Skip to content

Release Notes 4.19.0

Overview

This document outlines the updates, improvements, and fixes introduced between versions 4.18.0 (released on Feb 9, 2026) and 4.19.0 (released on Feb 23, 2026) of the Excalibur v4 software.

New Features

Just-In-Time (JIT) Access for PAM

Just-In-Time (JIT) Access ensures that privileged access is granted only when required, for a defined time window, and with explicit approval from authorized approvers. This significantly reduces standing privileges while strengthening security, accountability, and compliance for sensitive operations.

Supported JIT Statuses

  • Pending – Awaiting approval
  • Approved – Access granted within the defined time window
  • Denied – Request rejected by an approver
  • Closed – Access window has expired
  • Canceled – Request withdrawn by the requester or an authorized user

Key Benefits

  • Enhanced Security – Privileged access requires approval and is strictly time-bound
  • Complete Audit Trail – Every request, decision, and session is fully logged
  • Flexible Approval Models – Support for multiple approvers and configurable approval thresholds
  • Consistent User Experience – Seamlessly integrated across Dashboard and Mobile App
  • Automatic Session Enforcement – Sessions automatically end when the JIT window expires

How It Works (High Level)

  1. A user requests privileged access, specifying a time window and reason
  2. Assigned approvers are notified via mobile, dashboard, and email
  3. Once approved, access is granted only during the approved time window
  4. When the window expires—or access is revoked—all active sessions are terminated automatically

Mobile Experience

  • Unified list for Peer Verification and JIT requests
  • Filters to view JIT only, Peer Verification only, or all requests
  • Visibility into pending, approved, denied, closed, and historical events
  • Approvers can:
  • Approve or deny requests
  • Provide an optional denial reason
  • Revoke previously approved access
  • Requesters can:
  • Track the status of their requests
  • Cancel pending or approved JIT events
  • Preferred approvers see a badge counter highlighting pending requests

image

Figure 1. Token Detail

Dashboard Experience

Dedicated “Just-In-Time Access” Section - New navigation entry for managing JIT access - Pending approval counters for preferred approvers

Rich Notifications - Approvers are notified when new requests require action - Requesters are notified when requests are approved or denied - Notifications available both in-app and via email

Policy-Driven Configuration

JIT Access is configured directly within PAM Security Policies, including: - Enable or disable JIT per policy - Required number of approvals - Approver user groups - Preferred approvers (receive notifications and counters) - Optional email notifications

image

Figure 2. JIT Security Policy Detail

Administrators and auditors can view all JIT events but can only approve requests if explicitly assigned.

PAM Target Integration

  • New JIT Access column in the PAM Targets table
  • Instantly see whether JIT is required and its current status:
  • Pending
  • Approved
  • Denied
  • Closed
  • If access is already approved and active:
  • The indicator turns green
  • Clicking the target automatically starts the session
  • Users can create new JIT requests directly from the target using a calendar-style picker

image

Figure 3. JIT PAM Target Detail

Smart Time-Based Access

  • Visual calendar for selecting access windows
  • Prevention of overlapping JIT requests
  • Mandatory reason for access
  • Token authorization required before submitting each request
  • QR-code approval flow via the mobile app

image

Figure 4. JIT Calendar Detail

Automatic & Manual Session Termination

  • All active sessions end automatically when the JIT window expires
  • Users receive countdown warnings at:
  • 15, 10, 5, and 1 minute before session end
  • If a JIT event is canceled or revoked:
  • All associated sessions are terminated immediately
  • Users are shown a clear termination notification

image

Figure 5. JIT Session Termination Detail

image

Figure 6. JIT Session Ending Detail

Auditing & Actions

  • Authorization actions link directly to JIT details on the PAM target
  • Verification actions link directly to the related JIT event
  • Security policy evaluation results remain unchanged and fully visible

Email Notifications

  • Approvers receive email notifications when approval is required
  • Requesters receive email notifications when access is:
  • Approved
  • Denied (including the denial reason, if provided)

image

Figure 7. JIT Email Detail

Tenant Restore

Tenant Restore has been fully implemented, allowing decommissioned tenants to be safely restored and returned to an operational state. This ensures accidental or temporary tenant decommissions can be reversed with clear user feedback, auditability, and consistent system behavior.

Tenant Restore Availability

  • List actions
  • Decommissioned tenants display a Restore action in the Actions menu

  • Non-decommissioned tenants do not show the Restore option

  • Bulk restore

  • When multiple tenants are selected, Restore (n) is shown only if at least one selected tenant is decommissioned
  • The restore operation:
    • Runs only for eligible (decommissioned) tenants
    • Skips ineligible tenants automatically
    • Displays a message explaining which tenants were skipped and why

Confirmation & Safety Checks

  • Selecting Restore opens a confirmation modal
  • The modal clearly explains that restoring a tenant will:
  • Cancel any scheduled deletion
  • Re-enable the tenant for normal operation
  • Users can choose to Cancel or Restore before proceeding

UI States & Feedback

  • After confirmation:
  • Tenants move to an In Progress state with a spinner indicator
  • Relevant actions are disabled to prevent duplicate restore attempts
  • Successful restore
  • Tenant status transitions to Completed
  • Failed restore
  • Tenant status transitions to Failed
  • Clear failure feedback is displayed in the UI

Audit & Compliance

  • Audit logs are updated to reflect all tenant status changes
  • Restore actions are fully traceable for compliance and operational review

Post-Restore Access

  • Once restored:
  • Users can log in to the tenant
  • All operations available prior to soft deletion are fully restored

Web PAM Session Recording

Web PAM sessions can now be recorded and retained like RDP, SSH, and VNC sessions, providing consistent auditing and security across all privileged access types.

  • Enable or disable recording when creating or editing a Web PAM target
  • Set a retention period or choose permanent storage
  • Recordings are securely stored and accessible alongside other session types

This ensures consistent session auditing and simplifies compliance for all PAM targets.

Performance Improvements

Faster Virtual Browser Sessions

  • Web resources (images, stylesheets, scripts) in virtual browser sessions are now served more efficiently
  • Improves performance and reduces latency for large sessions
  • Enhances overall reliability and responsiveness for end users

Usability Improvements

PAM Targets Table – “Type” Column

  • Added a new Type column; the PAM Target type icon was moved from the Name column
  • Filtering by type is now supported via column-level or global table filters

These changes improve clarity and make it easier to find and manage PAM Targets.

image

Figure 8. PAM Type Column / Filtering

Auto-Focus on Input Fields

  • When navigating to Add or Edit pages, the first text input field is automatically focused
  • Improves data entry efficiency by allowing users to start typing immediately

Enhanced Anomaly Detection in Session Timeline

The Session Detail page now visually highlights AI-flagged events in the session timeline, helping users quickly identify suspicious or risky activity.

  • New Event Types:
  • Anomaly Detected – AI flagged a suspicious event (expandable row shows details)
  • Session Resume – User continued the session after an anomaly

  • Session Terminated – User ended the session after an anomaly

  • Timeline Enhancements:

  • AI-flagged events are clearly highlighted for quick recognition
  • Existing timeline functionality (navigation, click-to-seek, active event highlighting) is preserved
  • Filter button allows viewing only Anomaly Detection events

This improvement makes session investigations faster, more intuitive, and more effective.

image

Figure 9. Enhanced Anomaly Timeline

Sensitive Input Highlighting in Session Timeline

Session timelines now display all user inputs, including typed and pasted content, during and after a session.

  • Inputs to sensitive fields are clearly marked in the timeline
  • Helps quickly identify when sensitive information was entered or modified
  • Works alongside existing timeline features for navigation and investigation

This enhancement improves visibility and auditing of critical user actions in sessions.

image

Figure 10. Sensitive Input Timeline