New Features

• Introduced a new effective license calculation system for KEPM and PAM add-ons, ensuring accurate bundled seat tracking across all environments.
• Introduced new security features to block "impossible travel" login scenarios when using "stay logged in" session resumption.
• Updated Admin Console logout enforcement to manage Web Vault, Browser Extension, and Admin Console sessions separately, giving enterprises more granular security control.
• Enhanced MSP, MC, and B2B add-on endpoints to ensure that enabling PAM automatically and consistently provisions KEPM licensing within a unified bundle framework.
• Improved audit logging, enforcement messaging, and device/session security to provide clearer admin visibility and stronger protection against unauthorized access.

Improvements

• KA-7086: Device login using session resumption (eg. "stay logged in") is now blocked by KeeperAI threat detection if the geographic distance between previous login session and the current location exceeds the policy settings. This advanced security measure, typically referred to as "Impossible Travel" helps prevent unauthorized session takeovers of a compromised device. A corresponding event unusual_location_activity_logout has been added to the Advanced Reporting & Alerts module ("ARAM") for Enterprise customers. The next Admin Console release will include the UI elements to control the policy settings.
• KA-7860: Currently, the Web Vault and Admin Console logout enforcement policy are tied together. With this release, the Admin Console will have the ability to specify a separate logout timer that only affects Admin Console logins. This update now separates logout timer enforcement across Web Vault, Browser Extension, Admin Console, Commander CLI and KeeperChat. The UI updates will take effect on the next Admin Console release.
• KA-8002: Updated the PAM add-on endpoint for B2B customers to include KEPM features. Seat counts and add-on management are now unified for both products.
• KA-8003: The PAM add-on endpoint now includes KEPM functionality for MSP/MC accounts. Enabling PAM automatically enables KEPM, streamlining add-on management.
• KA-8024: PAM seat count validation now uses the new effective seats database table. This change supports more accurate seat management for all licensing models.

Bug Fixes

• KA-7257: Fixed a privacy issue where changing email could reveal enterprise names if the domain was reserved. User privacy is now better protected during email changes.
• KA-7630: Updated Admin Console messaging for PAM licenses to remove hardcoded MSP/MC references. Messaging now accurately reflects the user's licensing context.
• KA-8104: Fixed missing BI consumption ARAM events for MSP PAM add-on toggles. Also addressed duplicate events under concurrent requests for accurate reporting.
• KA-8106: Resolved duplicate ARAM add/remove events when managing users in multiple PAM roles. Event logging is now streamlined for admin actions.
• KA-8157: Improved error messaging when adding add-ons in MSP environments. Users now receive clearer feedback if an add-on cannot be added.
• KA-8184: Fixed an issue where devices requesting approval were missing from the device list in account summary API requests. Device approval workflows now display all relevant devices.
• KA-8186: Updated enterprise region transfer logic to support recent licensing changes. This ensures accurate region transfer handling for affected accounts.
• KA-8193: Addressed a problem where unapproved devices were not listed in account summary API requests. All relevant devices now appear as expected in the summary response.
• KA-8226: Resolved an issue where ARAM events for active seat count changes were incorrectly generated for MSP accounts. Event generation now aligns with intended licensing actions.
• KA-8241: Fixed an issue where audit logs for adding PAM to MSP included incorrect unlimited values. Audit events now accurately reflect changes for KCM removal.
• KA-8330: Notification center and build references updated for improved reliability. This ensures smoother integration and future compatibility.

Original source Report a problem

Keeper Browser Extension version 17.8.0 includes several security and usability improvements including an option to disable your browser's built-in password manager to prevent conflicts, anti-phishing protection that warns you before pasting passwords on unrecognized sites, support for adding custom fields to store sensitive information and a quick-copy option for easily sharing a record's UID.

Option to Disable Your Browser's Password Manager

Upon logging into the KeeperFill Browser Extension for the first time (or on a fresh install) you will be prompted to choose Keeper as your default password manager and import any passwords you have saved in your browser.

This eliminates potential conflicts between your browser's built-in password manager (including Google Chrome, Microsoft Edge, Opera, Brave and Firefox) and Keeper, ensuring you receive the best possible autofill experience without the hassle of manual configuration.

For step-by-step instructions, visit our end-user guide here.

These set up steps are optional but highly recommended. Click "Skip For Now" at the bottom of the extension window if you'd like to skip this process at any point during the set up wizard. You can also manage these features at any time from Keeper's Settings menu.

If you are an existing user, this update may trigger the browser extension to register an error — if it does, just click "Turn on" or "Accept permissions" (depending on your browser) to re-enable Keeper. Accepting permissions allows Keeper the option to disable your browser's built-in password manager.

Verify Mode for Anti-Phishing Protection

Verify Mode helps protect you from accidentally entering your passwords on fake or malicious websites. When enabled, the extension monitors paste actions and warns you before your credentials are submitted to an unrecognized site.

How it works

When you paste a password into a login form, Keeper checks whether the site matches any of your vault records. If it doesn't, you'll see a real-time warning before anything is submitted, showing which site triggered the alert, with the option to proceed or cancel.

Protection levels

You can customize how aggressively the extension monitors your activity:

• Medium: You'll only be warned if you copy a password from your vault and paste it into a different site than the one it's saved for.
• High: You'll be warned any time you paste a password on a site that isn't saved in your vault at all, regardless of where the password came from.
• Maximum: You'll always be asked to confirm before pasting a password, even on websites you've already saved and trust.

Choose a higher level of protection if you want more peace of mind, or a lower one if you prefer fewer interruptions during your normal browsing.

Added Support for Custom Fields

You can now add Custom Fields directly to your records from the browser extension — no need to switch to the web vault to make edits.

Click Add Custom Field within a record to create a Hidden Field for storing sensitive information such as security questions, PINs, or private notes alongside your login. This field type is masked by default to keep your data private.

Add as many custom fields as you'd like and simply reorder them with drag-and-drop. This functionality works the same across the Keeper web and mobile apps, so it should feel familiar.

Quick-Copy a Record UID

When viewing a saved record in the browser extension, click the info icon to reveal the record's unique Record ID (UID). From there, you can copy the UID or a shareable link by selecting the icons alongside it. Note that the link does not grant access to the record. The recipient must already have access rights for the link to work.

Passkey-Based Data Encryption Support

Keeper now supports an advanced passkey feature (WebAuthn PRF extension) that allows compatible websites to use your passkey for both authentication and data encryption. When a site supports this capability, Keeper handles it automatically on the backend with no extra steps required from you.

Important: If you attempt to delete a passkey that is being used for encryption by a website, Keeper will display a warning before you proceed. Deleting a passkey could prevent you from accessing your encrypted data on that site, so it's important to review this warning carefully before removing it.

Improvements

• BE-6626: The Keeper browser extension now responds in real time to session management actions taken in the mobile app (lock, unlock, logout and remove). Any active extension sessions on other devices will update automatically.
• BE-6910: Adding a passkey to a saved login record automatically upgrades it to the latest record format (v2→v3). Your existing credentials and notes are preserved throughout, and any errors are clearly surfaced. This works consistently across all supported browsers.

Bug Fixes

• BE-5736: Adapt form filler height to fit in reduced viewport with zoomed scaling.
• BE-6144: Password field regenerates in the Create Record (toolbar) mode if user manually enters one.
• BE-6224: V3 Record custom security question and answer do not populate in context menu.
• BE-6302: Autofill unintentionally populating the "email" attribute in the SSO configuration when a matching record is detected.
• BE-6441: Verkada passkey setup blocked by <dialog>.
• BE-6715: Delete button fails when text in Password field is highlighted.
• BE-6889: Company ID field fails to fill.
• BE-6943: Fixed corrupted Themes.
• BE-6948: Domain specific password generator check does not comply with Match on Subdomains.
• BE-7023: Master Password screen - Remember Email checkbox is present.
• BE-7051: Top search result is truncated.
• BE-7149: Search bar fails to clear when switching accounts.
• BE-7152: "invalidfromSessionToken" error message appears when adding an SSO account from a different region.
• BE-7155: Unable to login to SSO account via Master Password method.
• BE-7219: Browser Extension suggests website domain without port to save to vault.
• BE-7224: Webauthn dialog not dismissed if logged in via other means.
• BE-7227: UI issues with Add URL button.
• BE-7231: Use HPKE transmission for Cloud SSO payload.
• BE-7239: Save Password prompt disappears after redirect (SurveyMonkey login).
• BE-7250: "Something Went Wrong" error modal on app.ynab.com.
• BE-7257: Investigate autofill inconsistency eresources.rmmservice.com.au/auth/.
• BE-7260: Update Node.js.
• BE-7261: Browser extension adds empty line and space to copied unmasked TOTP codes.
• BE-7262: Unmasking password (with a distinct set of steps) breaks password generator functionality.
• BE-7276: Snapshot issues on dev.azure.com
• BE-7282: Firefox XPI not reproducible across build environments — hardcoded absolute path from onxruntime-web.
• BE-7283: Keeper lock pop-up issue in Twitch chat (whitelist only for fixinator).
• BE-7291: Safari - Clicking "Add to Keeper" button causes white screen.
• BE-7298: Add Account page is blank when switching browser tabs then going back to browser extension.
• BE-7301: Use Domain Only not enabled on initial Create Record.
• BE-7313: Save Password prompt appears in Admin Console when in the EPM tab.
• BE-7314: Custom Record Type, Text and Multi-line Field type have size restriction of viewable characters.
• BE-7341: Login Screen - email dropdown arrow missing.
• BE-7350: Site-specific fixes / improvements to auto-submit detection.
• BE-7358: New Record tab - password generator symbols overlapping Use/Copy password.
• BE-7364: Overflow button in login screen design inconsistency.
• BE-7367: AutoFill fails to trigger when Passkey prompt appears first.

Original source Report a problem

New Features

Workflow API for KeeperPAM - This feature enables a KeeperPAM admin to mandate approval requests before initiating a connection or tunnel.

Expanded workflow notifications so requestors and approvers get timely updates on access status and check-in/check-out events.

Added new ARAM event messages and logging for workflow actions, approvals, denials, session changes, and escalations to improve audit ability and compliance reporting.

Introduced new API endpoints and enforcement options to manage who can configure workflow settings and to support bulk approval-status updates.

Enhanced two‑factor authentication workflows with new router-based 2FA operations and audit events for failed 2FA attempts.

Improvements

KA-7750: Added new API endpoints to support 2FA operations via the Keeper Router, including push, validation, and WebAuthn challenge to support Workflow capabilities.

KA-7814: Added notifications for access request workflows and check-in/check-out events. Both requestors and approvers receive timely updates about access status and resource availability.

KA-7962: Introduced standardized ARAM event messages for workflow actions such as approvals, denials, and session changes. These events enhance monitoring and compliance reporting for workflow activities.

KA-8025: Share approval notifications now include the "request" category tag. This ensures that user action-required items appear correctly in the Notification Center "Requests" tab.

KA-8042: Added a role enforcement policy for managing workflow settings under the Privileged Access enforcement screen. Admins can now assign or remove this permission to control workflow configuration access.

KA-8099: Implemented a new API endpoint to update Notification Center approval statuses. Supports bulk updates and improves notification handling for workflow approvals and denials.

KA-8295: Upgraded Netty libraries to address recent security vulnerabilities. This update resolves CVE-2026-33870 (HTTP smuggling) and CVE-2026-33871 (HTTP/2 DoS).

KA-4870: Enhanced ARAM to generate events for failed two-factor authentication attempts. This provides better visibility for security-related login failures.

Bug Fixes

KA-7729: Improved Notification Center to ensure all relevant notifications, including account creation, are displayed. This update enhances user awareness of important account events.

KA-7798: Fixed an issue where sharing requests did not trigger notification syncs. Notifications for sharing actions now appear instantly without manual refresh.

KA-8023: Resolved an issue where re-sending the "last read" status for a notification caused errors. Notifications now handle repeated read status updates gracefully.

Original source Report a problem

Terraform provider that interacts with Keeper Commander for tenant management

About

Terraform Provider for Commander lets you manage Keeper Security enterprise and MSP configuration as infrastructure-as-code. The provider uses the Keeper Commander Service Mode REST API to manage your Keeper resources from Terraform, so you get declarative config, version control, and a clear audit trail while staying on Keeper’s zero-knowledge infrastructure. See Available resources and data sources for the full list.

Features

• Resources: Create and manage your Keeper resources from Terraform.
• Import: Most resources support import state so you can bring existing keeper resources under Terraform management with terraform import.
• Data sources: Read the existing resource data via data sources.
• MSP support: Use the optional managed_company attribute on enterprise resources and data sources to scope operations to a specific managed company.

Available resources and data sources

Full resources and data sources documentation on the Terraform Registry.

Resources

• commander_enterprise_node: Create and manage enterprise nodes (MSP or enterprise account).
• commander_enterprise_role: Create and manage enterprise roles and policies (MSP or enterprise account).
• commander_enterprise_team: Create and manage enterprise teams (MSP or enterprise account).
• commander_enterprise_user: Create and manage enterprise users (MSP or enterprise account).
• commander_managed_company: Create and manage managed companies (MSP only).

Data sources

• commander_enterprise_node: Look up an enterprise node by name or ID (MSP or enterprise account).
• commander_enterprise_role: Look up an enterprise role by name or ID (MSP or enterprise account).
• commander_enterprise_team: Look up an enterprise team by name or ID (MSP or enterprise account).
• commander_enterprise_user: Look up an enterprise user by email or ID (MSP or enterprise account).
• commander_managed_company: Look up a managed company by name or ID (MSP only).

Prerequisites

• Keeper Commander Service Mode: A service account running Commander Service Mode REST API. Make sure you are running Commander version 17.2.9 or later before starting Service Mode.
• Terraform >= 1.0

Setup and Installation

In order to communicate between Terraform and Keeper, the customer is responsible for hosting a Keeper Commander Service Mode instance. This can be accomplished many ways depending on your IT requirements. Commander Service Mode can run as a foreground service on any machine, or it can be run in a Docker container locally or remotely on a server.

Step 1. Commander Setup

Follow the setup steps documented in the Commander Service Mode REST API section to install Keeper Commander and start the service. Commander Service Mode can run directly in the CLI, in the background on a local machine, on a remote server as a service, or under a Docker container. Using Docker is the recommended method.

Important Items:

1. The Request Queue System (API v2) must be enabled, e.g. -q=y
2. Make sure the following commands are in the list:

this-device,sync-down,switch-to-mc,switch-to-msp,msp-add,msp-down,msp-info,msp-remove,msp-update,enterprise-info,enterprise-node,enterprise-user,enterprise-role,enterprise-team,enterprise-down,enterprise-push,team-approve,record-add,record-update,rm,get,list,record-type-info

If you encounter a 429 Too Many Requests error due to rate limiting, you can configure rate-limit for your service mode using the -rl or --ratelimit flag. This allows you to configure the allowed number of requests per endpoint per IP address, for example:

• 1000/minute
• 100000/hour
• 2000000/day

Adjust these limits based on your expected traffic and system capacity.

After service creation, the API key will be displayed in the console output. Make sure to copy and store it securely. If you are using Docker, you can pull the API key from the logs with this command:

docker compose logs | grep -i "generated api key"

When the Commander service is up and running, you should be able to submit a curl request to the endpoint. For example:

curl -X POST 'https://localhost:8080/api/v2/executecommand-async' \
--header 'Content-Type: application/json' \
--header 'api-key: <your-api-key>' \
--data '{"command": "this-device"}'

If the tunnel is running and the API key is correct, you should get a response like this:

{
"success": true,
"request_id": "550e8400-e29b-41d4-a716-446655440000",
"status": "queued",
"message": "Request queued successfully..."
}

Now that the service is up and running, you can use Service Mode URL and API Key in provider configuration.

Keep the Commander Service Mode running in order to stay connected.

Step 2. Provider Installation

Registry install

To install this provider, add the following code to your Terraform configuration and run terraform init:

terraform {
  required_providers {
    commander = {
      source = "keeper-security/commander"
    }
  }
}

provider "commander" {
  # Configuration options
}

Manual Installation

Download the latest version of the Terraform Provider for your platform from our GitHub release page and copy the archive to the corresponding Terraform plugin folder (creating any missing folders in the path). Initialise source with full provider URL: source = "github.com/keeper-security/commander"

Usage

Configure the Provider

The provider needs to be configured with commander service mode url and api key before it can be used.

terraform {
  required_providers {
    commander = {
      source = "keeper-security/commander"
    }
  }
}

provider "commander" {
  service_mode_url     = "http://localhost:8080/api/v2/"
  service_mode_api_key = "XXXXXXXXXXXXXX"
}

Note: Using managed companies (MSP accounts)

Many resources and data sources support an optional managed_company attribute. When your account is an MSP, set managed_company to a managed company name or ID to manage that resource inside that company. Omit it to work in the logged-in account context (MSP or enterprise account).

Note: MSP - Using both a managed company and your main account in the same config

If you use some resources or data sources with managed_company (operations run inside that company) and others without it (operations run in the logged-in account context), Terraform may run them in parallel. Commander processes requests one at a time in a queue, so an action can run in the wrong context and fail (e.g. "resource not found").

Fix:

Add dependencies between those resources or data sources (e.g. depends_on or referencing one from the other) so they are not executed in parallel.

Example:

# Runs in managed company "Acme"
resource "commander_enterprise_team" "mc_team" {
  name = "MC Team"
  node = "Root"
  managed_company = "Acme"
}

# Runs in logged-in account; depends on mc_team so it doesn't run in parallel
resource "commander_enterprise_team" "main_team" {
  name    = "Main Team"
  node    = "Root"
  # no managed_company = main account
  depends_on = [commander_enterprise_team.mc_team]
}

Examples

Manage Enterprise Team

Below example explain how you can manage your enterprise team with help of "commander_enterprise_team" resource.
Use this resource to create and manage teams in the MSP or Enterprise account

terraform {
  required_providers {
    commander = {
      source = "keeper-security/commander"
    }
  }
}

provider "commander" {
  service_mode_url     = "http://localhost:8080/api/v2/"
  service_mode_api_key = "XXXXXXXXXXXXXX"
}

resource "commander_enterprise_team" "example" {
  name                     = "Backend Developers"
  node                     = "Engineering"
  users                    = ["[email protected]", "[email protected]"]
  roles                    = ["Developer"]
  restrict_record_edit     = true
  restrict_record_re_share = true
  enable_privacy_screen    = false
  # Optional, MSP Account only
  # managed_company = "Acme Corp"
}

Read Enterprise Team

Below example explain how you can read your existing enterprise team with help of "commander_enterprise_team" data source.
Use this data source to look up an enterprise team by name or ID. Returns the team's ID, name, users, and roles so you can reference them in other resources.

terraform {
  required_providers {
    commander = {
      source = "keeper-security/commander"
    }
  }
}

provider "commander" {
  service_mode_url     = "http://localhost:8080/api/v2/"
  service_mode_api_key = "XXXXXXXXXXXXXX"
}

data "commander_enterprise_team" "example" {
  team = "Backend Developers"
  # Optional, MSP only
  # managed_company = "Acme Corp"
}

output "team_id" {
  value = data.commander_enterprise_team.example.id
}

output "team_name" {
  value = data.commander_enterprise_team.example.name
}

output "team_users" {
  value = data.commander_enterprise_team.example.users
}

output "team_roles" {
  value = data.commander_enterprise_team.example.roles
}

For more examples on different resources and data sources, check out the detailed provider documentation.

Release Schedule and Roadmap

This all new Terraform Provider for Commander has a roadmap of features planned. Below is the current high level plan of features we are implementing:

• Shared Folders
• Shared Records
• SCIM
• Record Types
• SSO Cloud Integrations
• Keeper Gateways

Issues

Please open a Github issue with bugs, feature requests or any questions.

Original source Report a problem

Enhancements

• iOS-7594: Introduced a new centralized Notification Center that allows you to manage vault activity and requests in one place. You can now filter notifications by all or unread, approve or deny access requests, and stay informed with unread message indicators. This streamlined system ensures you never miss a time-sensitive update while making it easy to mark items as read and navigate back to your records without losing your place.

• iOS-7811: Implemented Quantum Resistant Cryptography (QRC) to future-proof your vault's security. By integrating advanced "Kyber" encryption, we are protecting your sensitive session data against the future threat of quantum computing. This update ensures that your encrypted information remains secure even as computing power evolves.

• iOS-7063: Redesigned the Security Audit experience with a new, easy-to-understand Security Score and actionable dashboard. You can see your overall security health at a glance and use the new action cards to quickly improve your score by updating weak passwords, enabling Two-Factor Authentication, or rotating reused passwords. The updated records list now features clear strength icons and improved sorting and filtering, helping you prioritize and manage your most critical security items.

• iOS-7041: Improved the accuracy of Security Audit scores by ensuring calculations are consistent with other platforms. The app now correctly identifies reused and unique passwords and excludes shared records from your personal score. Additionally, security scores are now properly updated immediately following a record transfer to a new owner.

• iOS-7234: Updated the app's internal security protocols to support the latest system improvements. This backend optimization ensures a seamless and stable connection with our authentication services, providing you with a more reliable experience.

• iOS-7852: Introduced partial search support for record sharing to better support large organizations. Users in enterprises with more than 500 members can now easily find and add specific colleagues to shared records by typing just a few characters of their name or email address, ensuring reliable discoverability across large datasets.

• iOS-7955: Improved the Account screen by integrating the Sync button directly into the main menu row for quicker access.

• iOS-7960: Enhanced device security with real-time push notification responses for upcoming remote management. The app will react to administrative actions—such as remote locking or account removal—by automatically logging out active sessions and clearing sensitive local data to protect your vault if a device is lost or compromised.

• iOS-7959: Expanded our device registration to include more detailed hardware information in preparation for an upcoming feature. The app now provides specific platform details (such as "iPhone 15 Pro" or "iPad Air") to the backend.

Bugs

• iOS-7940: Resolved a stability issue within the Autofill extension that could cause the app to close unexpectedly when interacting with the password generator.

• iOS-7949: Fixed an issue where users were not notified of an expired File Storage subscription when attempting to download or view attachments. The app now correctly displays a renewal prompt to ensure uninterrupted access to your stored files.

• iOS-7951: Addressed an issue in the Autofill extension where an incorrect "Security Key Not Recognized" alert could appear even after a successful security key login.

• iOS-7952: Corrected a visual bug in the Autofill extension where hidden password fields would always display an ellipsis, regardless of the text length.

• iOS-7953: Smoothed out the user interface when switching between different records in the Autofill extension, eliminating "janky" transitions and ensuring a more polished experience when navigating records with varying configurations.

• iOS-7954: Resolved an issue where long custom labels in certain record types would cause the field value to be truncated while in edit mode.

• iOS-7962: Fixed a bug where an unexpected error was displayed during login when the client version was unrecognized; users are now correctly prompted with the appropriate client check message.

• iOS-7964: Resolved an issue where accessing debug logs from the side menu would incorrectly launch the Safari browser instead of opening the system sharing menu.

• iOS-7965: Resolved a critical crash in the KeeperFill extension that occurred when logging into accounts with very large record sets.

• iOS-7966: Fixed an issue where the app would display an infinite loading spinner when attempting an unsupported folder move between shared folders; users are now correctly presented with an informative alert instead.

• iOS-7967: Addressed a bug that prevented users with empty vaults from logging into the KeeperFill extension.

• iOS-7968: Resolved a UI issue where the quick-action menu would appear in the wrong part of the screen after a text field was recently used.

• iOS-7969: Fixed an issue in the Notification Center where rapidly interacting with notification requests could cause multiple error alerts to overlap on the screen.

• iOS-7970: Resolved a synchronization issue where shared folders would appear duplicated in two locations after being moved until a manual sync was performed.

• iOS-7971: Fixed a navigation error in the side menu where selecting the "Debug Logs" option would incorrectly open the "Refer a Friend" screen for certain account types.

• iOS-7972: Corrected a layout issue on iPad where the Security Audit filters modal was improperly sized, ensuring all filter options and titles are fully visible.

• iOS-7973: Improved the Notification Center layout for iPad users by right-aligning approval buttons, providing a more intuitive and visually consistent experience on larger screens.

• iOS-7975: Fixed a timing issue where the "Create Your First Record" onboarding alert could incorrectly appear for existing users when navigating through the app quickly after logging in.

• iOS-7976: Resolved a visual bug in the Security Audit dashboard where description text was being truncated when the iPad was used in landscape orientation.

• iOS-7977: Resolved a critical login failure specifically affecting devices running iOS 18, ensuring compatibility and clear messaging during the authentication process.

• iOS-7978: Fixed several issues in the Record History screen, including improving the hit targets for navigation controls near the home indicator and resolving a bug where selecting a version would leave the screen unresponsive.

• iOS-7979: Optimized network performance by reducing excessive background pings to the account switching endpoint, ensuring more efficient data usage and better alignment with session activity.

• iOS-7981: Resolved a UI bug where the "Done" button could disappear from the Shared Folder edit view when interacting with the folder's overflow menu.

• iOS-7982: Corrected a visual alignment issue in the Autofill extension where username and password fields were improperly padded, ensuring they now align correctly with other UI elements and icons.

• iOS-7983: Fixed a UI issue in the Autofill extension where the text cursor was invisible on the initial tap when launched in certain light-mode contexts.

• iOS-7984: Resolved a stability issue where the app would crash immediately after a user emptied the Deleted Items folder.

• iOS-7985: Improved the visibility of third-party app icons within the Autofill extension when using Dark Mode. Dark icons (such as Peloton) are now placed in a clear container with a light background to ensure they remain distinct and visible against dark system themes.

• iOS-7986: Adjusted the vault's List view layout to prevent the truncation of record numbers, ensuring that counts for large vaults (even those exceeding 17,000 records) remain fully visible.

• iOS-7988: Resolved an issue where removing "restrict edit" enforcements from a team failed to immediately restore edit permissions for shared folder records, ensuring local permissions correctly sync with administrative changes.

• iOS-7989: Fixed a bug in the KeeperFill extension where the Password Generator (dice icon) was missing when creating or editing records, restoring full functionality to the generation tool.

• iOS-7990: Fixed an incorrect placeholder value in the Wi-Fi record type where the Title field was incorrectly labeled as "Network Name (SSID)."

• iOS-7992: Resolved a UI displacement issue where folder context menus would shift upward and obscure the folder row after a record was saved.

• iOS-7524: Fixed an issue in the Record History screen where the "Restore" button remained active when viewing the record's current version. The button is now correctly disabled when the displayed version matches the current revision, preventing unintended restore attempts.

• iOS-7993: Corrected a navigation error in the Record History screen where using the left/right arrows or the bottom-right button to browse versions could display a version number greater than the total number of available revisions.

• iOS-7994: Resolved a visual bug in the account switcher where two accounts sharing the same account UID would both display the active account checkmark simultaneously.

• iOS-7997: Fixed an issue where changing the Master Password of a secondary (non-active) account would unexpectedly log out the currently active session.

• iOS-7998: Resolved a bug where removing an account from the login menu would disable biometric authentication (Face ID / Touch ID) for other accounts stored on the same device.

• iOS-7999: Fixed a localization issue in the Security Audit dashboard where the "No Weak Passwords" status message was not translated and displayed in English for users running non-English language settings.

• iOS-8001: Addressed an issue where the vault would remain stuck on loading placeholders after closing the Notification Center, requiring a manual sync to display records correctly.

• iOS-8002: Corrected an alert that incorrectly appeared when attempting to attach files while offline under an IP-restricted policy. The app now displays the appropriate restriction message instead of an unrelated error.

• iOS-8003: Fixed a layout issue where the Notification Center bell icon was positioned too close to the "Done" button in the vault edit view, improving tap target separation.

• iOS-8004: Resolved a compatibility issue with Passkey authentication by ensuring the required field is always present in the passkey data, improving reliability with third-party services that validate this field.

Original source Report a problem

SDK and Integration Updates for March 2026

Keeper Secrets Manager CLI 1.3.0

This update introduces enhanced security features that use native secure profile storage to safeguard Keeper device identity information. This security measure is enabled by default on all compatible Windows, macOS, and Linux devices.

Breaking Change Minimum supported Python version is now 3.10 (previously 3.7). Python 3.7-3.9 users should stay on v1.2.0

Breaking Change boto3 is no longer installed by default. AWS sync users must install the [aws] extra: pip install keeper-secrets-manager-cli[aws]

• KSM-800: Added OS-native keyring storage for CLI configuration
  • New profiles store configuration in the OS keyring by default (macOS Keychain, Windows Credential Manager, Linux Secret Service)
  • Existing keeper.ini profiles continue to work without migration
  • Added --ini-file flag to opt into explicit file-based storage
  • Install keyring support: pip install keeper-secrets-manager-cli[keyring]
  • Additional fixes:
    • Profile name validated against [a-zA-Z0-9_-]{1,64} before redeeming one-time token
    • SHA-256 integrity check on every keyring load with clear error and recovery hint
    • Warning on stderr when keyring is empty and a keeper.ini exists
    • Graceful fallback to keeper.ini on Linux when Secret Service is unavailable
    • --ini-file flag respected by all profile and config subcommands and no longer requires boto3 for non-AWS profiles
• KSM-810: added ksm profile delete command
• KSM-820: ksm secret get --json now outputs custom fields under "custom" key (was "custom_fields"), matching the canonical V3 record format
• KSM-818: ksm shell no longer crashes when click>=8.2 is installed
• KSM-702: Record create payload now always includes custom: []; previously omitted when no custom fields were set
• KSM-691: keeper.ini is now written with owner-only permissions (0600)
• Dependency Update: Updated keeper-secrets-manager-core to >=17.2.0 and keeper-secrets-manager-helper to >=1.1.0

Security updates

• KSM-761: Fixed CVE-2026-23949 (jaraco.context path traversal vulnerability)

Links:

• KSM CLI Docs
• PyPI Package
• Docker Hub
• Docker Hub (Alpine)
• GitHub Release

Ansible Integration 1.4.0

Breaking Change Minimum supported Python version is now 3.9 (previously 3.7). Python 3.7-3.8 users should stay on v1.3.0

• KSM-811: Raised minimum Python version from 3.7 to 3.9
  • Updated keeper-secrets-manager-core dependency to >=17.2.0
  • Updated keeper-secrets-manager-helper dependency to >=1.1.0
  • Replaced importlib_metadata backport with stdlib importlib.metadata
• KSM-816: Fixed keeper_create failing when the target shared folder contains no records
• KSM-827: Fixed Tower Execution Environment Docker image missing system packages required by Ansible Automation Platform
  • Added openssh-clients, sshpass, rsync, and git to the EE image
  • Resolves [dumb-init] ssh agent: No such file or directory startup error

Links:

• Ansible Integration Docs
• PyPI Package
• Ansible Galaxy
• Docker Hub

Last updated 6 days ago

Original source Report a problem

Enhancements

• CC-1801: We optimized the account sync process. Users will notice a much faster experience when setting up their account for the first time.
• CC-2341: Improved the initial loading performance for power users. The application now handles accounts with an extensive number of conversations and contacts more efficiently, leading to a snappier feel when opening the app.
• CC-2412: Updated the Android application to support 16K memory page sizes. This ensures full compatibility with future high-performance Android devices and meets the latest Google Play technical requirements.
• CC-2420: Updated internal development and distribution certificates for Mac and iOS. This essential maintenance ensures continued app stability and seamless updates across all Apple platforms.

Bugs

• CC-1946: Resolved a rare issue on iOS devices where the application could hang when attempting to log in using FaceID or TouchID.
• CC-1961: Fixed a crash on Android and UWP platforms that occurred after the application had been running in the background for a long time.
• CC-1976: Addressed an intermittent freezing issue on Windows that triggered when the application was left idle.
• CC-2003: Corrected a bug on Windows where users had to log out and back in to see new conversation invitations.
• CC-2007: Resolved an issue where the app became unresponsive if the Single Sign-On (SSO) service was temporarily unavailable during login.
• CC-2210: Fixed a bug that caused unexpected logouts immediately after sending or receiving messages within group chats.
• CC-2280: Addressed a logout hang on macOS that occasionally prevented the application from closing properly.
• CC-2282: Resolved an issue where some users were being logged out of the application unexpectedly during active sessions.
• CC-2306: Fixed a problem where Keeper Push notifications for device approvals were not being delivered to users in regions outside of the United States.
• CC-2335: Fixed a critical issue on Windows where chat history appeared missing for users who had deleted and recreated their accounts using the same email address.
• CC-2336: Addressed a Windows-specific bug where chat history could disappear after the application froze, occasionally resulting in duplicate or "ghost" account profiles.
• CC-2337: Corrected a Windows-specific issue that caused significant delays in message delivery for certain network configurations.
• CC-2338: Resolved a bug on Windows where messages failed to appear in the chat window even after a notification was received.
• CC-2339: Addressed a bug on Windows where copying and pasting a message from one conversation to another would cause the original message to be deleted.
• CC-2387: Fixed an issue on Windows where the first few messages of a brand-new conversation were not visible to the user.
• CC-2389: Addressed a display glitch on iOS where navigation icons would appear transparent or misaligned after the app was idle.
• CC-2393: Resolved an error on Windows that prevented the successful downloading of files and media directly to the Desktop folder.
• CC-2397: Fixed an intermittent "transmission_key" error that appeared for some users following recent security infrastructure updates.
• CC-2398: Corrected a macOS issue where push notifications failed to register correctly on new app installations.
• CC-2399: Fixed a bug where the self-destruct warning message failed to display after the maximum number of failed login attempts was reached.
• CC-2400: Resolved a UI inconsistency on iOS where attachment icons were not aligned with even spacing.
• CC-2401: Fixed an issue on iOS where GIF images remained static and failed to animate within the chat window.
• CC-2403: Fixed a cross-platform invitation bug where users could not start a conversation after accepting an invite if the app was previously running in the background.
• CC-2407: Fixed a cross-platform crash that occurred when attempting to select a method for Two-Factor Authentication (2FA) for the first time.
• CC-2408: Resolved several UI layout issues on Android where header icons, navigation arrows, and device status bars would occasionally overlap on the Welcome and Login screens.
• CC-2409: Resolved an issue on Android where toggling Stealth Mode or navigating to contacts while Stealth Mode was active could cause the application to crash.
• CC-2410: Fixed a cross-platform crash that occurred after the fifth unsuccessful login attempt, ensuring the self-destruct warning is displayed correctly instead.
• CC-2411: Corrected a UI issue on macOS where text in the top right corner of the Gallery and Files sections appeared truncated.
• CC-2413: Resolved a critical issue on macOS where the application would freeze or crash immediately after selecting a chat or group conversation.
• CC-2414: Fixed a UI issue on iOS where the download icon was missing for media files within the Gallery and Files sections.
• CC-2416: Fixed a regional settings issue on macOS where the application would default to the USA region after logging out, instead of remembering the user's previously selected region.
• CC-2417: Resolved a bug on Mac and iOS where users were unable to preview images and videos in the media gallery, receiving an "Image Not Available" error.
• CC-2418: Fixed an issue on Android where the account edit icon (pen) and the surrounding profile area in the side menu were unresponsive to touch.
• CC-2419: Fixed a crash on iOS that occurred when tapping profile pictures, status messages, or edit icons within the Menu page.
• CC-2422: Fixed an issue on iOS where the chat registration screen incorrectly displayed a number pad for email verification, preventing the entry of alphanumeric codes.
• CC-2423: Improved security on Android by resolving a root detection issue on newer OS versions (Level 12+), ensuring the app correctly identifies rooted environments and prevents unauthorized execution.
• CC-2433: Resolved a crash on macOS that occurred when a first-time user closed the app during the initial profile setup (name and phone number entry) and attempted to relaunch it.
• CC-2434: Fixed an issue on macOS where the "Generate New Phrase" button remained disabled even after a valid Master Password was entered during the account recovery setup.
• CC-2435: Resolved a crash on macOS that occurred after the fifth unsuccessful login attempt specifically when the self-destruct security feature was enabled.
• CC-2436: Corrected a visibility issue on macOS where the text on the "Set Recovery Phrase" button was difficult to read due to low contrast.
• CC-2440: Resolved a UI glitch on macOS that occurred when switching between accounts with differing contact lists, ensuring the contact page correctly refreshes to an empty state when appropriate.
• CC-2442: Implemented a safeguard to prevent the creation of duplicate conversation instances when starting a chat with the same contact.
• CC-2443: Resolved a synchronization issue where users were unable to successfully start or receive messages in a new conversation after a previous chat session with the same contact had been left.
• CC-2444: Fixed an issue on iOS where the "Terms of Use" and "Privacy Policy" links were unresponsive.
• CC-2445: Resolved a bug on macOS where the account recovery setup prompt would appear as a blank screen if the user had previously dismissed it and then logged back into the app.
• CC-2446: Fixed a crash on iOS that occurred when a user confirmed they wanted to "leave conversation" from the chat settings menu.
• CC-2447: Fixed an issue on Android where the "Next" button remained disabled on the login/sign-up screen if the user had navigated back and forth while the email field was already populated.
• CC-2448: Fixed a crash on Android that occurred when accepting a conversation invitation from the Invites screen within the Account page.
• CC-2452: Fixed a cross-platform bug on iOS and Android where the "Generate New Phrase" button remained disabled in the Account Recovery settings after entering a valid Master Password.
• CC-2453: Resolved an issue on Windows where the "Generate New Phrase" button remained disabled even after entering a valid Master Password in the Account Recovery settings.
• CC-2457: Fixed a UI issue on iOS where the text entry field would appear incorrectly positioned in the middle of the screen after returning to the app from the background.

Original source Report a problem

SDK and Integration Updates for February 2026

Keeper SDK Release 1.1.4

Several new features and upgrades have been published to Keeper's Python SDK, .Net SDK and PowerShell module, covering vault and administrative actions.

Pluggable Biometric Login

Added a new IBiometricLoginProvider/IBiometricLoginResult interface pair to KeeperSecurity.Authentication, enabling host applications to inject their own biometric credential provider into the auth flow without a hard dependency on KeeperBiometrics.

BiometricLoginProvider property — set to an IBiometricLoginProvider implementation to activate biometric login.
TryBiometricLoginAsync() — attempts biometric login, returning a BiometricLoginAttemptResult struct with Success and ErrorMessage.
TryLoginWithBiometricsAsync() — convenience wrapper returning a bool.

Push Notifications Toggle

IAuthEndpoint/AuthCommon exposes a new UsePushNotifications property (default true). Setting it to false before login prevents the WebSocket connection from being established, which is useful for batch/service workloads that don't need real-time sync.

SQL Storage Refactored

The monolithic SqliteStorage.cs/SqliteDao.cs have been replaced with a layered, dialect-agnostic storage subsystem. Migration: Replace usages of the removed SqliteStorage class with SqlKeeperStorage, passing a SqliteDialect instance.

New data types added to AuditLog

KeeperVersionType — client version metadata (version ID, type, category).
IpAddressType — IP address with city/region/country geo fields.
GeoLocationType — geo location with IP count.

Commander CLI (inside the SDK)

Note: The Commander CLI code which exists inside of the KeeperSDK is a paired down version of the full Commander CLI application.

enterprise-info/ei — new command that displays an enterprise hierarchy tree with node, user, role, and team counts.
audit-report — significantly expanded; now supports structured column selection, scope filtering, and enriched event data (geo-IP, client version).
action-report — new command for aggregated action reporting.
MSP commands — new
msp context with sub-commands: switch context to/from MSP, display MSP details, refresh MSP data, modify managed company licenses, remove managed companies.

PowerShell Module

We have added several new features to the PowerCommander PowerShell module:

• Get-KeeperEnterpriseInfoTree — displays the enterprise as a tree
• Get-KeeperEnterpriseInfoNode — node details.
• Get-KeeperEnterpriseInfoUser — user details.
• Get-KeeperEnterpriseInfoTeam — team details.
• Get-KeeperEnterpriseInfoRole — role details.
• Get-KeeperEnterpriseInfoManagedCompany — managed company details.
• Invoke-KeeperEnterpriseNodeWipeOut — removes all content (users, roles, teams, subnodes) under a node.
• Get-KeeperEnterpriseTeams — lists all enterprise teams with member counts
• Copy-KeeperMCRole — copies a role from the MSP to a managed company.
• Get-KeeperRecordHistory — retrieves the history of changes for a record.
• Find-KeeperDuplicateRecords — identifies duplicate records across the vault.
• Get-KeeperRecordFieldValue — extracts a specific field value from a typed record.
• Revoke-KeeperSharesWithUser — revokes all shares to/from a specified user.

Samples

The Sample projects have been significantly expanded into categorized, focused examples covering the full SDK surface.

References

Unified Keeper SDK Documentation
https://docs.keeper.io/en/keeperpam/commander-sdk/keeper-commander-sdks

Keeper SDK .Net
https://github.com/Keeper-Security/keeper-sdk-dotnet

.Net Sample Code
https://github.com/Keeper-Security/keeper-sdk-dotnet/tree/master/Sample

PowerCommander PowerShell
https://github.com/Keeper-Security/keeper-sdk-dotnet/tree/master/PowerCommander

Python SDK
https://github.com/Keeper-Security/keeper-sdk-python

Python SDK Examples
https://github.com/Keeper-Security/keeper-sdk-python/tree/master/examples/sdk_examples

For a full authentication code example see login.py

PyPi Python SDK
https://pypi.org/project/keepersdk/

Commander SDK

We have released PowerCommander 1.1.0 and Keeper SDK 1.1.4-beta02.

PowerCommander

Enterprise: Get-KeeperEnterpriseInfoTree / Node / User / Team / Role / ManagedCompany (keitree, kein, keiu, keit, keir, keimc); Invoke-KeeperEnterpriseNodeWipeOut (kenwipe), Get-KeeperNodePath, Copy-KeeperEnterpriseRole (kercopy), Get-KeeperEnterpriseTeams (lst-team)
MSP: Copy-KeeperMCRole (msp-copy-role)
Records: Find-KeeperDuplicateRecords (find-duplicates), Get-KeeperRecordHistory (krh); Get-KeeperFileReport (file-report)
Import/Export: Import-KeeperMembership (kapplymbs)
Sharing: Revoke-KeeperSharesWithUser
Clipboard: clipboard-copy command support

SDK (KeeperSdk)

Auth/Biometrics: BiometricLoginAttemptResult struct (Success, ErrorMessage; Completed, NotAttempted, Failed); AuthSync.TryBiometricLoginAsync() returns result for clearer app handling; TryLoginWithBiometricsAsync delegates to it
Vault/File Report: KeeperFileReport.GenerateFileReport(), FileReportOptions, FileReportItem
Vault/Records: RecordHistory, record history extensions – supports Get-KeeperRecordHistory
Vault/Membership: DownloadMembership, ApplyMembership – supports import/export shared folder membership
Enterprise/MSP: MspManagement, ManagedCompanyOptions, ManagedCompanyAddonOptions, IMspManagement – MC create/update/remove, addons, seats
Enterprise: Node wipe-out support (wipe node and all content)

Bug Fixes

• Add-KeeperRecord -GeneratePassword flag fixed

Secrets Manager Python SDK 17.2.0

Breaking Change: Minimum supported Python version is now 3.9 (previously 3.6). Python 3.6-3.8 users should stay on v17.1.0
KSM-778: Raised minimum Python version to 3.9
Updated dependency floors for security fixes: cryptography to >=46.0.5 (CVE-2026-26007), urllib3 to >=2.6.3 (CVE-2026-21441, CVE-2025-66471, CVE-2025-66418, CVE-2025-50181, CVE-2025-50182), and requests to >=2.32.4 (CVE-2024-47081)

Terraform Provider 1.2.0

KSM-527: Added PAM record type support — new secretsmanager_pam_machine, secretsmanager_pam_database, and secretsmanager_pam_directory resources and data sources for managing SSH/RDP, database, and directory credentials; pam_settings field supports protocol-specific connection configuration as JSON
Added/expanded PAM field support and readback coverage across PAM resources/data sources, including database_type, directory_type, connect_database, private_pem_key, private_key_passphrase, folder_uid, totp, and PAM Machine credential fields (login, password, ssl_verification) (KSM-792, 793, 794, KSM-796, 797, 798)
KSM-788: Added SSH key pair generation to secretsmanager_ssh_keys resource — supports ED25519, RSA (2048/3072/4096), and ECDSA (P-256/P-384/P-521) with optional passphrase encryption via generate = "yes" on the key_pair block
KSM-789: Added SSH key generation and private_pem_key field to secretsmanager_pam_user and secretsmanager_pam_machine resources; passphrase stored as custom field for PAM interoperability
KSM-389: Added title_patterns parameter to secretsmanager_records data source for filtering records with Go regex; patterns can be combined with UIDs and exact titles in a single query
KSM-522: Fixed error when shortcuts/linked records are present across multiple shared folders

Security updates

KSM-707, KSM-795: Upgraded Go from 1.24.0 to 1.24.13 to address CVE-2025-22871, CVE-2025-58185, and additional security CVEs

Secrets Manager Rust SDK 17.1.0

KSM-584, KSM-791: Added HTTP/HTTPS proxy support (ClientOptions.proxy_url or HTTP_PROXY/HTTPS_PROXY), applied consistently to all operations including file uploads and downloads
KSM-688: Added update operations with transaction support for password rotation
KSM-689, KSM-693: Added title-based secret and file retrieval (get_secrets_by_title, get_secret_by_title, download_file_by_title, KeeperFile.get_thumbnail_data)
KSM-690: Added disaster recovery caching with automatic server fallback
KSM-744: Added transmission public key #18 for GovCloud Dev support
Security: Updated openssl to 0.10.75 (CVE-2025-3416, Medium) and ring to 0.17.14 (CVE-2025-4432, Medium)
KSM-700, KSM-783: Fixed config file handling (secure 0600 permissions on Unix; no longer panics on empty JSON config)
KSM-769, KSM-735: Fixed notation lookup bugs (custom_field selector searched wrong array; duplicate UIDs from shortcuts returned wrong record)
KSM-776, KSM-779: Fixed linked record handling (Record.links now populated when request_links is true; file link removal no longer fails silently)
KSM-775, KSM-787: Fixed record reliability (corrupt records filtered from results; CryptoError resolved when falling back to offline cache)
KSM-782: Fixed password generation with exact character counts
KSM-639: Fixed key rotation with numeric key_id values
Breaking Change: Minimum Rust version raised to 1.87 (previously 1.56)

Ansible Plugin 1.3.0

KSM-714: Added notes field update support for keeper_set (field_type: notes)
KSM-768: Added notes field support across all plugins (keeper_get, keeper_copy, keeper_set)
KSM-770, KSM-771, KSM-772: Fixed notes field handling bugs (empty field retrieval, parameter validation, data loss prevention)
KSM-773: Fixed parameter naming inconsistency and added missing documentation (keeper_create now uses 'notes' instead of 'note')
KSM-780: Added backward compatibility for deprecated 'note' parameter
KSM-781: Fixed Jinja2 templating for keeper_config_file and keeper_cache_dir variables
KSM-762: Fixed CVE-2026-23949 (jaraco.context path traversal)
Dependency Update: Updated to KSM Python SDK v17.1.0 for latest security fixes and features

Secrets Manager .NET SDK 17.1.1

KSM-767: Fixed PowerShell 7.5.4 compatibility issue caused by System.Text.Json 10.0.1 dependency

Secrets Manager .NET SDK 17.1.0

KSM-741: Added transmission public key #18 for GovCloud Dev support
KSM-724: Fixed notation lookup with record shortcuts (handles duplicate UIDs from shortcuts)
KSM-698: Fixed file permissions for config files (write with 0600 permissions for security)
KSM-674: Fixed parsing of lastModified file data field

Original source Report a problem

Bug Fixes

VAUL-8417: Updated the Notification Center so it remains open and retains focus until the user clicks outside of it.

VAUL-8365: Implemented handling of mobile session and device management push notifications (logout, lock, remove) ahead of mobile launch.

VAUL-8433: Fixed failed JSON imports when the shared_folders property is missing.

VAUL-8446: Chrome autofill now correctly avoids populating the Master Password field in the export modal and the Search field.

VAUL-8424: Fixed an issue where clearing the Shared Folder search caused the page to scroll to the top.

VAUL-8420: Fixed device approval notifications showing “unknown device” instead of the correct device information.

VAUL-8413: Resolved a React re-render loop that occurred when creating some connections.

VAUL-8378: Corrected misalignment of drag-and-drop CSV imports from Chrome export.

VAUL-8375: Fixed Session Activity checks so RBI enforcement is not applied to non-RBI connections and respects offline mode.

VAUL-8352: Fixed an object error that occurred when importing KeeperJSON files.

VAUL-8344: Updated the Secure File Storage error message to correctly inform users when storage is expired.

VAUL-8329: Updated the notification window so it is no longer locked to a small size and can grow vertically.

VAUL-8328: Updated the notification bell icon so it is outlined, not filled, when there are no unread notifications.

VAUL-8327: Added a hover state to items in the Notification Center.

VAUL-8239: Fixed an issue where Secrets Manager applications were not searchable.

VAUL-8208: Corrected Windows Narrator behavior so it announces Password Zoom correctly.

VAUL-8172: Updated Password Zoom so screen readers announce the modal with a descriptive name instead of “group.”

VAUL-8115: Fixed an issue where the maximized connection viewer showed blank space when switching sessions via the Connection Dock.

VAUL-7558: Fixed an issue where a connection missed the first keystroke when the browser regained focus.

VAUL-7447: Corrected the missing error message when an enterprise user with outside sharing prevented adds an outside user to a shared folder.

VAUL-7105: Corrected the error dialog title shown when a record is created in a shared folder without sufficient permissions.

VAUL-7103: Corrected the title of the error message shown when sharing outside of the enterprise is not allowed.

KDE-1966: Fixed an issue where Windows Hello would not enable in Keeper Desktop when FaceID was active.

KDE-1965: Fixed Windows Hello login failures after logout that incorrectly showed an “Invalid email or password” error.

KDE-1956: Fixed an issue where the “Next” button failed to respond after the app returned from an idle state on Windows.

KDE-1955: Fixed an intermittent issue where Help → Reset stopped responding and required an app restart.

KDE-1948: Corrected the KFFA Region dropdown so it is no longer cut off on the login screen on Mac and Windows.

KDE-1918: Fixed a bug where the Windows Hello PIN prompt appeared in the background and caused login failures after updating to 17.5.0.

KDE-1911: Resolved a problem where a blue screen was displayed on the app launch page after idle state on Windows.

Web Vault Update Instructions

To ensure you're using the latest Web Vault, simply reload the vault login page (or Shift+Ctrl/Cmd+R to force refresh)

Desktop Update Instructions

If you installed Keeper Desktop directly from the Keeper website, download the latest version from:
https://www.keepersecurity.com/download.html?t=d

If you installed Keeper Desktop from the Mac App Store or Microsoft Store, visit the store to perform the update.

Original source Report a problem