This topic describes the release notes for Bastionhost and provides links to the relevant references.

2022

VersionFeatureTypeDescriptionInvolved editionRelease dateReferences
V3.2.31Oracle database O&MNewO&M operations can be performed on Oracle databases. Enterprise2022-12-22O&M overview
Management of third-party asset sourcesOptimizedThird-party asset sources, such as Amazon Web Services (AWS) and Tencent Cloud, can be imported and managed. Basic and EnterpriseManage third-party asset sources
Optimization of the O&M portalOptimizedThe O&M portal can be used by local users, Active Directory (AD)-authenticated users, and Lightweight Directory Access Protocol (LDAP)-authenticated users to modify keys and user information. Basic and EnterpriseConfigure security policies
Asset connectivity checkNewThe asset connectivity is automatically checked. The status of the asset connectivity is updated every 4 hours. Basic and EnterpriseManage a host
Management of AD and LDAP settingsOptimizedAD and LDAP settings can be cleared. Basic and EnterpriseConfigure AD authentication or LDAP authentication
Update of API operationsOptimizedAn API operation is released to manage the public key of a user. When a user is created or edited, the following settings can be configured: user's validity period, two-factor authentication, and whether the user must reset the password upon the next logon. Basic and EnterpriseNone
Host keyNewED25519 keys can be used as host keys. Basic and EnterpriseNone
V3.2.30O&M applicant reviewNewThe O&M applicant review feature is supported. After the feature is enabled, an O&M engineer can log on to the required assets and perform O&M operations only after the Bastionhost administrator approves the O&M application submitted by the O&M engineer. Basic and Enterprise2022-11-21Create a control policy
Host O&M tokenNewO&M tokens can be obtained on the Host O&M page. You can use an O&M token to perform client-based O&M. Basic and EnterpriseNone
NotificationNewText messages and email notifications are supported. In addition to internal messages, you can use text messages and emails to receive notifications such as command alerts, storage alerts, and notifications of O&M address changes. Basic and EnterpriseUse the notification feature
Asset monitoringNewAssets on which no O&M operations are performed for the last seven or 30 days can be filtered. Basic and EnterpriseNone
User logon settingsNewUsers can be configured to use only key pairs for authentication when they log on to a bastion host. Basic and EnterpriseConfigure the parameters on the User Settings tab
Two-factor authenticationNewThe mobile phone numbers in Saudi Arabia (+966) are supported by the two-factor authentication feature. Basic and EnterpriseEnable two-factor authentication
Settings for two-factor authenticationOptimizedTwo-factor authentication settings for multiple users can be modified at a time on the Users page. Basic and EnterpriseEnable two-factor authentication
Access control policiesOptimizedThe logic for creating access control policies is optimized. Basic and EnterpriseCreate a control policy
User status monitoringOptimizedTags are added for deleted RAM users. Basic and EnterpriseManage users
Stability optimizationOptimizedThe overload protection mechanism is supported to improve the stability of O&M sessions. Basic and EnterpriseNone
V3.2.28Database O&M and auditNewDatabase O&M and audit are supported. You can perform O&M and audit operations on ApsaraDB RDS for MySQL instances, ApsaraDB RDS for SQL Server instances, ApsaraDB RDS for PostgreSQL instances, and self-managed databases. Enterprise2022-07-27Use the database management feature
O&M portalNewThe O&M portal is added. You can log on to the O&M portal to maintain assets on which you have permissions on a web page. You can also use a one-time password (OTP) token to log on to the O&M portal as a local user. Basic and EnterpriseO&M overview
OTP tokens for local users to implement two-factor authenticationNewOTP tokens are provided for local users to implement two-factor authentication. Local users can scan the quick response (QR) code that is displayed in the O&M portal to implement two-factor authentication. Basic and EnterpriseEnable two-factor authentication
Custom ports for hostsNewCustom ports are supported for hosts. If you import multiple hosts by using an Excel file, you can specify custom ports for the hosts. Basic and EnterpriseChange the service port of a host
V3.2.26Management of third-party asset sourcesNewThird-party asset sources can be managed. You can import assets from third-party asset sources. Basic and Enterprise2022-04-06Add hosts
Verification codes of two-factor authenticationNewVerification codes can be sent by using notifications in DingTalk during two-factor authentication. You can select Chinese or English in which you want to send a verification code. Basic and EnterpriseEnable two-factor authentication
User settings for two-factor authenticationNewTwo-factor authentication can be configured for a single user. Basic and EnterpriseManage users
API operationsNewAPI operations are released to configure AD authentication, two-factor authentication, and shared keys. Basic and Enterprise
Search conditions for password change tasksOptimizedHost IP addresses and host names can be used to search for password change tasks. EnterpriseNone
Text messages for two-factor authenticationNewThe mobile phone numbers in Poland (+48) and Spain (+34) are supported by the two-factor authentication feature. Basic and EnterpriseWhich countries and regions support the SMS-based two-factor authentication feature of Bastionhost?
Regular updates of the configurations and status of AD-authenticated and LDAP-authenticated usersIteratedThe configurations and status of AD-authenticated and LDAP-authenticated users can be regularly updated. Basic and EnterpriseConfigure the parameters on the User Settings tab

2021

VersionFeatureTypeDescriptionInvolved editionRelease dateReferences
V3.2.22Authorization rulesNewAuthorization rules can be created. You can create authorization rules to authorize multiple users to manage assets. You can also specify a validity period for an authorization rule. Basic and Enterprise2021-11-22Create an authorization rule and Manage an authorization rule
Import and export of bastion host configurationsNewThe import and export of bastion host configurations are supported. You can export the configurations of a bastion host and import the exported configurations for use on other bastion hosts. Basic and EnterpriseUse the configuration backup feature
Proxy mode of the network domain featureNewThe proxy mode of the network domain feature is supported by Bastionhost Enterprise Edition. This allows you to configure a secondary proxy server in a network domain. If an error occurs on the primary proxy server, the secondary proxy server is automatically connected to your bastion host. EnterpriseUse the network domain feature
Network domainsNewInternal messages are supported to notify you of network domain errors. EnterpriseUse the notification feature
Personalized desktopsNewPersonalized desktops can be enabled when you configure O&M settings. Users can use Windows personalized desktops. Basic and EnterpriseConfigure O&M settings
Password reset upon next logonNewWhen you create a local user, you are allowed to specify whether the user must reset the password upon the next logon. Basic and EnterpriseManage users
V3.2.20Asset access by using proxiesNewProxies can be used to access assets. SSH, SOCKS5, and HTTP proxies are supported. Enterprise2021-07-22Use the network domain feature
Global configuration item for host fingerprint verificationNewA global configuration item is added to verify host fingerprints. Basic and EnterpriseConfigure O&M settings
Access control on logon accountsOptimizedAccess control on logon accounts is optimized. A switch is added to control whether empty accounts are visible. Basic and EnterpriseConfigure O&M settings
Backup and export of O&M logsNewO&M logs can be backed up and exported. Basic and EnterpriseUse the log backup feature
Internal messagesNewInternal messages are supported in the following scenarios:
  • Command approval and rejection
  • Password change
  • Storage alerts
  • Weekly O&M reports
  • Expired shared keys
Basic and EnterpriseUse the notification feature
Text messages for two-factor authenticationNewThe mobile phone numbers in France (+33), Israel (+972), and Italy (+39) are supported by the two-factor authentication feature. Basic and EnterpriseWhich countries and regions support the SMS-based two-factor authentication feature of Bastionhost?
V3.2.18Export of the host listNewThe host list can be exported. Basic and Enterprise2021-04-21Export the host list with a few clicks
Use the key management featureNewThe key management feature is released. This feature allows you to bind a key to multiple host accounts at a time. Basic and EnterpriseUse the shared key feature
Marking of usersOptimizedUsers can be marked as inactive based on the time range you specify. Basic and EnterpriseNone
Import of AD-authenticated or LDAP-authenticated usersOptimizedKeywords of usernames can be used to search for the AD-authenticated or LDAP-authenticated users that you want to import. Basic and EnterpriseManage users
Access control policiesNewThe access control feature is updated. You can specify time ranges to allow user access to a host. Basic and EnterpriseCreate a control policy
Two-factor authenticationNewEmails can be used to receive verification codes during two-factor authentication. You can specify the number of days a user can skip the two-factor authentication after the user enters the correct verification code. Basic and EnterpriseEnable two-factor authentication
Password validity period for local usersNewThe password validity period of a local user can be configured. Basic and EnterpriseConfigure the parameters on the User Settings tab
V3.2.17Password changeNewA task can be created to change the passwords of different Linux host accounts at a time. Enterprise2021-03-15Use the automatic password change feature
Clearance of the fingerprints on multiple hosts at a timeNewFingerprints on multiple hosts can be cleared at a time. Basic and EnterpriseClear host fingerprints
Searching for hosts, host groups, users, and user groupsOptimized
  • Names can be used to search for hosts or host groups.
  • Names can be used to search for users or user groups.
Basic and EnterpriseNone
Text messages for two-factor authenticationNewThe mobile phone numbers in the Republic of Korea (+82), the Philippines (+63), Taiwan (China) (+886), Switzerland (+41), and Sweden (+46) are supported by the two-factor authentication feature. Basic and EnterpriseWhich countries and regions support the SMS-based two-factor authentication feature of Bastionhost?
User logon prohibitionIteratedThe session interruption feature is released to prohibit users from accessing hosts. Basic and EnterpriseInterrupt sessions
Adding usersNewA user validity period can be configured when you create a local user or import an AD-authenticated or LDAP-authenticated user. Basic and EnterpriseManage users
O&M reportsNewThe O&M report feature is released. This feature allows you to export reports to Word, PDF, or HTML files. Basic and EnterpriseView the O&M information on the O&M Reports page and export an O&M report
Extended storage plans for audit videosIteratedExtended storage plans can be purchased to store audit videos. Basic and EnterprisePurchase a bastion host
Host O&M by using a web terminalNewO&M operations can be performed on hosts in the console of a bastion host by using a web terminal. EnterpriseUse the host O&M feature
Idle duration for O&M and total O&M durationIteratedIdle duration for O&M and total O&M duration can be configured. Basic and EnterpriseConfigure O&M settings
API operationsNewAPI operations are released to manage users, user groups, hosts, host groups, host accounts, and host authorization. Basic and EnterpriseHosts (available only for bastion hosts that run V3.2.17 and later versions)

2020

VersionFeatureTypeDescriptionInvolved editionRelease dateReferences
V3.2.13Release of Bastionhost Enterprise EditionNewBastionhost Enterprise Edition is released. Basic and Enterprise2020-11-16Billing
WizardNewA wizard is provided to walk you through how to use Bastionhost. To use the wizard, you can click Wizard in the upper-right corner in the console of a bastion host. Basic and EnterpriseNone
Marking of released Elastic Compute Service (ECS) instancesOptimizedReleased ECS instances can be marked. Basic and EnterpriseNone
User settingsNewUser groups can be selected when you create a user. Basic and EnterpriseManage users
Text messages for two-factor authenticationNewThe mobile phone numbers in Germany (+49), Australia (+61), the United States (+1), Dubai (+971), Japan (+81), the United Kingdom (+44), India (+91), and Macao (China) (+853) are supported by the two-factor authentication feature. Basic and EnterpriseWhich countries and regions support the SMS-based two-factor authentication feature of Bastionhost?
Network diagnosticsNewThe network diagnostics feature is released. Basic and EnterpriseDiagnose network issues