New Features

• Introduced built-in PKI (CA server) to distribute certificates at scale.
• Improved Red Hat patch management by utilizing subscription certificates for downloading Red Hat meta files and patches.
• Folder protection for the product installation directory implemented, access limited to administrators.
• Enhanced granular access capabilities to restrict access to specific System Manager tool functionalities during role creation.
• Introduced Windows 11 Readiness Report categorizing devices based on compatibility status.
• Introduced 50+ new policies in Browsers module to ensure compliance with CIS and STIG standards.
• Automatic inventory of hardware changes at machine startup for Windows machines.
• Retention period for scheduled reports can now only be configured by users with the Administrator role.
• Dedicated role for query reports for secure access in the Reports module.
• Granular access enabling restriction to certain configurations during role creation.
• Dependency patch details now included in the Download Pending Patches view in Test and Approve.
• Agents for Linux and macOS operating systems can now be pushed to remote offices.

Improvements

• Controls for external API access via Secure Gateway Server introduced.
• Content Security Policy (CSP) configurations added for improved security of web browser requests.

Bug Fixes

• Fixed critical issue where configuration-related targets were unintentionally cleaned up post-upgrade.
• Fixed issue with the Edge Extension Repository.
• Fixed PPM upgrade issues and removed all duplicate token entries.
• Mitigated security risk in configuration deployment processes on macOS devices.
• Fixed agent-server communication failures.
• Fixed local privilege escalation vulnerability during specific file upload operations (CVE-2024-9871).
• Resolved mismatch between target count in the summary graph and table when deploying an announcement.
• Fixed vulnerability where text chat initiated user name could be impersonated.
• Fixed vulnerability where html/hyperlink could be injected while initiating text chat.
• Fixed issue where OS platform was updated as "unknown" during computer CSV import.
• Fixed display of agent re-installation count on the Agent Summary page to reflect the technician's scope.
• Fixed remote code execution issue limited to authenticated admin-level users.
• Fixed issue with displaying the legacy OS end-of-support message.
• Optimized load time for the "Threats & Patches" section for faster loading.
• Fixed issue affecting PostgreSQL database connectivity causing PPM upgrade failures.
• Enhanced HTML5 viewer now displays a clear message when waiting for user confirmation in remote sessions.
• Customer Administrator users can now configure User Confirmation settings for remote sessions.
• Fixed issue where machines were not added to reboot pending list when patches were installed through SSP.
• Fixed issue with removal of ExportFiles folder in system directory during patch scan.
• Fixed issues with revoking policy configurations in Browsers module.
• Fixed MAC client certificate authentication issues following domain name changes.
• Fixed communication failures between Agent and Server caused by incorrect domain name handling during renaming.
• Fixed issues where Agent-Distribution Server communication was disrupted due to improper certificate creation or regeneration processes.
• Fixed issue with the SoM policy resulting in computers being removed from management despite disabled settings.
• Fixed issue with SSL error message updates in remarks in the Agent->Computers->Managed Computer view.
• Enhanced security in Query Reports validation.
• Fixed listing of superseded Linux patches as missing in APD.
• Fixed issues in the Linux patch scan workflow.
• Fixed issue with excluding packages using the yum configuration file on Linux endpoints.
• Fixed security issue where file junctions could lead to unauthorized file deletion and privilege escalations.
• Optimized agent-based HTTPS requests to improve Secure Gateway Server performance.
• Fixed agent accessibility issue in non-English server setups due to inconsistent type conversion.
• Fixed issues with modifying Download Filter policies.

New Features

• System health can now be calculated by excluding BIOS updates and patches based on their release date.

Improvements

• Optimized bandwidth consumption for downloading Linux patch dependency packages.
• Enhanced security in the user administration module through refined log handling.

Bug Fixes

• Fixed local privilege escalation vulnerability during specific file upload operations (CVE-2024-9871).
• Fixed issue with PPM upgrade failures due to incomplete role creation following a PGSQL version update.
• Fixed remote code execution issue limited to authenticated admin-level users.
• Resolved issue with processing uploaded patches in patch deployment.
• Fixed listing of superseded Linux patches as missing in APD.
• Fixed issues in the Linux patch scan workflow.
• Fixed issue with excluding packages using the yum configuration file on Linux endpoints.
• Fixed PPM upgrade failure caused by the absence of rebranded SSP icon.
• Fixed security issue where file junctions could lead to unauthorized file deletion and privilege escalations.
• Enhanced security in Query Reports by improving sort column handling for MSSQL databases to prevent SQL injection.
• Fixed issue affecting PostgreSQL database connectivity causing PPM upgrade failures.

Enhancements:

• Agent Authentication: Introduced the ability to authorize and approve manually installed agents.
• Security Improvements: Updated data restriction policies in query reports and extended SCEP protocol support for 4096-bit key length.
• Reporting Features:
  • Profiles can now be exported as PDFs for audit purposes.
  • Option to mark systems as compliant based on custom compliance values in the system compliance report.
• Patch Cleanup: Added settings to remove older versions of automatically updated software packages.
• Self-Service Portal: Enhanced personalization options for agents.
• Configuration Exports: Improved export functionality for configuration profiles to ensure consistent deployments.

Bug Fixes:

• Package Issues: Fixed an issue where ZIP packages failed to upload under certain conditions.
• User Permissions: Non-admin technicians can now correctly remove devices.
• Asset Details: Resolved issues when posting asset details from integrated setups.
• Synchronization: Fixed issues with Active Directory domain synchronization.
• Performance Optimization: Resolved timeout issues when starting terminals on Linux machines with low bandwidth.
• Patch Summary: Corrected display errors in the patch summary caused by redundant binaries.
• Email Notifications: Fixed delivery issues for notifications, including expiration alerts.
• API Security: Improved API scope parameters for technician roles to secure configuration deployments.