Skip to content

Release Notes 4.21.0

Overview

This document outlines the updates, improvements, and fixes introduced between versions 4.20.0 (released on Mar 09, 2026) and 4.21.0 (released on Mar 23, 2026) of the Excalibur v4 software.

New Features

Automated Login Macros for Web PAM Targets

Administrators can now record and manage login macros for Web PAM Targets, enabling fully automated credential insertion and authentication when a PAM session starts.

How It Works

  1. Navigate to the PAM Target detail for a Web Target.
  2. Use Record new macro to capture the full login process, including credential entry.
  3. Save the macro — it becomes part of the Web Target configuration.
  4. When any user starts a PAM session for that target, the system automatically replays the recorded macro, performing the login sequence and inserting credentials without manual input.

Macro Management

In the PAM Target detail, administrators can:

  • Record a new macro — captures the authentication flow including all credential entry steps
  • Delete an existing macro — removes the automated login configuration

Key Benefits

  • Seamless auto-authentication — users are logged in automatically when a PAM session starts
  • No manual credential entry — credentials are inserted through macro replay, not by the user
  • Centralized control — login behavior is configured and managed per Web Target by authorized administrators
  • Consistent login experience — every session follows the same recorded authentication flow

image

Figure 1. Record Macro from PAM Detail

image

Figure 2. Record Macro Session

image

Figure 3. Saved Recorded Macro

Enhanced Anomaly Detection

The detection engine has been significantly upgraded to identify unusual behavior with greater precision and reliability.

Key Improvements

  • Fewer false positives — refined detection logic reduces unnecessary alerts
  • More accurate alerts — improved pattern recognition for meaningful anomaly identification
  • Faster identification of issues — optimized processing delivers results more quickly
  • Increased confidence in detection results — higher accuracy across all monitored sessions

Improved Context Insights

Contextual information captured around detected events has been upgraded to provide richer and more actionable insights during investigation.

Benefits

  • Clearer explanation of flagged events — context bubbles now provide more summarized reasoning for why an anomaly was detected
  • Better visibility into surrounding activity — expanded capture window shows more relevant session context
  • More actionable information during investigation — investigators can make faster, better-informed decisions based on enriched event data

image

Figure 4. Context Bubble

Automatic Recording Cleanup on Tenant Deletion

When a tenant is deleted — whether via force delete or final hard delete after decommission — all associated recording files are now automatically removed from the recording directory volume as part of the deletion process.

Previously, tenant database entities were removed during deletion, but recording files could remain on disk, resulting in orphaned data, increased storage usage, and potential data retention compliance issues.

What Changed

  • Recording files are now deleted from the recording directory volume when a tenant is force-deleted or hard-deleted after decommission
  • No orphaned data on disk — ensures complete cleanup of all tenant-related data
  • Reduced storage usage — eliminates leftover recording files that previously required manual cleanup
  • Improved data retention compliance — tenant data removal now covers both database entities and recording files

Clickable QR Codes for Mobile Authentication

A new streamlined mobile login flow has been introduced using clickable QR codes on the dashboard.

How It Works

  1. Open the dashboard on a mobile device.
  2. Tap the QR code displayed on the login screen.
  3. The mobile app opens automatically.
  4. A confirmation popup is displayed — tap Continue to proceed.
  5. The authentication action starts automatically, allowing you to log in to the dashboard on your mobile device.

This feature simplifies the mobile authentication experience by eliminating the need to manually scan QR codes, reducing login steps and improving usability on mobile devices.

image

Figure 5. QR Code Mobile Authentication

Detailed Device Integrity Information

The device integrity model has been enhanced to provide full transparency into why a device is considered trusted or untrusted. Instead of a simple trusted/untrusted indicator, the system now captures and displays detailed integrity information from Android and iOS platforms.

What's New

Android Devices

The dashboard now shows specific integrity details including:

  • Whether the app is recognized and genuine
  • The device integrity level
  • App licensing status

iOS Devices

  • Confirmation of successful device attestation
  • A clear reason when attestation fails

Dashboard Enhancements

  • Token Detail — view detailed integrity information for each registered device
  • Action Detail → Validation Result — see the integrity state that was valid at the time of each action
  • Audit Log — track all changes to device integrity status with full before/after history

Key Benefits

  • Full transparency — understand exactly why a device is trusted or untrusted
  • Better investigation support — detailed integrity data helps during forensic analysis
  • Complete audit trail — all integrity changes are recorded and visible
  • Action-level visibility — verify the device integrity state at the time of any action

Note

On iOS, attestation provides a pass/fail result with a failure reason. On Android, certain device details such as OS version or patch level are not provided by the platform. If communication with the integrity service is temporarily unavailable, detailed attributes may not be shown.

image

Figure 6. Android Integrity Check

image

Figure 7. iOS Integrity Check

Usability Improvements

Automatic User Synchronization in the Mobile App

The mobile app now automatically detects when a user has been deleted from the system and removes them from its internal user list. Previously, deleted users could remain visible in the app, leading to confusing error messages and inconsistent behavior when attempting operations with those users.

What Changed

  • The mobile app actively synchronizes its user list with the identity store
  • When a user is deleted via the dashboard, the change is reflected in the app automatically
  • Eliminates stale user data that previously caused misleading error messages

Key Benefits

  • Consistent behavior — the app accurately reflects the current state of the system
  • No more misleading errors — operations involving deleted users are handled cleanly
  • Improved reliability — administrators can confidently manage users knowing changes propagate across all components

Account Detail View in the Mobile App

A new Account Detail screen has been added to the mobile app. Tapping any user row in the registered accounts list now opens a dedicated detail view with full account and certificate information.

Account Information

  • User name and email address
  • Copy-to-clipboard option for the email address

Certificate Details

  • Common Name (CN)
  • Issuer
  • Validity dates (from / to)
  • Serial number
  • Color-coded validity status (valid, expiring soon, expired)

Account Removal

  • A Remove Account button is available at the bottom of the detail screen
  • Triggers the same confirmation flow as the existing delete icon on the accounts list
  • Provides a clear, focused context for self-service account management

image

Figure 8. Token User Detail