This topic lists the feature and documentation updates for Bastionhost.
2025
Version | Feature | Type | Description | Involved edition | Release date | References |
V3.2.48.1 | Password change tasks | New feature | Supports changing the passwords of privileged Linux accounts. | Enterprise Edition and SM Edition | 2025-10-14 | |
New feature | Lets you change the password for a single account in a task. | |||||
Optimized feature | Lets you view the failure logs of password change tasks. | |||||
Host audit data masking policies | New feature | Supports configuring data masking policies for host audit logs. | Basic Edition, Enterprise Edition, and SM Edition | |||
Offline player | New feature | Lets you download an offline player to play session recording files on your local machine. Note You must export the recording files from your bastion host to OSS and then download them to your local machine. For more information, see Export session recordings to OSS. | Basic Edition, Enterprise Edition, and SM Edition | |||
Bastionhost Assistant | New feature | Supports Mac Terminal. | Basic Edition, Enterprise Edition, and SM Edition | |||
Optimized feature | Supports silent installation. | |||||
User management | New feature | Lets you display and filter RAM users whose source is deleted. | Basic Edition, Enterprise Edition, and SM Edition | |||
New feature | Lets you view and export the public keys of users in the console. | |||||
System stability | New feature | Lets you configure an IP locking policy. If the number of failed logon attempts from a source IP address reaches the specified threshold, the system automatically adds the IP address to the blacklist. | Basic Edition, Enterprise Edition, and SM Edition | |||
API operations | New feature | Supports adding member accounts of a resource directory to a bastion host. | Enterprise Edition and SM Edition | Add member accounts of a resource directory to a bastion host (available only for V3.2.48 and later) | ||
Lets you query the member accounts of a resource directory that are imported to a bastion host. | ||||||
Supports removing member accounts of a resource directory from a bastion host. | ||||||
V3.2.46 | Database command control | New feature | Blacklist and whitelist policies can be configured for commands that are run during database O&M to facilitate command management. | Enterprise Edition and SM Edition | 2025-03-28 | |
Password change | New feature | Secure Shell (SSH) key rotation is supported. | Enterprise Edition and SM Edition | |||
Third-party assets | New feature | Google Cloud assets can be imported. | Basic Edition, Enterprise Edition, and SM Edition | |||
Logon remarks | New feature | O&M remarks are supported. After you enable logon remarks, O&M personnel must enter the remarks when they perform web page-based O&M and single sign-on (SSO)-based O&M operations, and apply for O&M tokens. | Basic Edition, Enterprise Edition, and SM Edition | |||
Remote Desktop Protocol (RDP)-based O&M on a web page | New feature | File transfer is supported when you perform O&M operations on Windows servers using a web page. | Enterprise Edition and SM Edition | |||
Database audit | Optimized feature | The duration of the SQL statements is displayed on the database audit page, and sorting is supported. | Enterprise Edition and SM Edition | N/A | ||
V3.2.45 | Network domain HTTPS proxy | New feature | The HTTPS proxy server can be configured for a network domain. | Enterprise Edition and SM Edition | 2025-01-15 | |
Asset remarks configured by O&M engineers | New feature | The remarks for assets in the O&M portal can be made by O&M engineers. | Basic Edition, Enterprise Edition, and SM Edition | |||
RDP-based O&M on a client | Optimized feature |
| Basic Edition, Enterprise Edition, and SM Edition | |||
LDAP authentication | Optimized feature | The logs are displayed after a connection fails to be established on the LDAP Authentication tab. | Basic Edition, Enterprise Edition, and SM Edition | N/A |
2024
Version | Feature | Type | Description | Involved edition | Release date | References |
V3.2.44 | Web-based O&M operations on databases | New feature | You can access and perform O&M operations on databases from a browser. | Enterprise Edition and SM Edition | 2024-11-19 | |
API operations | New feature |
| Basic Edition, Enterprise Edition, and SM Edition | |||
User status settings | Optimized feature | Lets you customize the check interval for automatically locking users who have not logged on for an extended period. | Basic Edition, Enterprise Edition, and SM Edition | N/A | ||
O&M applications | Optimized feature | O&M engineers can specify reasons when they apply for O&M permissions. | Basic Edition, Enterprise Edition, and SM Edition | N/A | ||
V3.2.43 | Application O&M | New feature | You can manage and perform O&M operations on client applications and web applications. | Enterprise Edition and SM Edition | 2024-09-23 | |
Single sign-on (SSO) | New feature | You can use the SSO tool Bastionhost Assistant to call a local client to access assets. | Basic Edition, Enterprise Edition, and SM Edition | |||
Password change tasks | New feature | You can create automatic password change tasks for Windows server accounts whose passwords are managed by Bastionhost. | Enterprise Edition and SM Edition | |||
IDaaS authentication | Optimized feature | You can configure the user synchronization scope and the SSO initiator. | Enterprise Edition and SM Edition | |||
Operation logs | Optimized feature | Refines part of the audit content. | Basic Edition, Enterprise Edition, and SM Edition | |||
Network domain | Optimized feature | Key authentication is added as an authentication method of the SSH proxy server configured for a network domain. | Enterprise Edition and SM Edition | |||
Web page-based O&M | Optimized feature | You can save the theme settings of the web page for O&M. | Enterprise Edition and SM Edition | |||
User management | Optimization | The Expiration date, Status, and LastActivityAt fields are added to the exported table of users. | Basic Edition, Enterprise Edition, and SM Edition | |||
Host O&M | Optimized feature |
| Basic Edition, Enterprise Edition, and SM Edition | |||
Portal-based O&M | Basic Edition, Enterprise Edition, and SM Edition | |||||
Overview page | Optimized feature | You can view the usage of the resource connection pool. Overload protection is triggered if the connections consume many resources. | Basic Edition, Enterprise Edition, and SM Edition | |||
V3.2.42 | User settings | New feature | You can change the configuration of password reset requirement upon the next logon for multiple users at a time. | Basic Edition, Enterprise Edition, and | 2024-06-26 | |
V3.2.41 | Automatic O&M | New feature | O&M tasks can be created to deliver scripts. Automatic O&M can be performed by running multiple scripts for host accounts at a time. | Enterprise Edition | 2024-06-05 | |
Multi-account management | New feature | Bastionhost can be connected to Resource Directory. After you connect Bastionhost to Resource Directory, the Elastic Compute Service (ECS) and ApsaraDB RDS instances within multiple Alibaba Cloud accounts can be automatically imported to a bastion host. | Enterprise Edition | |||
Private O&M | New feature |
| Enterprise Edition | |||
Connection to Key Management Service (KMS) | New feature | The ECS credentials that are managed in KMS instances within the same Alibaba Cloud account can be imported as logon information of host accounts. | Enterprise Edition | |||
Active Directory (AD) authentication | Optimized feature |
| Basic Edition and Enterprise Edition | |||
Authorization data dashboard | New feature | The assets that a user is authorized to manage on the User Groups or Authorization Rules page can be viewed on the details page of the user. | Basic Edition and Enterprise Edition | N/A | ||
V3.2.40 | User logon limits | New feature | Approved time ranges and source IP addresses for logon can be specified to control user access to bastion hosts. | Basic Edition and Enterprise Edition | 2024-03-27 | |
API operations | New feature |
| Basic Edition and Enterprise Edition | N/A | ||
Password change tasks | Optimized feature | The password complexity requirements for password change tasks are optimized. The number of characters can be customized. | Enterprise Edition | |||
Notifications | Optimized feature | Custom languages are supported. | Basic Edition and Enterprise Edition | |||
V3.2.39 | IDaaS authentication | New feature | IDaaS-authenticated users can log on to the O&M portal. Note Alibaba Finance Cloud and Alibaba Gov Cloud are not supported. | Enterprise Edition | 2024-02-26 | |
Third-party assets | New feature | Microsoft Azure assets can be imported. | Basic Edition and Enterprise Edition | N/A | ||
Control policies | New feature | A switch is supported. If you turn on the switch, keyboard operations that are performed during Remote Desktop Protocol (RDP)-based O&M can be audited on the Graphic Text tab. | Basic Edition and Enterprise Edition | |||
API | New feature | The API operations that are related to O&M tokens are supported. | Basic Edition and Enterprise Edition | N/A | ||
User password security settings | Optimized feature | The historical password check policy can be configured. The policy specifies the number of previous passwords that cannot be used by a user when the user resets a password. | Basic Edition and Enterprise Edition | |||
User management | Optimized feature |
| Basic Edition and Enterprise Edition | N/A | ||
Asset management | Optimized feature | Manual check for the status of ECS and ApsaraDB RDS instances is supported. | Basic Edition and Enterprise Edition | |||
V3.2.38.3 | Control policies | New feature | Fine-grained control policies can be associated with asset accounts. | Basic Edition and Enterprise Edition | 2024-01-25 | |
User management | New feature | Users who have not logged on to bastion hosts for a long period of time can be automatically locked. | ||||
Asset management | New feature | Passwords and keys of asset accounts can be exported and imported. | ||||
Client-based O&M | Optimization | The search feature of SSH-based O&M clients is optimized. You can filter search results and sort the results by specified parameters. | N/A | |||
Management of AD/LDAP users | Optimized feature | The synchronization logic of the mobile phone numbers of AD/LDAP users is optimized. You can configure whether to synchronize the mobile phone numbers of AD/LDAP users. | ||||
Authorization | Optimized feature | The process of authorizing users to manage the accounts of assets in asset groups is optimized. Existing accounts are automatically displayed for you to select. | Authorize a user to manage asset groups and the accounts of assets in the asset groups | |||
Session audit | Optimized feature | The search feature on the Session Audit page is optimized to support fuzzy match. | N/A |
2023
Version | Feature | Type | Description | Involved edition | Release date | References |
Basic Edition | Switch to a different zone | New feature | A vSwitch can be switched to a different zone. This prevents the bastion host from being inaccessible if the current zone becomes unavailable. | Basic Edition | 2023-09-18 | |
V3.2.37.1 | O&M on PolarDB clusters | New feature | O&M on PolarDB clusters is supported. | Enterprise Edition | 2023-08-30 | |
User list export | New feature | The user list can be exported. The user list contains usernames, email addresses, mobile phone numbers, user groups, and creation time of users. | Basic Edition and Enterprise Edition | |||
O&M token | Optimized feature | The management and control mechanism of O&M tokens is optimized. You can configure the validity period and number of usage times of O&M tokens. O&M engineers can renew O&M tokens. | Basic Edition and Enterprise Edition | |||
Update of API operations | Optimized feature | The API operations for O&M review and command review are available. | Basic Edition and Enterprise Edition | N/A | ||
Asset network check | Optimized feature |
| Basic Edition and Enterprise Edition | |||
O&M duration limit | Optimized feature | The maximum duration of a single O&M session can be configured. The maximum duration of a single O&M session is seven days. | Basic Edition and Enterprise Edition | |||
Real-time database O&M connections | Optimized feature | When O&M engineers use O&M tokens to access databases, the computing of real-time database O&M connections is optimized. This improves audit accuracy. | Enterprise Edition | N/A | ||
V3.2.36 | Optimized stability | Optimized feature | Overload protection is optimized and component stability is improved. | Basic Edition and Enterprise Edition | 2023-07-18 | N/A |
V3.2.35 | Multi-zone configuration | New feature | Zones can be configured for vSwitches. | Enterprise Edition | 2023-05-30 | |
Notifications | New feature | New user notifications:
| Basic Edition and Enterprise Edition | |||
Two-factor authentication | New feature | The mobile phone numbers in Thailand (+66), Vietnam (+84), and Cambodia (+855) are supported by the two-factor authentication feature. | Basic Edition and Enterprise Edition | |||
Asset authorization process | Optimized feature | When an asset is authorized, it is automatically transferred to the specified account. | Basic Edition and Enterprise Edition | N/A | ||
Snapshot synchronization of AD- and LDAP-authenticated users | Optimized feature | AD-authenticated users and LDAP-authenticated users can be synchronized on a regular basis. | Basic Edition and Enterprise Edition | |||
V3.2.33 | Connectivity test | New feature | The connectivity diagnostics feature is provided. You can use the feature to troubleshoot issues that are related to O&M connections between a client and a bastion host and between a bastion and an asset. | Basic Edition and Enterprise Edition | 2023-02-21 | N/A |
Asset risk monitoring | New feature | The asset risk monitoring feature is provided. The feature displays information about asset risks that are detected by Security Center. The information includes the alerts, vulnerabilities, and baseline risks that are detected on assets and the numbers of the alerts, vulnerabilities, and baseline risks. You can go to the Security Center console to handle the asset risks in a convenient manner. | Basic Edition and Enterprise Edition | N/A |
2022
Software version | Feature | Type | Description | Affected versions | Release date | Document link |
V3.2.31 | Oracle database O&M | New feature | Supports O&M for Oracle databases. | Enterprise Edition | 2022-12-22 | |
Third-party asset source management | Optimized feature | Supports importing and managing third-party cloud asset sources from Amazon Web Services and Tencent Cloud. | Basic Edition, Enterprise Edition | |||
O&M portal optimization | Optimized feature | Local, AD, and LDAP users can now modify their keys and personal information through the O&M portal. | Basic Edition, Enterprise Edition | |||
Asset connectivity check | New feature | Supports automatic asset connectivity checks. The connectivity status is updated every 4 hours. | Basic Edition, Enterprise Edition | |||
AD and LDAP configuration | Optimized feature | Supports purging AD and LDAP authentication configurations. | Basic Edition, Enterprise Edition | |||
API updates | Optimized feature | The API for managing public keys of users is now available. When you create or edit a user, you can now configure the user validity period, two-factor authentication settings, and whether the user must change their password upon the next logon. | Basic Edition, Enterprise Edition | None | ||
Host key | New feature | Host keys now support the ed25519 format. | Basic Edition, Enterprise Edition | None | ||
V3.2.30 | O&M approval | New feature | Supports secondary O&M approval. When an O&M engineer logs on to an asset, a secondary approval from an administrator is required. | Basic Edition, Enterprise Edition | 2022-11-21 | |
Host O&M token | New feature | During client-based O&M, you can request an O&M token from the host O&M interface to perform O&M tasks. | Basic Edition, Enterprise Edition | None | ||
Message notifications | New feature | Adds notifications through text messages and emails. In addition to internal messages, you can now receive notifications such as command alerts, storage alerts, and O&M address changes through text messages and emails. | Basic Edition, Enterprise Edition | |||
Asset monitoring | New feature | Adds popularity monitoring for O&M assets. You can filter for assets that have not been operated on in the last 7 or 30 days. | Basic Edition, Enterprise Edition | None | ||
User logon configuration | New feature | You can restrict logon to Bastionhost to only allow the use of keys. | Basic Edition, Enterprise Edition | |||
Two-factor authentication | New feature | Adds two-factor authentication using text messages for Saudi Arabia (+966). | Basic Edition, Enterprise Edition | |||
Two-factor authentication configuration | Optimized feature | Supports batch modification of two-factor authentication configurations on the User List page. | Basic Edition, Enterprise Edition | |||
Control policy | Optimized feature | Optimizes the logic for creating control policies. | Basic Edition, Enterprise Edition | |||
User status monitoring | Optimized feature | Adds a mark for deleted RAM users. | Basic Edition, Enterprise Edition | |||
Stability optimization | Optimized feature | Adds an overload protection mechanism to improve the stability of O&M sessions. | Basic Edition, Enterprise Edition | None | ||
V3.2.28 | Database O&M audit | New feature | Adds database O&M auditing. Supports O&M control and auditing for RDS instances of the MySQL, SQL Server, and PostgreSQL types, along with for self-managed databases. | Enterprise Edition | 2022-07-27 | |
O&M portal | New feature | Adds an O&M portal. O&M users can perform O&M on authorized assets from the web-based O&M portal. Local users can also use the O&M portal to log on with OTP token authentication. | Basic Edition, Enterprise Edition | |||
Two-factor authentication for local users using OTP tokens | New feature | Local users can self-scan a QR code through the O&M portal to perform two-factor authentication with an OTP token. | Basic Edition, Enterprise Edition | |||
Custom host port | New feature | Supports custom host ports. When you batch import hosts from an Excel file, you can now configure custom host ports. | Basic Edition, Enterprise Edition | |||
V3.2.26 | Third-party asset source management | New feature | Adds the third-party asset source management feature. You can import assets from third-party asset sources. | Basic Edition, Enterprise Edition | 2022-04-06 | |
Two-factor verification code | New feature | Adds a feature to send two-factor verification codes through DingTalk work notifications. You can select Chinese or English as the language for the verification code. | Basic Edition, Enterprise Edition | |||
User configuration for two-factor authentication | New feature | Adds the ability to configure two-factor authentication for individual users. | Basic Edition, Enterprise Edition | |||
API operations | New feature | Adds API operations for AD authentication, two-factor authentication, and shared key configuration. | Basic Edition, Enterprise Edition | |||
Search items for password change tasks | Optimized feature | Optimizes search items for password change tasks. You can now search by host IP address and hostname. | Enterprise Edition | None | ||
Text message authentication | New feature | Adds support for text message authentication in Poland (+48) and Spain (+34). | Basic Edition, Enterprise Edition | Which countries and regions are supported for Bastionhost two-factor authentication by text message? | ||
Scheduled synchronization of configuration information and status for AD and LDAP users | Iterated feature | Adds the ability to periodically sync and update the configuration information and status of AD and LDAP users. | Basic Edition, Enterprise Edition |
2021
Version | Feature | Type | Description | Involved edition | Release date | References |
V3.2.22 | Authorization rules | New feature | Authorization rules can be created. You can create authorization rules to authorize multiple users to manage assets. You can also specify a validity period for an authorization rule. | Basic Edition and Enterprise Edition | 2021-11-22 | Create an authorization rule and Manage an authorization rule |
Import and export of bastion host configurations | New feature | The import and export of bastion host configurations are supported. You can export the configurations of a bastion host and import the exported configurations for use on other bastion hosts. | Basic Edition and Enterprise Edition | |||
Network Domain High-Availability Mode | New feature | The proxy mode of the network domain feature is supported by Bastionhost Enterprise Edition. This lets you configure a secondary proxy server in a network domain. If an error occurs on the primary proxy server, the secondary proxy server is automatically connected to your bastion host. | Enterprise Edition | |||
Network Domain Proxy | New feature | Internal messages are supported to notify you of network domain errors. | Enterprise Edition | |||
Personalized desktops | New feature | Personalized desktops can be enabled when you configure O&M settings. Users can use Windows personalized desktops. | Basic Edition and Enterprise Edition | |||
Password reset upon next logon | New feature | When you create a local user, you are allowed to specify whether the user must reset the password upon the next logon. | Basic Edition and Enterprise Edition | |||
V3.2.20 | Asset access using proxies | New feature | Proxies can be used to access assets. SSH, SOCKS5, and HTTP proxies are supported. | Enterprise Edition | 2021-07-22 | |
Global configuration item for host fingerprint verification | New feature | A global configuration item is added to verify host fingerprints. | Basic Edition and Enterprise Edition | |||
Access control on logon accounts | Optimized feature | Access control on logon accounts is optimized. A switch is added to control whether empty accounts are visible. | Basic Edition and Enterprise Edition | |||
Backup and export of O&M logs | New feature | O&M logs can be backed up and exported. | Basic Edition and Enterprise Edition | |||
Internal messages | New feature | The internal message notification feature is now available and includes the following:
| Basic Edition and Enterprise Edition | |||
Text messages for two-factor authentication | New feature | The mobile phone numbers in France (+33), Israel (+972), and Italy (+39) are supported by the two-factor authentication feature. | Basic Edition and Enterprise Edition | |||
V3.2.18 | Export of the host list | New feature | The host list can be exported. | Basic Edition and Enterprise Edition | 2021-04-21 | |
Key management | New feature | The key management feature is released. This feature lets you bind a key to multiple host accounts at a time. | Basic Edition and Enterprise Edition | |||
Marking of users | Optimized feature | Users can be marked as inactive based on the time range you specify. | Basic Edition and Enterprise Edition | N/A | ||
Import of AD-authenticated or LDAP-authenticated users | Optimized feature | Keywords of usernames can be used to search for the AD-authenticated or LDAP-authenticated users that you want to import. | Basic Edition and Enterprise Edition | |||
Control policies | New feature | You can add a restriction on user logon times to the control policy. | Basic Edition and Enterprise Edition | |||
Two-factor authentication | New feature | Emails can be used to receive verification codes during two-factor authentication. You can specify the number of days a user can skip the two-factor authentication after the user enters the correct verification code. | Basic Edition and Enterprise Edition | |||
Password validity period for local users | New feature | The password validity period of a local user can be configured. | Basic Edition and Enterprise Edition | |||
V3.2.17 | Password change tasks | New feature | A task can be created to change the passwords of different Linux host accounts at a time. | Enterprise Edition | 2021-03-15 | |
Clearance of the fingerprints on multiple hosts at a time | New feature | Fingerprints on multiple hosts can be cleared at a time. | Basic Edition and Enterprise Edition | |||
Searching for hosts, host groups, users, and user groups | Optimized feature |
| Basic Edition and Enterprise Edition | N/A | ||
Text messages for two-factor authentication | New feature | The mobile phone numbers in the Republic of Korea (+82), the Philippines (+63), Taiwan (China) (+886), Switzerland (+41), and Sweden (+46) are supported by the two-factor authentication feature. | Basic Edition and Enterprise Edition | |||
User logon prohibition | Iterated feature | The session interruption feature is released to prohibit users from accessing hosts. | Basic Edition and Enterprise Edition | |||
Adding users | New feature | A user validity period can be configured when you create a local user or import an AD-authenticated or LDAP-authenticated user. | Basic Edition and Enterprise Edition | |||
O&M reports | New feature | The O&M report feature is released. This feature lets you export reports to WORD, PDF, or HTML files. | Basic Edition and Enterprise Edition | |||
Extended storage plans for audit videos | Iteration | Extended storage plans can be purchased to store audit videos. | Basic Edition and Enterprise Edition | |||
Host O&M using a web terminal | New feature | O&M operations can be performed on hosts in the console of a bastion host using a web terminal. | Enterprise Edition | |||
Idle duration for O&M and total O&M duration | Iteration | Idle duration for O&M and total O&M duration can be configured. | Basic Edition and Enterprise Edition | |||
API operations | New feature | API operations are released to manage users, user groups, hosts, host groups, host accounts, and host authorization. | Basic Edition and Enterprise Edition | Hosts (available only for bastion hosts that run V3.2.17 and later versions) |
2020
Version | Feature | Type | Description | Involved edition | Release date | Related Documentation |
V3.2.13 | Release of Bastionhost Enterprise Edition | New feature | Bastionhost Enterprise Edition is released. | Basic Edition and Enterprise Edition | 2020-11-16 | |
Wizard | New feature | A wizard is provided to walk you through how to use Bastionhost. To use the wizard, you can click Wizard in the upper-right corner in the Bastionhost console. | Basic Edition and Enterprise Edition | N/A | ||
Marking of released ECS instances | Optimized feature | Released ECS instances can be marked. | Basic Edition and Enterprise Edition | N/A | ||
User settings | New feature | User groups can be selected when you create a user. | Basic Edition and Enterprise Edition | |||
Text messages for two-factor authentication | New feature | The mobile phone numbers in Germany (+49), Australia (+61), the United States (+1), Dubai (+971), Japan (+81), the United Kingdom (+44), India (+91), and Macao (China) (+853) are supported by the two-factor authentication feature. | Basic Edition and Enterprise Edition | |||
Network diagnostics | New feature | The network diagnostics feature is released. | Basic Edition and Enterprise Edition |