Released June X, 2026
Updates
Fixed a stability issue where the AppGate driver service could crash when it received malformed JSON-RPC data on the deploy control channel. The service now handles unexpected or invalid control data gracefully without terminating.
The client now supports QUIC for the signal channel used during NAT traversal. In network environments where UDP and TCP traffic are routed through different paths, this improves connection reliability.
Addressed a security issue where the desktop client's local communication channel could be accessed without proper authentication.
Fixed an issue in which clients using NAT traversal failed to reconnect when receiving certificate errors during the initial direct connection attempt.
WolfSSL was updated to version 5.9.1.
Resolved an issue in which bulk transfers over QUIC would stall.
Windows
Fixed a security vulnerability where specially-crafted SMB or SSH links could be used to execute unauthorized commands. The client now applies stricter validation to protocol handler URLs.
Addressed a security vulnerability where the update service could be triggered by unauthorized local processes. The update service now restricts access to authorized callers only.
Removed the usage of the PowerShell API as it took a long time to complete when removing DNS rules.
Fixed an issue where Windows Hello registered itself but could not authenticate as a FIDO2 device.
Addressed an issue in which invalid JSON in the
config.jsonfile caused installations to fail.
iOS
Fixed an issue where the client failed to start when launched from a URL link.
Android
Android Auto has been excluded from the VPN.
Fixed a security issue where Android authentication callbacks could be intercepted by other apps on the device.
macOS
Added security checks that allow only processes to connect to the AppGate tunnel when the process was started by the currently logged-in user.
System administrators can now control which local users are permitted to manage the VPN using the new optional
ListenerGroupconfiguration parameter, providing an additional layer of local access control.
Linux
Added security checks that allow only processes to connect to the AppGate tunnel when:
The process was started by the currently logged-in user.
No dynamic linker environment variables are detected.
System administrators can now control which local users are permitted to manage the VPN using the new optional
ListenerGroupconfiguration parameter, providing an additional layer of local access control.