Released June X, 2026.
Updates
NAT Traversal
The signal channel between the Connection Broker and Gateways/clients can now use QUIC, enabling improved NAT traversal in environments where a client's UDP and TCP source IPs differ.
Active Sessions (Usage > Active Sessions) now includes a Traffic Mode filter that allows administrators to filter sessions by whether they include relayed connections. The filter makes it easier to identify relayed sessions without navigating to System > Sites > Site Health > View Relayed Sessions.
Security
Addressed the CVE-2026-46331 vulnerability.
Stability
Fixed an issue where the VPN Gateway service could unexpectedly terminate when processing faulty control channel data.
Resolved a compatibility issue where older endpoints, such as Exchange servers, required the client to send a Secure Renegotiation extension field. The Portal now announces Secure Renegotiation support (RFC 5746) during TLS handshakes.
Improved CRL-based certificate revocation. Expired, untrusted, or mismatched CRLs are now rejected instead of silently accepted.
Addressed an issue where PEM-encoded Certificate Revocation List (CRL) files were parsed as DER format, causing CRL loading to fail.
Improved authorization performance in systems with a lot of entitlements and policies. This change makes the
controller.authorizationRepositoryCacheExpirySecondslocal configuration obsolete.
Admin UI
Improvements were made to the Collective Replication Status Details window, with clear, actionable messages when replication issues are detected.
Fixed an issue that prevented users from clicking on the scroll bar when viewing some drop-down suggestions.
Fixed an issue in which page size and list parameters were not kept when refreshing the Entitlements page.