Release 617 (2022-11-08)

New Features

Monitoring Settings: New Advanced Monitoring Features

Several new options were added to the Monitoring Settings > Advanced screen, under the RDP and clip sharing section:


These options will let you enable/disable activities such as the sharing of printers over RDP, use of portable (USB) devices, taking screen snapshots, etc. You can also disable clipboard copy/paste operations for select apps.

Employees Report: New Report Columns

Two new columns, First online time and First online from were added to the Employees report:


These columns, together with the Last login time and Last login from columns will help you better track employee sessions, especially when your employees work on multiple locations or computers.

System: Ability to Cancel the Video/Report Export Operation

A Cancel (X) button is added to the System > Video Export and System > Report Export screens that will let you cancel an ongoing export operation. The Status column of the reports will show "Cancelled" for such items:

The cancelled export events are also captured on the System > System Log report:


System Log: New Audit Records from the Session Player

Events from the Session Player (Video Player) such as when you view the live screen of a user's desktop, start/finish a remote control session, freeze/unfreeze user input, etc. are now captured on the System > System Log report:


Integrations: New Splunk Integration Option

You can now set up a Splunk integration using the CIM (Common Information Model):


The CIM helps you to normalize your data to match a common standard, using the same field names and event tags for equivalent events from different sources or vendors.

The process is similar to our standard Splunk integration but uses the CIM schema instead giving you yet more options to smoothly integrate with the SIEM.

Settings: New Server Update Mechanism (On-Premise)

When you update an on-premise server, you will now be able to see a progress bar of the update process:


Additionally, the update will continue to progress (unless cancelled by you) even when you switch pages.


BI Reports: Save Column Orders

On custom BI reports, column orders on a Grid widget will also be saved when you save the report.

Behavior Rules: Updated Block Action on Content Sharing Rules

Currently there is a Message field on the Content Sharing rule's Block action. But the message isn't displayed to the user (by design). 


For now, we have removed the Message field.

Accessibility: APG/WPI Compliant Alert Messages

UI alert messages are now announced as a ”live region” as per the APG/WPI guidelines:


This will create a more accessible web experiences for users of assistive technologies.

Monitoring Settings: Ability to Add Multiple Values

You can now add multiple values separated by a semicolon (;) in the various input fields of the Monitoring Settings:


When you enter/paste such values, Teramind will automatically convert the text into multiple items.

Settings: New Tooltip Added to the Security Tab 

A new tooltip was added to the ALLOW DATA & VIDEO EXPORT EMAILS TO THIS DOMAIN field under the Outgoing exported data section of the Settings > Security tab. The tooltip explains what input is accepted and how it should be used.


Bug Fixes

Security: Vulnerability in Access Control  

Access controls help enforce users' access and how they interact with applications and APIs through authorization. In this scenario, a user who has read privileges can create dashboards in an unauthorized way using cookies from an authorized user.

The security flaw is fixed now so that an unauthorized user can no longer create a dashboard.

Security: iFrame Injection in the Alert Template 

Teramind allows you to create a custom HTML template for use with rule alert message (from the Settings > Alerts screen). However, due to how the feature was implemented, it could allow an attacker to inject malicious codes (e.g., an iFrame) compromising the site's integrity. 

The security flaw is fixed now so that such codes can no longer be injected.

Security: Failure to Invalidate a Session on Password Change

A vulnerability existed that prevented the system from properly invalidating a user session when they changed their password. This would make the system susceptible to account takeover by an attacker who has gained a foothold in a legitimate user's account.

The security flaw is fixed now so that a session is expired as soon as the user changes their password.

Security: Brute Forcing the Recent Password

Teramind had implemented rate limit for all most of the apps but one of the endpoint form didn't have this limit set. This could allow an attacker to brute force account login using a list of password.

The security flaw is fixed now.

Security: Bypassing the Basic Login

On Teramind, an admin can customize authentication , and force employee and other user to login via SINGLE-SIGN-ON AUTHENTICATION and disable Basic method. However, an attacker could use an API endpoint and login via an email and password bypassing the SSO.

The flaw is fixed now.

Security: Information Disclosure via API Endpoint

The way the API error messages worked, an attacker could use it to get information about detailed internal error messages, such as error codes, stack traces and database dumps and other implementation information. The information combined with other attack vectors could increase the severity and impact of malicious attacks on the application.

This potential vulnerability is fixed now.

Time Tracking/Productivity: Time Logged on the Web Time Tracker isn't Shown on the Employee's Dashboard

Due to a bug, when using web-based time tracker, the time is not counted on user's own dashboard. However, the an administrator can still see the time logged on the admin dashboard:

The bug is fixed now so that the employee dashboard shows the proper time.

Time Tracking > Time Card: Date Difference Between the Online Report and Exported Document

Due to a time zone related bug, you might see a difference between the Time Tracking > Time Card one report and the exported document: 


The bug is fixed now.

Dashboard: Incorrect Data on the State of Employees Widget

A bug was causing the State of Employees widget to incorrectly report some employees as late, even though the employees were online:


The bug is fixed now.

Dashboard: Live Montage Not Loading on Some Browsers (Cloud)

On the Cloud deployments, Live Montage widget wasn't loading for some browsers. The bug is fixed now.

Dashboard: Icon Issues

Due to a bug you might have noticed some icon issues and 404 (Not Found) errors on the browser's console: 


The bug is fixed now.

Session Player: Throws Error When Moving the Timeline Position

The Session Player throws up an error (visible on the browser's console) when a user tries to move the timeline position backwards:

The bug is fixed now.

Behavior Rules: Some File Path Conditions Not Working Properly

You might have noticed that some of the File Path conditions (e.g., file extension does not equal) on the Activity Rule >Files weren't working properly. For example:

On the above example, the File extension does not contain condition is used but when you try to view/edit the rule, it shows the File Operation as empty.

This bug is fixed now.

Behavior Rules: Invalid Values in Record Video Rule Action

A bug would allow you to save fraction values (e.g., 1.5) in the MINUTES BEFORE VIOLATION field of the Record Video rule action even though the field is supposed to take only whole/integer numbers:

This bug is fixed now.

Behavior Rules: Error when Importing Policies

You might receive a HTTP 500 error (Internal Server Error) when trying to import a policy:

This bug is fixed now.

Employees Report: Default Task Not Updated on Bulk Edit

Changing the Default Task on the Employees > Bulk Edit screen doesn't save the changes:

The bug is fixed now so that default task on the employee's profile is updated properly.

Employees Report/Portal Login: Error Logging In with Emails Containing Special Characters

Some users might have noticed that if their email address contained any special characters such as a + (plus) symbol, they were unable to login even through the email was accepted on the Employee's > Profile screen: 

The bug is fixed now.

Employees Report: Error when Bulk Editing Employee Profiles

You might have seen an error, "There was an error while fetching data. Please try again later." when trying to edit multiple employees (Bulk Edit) from the Employees screen:

The bug is fixed now.

Employees Report: Error when Editing an Employee's Profile

Sometimes you might get a 403 (Forbidden) error on your browser's console when trying to edit a regular employee's profile:

The bug is fixed now.

Computers: Missing Icons

You might have noticed that the Process / URL and App / Webpage icons on the Computer page were missing sometime:


The bug is fixed now.

Computers: Domain Computers/Controllers Error During Remote Agent Installation

When remotely installing the Agent from the Computers screen, the installation might have failed if you chose a domain group such as  Domain Computers or Domain Controllers (other the All in domain option - which seems to work fine):


The bug is fixed now.

Configure > Schedule: Missing Days on Position when Using a Template

When you create a Template from the Configure > Schedule screen, and then apply it to a Position, you might notice days missing:


The bug is fixed now.

Configure > Departments: Changing Department Manager Doesn't Take Effect

Due to a bug, if you changed the Department Manager from the Configure > Department > Edit screen, the dashboard wouldn't save the change:


The bug is fixed now.

System > Video/Report Export: Fails Sometimes

A bug caused the System > Video Export and System > Report Export to fail sometimes:


The bug is fixed now.

System > Video/Report Export: Delete Report Doesn't Work

A bug caused the Delete function on the System > Video Export and System > Report Export to not work:


The bug is fixed now.

System > System Log: Missing Action Column for Cancelled Exports

A bug prevented the System > System Log from showing the Action for a cancelled report/video export:


The bug is fixed now.

System > System Log: Null Records

We fixed a bug { null} in the Player View record on the System > System Log report.

Settings > About: Server Update Causing Page Reloads (On-Premise)

You might have noticed that, after updating the server from the Settings > About screen, sometimes the dashboard keeps reloading the page every few seconds.

This bug is fixed now.

Settings > OCR: Incorrect Alerts About OCR Mining Delay (On-Premise)

Due to a bug, the OCR engine was sending out Mining Delay notification emails even if there wasn't any real delay:


The bug is fixed now so that you will only receive such notifications when Setting > OCR > SESSION MINING DELAY actually crosses the MINING DELAY THRESHOLD, HOURS value.

Client: Live Proxy Service Hangs Up (Cloud)

Improper socket close/open events follow up was causing issues with leaked connections causing the Live Proxy service to hang up on Cloud deployments. 

The issue is fixed now.

Client: Live Proxy Throws Out Random Errors

You might have encountered random errors such as MaxListenersExceededWarning: Possible EventEmitter memory leak detected with the live proxy.

The bug causing the errors is fixed now.

Teramind API: HTTP 400 Error when Using PATCH/PUT

PATCH/PUT of /tm-api/agent/:id might throw a HTTP 400 with error: EMPLOYEES.NEED_CONFIRMATION_WITH_PASSWORD.

This bug is fixed now.

General UI: Incorrect Labels/Text Translation

You might have seen garbled text or incorrect translations for some of the UI labels:


These are all fixed now.



Was this article helpful?
1 out of 1 found this helpful