Keeper Commander 17.2.14 — Release Notes
PAM
New: Privileged Workflow Commands
Fixes & polish
- pam launch performance
- pam launch MySQL: spinner + CR/LF normalization option (#1963).
- pam config list: verbose JSON now includes single-config details.
- pam-debug: corrected IIS pool text.
- Remote Browser: GET now returns JSON response data.
EPM / PEDM
- kepm scim now supports Kerberos (KC-1228).
- PEDM policy creation requires --policy-name and, for elevation / file_access / command policies, at least one user, machine, and application collection — matching the admin console (#1940, #1950).
- --machine-filter accepts UIDs not in the local collection cache; adds type 201 (CustomMachineCollection) and fixes a KeyError on missing keys (#1971).
- Automator Create now warns and lists conflicting enabled Automators in the same node before proceeding.
Vault / Records
- rm --purge flag (KC-625, #1965): default rm unlinks the record from the current user's vault; --purge hard-deletes for all users (owner-only). Adds post-purge sync_down, ambiguous-title UID listing, and a global fallback search for records in shared folders.
- Fixed ambiguous title-match check so it applies to all record-lookup paths.
- Added missing record field (#1964).
Import / Integrations
- CyberArk portal: fixed authentication, added folder import, restored legacy support.
- JSON import methods now support stringified JSON as filename instead of a local file, for SDK integrations
Service Mode
- Security hardening of parser responses; improved tree -s -v structure; added share-report, ls, and tree to Slack/Teams setup command lists; corrected flag handling in convert / convert-all (#1945).
- Removed sync-down from service mode.
Other
- Fixed Keeper server hostname parsing; deduplicated test module names; security-audit tests migrated to typed records only (#1980).
- Minor spelling fix.
- Enterprise Node --wipeout flag now deletes Automator objects and checks for pam gateways in the node (doesn't delete them, suggests moving them)