Version v7.9.12

With KeePass Client v7.9.10

Release Date

Oct 16th, 2018

These Release Notes detail the differences between this release and the previous Stable version. Click here to skip to the differences between this release and the previous.


Download Here

Upgrade Instructions

Please Note

  • As of Version 7.9.0, HTTP SSO will become a legacy module, only available to service plans purchased prior to this release. Other SSO modules will still be available.

New Feature: Archive

  • Available in Enterprise+
  • Enabled in Settings > Advanced Folders
  • Once enabled, Administrators can use the "Archive" and "Permanently Delete" access permissions to limit which users can actually delete items from the system.
    • Folder and entries that are not permanently deleted will end up in the Archive Folder where they can be reviewed, retained, deleted permanently or restored to the tree.
  • See Archive Folder documentation for details

New Feature: Client IP Filtering

  • Available in Enterprise+
  • Enabled in Users and Roles > Manage > Policies > Policy Create/Edit > IP Filter Policy
  • Can be used to create blacklists or whitelists to control from where users can access the Password Server
    • Based on IP Address of an incoming Sign In request, the Server can Deny or Allow the user, or even let them bypass Two-Factor Requirements to keep internal access quick while still enforcing extra requirements on external access.
  • See our documentation for more information.

New Feature: AD/LDAP Entry Import

  • Available in Enterprise+
  • Password Auto Changer has undergone a major revision.
    • Credential Hosts have been renamed to External Entry Hosts and are now all managed from a central location in Advanced > Entries > External Entry Hosts
    • If you already have configured an Active Directory connection for importing Users, you can reuse this configuration by creating a User Directory Host.
    • Last and Next Sync times are now visible in the Entry Details dialog
  • Entry information can now be imported from AD, LDAP and User Directory External Entry Host types.
    • Folder Actions > Import Entry
    • Requires Modify PasswordAutoChange Settings access on the Folder and an External Entry Host that has been configured with Admin Credentials.
  • See our documentation for more information.

New Feature: Security Zones and Elevation

  • Available in Enterprise+
  • Allows authorized users ability to elevate to a increased level of access when required, while using normal daily user/role permission for day-to-day tasks.
  • Create Zones to manage access to privileged Folder/Entry or Admin Settings.
    • Zones are managed from Users and Roles > Manage > Zones
  • Authorized users can re-authenticate to Elevate their session and temporarily acquire access to the folders, entries and admin pages included in a Zone.
    • The Elevation page can be found at Hello, [UserName] > Elevate Session
  • See our documentation for more information.

New Feature: Request and Approval

  • Available in Enterprise+
  • Allows authorized users to request specific access to Folders/Entries, and for designated approvers to be notified, view, and Approve/Deny the request.
  • The Access Approvals permission designates which users will be trusted as Approvers.
    • Access Approvals is a Role permission and can be set from Users and Role > Manage > Roles
  • Users with Grant Access on folders and entries can delegate approving Requests to Users and/or Roles with the Access Approval permission as Approvers. A Granter can make themselves an Approver.
    • Approvers are managed from Folder or Entry Actions > User Access > Access Approvals tab
    • Granters can only allow approvals for Access Levels that they can grant.
    • Approvers will be able to approve Requests for the assigned Access Level plus any levels that the assigned level can grant.
  • Users with Request Access on folders and entries will be able to request an Access Level, provided there is a someone who can Approve it.
  • Users with the Access Approvals permission can see the Access Approval and will receive messages via the Web Client and Email (if configured) when there is a new Request.
  • See our documentation for more information


New Feature: SAML Single Sign On Service

  • Available in Enterprise+SSO
  • Password Server can be configured to accept Authentication from other trusted Identity Providers, via the SAML protocol
    • SAML and SAML Partner Configuration is managed via Users and Roles > Manage External Authentication > Authentication Services
  • See our documentation for more information

API Update

  •  API v5 is included in this release.  New Features include:
    • Separate endpoints for entry Attachments
    • New endpoint for UserFavourites
    • Entry and Folder PATCH requests.
  • All API v4 endpoints will remain available, but will not receive further updates.
  • See our documentation for more information.

KeePass Client Update

  • The KeePass for Pleasant Client has been updated and is now based on KeePass 2.39.1


  • Improved support for IIS hosting of Pleasant Password Server. See our guide for further information on migrating your installation.
    • To make it easier to migrate from IIS Express to IIS, we have moved the location of the Licensing Files to C:\ProgramData\Pleasant Solutions\Password Server
  • The Administer Users permission has been broken up into many individual permissions for more granular control of user management.
    • The Administer Permissions permission is considered a root permission: the system requires at least one user with this permission, preferably a local user (ie. not imported from a Directory). This permission gives access to system permissions.
  • Role permissions have been categorized, and now align better with features in the web application pages.  This update converts the old permission structure to the equivalent new permission structure.
  • Some Navigation Bar items have been moved:
    • Database Backup and Restore have been moved from Advanced to Settings
    • Report Scheduling has been moved from Advanced > Email to Reports > Scheduling
    • Advanced Folders has been moved from Settings to Advanced > Folders, and renamed to System Folders
    • Private Folders has been moved from Users and Roles to Advanced > Folders
    • Enrollment Report has been renamed to Enrollment Status
  • Bulk User and Role management is now available for Enterprise+ installations.
  • Challenge Configurations now have the option to allow users to reset their login password to unlock their account after multiple failed login attempts.
  • Administrators can now configure an alternative URL to be used when generating and displaying links to the Password Server.
  • Administrators can now test their connection from the Directory Configuration page.
  • AD/LDAP user role syncing when updating users or roles from the Directory.
  • Automatic Directory Syncs and Health Checks can now be scheduled from the Action menus on the Manage Directories page.
  • Directory User Status will now by synced from their Directory during sign in and manual sync.
    • Directory Users that have been Disabled in AD will now be marked as Disabled in Password Server.
    • Directory Users that cannot be found during a sync will now be automatically marked as Disconnected and can be reconnected to the Directory account from the Action menus on the Manage Users page.
  • More comprehensive Event Logging.
  • Added Custom Quick Filters with some preset standards, to the Logged Events page.
  • RADIUS Two Factor Authentication can now be configured to send an initial request.
  • Added UI to select Client Certificates for authentication in KeePass under Advanced Options.
  • A custom password can now be set when exporting a .kdbx file from the KeePass for Pleasant Client
  • Auto-Import from User Directory now works with KeePass for Pleasant and Password Server Mobile app logins.
    • First login must include the Directory alias configured in Password Server (eg. MyUser@MyDirectoryAlias)
  • Improved security of system SMTP account credentials and Database Backup encryption keys.
  • A default Password Profile can now be set from Advanced > Entries > Password Profiles.  When a new credential is created in the Web Client, it will have a password generated from the Default Profile.
  • Various UI tweaks, fixes and improvements including:
    • Improved performance:
      • When following links to folders and entries in the Web Client
      • Enrollment Status page load speed has been improved.
      • Improved performance of the Logged Events page 
      • Improved the performance of the Private Folders page and added a button to Create a private folder for all users who do not currently have one.
    • The ability to toggle the visibility of potentially sensitive fields (ie. Answers to Reset Questions, Two Factor tokens/passwords)
    • Rearranging the interface for adding User Access to folders & entries
    • Improvements to error reporting
    • User Access Window now allows column resizing

Bug Fixes

  • Fixed an issue where attempting to delete a folder would fail if a comment was required for the user to delete an entry inside it.
  • Fixed an issue where an entry that was edited with the Mobile or KeePass Client would lose the value of the Distinguished Name field.
  • Fixed an issue that could prevent saving changes to the Database Backup configuration.
  • Fixed an issue where duplicate Entries would appear in KeePass Offline mode.
  • Users with a policy that prevents them from modifying their Display Name, Email and Phone Number can now Edit their Account settings to change their Language and Starting Folder

Between 7.9.10 and 7.9.12

  • Fixed an issue that could prevent upgrading from version previous to 7.9.0.
  • Fixed an issue with scheduled report error reporting.
  • Fixed an issue where actions taken by an auto-imported directory user during their first session would be logged as "anonymous". This older terminology has been replaced by "unknown user" in all other appropriate use cases.
  • Fixed an issue with custom Audit Quick Logging filters for qualified directory user names.

Known Issues

  • none

Compatibility Notes

  • none