Released August 26 2025
Updates
Security
Fixed an issue where the RADIUS MFA provider’s sharedSecret field was not write‑only and appeared in audit logs.
The Token life cycle logic was improved.
Application Discovery
Fixed an issue where the Discovered Apps list was emptied when manually triggering an analysis.
Resolved a problem where error feedback on Policy creation in the Application Discovery configuration modal was missing.
The troubleshooting modal now fetches the latest data when opened.
Fixed an issue where Originating were sometimes listed twice.
Stability
Fixed an issue where having a lot of admin messages would make the Admin UI slow down and sometimes crash.
Addressed a problem where a user claim script would fail to evaluate when the returned object had a list field with null as the first item.
Fixed a rare issue where the WebSocket connection between the Controller and appliances became stale, causing unnecessary hangs in certain APIs on the Controller.
Resolved an issue where various scenarios related to Gateway failover created a BDR conflict that stopped replication.
Slightly improved the handling of overloaded Controllers.
Fixed an issue where the Controller did not respond to requests when the path contained double slashes.
Fixed an issue where the Site form page showed inaccurate values when browsing between sites.
Admin UI
Resolved a problem where policy creation was unexpectedly prevented if users lacked view license privileges.
Fixed an issue where array values in mapped attributes from a site’s “test users” action weren’t shown as expected.
“Device Claims” and “On‑Demand Device Claims” are now labeled as “Device Claims – Built‑in” and “Device Claims – Scripted,” respectively, for clarity.
DNS Auto‑Configuration results are now included in the Policy Assignments Analysis.
Fixed an issue where DNS forwarding‑based entitlements did not show the message “DNS Forwarder not yet accessed” on the Session Details page.
Networking
Fixed an issue where querying AWS EKS cluster Tags did not work as intended.
Resolved a problem where an Azure authentication failure sometimes caused a short interruption in name resolution.
Fixed an issue where DNS forwarding under certain conditions stopped working for short periods.
Audit Logs
Fixed an issue where the “Report” button in the OpenSearch dashboard was missing, making it impossible to generate CSV reports from OpenSearch.
Fixed an issue where the rule_subnet field of the ip_access audit log did not show the correct subnet.
Metrics
The threshold for raising a warning when metrics haven’t been pulled to the Metrics Aggregator is now configurable.
The throughput of the Metrics Aggregator has been improved.
Appliances
The limit for individual Appliance customizations has been increased from 100 MB to 200 MB. The total limit is still 200 MB.
CoreDNS will log that its FIPS module is enabled.
Fixed an issue where running “cz-config collect-logs” on the Appliance was failing.