Enterprise | |||
Proxy mode of the network domain feature | New | The proxy mode of the network domain feature is supported by Bastionhost Enterprise Edition. This allows you to configure a secondary proxy server in a network domain. If an error occurs on the primary proxy server, the secondary proxy server is automatically connected to your bastion host. | Enterprise | |||
Network domains | New | Internal messages are supported to notify you of network domain errors. | Enterprise | |||
Personalized desktops | New | Personalized desktops can be enabled when you configure O&M settings. Users can use Windows personalized desktops. | Basic and Enterprise | |||
Password reset upon next logon | New | When you create a local user, you are allowed to specify whether the user must reset the password upon the next logon. | Basic and Enterprise | |||
V3.2.20 | Asset access by using proxies | New | Proxies can be used to access assets. SSH, SOCKS5, and HTTP proxies are supported. | Enterprise | 2021-07-22 | |
Global configuration item for host fingerprint verification | New | A global configuration item is added to verify host fingerprints. | Basic and Enterprise | |||
Access control on logon accounts | Optimized | Access control on logon accounts is optimized. A switch is added to control whether empty accounts are visible. | Basic and Enterprise | |||
Backup and export of O&M logs | New | O&M logs can be backed up and exported. | Basic and Enterprise | |||
Internal messages | New | Internal messages are supported in the following scenarios:
| Basic and Enterprise | |||
Text messages for two-factor authentication | New | The mobile phone numbers in France (+33), Israel (+972), and Italy (+39) are supported by the two-factor authentication feature. | Basic and Enterprise | Which countries and regions support the SMS-based two-factor authentication feature of Bastionhost? | ||
V3.2.18 | Export of the host list | New | The host list can be exported. | Basic and Enterprise | 2021-04-21 | |
Use the key management feature | New | The key management feature is released. This feature allows you to bind a key to multiple host accounts at a time. | Basic and Enterprise | |||
Marking of users | Optimized | Users can be marked as inactive based on the time range you specify. | Basic and Enterprise | None | ||
Import of AD-authenticated or LDAP-authenticated users | Optimized | Keywords of usernames can be used to search for the AD-authenticated or LDAP-authenticated users that you want to import. | Basic and Enterprise | |||
Access control policies | New | The access control feature is updated. You can specify time ranges to allow user access to a host. | Basic and Enterprise | |||
Two-factor authentication | New | Emails can be used to receive verification codes during two-factor authentication. You can specify the number of days a user can skip the two-factor authentication after the user enters the correct verification code. | Basic and Enterprise | |||
Password validity period for local users | New | The password validity period of a local user can be configured. | Basic and Enterprise | |||
V3.2.17 | Password change tasks | New | A task can be created to change the passwords of different Linux host accounts at a time. | Enterprise | 2021-03-15 | |
Clearance of the fingerprints on multiple hosts at a time | New | Fingerprints on multiple hosts can be cleared at a time. | Basic and Enterprise | |||
Searching for hosts, host groups, users, and user groups | Optimized |
| Basic and Enterprise | None | ||
Text messages for two-factor authentication | New | The mobile phone numbers in the Republic of Korea (+82), the Philippines (+63), Taiwan (China) (+886), Switzerland (+41), and Sweden (+46) are supported by the two-factor authentication feature. | Basic and Enterprise | Which countries and regions support the SMS-based two-factor authentication feature of Bastionhost? | ||
User logon prohibition | Iterated | The session interruption feature is released to prohibit users from accessing hosts. | Basic and Enterprise | |||
Adding users | New | A user validity period can be configured when you create a local user or import an AD-authenticated or LDAP-authenticated user. | Basic and Enterprise | |||
O&M reports | New | The O&M report feature is released. This feature allows you to export reports to Word, PDF, or HTML files. | Basic and Enterprise | View the O&M information on the O&M Reports page and export an O&M report | ||
Extended storage plans for audit videos | Iterated | Extended storage plans can be purchased to store audit videos. | Basic and Enterprise | |||
Host O&M by using a web terminal | New | O&M operations can be performed on hosts in the console of a bastion host by using a web terminal. | Enterprise | |||
Idle duration for O&M and total O&M duration | Iterated | Idle duration for O&M and total O&M duration can be configured. | Basic and Enterprise | |||
API operations | New | API operations are released to manage users, user groups, hosts, host groups, host accounts, and host authorization. | Basic and Enterprise | Hosts (available only for bastion hosts that run V3.2.17 and later versions) |
Release notes in 2020
Version | Feature | Type | Description | Involved edition | Release date | References |
V3.2.13 | Release of Bastionhost Enterprise Edition | New | Bastionhost Enterprise Edition is released. | Basic and Enterprise | 2020-11-16 | |
Wizard | New | A wizard is provided to walk you through how to use Bastionhost. To use the wizard, you can click Wizard in the upper-right corner in the console of a bastion host. | Basic and Enterprise | None | ||
Marking of released Elastic Compute Service (ECS) instances | Optimized | Released ECS instances can be marked. | Basic and Enterprise | None | ||
User settings | New | User groups can be selected when you create a user. | Basic and Enterprise | |||
Text messages for two-factor authentication | New | The mobile phone numbers in Germany (+49), Australia (+61), the United States (+1), Dubai (+971), Japan (+81), the United Kingdom (+44), India (+91), and Macao (China) (+853) are supported by the two-factor authentication feature. | Basic and Enterprise | Which countries and regions support the SMS-based two-factor authentication feature of Bastionhost? | ||
Network diagnostics | New | The network diagnostics feature is released. | Basic and Enterprise |