Delinea Web Password Filler version history - 25 versions
Delinea Web Password Filler by Delinea
Be careful with old versions! These versions are displayed for testing and reference purposes.You should always use the latest version of an add-on.
Latest version
Version 3.9.6
Released Aug 26, 2024 - 794.28 KBWorks with firefox 58.0 and laterEnhancements
* Allow login pages using a search field as the username to be identified and autofilled if the field is manually mapped.
* Updated session expiration messages to include the site of the tabs that are being closed.
Bug Fixes
* Fixed an issue autofilling FortiMail login.
* Fixed an issue where recorded sessions from secrets requiring checkout would be terminated before the checkout expired. This occurred when the secret also required MFA and the MFA passthrough time was less than the checkout time.
* Fixed an issue where WPF could log out prematurely when sharing a login session with a web login in a browser tab.
* Changed WPF login for Platform so that WPF will not log out if a Platform session in a browser tab times out due to inactivity in the tab. This also means that Platform will not automatically be logged in if opened in the browser while WPF is logged in.
* Fixed an issue detecting the username field on some Cisco login pages.
* Fixed an issue with Platform logins that use Microsoft SSO when Native Messaging Host is installed.Source code released under All Rights Reserved
Download Firefox and get the extensionYou'll need Firefox to use this extensionOlder versions
Version 3.9.5
Released Jun 26, 2024 - 763.15 KBWorks with firefox 42.0 and laterChanges and Improvements
* Removed unnecessary extra calls to search-by-url that are affecting performance for some users.
* Updated to handle new 401 status code results sent by Secret Server API calls as invalid token in addition to 403 status codes returned by previous versions of Secret Server.Source code released under All Rights Reserved
Version 3.9.4
Released Jun 10, 2024 - 762.39 KBWorks with firefox 42.0 and laterIMPROVEMENTS
* Due to new security restrictions in the latest versions of Safari, the browser can no longer differentiate between different types of connection errors. As a result, Web Password Filler now displays a more general error message: 'Unable to reach server. Verify that the server URL is correct, and that the server has a valid
certificate.' This message appears for both certificate and network issues.
* The caching of autofill matches have been removed. Web Password Filler now calls Secret Server every time it finds a login page. This change prevents issues where the system did not present new secrets to users for
autofill.
BUG FIXES
* A bug in the caching logic caused some secrets to not show up in the autofill match list.
* The refresh icon appeared in the popup if the user did not have the 'Add Secret' permission and no secrets were
present for that site.
* Web Password Filler would sometimes display the 'Add Secret' dialog in the wrong browser window when
adding a secret.
* When working in Mimecast, the Web Password Filler icon was displayed for some email fields, even though
those fields were not valid for autofill.
* https://sso.cloud.com would not autofill in Web Password Filler.
* Fixed an issue that caused visual corruption in some recorded sessions.
* When using the Web Password Filler popup window to generate a password, the generated password
contained duplicate letters. The passwords generated did not follow the Secret Server password policy.
* The system sometimes displayed 404 errors to the user when making background network calls to check the
validity of login URLs.
* Updated the autofill field detection logic to handle login forms in Italian.
*Web Password Filler did not close launched Chrome sessions upon secret check in or when the secret timeout
limit was reached.
* Web Password Filler reloaded the username page after the user submitted the username on some sites.
* An OTP API call occurred every 30 seconds, even if the user did not have the secret information page open.Source code released under All Rights Reserved
Version 3.9.3
Released May 6, 2024 - 761.27 KBWorks with firefox 42.0 and laterBug Fixes
* Fixed an issue where launching a recorded secret with a list of URLs to a redirected URL was not autofilling properly.
* Fixed an issue with the copy password functionality in the new autofill menu, allowing users to successfully copy passwords from it.
* Updated the OTP field detection logic to prevent a case where a password field was misinterpreted as an OTP field.Source code released under All Rights Reserved
Version 3.9.1
Released May 6, 2024 - 761.26 KBWorks with firefox 42.0 and laterThis is a bugfix for the 3.9.0 release. For a full list of changes between 3.8.0 and 3.9.0, see https://docs.delinea.com/online-help/web-password-filler/release-notes/3.9.0.htm
Bugfixes to 3.9.0 in this release:
* Fixed an issue where launching a recorded secret with a list of URLs to a redirected URL was not autofilling properly.
* Fixed an issue with the copy password functionality in the new autofill menu, allowing users to successfully copy passwords from it.
* Updated the OTP field detection logic to prevent a case where a password field was misinterpreted as an OTP field.Source code released under All Rights Reserved
Version 3.8
Released Jan 31, 2024 - 745.49 KBWorks with firefox 42.0 and laterImprovements
* When Web Password Filler is logging out, either by user action, switching Secret Servers on launch, or due to an active browser tab to the same Secret Server or Platform tenant logging out, Web Password Filler will now warn the user if there are active recorded sessions and give them the option to continue without logging out of WPF.
* Web Password Filler now displays the folder name under Secret Details instead of the folder ID. When a user hovers the mouse over folders, the folder path is revealed as a tooltip. Shared secrets with restricted access will show the folder name as 'Restricted Folder'. Root folders will display the folder name as 'None', and when hovering the mouse over a root folder, it will display as 'No Folder'.
Bug Fixes
* Web Password Filler would continuously open new tabs if users turned off the 'Secret Server Login New Window' setting through the Native Messaging Host.
* When users selected the '+' button on the Web Password Filler pop-up to add a secret, it would close the pop-up and not display the 'Add Secret' dialog.
* The Web Password Filler pop-up displayed an invalid logo when saving updated user inputs for username or password.
* Corrected an issue where the Web Password Filler required the 'Session Recording Limit' and 'Input Threshold' drop-down values to be the same number.
* Previously, when Web Password Filler encountered an error logging in it displayed a continually connecting window. In this release, Web Password Filler shows a connecting window with an error message.
* Web Password Filler sometimes automatically logged in when a user logged into Secret Server or Platform in the browser, even though the current URL in Web Password Filler did not match.
* Previously, if the platform user had clicked the 'Cancel' button during a challenge, logged out, then attempted to log in again while the Web Password Filler pop-up was open, the user encountered a challenge pop-up instead of logging in.
* When using Safari 17 the Web Password Filler pop-up would close once the MFA challenge was completed.
* When Safari 17.1 was used, it displayed font weights incorrectly for field labels.
* In Safari 17.1, it did not show a warning when a user launched an incognito tab and the extension was not allowed in private browsing mode.
* In Safari 17.1, certain images in Web Password Filler failed to display.
* Web Password Filler experienced a timing issue with the refresh of Platform tokens, causing it to log out after 1 hour.
Known Issue
* If Web Password Filler is logged into Platform and a browser tab is open to the same Platform tenant that is logged out or times out, Web Password Filler will not be able to refresh its token and will log out. This will be fixed in a future release.Source code released under All Rights Reserved
Version 3.7.1
Released Dec 20, 2023 - 423.24 KBWorks with firefox 42.0 and laterBug Fixes
* Fixed an issue when logged into Platform where the user would get logged out before their session expired.
* Fixed an issue so that users can now launch a secret sucessfully if Native Messaging Host is configured using a url without any protocol.Source code released under All Rights Reserved
Version 3.7
Released Nov 7, 2023 - 423.39 KBWorks with firefox 42.0 and laterFeatures
Users will now see a list of Recent web secrets that is consistent with the Recent secrets list they see in their Secret Server web portal view.
Users will now see a list of Favorite web secrets that is consistent with the Favorite secrets list they see in their Secret Server web portal view.
Users can search for any of their web secrets from the Recent list in the Web Password Filler using any searchable field.
Improvements
Web Password Filler now displays a message when launched from a different Secret Server vault than what is configured for that Web Password Filler by the Native Messaging Host
Bug Fixes
Fixed an issue where the Save button was getting enabled after filling in mandatory fields in the Add Secret window.
Fixed an issue where Web Password Filler displayed an "Platform Identity Authentication has failed" error message when logged into the Delinea Platform.
Fixed an issue with slow page performance when Web Password Filler is enabled.
Fixed an issue where Web Password Filler was accepting a "0" value in numerical dropdown fields.
Fixed an issue where Web Password Filler was displaying improper styling on certain sites.
Fixed an issue where keyboard shortcuts were note working correctly.
Fixed an issue where Web Password Filler failed to launch a secret for users who did not have the Add Secret permissions.
Fixed an issue where users were unable to click the Login button.
Fixed an issue where Web Password Filler was not auto-filling BitBucket login pages and for a few other sites.
Fixed an issue where the Add Secret button was not disabled on blank pages.
Fixed an issue where Save and Update features were not working on some sites.
Fixed an issue where Web Password Filler displayed an "Invalid URL" error message while refreshing secret.
Fixed an issue where Web Password Filler was adding extra spaces when copying the username to the clipboard.
Fixed an issue where Web Password Filler was not displaying a "Bad Request" message if a user entered an invalid URL.
Fixed an issue where the copy button was causing URL text or usernames to be overridden.Source code released under All Rights Reserved
Version 3.6.1
Released Aug 22, 2023 - 419.74 KBWorks with firefox 42.0 and laterFeatures
* When logged into the Delinea Platform, users can access secrets guarded by an MFA challenge. Upon successful completion of the MFA challenge, users can launch the site, copy the password if permitted, see secret details, and complete other allowed actions.
General Improvements
* Improved session recording stability.
Security Improvements
* Updated third-party libraries to address discovered security vulnerabilities.
Bug Fixes
* Fixed an issue where passwords were not being auto-filled on certain sites.
* Fixed an issue where the Web Password Filler icon was appearing in fields that were not login form fields.
* Fixed an issue where where the _Check in_ functionality was not logging out users from the site when they checked in the secret.
* Fixed an issue where the session recording was not stopping when the user was logged out due to check out expiring.
* Fixed an issue where users were not able to log in to Web Password Filler automatically via SAML.
* Fixed an issue where all URL fields were being autofilled with the site URL value.
* Fixed a display issue with the Web Password Filler's main form that occurred after Chrome upgraded to version 116.
Known Issues
* As a result of fixing the issue with false positive field matches, secrets are not being autofilled on Microsens portals. This will be fixed in the next release.Source code released under All Rights Reserved
Version 3.5.4
Released Jul 24, 2023 - 419.1 KBWorks with firefox 42.0 and laterImprovements
* When users attempt to access a secret that is guarded by MFA, they will see a message that the secret is blocked by an MFA challenge.
* Added a usability improvement to make the drop down URL field less confusing when there is no URL selected.
* Added a toggle to enable/disable cursor tracking on session recording.
Bug Fixes
* Fixed an issue where a Continue button was being displayed in the Comment required popup, instead of Checkout.
* Fixed an issue where the “Add Secret” button was not disabled on a blank page
* Fixed an issue where Web Password Filler was not launching a secret without an http protocol.Source code released under All Rights Reserved
Version 3.5.3
Released Jun 16, 2023 - 572.33 KBWorks with firefox 42.0 and laterFeatures
* Users can login to their Delinea Platform tenant URLs with Web Password Filler. Web Password Filler will connect seamlessly to their Platform tenant vault and users will be able to use web-based secrets in the vault in the same way as they do today with a direct Secret Server vault integration.
Bug Fixes
* Fixed an issue where the self-signed certificate message was being displayed on various sites with valid certificates.Source code released under All Rights Reserved
Version 3.5.1
Released May 11, 2023 - 553.46 KBWorks with firefox 42.0 and laterReverted Platform integration to resolve several bugs when logging into Secret Server.Source code released under All Rights Reserved
Version 3.5
Released May 8, 2023 - 572.68 KBWorks with firefox 42.0 and laterUsers can now login to their Delinea Platform tenant URLs with Web Password Filler. Web Password Filler will connect seamlessly to their Platform tenant vault and users will be able to use web-based secrets in the vault in the same way as they do today with a direct Secret Server vault integration.
Delinea Web Password Filler (WPF) extension for Secret Server has a new modern look and feel and provides secure access to your web based Secrets.
This extension requires use and integration with Secret Server version 10.7.59 and later.
Features include: Secrets Creation (simple and advanced methods), Secrets template selection, complex password generation, Secrets saving in Secret Server, credential population in user name/password fields.
Users authenticate to Secret Server directly from the web extension. Support for 2FA options such as DUO, single sign-on, SAML and other multi-factor authentication mechanisms is included.
The extension automatically identifies the existence of credential fields and will automatically populate them based on existing Secrets, as well as identifying manual entry of new credentials in a web page, offering to save them as a secret.
Full Release Notes: https://docs.delinea.com/wpf/current/release-notes/3.5.0.mdSource code released under All Rights Reserved
Version 3.4.4
Released Apr 4, 2023 - 553.26 KBWorks with firefox 42.0 and laterWeb Password Filler 3.4.4 is a hotfix that resolves an issue autofilling some sites after upgrading to 3.4.3. It also resolves an autofill issue in incognito mode.
For a complete list of changes, see https://docs.delinea.com/wpf/current/release-notes/3.4.4.mdSource code released under All Rights Reserved
Version 3.4.3
Released Mar 16, 2023 - 553.25 KBWorks with firefox 42.0 and laterFeatures
* If a user enters a Secret Server URL without a protocol, Web Password Filler will set https:// as the default protocol and will allow the user to login as if they entered https:// from the outset.
Security Improvements
* Added security improvements that prevent malicious pages from exploiting Web Password Filler functionality to change the URL of a user’s Secret Server and read user requests to fill out forms.
Bug Fixes
* Fixed an issue where Web Password Filler was cropping the session recording videos
* Fixed an issue where Web Password Filler was not filling out passwords for certain sites
* Fixed and issue where the Add Secret button was enabled for users who did not have permissions to add secretsSource code released under All Rights Reserved
Version 3.4.2
Released Dec 8, 2022 - 548.53 KBWorks with firefox 42.0 and later• Web Password Filler now redirects http Secret Server URLs to https
• Web Password Filler will auto-correct https:/ or https:/// to https://
• Fixed an issue where nothing would happen when the user clicked “+” to add a secret in Chrome on a Mac
• Fixed an issue where Web Password Filler would not auto-populate when using URL lists
• Fixed an issue where users with View Only permissions were unable to use URL lists
• Fixed an issue where Web Password Filler was not properly handling special characters when adding a secret
• Fixed an issue where the Copy Generated Password functionality was not working
• Fixed an issue where Web Password Filler was not filling in passwords for some sites
• Fixed an issue where session processing would take too long for sites mentioned in extended mapping
• Fixed an issue where Web Password Filler was overwriting other mapped fields if the input type was “password”Source code released under All Rights Reserved
Version 3.4.1
Released Sep 26, 2022 - 547.77 KBWorks with firefox 42.0 and laterBug Fixes
* Fixed an issue where users were denied access to Viewing Secrets, Adding Secrets and Editing Secrets in Web Password Filler version 3.2
* Fixed an issue where Web Password Filler was prompting users to create a secret when logging into a site that already has a secret
* Fixed an issue where the web launcher was not honoring field mapping for the Username
* Fixed an issue where Web Password Filler was not working properly on the VMWare Horizon login pageSource code released under All Rights Reserved
Version 3.4
Released Aug 15, 2022 - 547.72 KBWorks with firefox 42.0 and later# 3.4.0 Release Notes
_August 18th, 2022_
## Features
* Users can now add comments when checking out secrets that are configured to integrate with ticketing systems. Additionally, this workflow also applies to sites that are restricted to incognito mode access.
## Product Enhancements
* Implemented updates to support autofill with:
* https://auth.ncloud.com
* https://reporting.retire-it.com
* https://sso.redhat.com
## Bug Fixes
* Fixed an issue where Web Password Filler does not fill in the username and password when launching a site from the URL field and Session Recording is enabled on the secret.
* Fixed an issue where Google profiles would get logged out when session recording is enabled.
* Fixed an issue where Web Password Filler would not autofill websites launched from Secret Server when Web Launcher requires Incognito Mode to be enabled.Source code released under All Rights Reserved
Version 3.3
Released Jun 23, 2022 - 544.84 KBWorks with firefox 42.0 and laterFeatures
* Web Password Filler has been updated to reflect Delinea Inc.’s rebranding along with our new company colors and icons.
* Web Password Filler now offers dropdown functionality for selecting domains fields on the configuration page.
* Web Password Filler now offers a dropdown list for logging on to more than one Secret Server.
Bug Fixes
* Fixed an issue where Web Password Filler intermittently shows an error popup after populating secret for https://www.portal.azure.com or https://portal.office.com
* Fixed an issue where an add comments popup appears on the Current Active tab instead of launching the URL in another tab if a Requires Comment-enabled secret launches from the Recent/Favorite tab.
* Fixed an issue where Web Password Filler was not showing a popup message when the connection with Secret Server was lost while session recording was in progress.
* Fixed an issue where the Thycotic icon would appear while creating a new user in Secret Server version 11.1.6.
* Fixed an issue where the Secret list was not appearing and the Web launcher was not working for SSO sites.
* Fixed an issue where an update password popup would appear after a user updates the username of a secret.
* Fixed an issue where the user would need to manually reload Secret Server webpages opened in the browser.
* Fixed an issue where the Customized Web Launcher UI Popup was not displaying properly.
* Fixed an issue where the secret name was overlapping with other secrets in the Recent tab if the name was very long.
* Fixed an issue where the Metadata (xpath) for Web Password Filler was not working.
* Fixed an issue where the Add Secret “+” button was enabled when a user, who does not have permission to add a secret, logged into Web Password Filler.
* Fixed an issue where Web Password Filler was displaying an error popup when updating a password.
* Fixed an issue where Web Password Filler was not refreshing secrets properly.
* Fixed an issue where UI elements on the Configuration page were not properly aligned when Web Password * Filler was displaying an error.
* Fixed an issue where Web Password Filler closed launched tabs when left idle for 5 - 25 minutes and caused Google Chrome to freeze.
* Fixed an issue where Web Password Filler was showing a blank secret information page.Source code released under All Rights Reserved
Version 3.2
Released Feb 9, 2022 - 774.05 KBWorks with firefox 42.0 and laterVersion 3.2.0 includes a UI overhaul of the Add Secret workflow. Users can checkout a secret requiring comment. Added a refresh icon to the main tab to allow users to manually refresh the list of Recent and Favorite secrets. Please see release notes for details.
Release Notes: https://docs.delinea.com/wpf/current/release-notes/3.2.0.mdSource code released under All Rights Reserved
Version 3.1
Released Oct 28, 2021 - 736.66 KBWorks with firefox 42.0 and laterRelease 3.1.0 includes several UI improvements, product performance improvements and bug fixes.
Please see the release notes for additional information.
https://docs.thycotic.com/wpf/3.1.0/release-notes/3.1.0.mdSource code released under All Rights Reserved
Version 2.0.6
Released May 25, 2021 - 664.6 KBWorks with firefox 42.0 and laterIn this release, we have resolved issues reported by customers and made performance improvements to session recording.
Please see the release notes for additional information:
https://docs.thycotic.com/wpf/2.0.0/release-notes/2.0.6.mdSource code released under All Rights Reserved
Version 2.0.5
Released Mar 31, 2021 - 657.89 KBWorks with firefox 42.0 and laterAutomatically Log in to Web Password Filler when you log into Secret Server.
Automatically generate the token instead of having to manually click on the button
Launch a webpage directly from Secret Server by clicking on the URL in the secret
Enhanced filling of credentials in websites including an option to match exactly on the URL in the secret.
Option to stay logged into WPF when the browser is closed and reopened, and many more.
Please see the release notes for additional information:
https://docs.thycotic.com/wpf/2.0.0/release-notes/2.0.5.mdSource code released under All Rights Reserved
Version 2.0.4
Released Dec 15, 2020 - 620 KBWorks with firefox 42.0 and laterAdded Incognito support: Customers can now launch a secret in the browser’s incognito/in private window by enabling “web launcher requires incognito mode” on the secret. The URL will be launched in an incognito/in private window and WPF will fill/auto populate credentials
Please see the release notes for additional information:
https://docs.thycotic.com/wpf/2.0.0/release-notes/2.0.4.mdSource code released under All Rights Reserved
Version 2.0.3
Released Oct 27, 2020 - 614.47 KBWorks with firefox 42.0 and laterFeatures
- Added ability to set an exclusion list for site URLs
-- Sites listed in the exclusion list will not have Secret populated into the Username/Password fields by default. Secrets can still be populated in these fields by clicking the Green check icon to autofill. This should help prevent non username/password fields from having values filled in them automatically even if they are identified as username/password type fields
-- An “Exclusion exception” list also exists so specific pages on the site domain will still auto-populate as normal.
-- This can be set per-user or generally on the machine and WPF reads the information from a local JSON file using the web browser’s native services. This does require an additional .NET 4.5.2 app to help roll out the local JSON file.
-- Note: The user story is, the exclusion list is set to exclude a site at URL <Company1.site1.com> but has an exclusion exception for <Company1.site1.com/login.aspx>. In this case if they navigate to the login page then the secret will auto-populate in the login fields (if they only have 1 secret). After they login if they go to any other page on the site that also has fields which are detected as username/password type fields, the Web Password Filler will not do anything unless directed by the user. This is to prevent the Web Password Filler from auto filling values in fields, when the auto fill action is unwanted.
- Added a new “Site” drop down option to the “Add Secret” dialog in the Web Password Filler, to allow users to select which SS Distributed Engine site a Secret should be saved to (defaults to “Local” value).
- (Security) Added sanitization on SS Secret name on the pop-up display to prevent JavaScript code (using script code in the Secret name) from allowing the website to create an opening using the Secret name for access
Bugs/Defects
- Resolved an issue with a PaloAltoNetwork site that prevented the Password from auto filling after selecting the Secret.
- Resolved an issue with the Cisco APIC console returning a “Token Error” message after the login fields were populated and the user tries to log in
- Resolved an issue for a Wells Fargo site login (https://wellsoffice.ceo.wellsfargo.com) where the “Login” button was still disabled by the site after the login fields were populated with valid values.
- Resolved an issue with the Thycotic Force Customer portal login that prevented the site from reading valid values in the login fields when the “Log in” button is clicked.
- Resolved an issue that displayed a deleted Secret in the Secret list for a site if the user deleted the secret in SS after they logged into the Web Password Filler, but before eth Web Password Filler refreshed it’s list.
- Resolved an issue for DUO login sites that prevented the page URL from being captured in the “URL” field when adding a new Secret on the “Add Account to Secret Server” dialog.
- Resolved an issue that prevented users from logging into the Web Password Filler if they had multiple Identity Providers configured and the SS URL ended with a double slash (for example, https://Domain.Company/SecretServer//”)
- Resolved issue for site that prevented the username or password for an existing Secret from being updated:
-- https://adobeid-na1.services.adobe.com, https://secureb.eyefinity.com, https://admin.zscaler.net, https://app.zipbooks.com, https://mibank.com, https://www.economist.com, https://www.internic.ca, https://www.svbconnect.com, https://id.getharvest.com, https://login.bnymellonwealth.com, https://www.sumopaint.com
- Resolved an issue that returned the message “Enter a value in the User Name field” even when a value was entered by the Web Password Filler on https://thycotic.force.com/support/s/loginSource code released under All Rights Reserved