Several new options were added to the Monitoring Settings > Advanced screen, under the RDP and clip sharing section:

These options will let you enable/disable activities such as the sharing of printers over RDP, use of portable (USB) devices, taking screen snapshots, etc. You can also disable clipboard copy/paste operations for select apps.

Two new columns, First online time and First online from were added to the Employees report:

These columns, together with the Last login time and Last login from columns will help you better track employee sessions, especially when your employees work on multiple locations or computers.

A Cancel (X) button is added to the System > Video Export and System > Report Export screens that will let you cancel an ongoing export operation. The Status column of the reports will show "Cancelled" for such items:
​

The cancelled export events are also captured on the System > System Log report:

Events from the Session Player (Video Player) such as when you view the live screen of a user's desktop, start/finish a remote control session, freeze/unfreeze user input, etc. are now captured on the System > System Log report:

You can now set up a Splunk integration using the CIM (Common Information Model):

The CIM helps you to normalize your data to match a common standard, using the same field names and event tags for equivalent events from different sources or vendors.

The process is similar to our standard Splunk integration but uses the CIM schema instead giving you yet more options to smoothly integrate with the SIEM.

When you update an on-premise server, you will now be able to see a progress bar of the update process:

Additionally, the update will continue to progress (unless cancelled by you) even when you switch pages.

On custom BI reports, column orders on a Grid widget will also be saved when you save the report.

Currently there is a Message field on the Content Sharing rule's Block action. But the message isn't displayed to the user (by design).

For now, we have removed the Message field.

UI alert messages are now announced as a ”live region” as per the APG/WPI guidelines:

This will create a more accessible web experiences for users of assistive technologies.

You can now add multiple values separated by a semicolon (;) in the various input fields of the Monitoring Settings:

When you enter/paste such values, Teramind will automatically convert the text into multiple items.

A new tooltip was added to the ALLOW DATA & VIDEO EXPORT EMAILS TO THIS DOMAIN field under the Outgoing exported data section of the Settings > Security tab. The tooltip explains what input is accepted and how it should be used.

Access controls help enforce users' access and how they interact with applications and APIs through authorization. In this scenario, a user who has read privileges can create dashboards in an unauthorized way using cookies from an authorized user.

The security flaw is fixed now so that an unauthorized user can no longer create a dashboard.

Teramind allows you to create a custom HTML template for use with rule alert message (from the Settings > Alerts screen). However, due to how the feature was implemented, it could allow an attacker to inject malicious codes (e.g., an iFrame) compromising the site's integrity.

The security flaw is fixed now so that such codes can no longer be injected.

A vulnerability existed that prevented the system from properly invalidating a user session when they changed their password. This would make the system susceptible to account takeover by an attacker who has gained a foothold in a legitimate user's account.

The security flaw is fixed now so that a session is expired as soon as the user changes their password.

Teramind had implemented rate limit for all most of the apps but one of the endpoint form didn't have this limit set. This could allow an attacker to brute force account login using a list of password.

The security flaw is fixed now.

On Teramind, an admin can customize authentication , and force employee and other user to login via SINGLE-SIGN-ON AUTHENTICATION and disable Basic method. However, an attacker could use an API endpoint and login via an email and password bypassing the SSO.

The flaw is fixed now.

The way the API error messages worked, an attacker could use it to get information about detailed internal error messages, such as error codes, stack traces and database dumps and other implementation information. The information combined with other attack vectors could increase the severity and impact of malicious attacks on the application.

This potential vulnerability is fixed now.

Due to a bug, when using web-based time tracker, the time is not counted on user's own dashboard. However, the an administrator can still see the time logged on the admin dashboard:

The bug is fixed now so that the employee dashboard shows the proper time.

Due to a time zone related bug, you might see a difference between the Time Tracking > Time Card one report and the exported document:

The bug is fixed now.

A bug was causing the State of Employees widget to incorrectly report some employees as late, even though the employees were online:

The bug is fixed now.

On the Cloud deployments, Live Montage widget wasn't loading for some browsers. The bug is fixed now.

Due to a bug you might have noticed some icon issues and 404 (Not Found) errors on the browser's console:

The bug is fixed now.

The Session Player throws up an error (visible on the browser's console) when a user tries to move the timeline position backwards:

The bug is fixed now.

You might have noticed that some of the File Path conditions (e.g., file extension does not equal) on the Activity Rule >Files weren't working properly. For example:

On the above example, the File extension does not contain condition is used but when you try to view/edit the rule, it shows the File Operation as empty.

This bug is fixed now.

A bug would allow you to save fraction values (e.g., 1.5) in the MINUTES BEFORE VIOLATION field of the Record Video rule action even though the field is supposed to take only whole/integer numbers:

This bug is fixed now.

You might receive a HTTP 500 error (Internal Server Error) when trying to import a policy:

This bug is fixed now.

Changing the Default Task on the Employees > Bulk Edit screen doesn't save the changes:

The bug is fixed now so that default task on the employee's profile is updated properly.

Some users might have noticed that if their email address contained any special characters such as a + (plus) symbol, they were unable to login even through the email was accepted on the Employee's > Profile screen:

The bug is fixed now.

You might have seen an error, "There was an error while fetching data. Please try again later." when trying to edit multiple employees (Bulk Edit) from the Employees screen:

The bug is fixed now.

Sometimes you might get a 403 (Forbidden) error on your browser's console when trying to edit a regular employee's profile:

The bug is fixed now.

You might have noticed that the Process / URL and App / Webpage icons on the Computer page were missing sometime:

The bug is fixed now.

When remotely installing the Agent from the Computers screen, the installation might have failed if you chose a domain group such as Domain Computers or Domain Controllers (other the All in domain option - which seems to work fine):

The bug is fixed now.

When you create a Template from the Configure > Schedule screen, and then apply it to a Position, you might notice days missing:

The bug is fixed now.

Due to a bug, if you changed the Department Manager from the Configure > Department > Edit screen, the dashboard wouldn't save the change:

The bug is fixed now.

A bug caused the System > Video Export and System > Report Export to fail sometimes:

The bug is fixed now.

A bug caused the Delete function on the System > Video Export and System > Report Export to not work:

The bug is fixed now.

A bug prevented the System > System Log from showing the Action for a cancelled report/video export:

The bug is fixed now.

We fixed a bug {details.to: null} in the Player View record on the System > System Log report.

You might have noticed that, after updating the server from the Settings > About screen, sometimes the dashboard keeps reloading the page every few seconds.

This bug is fixed now.

Due to a bug, the OCR engine was sending out Mining Delay notification emails even if there wasn't any real delay:

The bug is fixed now so that you will only receive such notifications when Setting > OCR > SESSION MINING DELAY actually crosses the MINING DELAY THRESHOLD, HOURS value.

Improper socket close/open events follow up was causing issues with leaked connections causing the Live Proxy service to hang up on Cloud deployments.

The issue is fixed now.

You might have encountered random errors such as MaxListenersExceededWarning: Possible EventEmitter memory leak detected with the live proxy.

The bug causing the errors is fixed now.

PATCH/PUT of /tm-api/agent/:id might throw a HTTP 400 with error: EMPLOYEES.NEED_CONFIRMATION_WITH_PASSWORD.

This bug is fixed now.

You might have seen garbled text or incorrect translations for some of the UI labels:

These are all fixed now.