Release Notes

Important:

Citrix SSO for iOS is now renamed to Citrix Secure Access. We are updating the UI screenshots in our documentation to reflect this name change. Also, you might notice Citrix SSO references used in the iOS documentation during this transition period.

The release notes describe the new features, enhancements to existing features, fixed issues, and known issues available in a service release. The release notes include one or more of the following sections:

What’s new: The new features and enhancements available in the current release.

Fixed issues: The issues that are fixed in the current release.

Known issues: The issues that exist in the current release and their workarounds, wherever applicable.

Important notes about EPA clients:

  • EPA clients are supported on macOS 10.13, 10.14, 10.15, 11.x, 12.x and 13.x versions.
  • EPA clients are supported on the NetScaler versions 12.1, 13.0, 13.1, and 14.1.

V23.11.2 (01 Nov 2023)

What’s new

EPA libraries are updated to 23.11.1.1 (OPSWAT OESIS library V 4.3.3279.0).

[CSACLIENTS-8515]

V23.11.1 (27 Oct 2023)

What’s new

  • Citrix SSO for iOS is now renamed to Citrix Secure Access. We are updating the UI screenshots in our documentation to reflect this name change.

  • EPA libraries are updated to 23.10.1.1 (OPSWAT OESIS library V 4.3.3246.0).

  • This release addresses the following:

    • Connection issues with the Citrix Secure Private Access environment.
    • Other issues to improve the overall performance and stability.

V23.10.2 (17 Oct 2023)

This release addresses the IPv6 login issues.

V23.10.1 (09 Oct 2023)

What’s new

  • EPA libraries are updated to 23.9.1.2 (OPSWAT OESIS library V4.3.3221.0).

  • Support for Local LAN access

    Citrix Secure Access for macOS / Citrix SSO for iOS now support the Local LAN access functionality of NetScaler Gateway. You can configure local LAN access so that once a VPN connection is established, end users are either allowed to or blocked from accessing local LAN resources on their client devices. For more information, see the following:

V23.09.1 (07 Sep 2023)

Important:

If you are using the latest Apple OS versions such as macOS 14/iOS 17 and later, then we recommend that you upgrade to Citrix Secure Access client/Citrix SSO version 23.09.1 or later. For more information about the NetScaler Gateway client software requirements, see Citrix Secure Access client system requirements.

What’s new

  • EPA libraries are updated to 1.3.9.9 (OPSWAT OESIS v4.3.3160).

    [CSACLIENTS-6547]

  • Secured connection insights on the UI

    On the “Connections” screen of the Citrix Secure Access client UI, you can view the secured connection details. The details include the IP address, FQDN, destination port, and the duration of the connection. For more information, see Secured connection insights.

    [SPA-2364]

  • Reauthenticate with NetScaler Gateway after a VPN connection failure

    Citrix Secure Access client for macOS and Citrix SSO for iOS now prompt you to reauthenticate with NetScaler Gateway when a VPN connection is lost. You are notified on the UI indicating that the connection to NetScaler Gateway is lost and that you must reauthenticate to resume the connection. For more information, see:

    [CSACLIENTS-6071]

V23.08.1 (24 Aug 2023)

What’s new

  • This release addresses issues that help to improve overall performance and stability.

  • EPA libraries are updated to 1.3.9.9 (OPSWAT OESIS v4.3.3122).

23.7.6 EPA client for macOS (10 Aug 2023)

This release addresses issues that help to improve overall performance and stability.

V23.07.1 (17 Jul 2023)

What’s new

  • Various options to share log files

    The “Email Logs” option in Citrix SSO for iOS is now replaced with the “Share Logs” option. The compressed log files can now be shared through options such as email, chat, save to files, and so on.

    For more information, see Send logs.

    [CSACLIENTS-3834]

  • Enhancements to Logs page

    The Logs page of Citrix Secure Access for macOS is enhanced with the following options:

    • Maximum number of log files: Specify the maximum number of log files that you want to add for log collection.
    • Email logs: Send the logs over email.

    For more information, see Send logs.

    [SPA-2365]

Fixed issues

When connecting to VPN, if you are prompted to select a certificate for authentication, then the authentication login screen appears behind the Citrix Secure Access client’s home page.

[CSACLIENTS-455]

V23.06.1 (07 Jun 2023)

What’s new

  • Help menu on the navigation bar

    A Help menu is now added to the navigation bar of the Citrix Secure Access client. The options (Open Logs, Export Logs, Email Logs, and Clear Logs) in the Help menu can be used for debugging logs.

    An Email Logs option is introduced under the Help menu. It can be used to share the logs over email. For more information, see Send logs.

    [SPA-2361]

Fixed issues

In some cases, the DNS short name resolution fails on Citrix Secure Access for macOS and Citrix SSO for iOS.

[NSHELP-34568]

Known issues

In some cases, the excluded routes in reverse split-tunneling are tunneled.

[CGOP-24575]

V23.05.2 (11 May 2023)

Fixed issues

After an upgrade, the Citrix SSO for iOS client devices cannot establish per-app VPN connections.

[NSHELP-35224]

V23.05.1 (04 May 2023)

What’s new

  • EPA libraries are updated to 1.3.9.3 and OPSWAT libraries are updated to 4.3.2987.

  • Support for sending events to Citrix Analytics

    Citrix Secure Access for macOS now supports sending events such as session creation, session termination, and app connection to Citrix Analytics service. These events are then logged in the Secure Private Access service dashboard.

    [SPA-2197]

Fixed issues

  • When the users are connected to Citrix Secure Access or Citrix SSO, the “Connection Duration” field fails to display the time in the region-specific format.

    [CGOP-23587]

V23.04.1 (04 Apr 2023)

What’s new

  • EPA libraries are updated to 1.3.9.1 and OPSWAT libraries are updated to 4.3.2923.

V22.12.2 (27-Feb-2023)

What’s new

  • EPA libraries are updated to 1.3.8.9 (OPSWAT OESIS v4.3.2892.0).

V22.12.1 (07-Dec-2022)

This release addresses issues that help to improve overall performance and stability.

V22.11.1 (29-Nov-2022)

Fixed issues

  • Transfer logon does not work for non-nFactor authentication with on-premises gateways.

    [CGOP-22729]

22.11.3 EPA plug-in for macOS (28-Nov-2022)

Fixed issues

  • Citrix EPA plug-in for macOS crashes when GSLB is enabled on NetScaler.

    [CGOP-22722]

V22.10.1 (17-Nov-2022)

What’s new

  • The Citrix Endpoint Analysis plug-in now supports new MAC address validation expression where pattern sets can be created for the list of allowed IP addresses.

    [CGOP-22095]

Fixed issues

  • Sometimes, empty proxy settings in NetScaler Gateway release 13.0 or 13.1 causes Citrix SSO to create improper proxy settings.

    [NSHELP-31970]

  • Sometimes, VPN clients fail to reconnect after a network outage or after the device wakes up from sleep mode.

    [NSHELP-32483]

  • Sometimes, gateway connections fail when using IPv6 literals as the destination.

    [NSHELP-32876]

22.10.1 EPA plug-in for macOS (27-Oct-2022)

What’s new

  • The Citrix Endpoint Analysis plug-in now a supports new MAC address validation expression where pattern sets can be created for the list of allowed IP addresses.

    [CGOP-22098]

  • The Citrix Endpoint Analysis plug-in sends duplicate consent alerts while handling private network access preflight requests from Google Chrome.

    [CGOP-21751]

V22.06.1 (20-Sep-2022)

What’s new

  • EPA libraries are updated to 4.3.2523.0 (1.3.7.5)

Fixed issues

  • nFactor authentication with EPA scan does not work on the macOS clients.

    [NSHELP-32182 - macOS]

  • On the Secure Access Agent home page for macOS, extra padding with white or black color appears on the left and top of the hamburger menu depending on the selected theme (light or dark).

    [CGOP-19353 - macOS]

  • When logging into the VPN, the WebView window minimizes on the first try if the device certificate is configured.

    [CGOP-19354 - macOS]

  • Endpoint analysis does not work for the Citrix Secure Access app on the macOS client when GSLB is enabled on the NetScaler appliance.

    [CGOP-21634 - macOS]

  • If there is a space in the configured application name and you try to access the app, the Enhanced Security Enabled popup does not show up on the macOS clients.

    [ACS-2632 - macOS]

  • nFactor authentication with an optional client certificate fails when there are no appropriate client certificates on the device.

    [NSHELP-32127 - iOS]

  • On a Mac device using Chrome, the VPN extension crashes while accessing two FQDNs.

    [NSHELP-32144]

  • Citrix Secure Access crashes when an incorrect location value is received from the gateway. This can happen if the administrator defines a responder policy to redirect to another host.

    [NSHELP-32312]

  • Direct connections to the resources outside of the tunnel established by Citrix Secure Access might fail if there is a significant delay or congestion.

    [NSHELP-31598]

V3.2.4.9 - EPA plug-in for macOS (01-Aug-2022)

Fixed issues

  • Citrix Endpoint Analysis plug-in does not handle private network access preflight requests from the Google Chrome browser version 104.

    [CGOP-20709]

  • Citrix Endpoint Analysis plug-in for macOS does not support GSLB.

    [CGOP-21543]

Known issues

  • Citrix Endpoint Analysis plug-in for macOS displays a duplicate consent dialog box when started from the Google Chrome browser version 104. The users have to accept both the prompts.

    [CGOP-21751]

V22.03.1 (14-Jun-2022)

What’s new

  • EPA libraries are updated to 4.3.2393.0.

Fixed issues

  • An extra DNS domain is added to the search list. This is because, when the split tunnel is set to “Split” or “Both” only the specified domains and their subdomains are NOT tunneled. If the specified domain is A.B.C, then B.C is also matched in addition to A.B.C and *.A.B.C.

    [CGOP-21657]

  • HTTP/HTTPS proxy settings that do not use a PAC file are broken.

    [CGOP-21660]

V22.02.3 (24-Mar-2022)

What’s new

  • Citrix Secure Access for macOS resolves the FQDN of a service node on every TCP data connection from the client for the cloud workspace connections. Resolving the FQDN of a service node on every TCP data connection is not applicable for the on-premises gateway connections.

    [ACS-1068]

Fixed issues

  • Sometimes, the Citrix Secure Access for macOS drops connections because of issues with some non-DNS protocols using port 53, such as STUN.

    [NSHELP-31004]

  • The Citrix Secure Access app breaks some protocols when the server sends data before the client, immediately after the connection is established.

    [NSHELP-29374]

  • If the user closes the authentication window of the Citrix Secure Access client for macOS without completing the authentication, then subsequent attempts to connect to the server fail until the app is restarted.

    [ACS-2415]

  • The Citrix Secure Access client for macOS is now bundled with OPSWAT library version 4.3.2367.0

    [NSHELP-30802]

  • Citrix Secure Access for macOS takes a longer time than expected to run the post-authentication EPA check.

    [NSHELP-29118]

Known issues

  • Citrix Secure Access app for macOS logs out one minute after the already connected Citrix Secure Private Access service region becomes unreachable. However, this does not affect the on-premises gateway connections.

    [ACS-2715]

V22.02.2 (15-Feb-2022)

Fixed issues

  • Multiple pop-ups are displayed when a user tries to access an unsubscribed Web app from Citrix Secure Access for macOS.

    [ACS-2406]

V22.01.1 (08-Feb-2022)

Fixed issues

  • Per-App VPN connections with Citrix SSO for iOS devices fail to connect to NetScaler Gateway on ports other than 443.

    [NSHELP-30653]

V1.4.1 (28-Jan-2022)

what’s new

  • The Citrix SSO app for macOS is now rebranded as Citrix Secure Access.

    [ACS-1092]

Fixed issues

  • Client certificate authentication fails if the authentication server requests for the client certificate multiple times in the same web view session.

    [CGOP-20388]

  • Citrix SSO fails to establish a VPN connection if the server certificate has only an IP address for common name because of a proxy in between the client and the ADC.

    [CGOP-20390]

  • EPA scan for checking the antivirus last full system scan fails on macOS.

    [NSHELP-29571]

  • Sometimes, the Citrix SSO app crashes while handling large DNS packets.

    [NSHELP-29133]

V1.4.0 (17-Nov-2021)

Fixed issues

  • Sometimes, the server validation code fails when the server certificate is trusted. As a result, end users cannot access the gateway.

    [NSHELP-28942]

  • Citrix SSO fails to re-establish the VPN connection after network disruption.

    [CGOP-19988]

V1.3.13 (05-Nov-2021)

Fixed issues

  • You might experience failures when filtering sessions for managed versus unmanaged VPNs. The initial requests to establish the session are missing the “ManagedVpn” information in the User-Agent header.

    [CGOP-19561]

V1.3.12 (21-Oct-2021)

Fixed issues

  • Client certificate authentication fails for Citrix SSO for macOS if there are no client certificates in the macOS Keychain.

    [NSHELP-28551]

  • The Citrix SSO app crashes intermittently when receiving notifications.

    [CGOP-19363]

  • The VPN extension might crash when the “isFeatureEnabled” parameter is called to check a feature flag.

    [CGOP-19360]

  • The gateway VPN extension crashes if the DTLS protocol has an empty payload.

    [CGOP-19361]

  • The SSO app crashes intermittently when the device wakes up from the sleep mode and the VPN is connected.

    [CGOP-19362]

V1.3.11 (17-Sep-2021)

Fixed issues

  • EPA scan for firewall check fails for macOS devices using Citrix SSO.

    [CGOP-19271]

  • Citrix SSO crashes in an iOS 12 device when legacy authentication or Intune Network Access Compliance (NAC) is configured.

    [CGOP-19261]

V1.3.10 (31-Aug-2021)

What’s new

  • Citrix SSO for macOS is now bundled with OPSWAT library version 4.3.1977.0.

    [NSHELP-28467]

V1.3.9 (13-Aug-2021)

Fixed issues

  • On some systems with HTTP proxy software installed, the NetScaler Gateway IP address shows up internally as 127.0.0.1 thus preventing tunnel establishment.

    [CGOP-18538]

  • The setting “Block Untrusted Servers” does not work on systems that support non-English localization of Citrix SSO for iOS.

    [CGOP-18539]

  • Citrix SSO cannot connect to systems where the DNS name does not match the common name in the server certificate. Citrix SSO now checks for the subject alternative names, and connects correctly.

    [NSHELP-28348]

V1.3.8 (07-Jul-2021)

What’s new

  • Citrix SSO for macOS is compatible with versions 10.15 (Catalina) and higher only.

    [CGOP-12555]

  • Starting from Citrix SSO for macOS version 1.3.8, the EPA libraries are embedded within the app and are not downloaded from the NetScaler Gateway server. The current embedded EPA library version is 1.3.5.1.

    [NSHELP-26838]