Released March 23, 2026
Updates
Client
Fixed an issue where the “Create Profile” page popped up unexpectedly on start-up while applying a new profile configuration defined by the administrator.
Fixed an issue where Client would unnecessarily close the connection to the Controller between MFA initialization and MFA attempt, which could then end up in another Controller.
Users no longer have the option to not display the Message of the Day at every subsequent login to the Client.
The Client now automatically blocks DNS server auto-discovery over tunnels.
Desktop
Desktop Clients (except Windows lite) now support NAT traversal. Please see more in the admin guide.
Android
The Android WebSocket endpoint no longer allows unauthorized data access from local applications.
Addressed a critical cross-site scripting vulnerability where certain in‑app links and configuration data were not being handled safely inside an embedded browser (WebView).
Linux
Addressed an issue in which clicking on notifications did not take users to the Client.
Windows
Fixes were made for network profile category enforcement.