This topic describes the release notes for Bastionhost and provides links to the relevant references.
Release notes for 2024
Version | Feature | Type | Description | Involved edition | Release date | References |
V3.2.42 | User settings | New feature | You can change the configuration of password reset requirement upon the next logon for multiple users at a time. | Basic Edition and Enterprise Edition | 2024-06-26 | |
V3.2.41 | Automatic O&M | New feature | O&M tasks can be created to deliver scripts. Automatic O&M can be performed by running multiple scripts for host accounts at a time. | Enterprise Edition | 2024-06-05 | |
Multi-account management | New feature | Bastionhost can be connected to Resource Directory (RD). After you connect Bastionhost to RD, the Elastic Compute Service (ECS) and ApsaraDB RDS instances within multiple Alibaba Cloud accounts can be automatically imported to a bastion host. | Enterprise Edition | |||
Private O&M | New feature |
| Basic Edition and Enterprise Edition | |||
Connection to KMS | New feature | The ECS secrets that are managed in Key Management Service (KMS) instances within the same Alibaba Cloud account can be imported as logon information of host accounts. | Enterprise Edition | |||
AD authentication | Optimized feature |
| Basic Edition and Enterprise Edition | |||
Authorization data dashboard | New feature | The assets that a user is authorized to manage on the User Groups or Authorization Rules page can be viewed on the details page of the user. | Basic Edition and Enterprise Edition | N/A | ||
V3.2.40 | User logon limits | New feature | Approved time ranges and source IP addresses for logon can be specified to control user access to bastion hosts. | Basic Edition and Enterprise Edition | 2024-03-27 | |
API operations | New feature |
| Basic Edition and Enterprise Edition | N/A | ||
Automatic password change | Optimized feature | The password complexity requirements for password change tasks are optimized. The number of characters can be customized. | Enterprise Edition | |||
Notification | Optimized feature | The natural language used to send notifications to users can be specified. | Basic Edition and Enterprise Edition | |||
V3.2.39 | IDaaS authentication | New feature | Identity as a Service (IDaaS)-authenticated users can log on to the O&M portal. Note Alibaba Finance Cloud and Alibaba Gov Cloud are not supported. | Enterprise Edition | 2024-02-26 | |
Third-party assets | New feature | Azure assets can be imported. | Basic Edition and Enterprise Edition | N/A | ||
Control policies | New feature | A switch is supported. If you turn on the switch, keyboard operations that are performed during Remote Desktop Protocol (RDP)-based O&M can be audited on the Graphic Text tab. | Basic Edition and Enterprise Edition | |||
API | New feature | The API operations that are related to O&M tokens are supported. | Basic Edition and Enterprise Edition | N/A | ||
User password security settings | Optimized feature | The historical password check policy can be configured. The policy specifies the number of previous passwords that cannot be used by a user when the user resets a password. | Basic Edition and Enterprise Edition | |||
User management | Optimized feature |
| Basic Edition and Enterprise Edition | N/A | ||
Asset management | Optimized feature | Manual check for the status of ECS and ApsaraDB for RDS instances is supported. | Basic Edition and Enterprise Edition | |||
V3.2.38.3 | Control policies | New feature | Fine-grained control policies can be associated with asset accounts. | Basic Edition and Enterprise Edition | 2024-01-25 | |
User management | New feature | Users who have not logged on to bastion hosts for a long period of time can be automatically locked. | ||||
Asset management | New feature | Passwords and keys of asset accounts can be exported and imported. | ||||
Client-based O&M | Optimized feature | The search feature of SSH-based O&M clients is optimized. You can filter search results and sort the results by specified parameters. | N/A | |||
Management of AD-authenticated users and LDAP-authenticated users | Optimized feature | The synchronization logic of the mobile phone numbers of AD-authenticated users and Lightweight Directory Access Protocol (LDAP)-authenticated users is optimized. You can configure whether to synchronize the mobile phone numbers of AD-authenticated users and LDAP-authenticated users. | ||||
Authorization | Optimized feature | The process of authorizing users to manage the accounts of assets in asset accounts is optimized. Existing accounts are automatically displayed for you to select. | Authorize a user to manage asset groups and the accounts of assets in the asset groups | |||
Session audit | Optimized feature | The search feature on the Session Audit page is optimized to support fuzzy match. | N/A |
Release notes for 2023
Version | Feature | Type | Description | Involved edition | Release date | References |
Basic Edition | Switch to a different zone | New feature | A vSwitch can be switched to a different zone. This prevents the bastion host from being inaccessible if the current zone becomes unavailable. | Basic Edition | 2023-09-18 | |
V3.2.37.1 | O&M on PolarDB clusters | New feature | O&M operations on PolarDB clusters are supported. | Enterprise Edition | 2023-08-30 | |
User list export | New feature | The user list can be exported. The user list contains usernames, email addresses, mobile phone numbers, and creation time of users. | Basic Edition and Enterprise Edition | |||
O&M token | Optimized feature | The management and control mechanism of O&M tokens is optimized. You can configure the validity period and number of usage times of O&M tokens. O&M engineers can renew O&M tokens. | Basic Edition and Enterprise Edition | |||
Update of API operations | Optimized feature | The API operations for O&M review and command review are available. | Basic Edition and Enterprise Edition | N/A | ||
Asset network check | Optimized feature |
| Basic Edition and Enterprise Edition | |||
O&M duration limit | Optimized feature | The maximum duration of a single O&M session can be configured. The maximum duration of a single O&M session is seven days. | Basic Edition and Enterprise Edition | |||
Real-time database O&M connections | Optimized feature | When O&M engineers use O&M tokens to access databases, the computing of real-time database O&M connections is optimized. This improves audit accuracy. | Enterprise Edition | N/A | ||
V3.2.36 | Stability optimization | Optimized feature | Overload protection is optimized and component stability is improved. | Basic Edition and Enterprise Edition | 2023-07-18 | N/A |
V3.2.35 | Multi-zone configuration | New feature | Zones can be configured for vSwitches. | Enterprise Edition | 2023-05-30 | |
Notification | New feature | The following notifications are supported:
| Basic Edition and Enterprise Edition | |||
Two-factor authentication | New feature | The mobile phone numbers in Thailand (+66), Vietnam (+84), and Cambodia (+855) are supported by the two-factor authentication feature. | Basic Edition and Enterprise Edition | |||
Asset authorization process | Optimized feature | After you grant permissions on assets to users, you are redirected to the page on which you can grant permissions on asset accounts to the users. | Basic Edition and Enterprise Edition | N/A | ||
Snapshot synchronization of AD- and LDAP-authenticated users | Optimized feature | AD-authenticated users and LDAP-authenticated users can be synchronized on a regular basis. | Basic Edition and Enterprise Edition | |||
V3.2.33 | Connectivity test | New feature | The connectivity diagnostics feature is provided. You can use the feature to troubleshoot issues that are related to O&M connections between a client and a bastion host and between a bastion and an asset. | Basic Edition and Enterprise Edition | 2023-02-21 | N/A |
Asset risk monitoring | New feature | The asset risk monitoring feature is provided. The feature displays information about asset risks that are detected by Security Center. The information includes the alerts, vulnerabilities, and baseline risks that are detected on assets and the numbers of the alerts, vulnerabilities, and baseline risks. You can go to the Security Center console to handle the asset risks in a convenient manner. | Basic Edition and Enterprise Edition | N/A |
Release notes for 2022
Version | Feature | Type | Description | Involved edition | Release date | References |
V3.2.31 | Oracle database O&M | New feature | O&M operations can be performed on Oracle databases. | Enterprise Edition | 2022-12-22 | |
Management of third-party asset sources | Optimized feature | Third-party asset sources, such as Amazon Web Services (AWS) and Tencent Cloud, can be imported and managed. | Basic Edition and Enterprise Edition | |||
Optimization of the O&M portal | Optimized feature | The O&M portal can be used by local users, AD-authenticated users, and LDAP-authenticated users to modify keys and user information. | Basic Edition and Enterprise Edition | |||
Asset connectivity check | New feature | The asset connectivity is automatically checked. The status of the asset connectivity is updated every 4 hours. | Basic Edition and Enterprise Edition | |||
Management of AD and LDAP settings | Optimized feature | AD and LDAP settings can be cleared. | Basic Edition and Enterprise Edition | |||
Update of API operations | Optimized feature | An API operation is released to manage the public key of a user. When a user is created or edited, the following settings can be configured: user's validity period, two-factor authentication, and whether the user must reset the password upon the next logon. | Basic Edition and Enterprise Edition | N/A | ||
Host key | New feature | ED25519 keys can be used as host keys. | Basic Edition and Enterprise Edition | N/A | ||
V3.2.30 | O&M applicant review | New feature | The O&M application review feature is supported. After the feature is enabled, an O&M engineer can log on to the required assets and perform O&M operations only after the Bastionhost administrator approves the O&M application submitted by the O&M engineer. | Basic Edition and Enterprise Edition | 2022-11-21 | |
Host O&M token | New feature | O&M tokens can be obtained on the Host O&M page. You can use an O&M token to perform client-based O&M. | Basic Edition and Enterprise Edition | N/A | ||
Notification | New feature | Text messages and emails are supported as notification methods. In addition to internal messages, you can receive text messages and emails that notify you of O&M address changes and alerts that are triggered by command execution and storage usage. | Basic Edition and Enterprise Edition | |||
Asset monitoring | New feature | Assets on which no O&M operations are performed for the last seven or 30 days can be filtered. | Basic Edition and Enterprise Edition | N/A | ||
User logon settings | New feature | Users can be configured to use only key pairs for authentication when they log on to a bastion host. | Basic Edition and Enterprise Edition | |||
Two-factor authentication | New feature | The mobile phone numbers in Saudi Arabia (+966) are supported by the two-factor authentication feature. | Basic Edition and Enterprise Edition | |||
Settings for two-factor authentication | Optimized feature | Two-factor authentication settings for multiple users can be modified at a time on the Users page. | Basic Edition and Enterprise Edition | |||
Control policies | Optimized feature | The logic for creating control policies is optimized. | Basic Edition and Enterprise Edition | |||
User status monitoring | Optimized feature | Tags are added for deleted RAM users. | Basic Edition and Enterprise Edition | |||
Stability optimization | Optimized feature | The overload protection mechanism is supported to improve the stability of O&M sessions. | Basic Edition and Enterprise Edition | N/A | ||
V3.2.28 | Database O&M and audit | New feature | Database O&M and audit are supported. You can perform O&M and audit operations on ApsaraDB RDS for MySQL instances, ApsaraDB RDS for SQL Server instances, ApsaraDB RDS for PostgreSQL instances, and self-managed databases. | Enterprise Edition | 2022-07-27 | |
O&M portal | New feature | The O&M portal is added. You can log on to the O&M portal to maintain assets on which you have permissions on a web page. You can also use a one-time password (OTP) token to log on to the O&M portal as local user. | Basic Edition and Enterprise Edition | |||
OTP tokens for local users to implement two-factor authentication | New feature | OTP tokens are provided for local users to implement two-factor authentication. Local users can scan the quick response (QR) code that is displayed in the O&M portal to implement two-factor authentication. | Basic Edition and Enterprise Edition | |||
Custom ports for hosts | New feature | Custom ports are supported for hosts. If you import multiple hosts by using an Excel file, you can specify custom ports for the hosts. | Basic Edition and Enterprise Edition | |||
V3.2.26 | Management of third-party asset sources | New feature | Third-party asset sources can be managed. Assets can be imported from third-party asset sources. | Basic Edition and Enterprise Edition | 2022-04-06 | |
Verification codes of two-factor authentication | New feature | Verification codes can be sent by using DingTalk notifications during two-factor authentication. Chinese or English can be selected as the language to send a verification code. | Basic Edition and Enterprise Edition | |||
User settings for two-factor authentication | New feature | Two-factor authentication can be configured for a single user. | Basic Edition and Enterprise Edition | |||
API operations | New feature | API operations are released to configure AD authentication, two-factor authentication, and shared keys. | Basic Edition and Enterprise Edition | |||
Search conditions for password change tasks | Optimized feature | Host IP addresses and host names can be used to search for password change tasks. | Enterprise Edition | N/A | ||
Text messages for two-factor authentication | New feature | The mobile phone numbers in Poland (+48) and Spain (+34) are supported by the two-factor authentication feature. | Basic Edition and Enterprise Edition | Which countries and regions support the SMS-based two-factor authentication feature of Bastionhost? | ||
Regular updates of the configurations and status of AD-authenticated and LDAP-authenticated users | Iterated feature | The configurations and status of AD-authenticated and LDAP-authenticated users can be regularly updated. | Basic Edition and Enterprise Edition |
Release notes for 2021
Version | Feature | Type | Description | Involved edition | Release date | References |
V3.2.22 | Authorization rules | New feature | Authorization rules can be created. You can create authorization rules to authorize multiple users to manage assets. You can also specify a validity period for an authorization rule. | Basic Edition and Enterprise Edition | 2021-11-22 | Create an authorization rule and Manage an authorization rule |
Import and export of bastion host configurations | New feature | The import and export of bastion host configurations are supported. You can export the configurations of a bastion host and import the exported configurations for use on other bastion hosts. | Basic Edition and Enterprise Edition | |||
Proxy mode of the network domain feature | New feature | The proxy mode of the network domain feature is supported by Bastionhost Enterprise Edition. This allows you to configure a secondary proxy server in a network domain. If an error occurs on the primary proxy server, the secondary proxy server is automatically connected to your bastion host. | Enterprise Edition | |||
Network domains | New feature | Internal messages are supported to notify you of network domain errors. | Enterprise Edition | |||
Personalized desktops | New feature | Personalized desktops can be enabled when you configure O&M settings. Users can use Windows personalized desktops. | Basic Edition and Enterprise Edition | |||
Password reset upon next logon | New feature | When you create a local user, you are allowed to specify whether the user must reset the password upon the next logon. | Basic Edition and Enterprise Edition | |||
V3.2.20 | Asset access by using proxies | New feature | Proxies can be used to access assets. SSH, SOCKS5, and HTTP proxies are supported. | Enterprise Edition | 2021-07-22 | |
Global configuration item for host fingerprint verification | New feature | A global configuration item is added to verify host fingerprints. | Basic Edition and Enterprise Edition | |||
Access control on logon accounts | Optimized feature | Access control on logon accounts is optimized. A switch is added to control whether empty accounts are visible. | Basic Edition and Enterprise Edition | |||
Backup and export of O&M logs | New feature | O&M logs can be backed up and exported. | Basic Edition and Enterprise Edition | |||
Internal messages | New feature | Internal messages are supported in the following scenarios:
| Basic Edition and Enterprise Edition | |||
Text messages for two-factor authentication | New feature | The mobile phone numbers in France (+33), Israel (+972), and Italy (+39) are supported by the two-factor authentication feature. | Basic Edition and Enterprise Edition | Which countries and regions support the SMS-based two-factor authentication feature of Bastionhost? | ||
V3.2.18 | Export of the host list | New feature | The host list can be exported. | Basic Edition and Enterprise Edition | 2021-04-21 | |
Key management | New feature | The key management feature is released. This feature allows you to bind a key to multiple host accounts at a time. | Basic Edition and Enterprise Edition | |||
Marking of users | Optimized feature | Users can be marked as inactive based on the time range you specify. | Basic Edition and Enterprise Edition | N/A | ||
Import of AD-authenticated or LDAP-authenticated users | Optimized feature | Keywords of usernames can be used to search for the AD-authenticated or LDAP-authenticated users that you want to import. | Basic Edition and Enterprise Edition | |||
Control policies | New feature | The access control feature is updated. You can specify time ranges to allow user access to a host. | Basic Edition and Enterprise Edition | |||
Two-factor authentication | New feature | Emails can be used to receive verification codes during two-factor authentication. You can specify the number of days a user can skip the two-factor authentication after the user enters the correct verification code. | Basic Edition and Enterprise Edition | |||
Password validity period for local users | New feature | The password validity period of a local user can be configured. | Basic Edition and Enterprise Edition | |||
V3.2.17 | Automatic password change | New feature | A task can be created to change the passwords of different Linux host accounts at a time. | Enterprise Edition | 2021-03-15 | |
Clearance of the fingerprints on multiple hosts at a time | New feature | Fingerprints on multiple hosts can be cleared at a time. | Basic Edition and Enterprise Edition | |||
Searching for hosts, host groups, users, and user groups | Optimized feature |
| Basic Edition and Enterprise Edition | N/A | ||
Text messages for two-factor authentication | New feature | The mobile phone numbers in the Republic of Korea (+82), the Philippines (+63), Taiwan (China) (+886), Switzerland (+41), and Sweden (+46) are supported by the two-factor authentication feature. | Basic Edition and Enterprise Edition | Which countries and regions support the SMS-based two-factor authentication feature of Bastionhost? | ||
User logon prohibition | Iterated feature | The session interruption feature is released to prohibit users from accessing hosts. | Basic Edition and Enterprise Edition | |||
Adding users | New feature | A user validity period can be configured when you create a local user or import an AD-authenticated or LDAP-authenticated user. | Basic Edition and Enterprise Edition | |||
O&M reports | New feature | The O&M report feature is released. This feature allows you to export reports to Word, PDF, or HTML files. | Basic Edition and Enterprise Edition | View the O&M information on the O&M Reports page and export an O&M report | ||
Extended storage plans for audit videos | Iterated feature | Extended storage plans can be purchased to store audit videos. | Basic Edition and Enterprise Edition | |||
Host O&M by using a web terminal | New feature | O&M operations can be performed on hosts in the console of a bastion host by using a web terminal. | Enterprise Edition | |||
Idle duration for O&M and total O&M duration | Iterated feature | Idle duration for O&M and total O&M duration can be configured. | Basic Edition and Enterprise Edition | |||
API operations | New feature | API operations are released to manage users, user groups, hosts, host groups, host accounts, and host authorization. | Basic Edition and Enterprise Edition | Hosts (available only for bastion hosts that run V3.2.17 and later versions) |
Release notes for 2020
Version | Feature | Type | Description | Involved edition | Release date | References |
V3.2.13 | Release of Bastionhost Enterprise Edition | New feature | Bastionhost Enterprise Edition is released. | Basic Edition and Enterprise Edition | 2020-11-16 | |
Wizard | New feature | A wizard is provided to walk you through how to use Bastionhost. To use the wizard, you can click Wizard in the upper-right corner in the console of a bastion host. | Basic Edition and Enterprise Edition | N/A | ||
Marking of released ECS instances | Optimized feature | Released ECS instances can be marked. | Basic Edition and Enterprise Edition | N/A | ||
User settings | New feature | User groups can be selected when you create a user. | Basic Edition and Enterprise Edition | |||
Text messages for two-factor authentication | New feature | The mobile phone numbers in Germany (+49), Australia (+61), the United States (+1), Dubai (+971), Japan (+81), the United Kingdom (+44), India (+91), and Macao (China) (+853) are supported by the two-factor authentication feature. | Basic Edition and Enterprise Edition | Which countries and regions support the SMS-based two-factor authentication feature of Bastionhost? | ||
Network diagnostics | New feature | The network diagnostics feature is released. | Basic Edition and Enterprise Edition |