Release Notes

The release notes describe the new features, enhancements to existing features, fixed issues, and known issues available in a service release. The release notes include one or more of the following sections:

What’s new: The new features and enhancements available in the current release.

Fixed issues: The issues that are fixed in the current release.

Known issues: The issues that exist in the current release and their workarounds, wherever applicable.

22.10.1 EPA plug-in for macOS (27-Oct-2022)

What’s new

• The Citrix Endpoint Analysis plug-in now supports new MAC address validation expression where pattern sets can be created for the list of allowed IP addresses.

  [CGOP-22098]

• The Citrix Endpoint Analysis plug-in sends duplicate consent alerts while handling private network access preflight requests from Google Chrome.

  [CGOP-21751]

V22.06.1 (20-Sep-2022)

What’s new

• EPA libraries are updated to 4.3.2523.0 (1.3.7.5)

Fixed issues

• nFactor authentication with EPA scan does not work on the macOS clients.

  [NSHELP-32182 - macOS]

• On the Secure Access Agent home page for macOS, extra padding with white or black color appears on the left and top of the hamburger menu depending on the selected theme (light or dark).

  [CGOP-19353 - macOS]

• When logging into the VPN, the WebView window minimizes on the first try if the device certificate is configured.

  [CGOP-19354 - macOS]

• Endpoint analysis does not work for the Citrix Secure Access app on the macOS client when GSLB is enabled on the Citrix ADC appliance.

  [CGOP-21634 - macOS]

• If there is a space in the configured application name and you try to access the app, the Enhanced Security Enabled popup does not show up on the macOS clients.

  [ACS-2632 - macOS]

• nFactor authentication with an optional client certificate fails when there are no appropriate client certificates on the device.

  [NSHELP-32127 - iOS]

• On a Mac device using Chrome, the VPN extension crashes while accessing two FQDNs.

  [NSHELP-32144]

• Citrix Secure Access crashes when an incorrect location value is received from the gateway. This can happen if the administrator defines a responder policy to redirect to another host.

  [NSHELP-32312]

• Direct connections to the resources outside of the tunnel established by Citrix Secure Access might fail if there is a significant delay or congestion.

  [NSHELP-31598]

V3.2.4.9 - EPA plug-in for macOS (01-Aug-2022)

Fixed issues

• Citrix Endpoint Analysis plug-in does not handle private network access preflight requests from the Google Chrome browser version 104.

  [CGOP-20709]

• Citrix Endpoint Analysis plug-in for macOS does not support GSLB.

  [CGOP-21543]

Known issues

• Citrix Endpoint Analysis plug-in for macOS displays a duplicate consent dialog box when started from the Google Chrome browser version 104. The users have to accept both the prompts.

  [CGOP-21751]

V22.03.1 (14-Jun-2022)

What’s new

• EPA libraries are updated to 4.3.2393.0.

Fixed issues

• An extra DNS domain is added to the search list. This is because, when the split tunnel is set to “Split” or “Both” only the specified domains and their subdomains are NOT tunneled. If the specified domain is A.B.C, then B.C is also matched in addition to A.B.C and *.A.B.C.

  [CGOP-21657]

• HTTP/HTTPS proxy settings that do not use a PAC file are broken.

  [CGOP-21660]

V22.02.3 (24-Mar-2022)

What’s new

• Citrix Secure Access for macOS resolves the FQDN of a service node on every TCP data connection from the client for the cloud workspace connections. Resolving the FQDN of a service node on every TCP data connection is not applicable for the on-premises gateway connections.

  [ACS-1068]

Fixed issues

• In some cases, the Citrix Secure Access for macOS drops connections because of issues with some non-DNS protocols using port 53, such as STUN.

  [NSHELP-31004]

• The Citrix Secure Access app breaks some protocols when the server sends data before the client, immediately after the connection is established.

  [NSHELP-29374]

• If the user closes the authentication window of the Citrix Secure Access agent for macOS without completing the authentication, then subsequent attempts to connect to the server fail until the app is restarted.

  [ACS-2415]

• The Citrix Secure Access agent for macOS is now bundled with OPSWAT library version 4.3.2367.0

  [NSHELP-30802]

• Citrix Secure Access for macOS takes a longer time than expected to run the post-authentication EPA check.

  [NSHELP-29118]

Known issues

• Citrix Secure Access app for macOS logs out one minute after the already connected Secure Private Access service region becomes unreachable. However, this does not affect the on-premises gateway connections.

  [ACS-2715]

V22.02.2 (15-Feb-2022)

Fixed issues

• Multiple pop-ups are displayed when a user tries to access an unsubscribed Web app from Citrix Secure Access for macOS.

  [ACS-2406]

V22.01.1 (08-Feb-2022)

Fixed issues

• Per-App VPN connections with Citrix SSO for iOS devices fail to connect to Citrix Gateway on ports other than 443.

  [NSHELP-30653]

V1.4.1 (28-Jan-2022)

what’s new

• The Citrix SSO app for macOS is now rebranded as Citrix Secure Access.

  [ACS-1092]

Fixed issues

• Client certificate authentication fails if the authentication server requests for the client certificate multiple times in the same web view session.

  [CGOP-20388]

• Citrix SSO fails to establish a VPN connection if the server certificate has only an IP address for common name because of a proxy in between the client and the ADC.

  [CGOP-20390]

• EPA scan for checking the antivirus last full system scan fails on macOS.

  [NSHELP-29571]

• Sometimes, the Citrix SSO app crashes while handling large DNS packets.

  [NSHELP-29133]

V1.4.0 (17-Nov-2021)

Fixed issues

• In some cases, the server validation code fails when the server certificate is trusted. As a result, end users cannot access the gateway.

  [NSHELP-28942]

• Citrix SSO fails to re-establish the VPN connection after network disruption.

  [CGOP-19988]

V1.3.13 (05-Nov-2021)

Fixed issues

• You might experience failures when filtering sessions for managed versus unmanaged VPNs. The initial requests to establish the session are missing the “ManagedVpn” information in the User-Agent header.

  [CGOP-19561]

V1.3.12 (21-Oct-2021)

Fixed issues

• Client certificate authentication fails for Citrix SSO for macOS if there are no client certificates in the macOS Keychain.

  [NSHELP-28551]

• The Citrix SSO app crashes intermittently when receiving notifications.

  [CGOP-19363]

• The VPN extension might crash when the “isFeatureEnabled” parameter is called to check a feature flag.

  [CGOP-19360]

• The gateway VPN extension crashes if the DTLS protocol has an empty payload.

  [CGOP-19361]

• The SSO app crashes intermittently when the device wakes up from the sleep mode and the VPN is connected.

  [CGOP-19362]

V1.3.11 (17-Sep-2021)

Fixed issues

• EPA scan for firewall check fails for macOS devices using Citrix SSO.

  [CGOP-19271]

• Citrix SSO crashes in an iOS 12 device when legacy authentication or Intune Network Access Compliance (NAC) is configured.

  [CGOP-19261]

V1.3.10 (31-Aug-2021)

What’s new

• Citrix SSO for macOS is now bundled with OPSWAT library version 4.3.1977.0.

  [NSHELP-28467]

V1.3.9 (13-Aug-2021)

Fixed issues

• On some systems with HTTP proxy software installed, the Citrix Gateway IP address shows up internally as 127.0.0.1 thus preventing tunnel establishment.

  [CGOP-18538]

• The setting “Block Untrusted Servers” does not work on systems that support non-English localization of Citrix SSO for iOS.

  [CGOP-18539]

• Citrix SSO cannot connect to systems where the DNS name does not match the common name in the server certificate. Citrix SSO now checks for the subject alternative names, and connects correctly.

  [NSHELP-28348]

V1.3.8 (07-Jul-2021)

What’s new

• Citrix SSO for macOS is compatible with versions 10.15 (Catalina) and higher only.

  [CGOP-12555]

• Starting from Citrix SSO for macOS version 1.3.8, the EPA libraries are embedded within the app and are not downloaded from the Citrix Gateway server. The current embedded EPA library version is 1.3.5.1.

  [NSHELP-26838]

V1.3.7 (17-Mar-2021)

Fixed issues

• Citrix SSO for macOS shows expired certificates in the list of device and client certificates.

  [CGOP-17337 - macOS]

• UDP and ICMP traffic does not work if FQDN split tunneling is configured.

  [CGOP-15691 - macOS]

V1.3.6 (04-Feb-2021)

Fixed issues

• The endpoint analysis scan fails in Citrix SSO for macOS if the gateway server is configured on an SSL port other than the default port 443.

  [CGOP-14661 - macOS]

V1.3.5 (08-Jan-2021)

Fixed issues

• TOTP push notification during nFactor authentication stops the nFactor authentication process.

  [NSHELP-24592 - iOS]

• In some cases, Citrix SSO crashes while connecting to Citrix Gateway because of indexing errors in VPN profiles.

  [CGOP-16415]

V1.3.4 (09-Dec-2020)

This release addresses various issues that help to improve overall performance and stability.

V1.3.3 (20-Nov-2020)

Fixed issues

• EPA scan for file check is not supported with Citrix SSO for macOS if it has the special character ~ (tilde) in the file path.

  [CGOP-15721 - macOS]

V1.3.2 (04-Nov-2020)

Fixed issues

• Citrix SSO for macOS does not prompt users to select a new device certificate in case it expires or the Certificate Authority on the ADC has changed.

  [CGOP-15653 - macOS]

V1.3.1 (15-Oct-2020)

What’s new

• The Error, Debug, and Verbose logging levels are now available in Citrix SSO for iOS.

  [CGOP-15234 - iOS]

• The packet header information is displayed in Verbose level logging and the old log files are deleted if their number exceeds 50.

  [CGOP-13987]

Fixed issues

• Users cannot select a new device certificate in Citrix SSO for macOS if the current certificate expires.

  [NSHELP-24481]

V1.3.0 (16-Sep-2020)

What’s new

• New Citrix logo is introduced.

  [CGOP-15327]

V1.2.18 (10-Sep-2020)

What’s new

• Verbose logging level is now added for Citrix SSO for macOS.

  [CGOP-13985]

Fixed issues

• Citrix SSO for macOS prompts for user permission to access the root directory when the device certificate check is added as part of the nFactor scan.

  [CGOP-14722]

• After the macOS wakes up from sleep mode, Citrix SSO takes more than 30 seconds to re-establish the VPN connection.

  [CGOP-14723]

• Citrix SSO for iOS and macOS fails to transfer logon if classic authentication is enabled.

  [NSHELP-24577]

V1.2.17

Fixed issues

• Transfer Logon does not happen with Citrix Gateway version 13.0, build 61.48 if nFactor authentication is enabled.

  [CGOP-14619]

• Citrix SSO for iOS and macOS does not connect to Citrix Gateway if it is hosted on a port other than port 443.

  [NSHELP-24079]

Known issues

• Citrix SSO for iOS and macOS fails to transfer logon if classic authentication is enabled.

  [NSHELP-24491]

V1.2.16

Fixed issues

• Citrix SSO for macOS does not support the idle timeout feature.

  [CGOP-237]

• Citrix SSO for macOS does not display the forced timeout warning message.

  [CGOP-246]

Known issues

• Transfer Logon does not happen with Citrix Gateway version 13.0, build 61.48 if nFactor authentication is enabled.

  [CGOP-14619]

V1.2.15

Fixed issues

• Citrix SSO 1.2.14 does not work as intended on the client if the following two conditions are met:
  • Split tunnel is set to ON.
  • Citrix ADC appliance version is 12.1 or earlier.

  [NSHELP-24038]

• Transfer Logon does not work if the following two conditions are met:
  • nFactor authentication is configured.
  • Citrix ADC theme is set to Default.

[CGOP-14092]

V1.2.14

Fixed issues

• In a rare case, Citrix SSO crashes repeatedly.

  [NSHELP-24009]

V1.2.13

Fixed issues

• Citrix SSO is not supported on iOS versions 11 and earlier. Only iOS versions 12.0 and later are supported.

  [CGOP-14034 - iOS]

• Citrix SSO does not reconnect after a high availability failover if post authentication EPA is configured.

  [NSHELP-23574 - macOS]

• Citrix SSO does not open certain apps after connecting over the tunnel when the compression mode is set to “mixed”.

  [NSHELP-23489]

V1.2.12

This release addresses various issues that help to improve overall performance and stability.

V1.2.11

Fixed issues

• TOTP token load fails and a user sees no TOTP tokens. If a user tries to add a token, the earlier tokens are lost. With this fix, you can create and save the tokens again.

  [NSHELP-23351]

V1.2.10

This release addresses various issues that help to improve overall performance and stability.

V1.2.9

Known issues

• TOTP token load fails and a user sees no TOTP tokens. If a user tries to add a token, the earlier tokens are lost.

  [NSHELP-23351]

V1.2.8

What’s new

• nFactor authentication is now supported for all customers using the Citrix SSO app.

  [CGOP-12728]

Fixed issues

• Citrix SSO app for iOS crashes if per app-VPN tunnel feature is enabled.

  [CGOP-13133 - iOS]

• The Accept Connection dialog box displays content in the English language irrespective of the language selected.

  [CGOP-13050 - macOS]

• The text “Home Page” in the Citrix SSO app > Home page is truncated for some languages.

  [CGOP-13049 - macOS]

• Citrix SSO app does not connect to Citrix Gateway if the device’s language is set to “Simplified Chinese”.

  [CGOP-12919 - macOS]

V1.2.7

Fixed issues

• Sometimes, Citrix SSO might fall back to classic authentication even if nFactor authentication is configured.

  [CGOP-12611]

• Citrix SSO might crash on iOS devices when per-app VPN is configured.

  [CGOP-10702 - iOS]

Known issues

• VPN is sometimes frozen after macOS wakes from sleep.

  [NSHELP-20656 - macOS]

V1.2.6

Known issues

• VPN is sometimes frozen after macOS wakes from sleep.

  [NSHELP-20656 - macOS]

V1.2.5

Known issues

• VPN is sometimes frozen after macOS wakes from sleep.

  [NSHELP-20656 - macOS]

V1.2.4

Known issues

• Sometimes, the VPN session does not respond after the Mac device wakes up from sleep mode.

  [NSHELP-20656 - macOS]

V1.2.3

What’s new

• Citrix SSO URL scheme – Citrix SSO now registers a URL scheme so that other applications can determine if Citrix SSO is installed on an iOS device. The URL scheme is “citrixsso.”

  [CGOP-11979 - iOS]

Fixed issues

• Citrix SSO app crashes when sending heavy UDP traffic.

  [CGOP-11603 - macOS]

• Citrix SSO for the iPad crashes when the app is started from a notification on iOS 13.

  [NSHELP-21087 - iOS]

V1.2.2

Fixed issues

• In some GSLB deployments, Citrix SSO resolves the gateway name multiple times resulting in connection failures.

  [CGOP-12013]

• Citrix SSO for iOS fails to scan OTPSecret greater than 16 bytes.

  [CGOP-11978 - iOS]

• Users with profiles configured for certificate only authentication and a NAC check are prompted to enter the logon credentials and are unable to create the VPN connections.

  [CGOP-11925 - iOS]

• Though the per-app Split Tunnel flag is checked only for TCP traffic, ICMP traffic is tunneled even in cases where the ICMP traffic must be sent directly.

  [CGOP-11614 - iOS]

Known issues

• The Citrix Gateway plug-in for macOS does not support the feature that opens the landing page on the Citrix Workspace app.

  [NSHELP-7047]

V1.2.0

What’s new

• nFactor authentication support. nFactor authentication is now supported on both, iOS, and macOS.

  [CGOP-11251]

• Citrix SSO app support. Citrix SSO app is now supported on iOS 13 and macOS Catalina.

  [CGOP-11714]

Fixed issues

• The client IP address is displayed backwards in the Connections page of the SSO app.

  [CGOP-11596]

• Citrix SSO does not honor the DNS truncated bit in the DNS flag in Citrix ADC release 13.0.

  [CGOP-11777]

• Per-app split tunnel is not compatible with Citrix ADC release 13.0.

  [CGOP-11464]

• Citrix SSO ignores some of the timeout messages from Citrix Gateway.

  [CGOP-11310]

• When users log in to the app for the first time, the last line of the app description does not appear on the user screen.

  [CGOP-11595 - macOS]

• The Citrix SSO app logon window size keeps increasing when you repeatedly click the Logon button.

  [CGOP-11594 - macOS]

• When the maximum number of licensed users limit is exceeded, an error message is displayed at the system level and not within the app window.

  [CGOP-11600 - macOS]

V1.1.12

What’s new

• Telemetry data collection for macOS. Citrix SSO collects custom analytics events related to VPN usage in the app.

  [CGOP-9789 - macOS]

• Per-app split tunnel support. Administrators can configure the per-app split tunnel. Per-app traffic that matches the intranet routes for Citrix Gateway is tunneled to the Citrix Gateway appliance.

  [CGOP-657]

• FQDN Split Tunnel tunnels traffic based on the FQDN of the system. FQDN Split Tunnel tunnels traffic based on the FQDN of the system rather than the IP resolved by the DNS servers.

  [CGOP-316]

Fixed issues

• User interface elements such as buttons, text fields, labels and so forth are misaligned across iPad screens.

  [CGOP-10141 - iOS]

• Users are not notified for a remote login if they do not have a VPN profile added.

  [CGOP-9731 - iOS]

V1.1.10

Fixed issues

• Citrix SSO app does not display the proper error message upon reaching the maximum number of users.

  [CGOP-231]

• EULA check box is not cleared by default.

  [CGOP-245]

• Add functionality is not supported for antiphishing “enabled” scan in EndPoint Analysis.

  [CGOP-249]

• Automatic selection of the client or device certificate for authentication does not happen even if only one client/device is present in the keychain.

  [CGOP-251]

• Unable to add a ‘connection record’ after editing one in the Citrix SSO app.

  [CGOP-7256]