Changelog¶

Windows

Fixed A bug with clearing credential cache introduced in the last release that led to users being signed out of authenticated sessions earlier than expected in some circumstances. This resolves the issue where Windows users authenticating with Entra ID were experiencing more frequent sign-outs than expected after the Azure authentication token refresh functionality was added.

This release is focused on enhancing the reliability of Enclave in Gateway mode. We've improved performance of Enclave Gateway under a broad spectrum of different load conditions, adding improvements to connection stability for all platforms, and resolved several underlying issues that have adversely impacted user experience in many different ways since the last release.

All platforms

Improved The clarity and usefulness of logging messages and user-facing notifications throughout the Enclave Fabric, making it easier to troubleshoot issues and understand system status.

Improved We've optimised Gateway performance for high-traffic scenarios for better throughput and faster response times.

Fixed A bug in tunnel prioritisation logic that was causing connection flapping during the initial tunnel-up phase between peers. Users will experience more reliable and consistent connection establishment as a result.

Fixed An issue where fragmented packets were incorrectly dropped by the Enclave's frame tracking mechanism. This fix is particularly important for applications that use SIP/VoIP protocols like Teams where some users had reported experiencing unexpected or sporadic connection drops.

Fixed Multiple stability issues relating to when Enclave operates in Gateway mode that caused CPU contention. These fixes significantly improve performance of Gateway under load conditions and reduce the CPU footprint of Enclave in Gateway mode too.

Fixed A head-of-line blocking issue with DNS query forwarding, which caused temporary resolution failures for users connected to Enclave in Gateway mode, and either perceived or actual connection loss.

Windows

Added The ability for Windows users to manually refresh their Azure authentication tokens to immediately recognise new group memberships, removing the need to wait for automatic token expiration for faster access to newly assigned resources and permissions.

Linux

Fixed An issue where network interface speeds were not being reported correctly on Linux systems, improving diagnostics.

This release is primarily focused on bug fixes to resolve issues reported by customers, including improvements to profile stability, start-up reliability, and platform-specific corrections.

All platforms

Improved Minor application bug fixes and enhancements to improve overall stability and user experience.

Fixed Reduced IO interactions with key material on disk to address reports of profile file corruption, improving the reliability of credential storage.

Fixed Improved start-up operation event sequencing to resolve scenarios where Enclave could be slow-to-start and other timing-related issues during initialisation.

Changed Updated the local trust store certificates to ensure secure connections with the latest certificate authorities.

Windows

Fixed Resolved miss-classification of network interfaces during start-up caused by timing issues, ensuring proper network detection and configuration.

iOS

Fixed Corrected an error in the formatting of the xcprivacy file required by Apple to ensure compliance with App Store requirements.

This release is primarily focused on bug fixes to resolve issues reported by customers, including improvements to architecture support, DNS handling, memory usage, and platform-specific stability enhancements.

All platforms

Added Authentication flow initiation via start command (use '--auth' to opt-in), providing more flexible authentication options.

Improved Support for architectures which don't support AESGCM or AVX instructions, expanding compatibility across different hardware configurations.

Improved Reduced Enclave memory usage across several platforms, optimising resource consumption for better performance.

Fixed Corrected DNS handling to require additional validation, improving security and reliability of domain name resolution.

Fixed Handling of network adapters with a null interface index, improving network interface detection and management.

Fixed Various fabric and miscellaneous application bugs with minor agent enhancements to improve overall stability.

Security All native binaries used by Enclave are now signed, enhancing security and trust verification.

Linux

Improved Reduced inotify usage on Linux, optimising file system monitoring and reducing resource overhead.

iOS

Fixed iOS stability fixes to resolve platform-specific crashes and improve application reliability.

This release is primarily a bug fix release to resolve specific issues reported by customers in the previous release, focusing on hardware compatibility and user interface improvements.

All platforms

Fixed Ensured the latest version of Enclave works on embedded Intel X64 processors without AVX support, such as those found in Synology NAS drives or mini-PCs.

Windows

Fixed Ensured the tray app status icon updates correctly when using the enclave switch-to command, improving visual feedback for profile switching.

This release introduces significant new features including gateway priority controls, subnet naming, automatic DNS registration by tag, and major performance improvements for gateway throughput. We've also enhanced the end-user experience with improved authentication notifications and updated the portal policy interface.

All platforms

Added Gateway Priority feature providing fine-grained control over gateway selection when multiple gateways are available, enabling active/passive failover, preferred routes, and geographic selection.

Added Subnet Names functionality allowing administrators to specify names against subnets when setting up gateways, making subnet selection easier in policy configuration.

Added Automatic DNS Registration by Tag feature enabling systems to be auto-registered into Enclave DNS using their hostname when they match specified tags on DNS zones.

Improved Significant performance enhancements for Enclave throughput, especially where Enclave Gateway is involved, delivering substantially better gateway performance across all configurations.

Improved Portal Policy UI with enhanced table view design that brings tags, gateways, ACLs and subnets to the forefront for easier policy understanding and management.

Improved Stability of enclave gateways tunnelling over UDP, providing more reliable gateway connections.

Windows

Improved End-user authentication experience with tray icon warning indicators when users aren't logged in and persistent Windows alerts with direct login buttons to streamline the authentication process.

Added Error state indicators in the tray when Enclave is stopped or has failed to start, providing clearer status visibility to users.

macOS + Linux

Improved Enhanced enclave auth command experience with browser flow launched directly without requiring device codes, reducing login time and complexity.

Linux

Improved Compatibility with systemd-resolved on Ubuntu 20.04 Desktop to ensure DNS functionality works as expected.

Improved Auto-configuration of iptables on systems running Docker alongside Enclave, ensuring both services can route traffic effectively side-by-side.

This is primarily a bug fix release to resolve some issues reported by customers, including improvements to profile file reliability, Windows tray handling, and enhanced DNS resolution support.

All platforms

Improved The reliability of profile file updates to prevent the profile file corruption seen a few times by customers.

Added Support for reverse-DNS resolution with PTR records, both with Enclave IP addresses and through a gateway. This improves a perceived slow-down in SQL Server Management Studio when Enclave provides the connectivity.

Windows

Improved Error handling during Windows tray shutdown to prevent message boxes popping up and blocking shutdown.

Fixed An issue that was causing the Windows tray to occasionally lock up when rapidly clicking the tray icon.

Android

Fixed An issue where the tray notification was not correctly launching the app.

This release adds several new features including support for additional identity providers, enhanced gateway DNS options, and improved security protections alongside important bug fixes.

All platforms

Added Support for Duo, Okta, JumpCloud and custom OIDC identity providers.

Added More gateway options to help control how DNS is handled.

Fixed An issue reconnecting to the Enclave platform after a lost connection.

Windows

Improved Key material protection on Windows.

Fixed A problem with the DNS server on Windows closing the listening socket.

Mobile

Fixed Various mobile app bug fixes.

This release adds a selection of new features including always-on support for Android, wildcard DNS capabilities, enhanced gateway options, and Linux NF Tables support alongside important connectivity and debugging improvements.

All platforms

Added Support for wildcard DNS names.

Added Gateway DNS options to assist with upstream filtering.

Improved The enclave self-test command for better debugging.

Windows

Fixed An issue with always-on gateway connectivity on Windows when coming out of sleep.

Linux

Added Support for NF Tables on Linux based systems.

Android

Added Always-on support on Android.

Mobile

Fixed Various mobile app bug fixes.

Windows

Fixed An issue reported in 2023.6.2 affecting some Windows devices upon first enrol, where the tray application would fail to launch.

This release introduces several new features to enhance profile management capabilities and user authentication options, along with improvements to command-line tools and status reporting.

All platforms

Added The ability to switch profiles with the switch-to command.

Added The ability to rename profiles with the rename-profile command.

Added The ability to list all current profiles with the list-profiles command.

Improved The status command output now shows Policy details.

Windows

Improved Enclave Tray will now show the current running profile rather than just "Universe".

Android, iOS

Added User authentication support for mobile platforms.

This release is primarily focused on bug fixes and stability improvements across all platforms, with particular attention to DNS reliability, network configuration, and platform-specific connectivity issues.

All platforms

Improved Enclave support for certain captive portal networks.

Improved Logging of external processes launched by Enclave.

Improved DNS reliability on various platforms.

Fixed Resolved issue with fixed local ports not being respected.

Fixed Ensure that Enclave continues responding to DNS requests when peers disconnect.

Fixed Ensure log levels can be reset without admin rights.

Linux

Changed Switch from bash to sh for automation of Linux configuration for better POSIX compatibility.

Windows

Fixed Make sure Enclave adapter can be correctly configured on Windows 7.

Android

Fixed Ensure Android platforms can reliably recover from a network change.

This release introduces improved troubleshooting capabilities and configuration management, along with performance enhancements for Windows systems and better DNS handling for enterprise scenarios.

All platforms

Added CLI commands for listing (enclave list-config) and setting (enclave set-config) current profile settings, including Log Level and MTU size configuration.

Improved The enclave self-test command in the CLI to provide a far more useful and better troubleshooting experience.

Improved DNS handling on systems connecting to a Gateway to support on-premises Active Directory scenarios.

Windows

Changed Moved the Windows adapter to wintun for better performance and compatibility with older Windows Server versions.

All platforms

Fixed System DNS resolution being slower when running with an Enclave Gateway, and DNS names behind the gateway not being resolved.

Fixed Environments where internet connectivity is available, but the STUN destination ports 19302 or 3478 are blocked, causing Enclave to fail to start properly and create unintended extra local network activity.

This release introduces official Android and iOS mobile applications alongside important platform-specific fixes for Windows and Linux distributions, plus expanded Docker container support for ARM architectures.

All platforms

Added Multi-architecture support to Docker containers hosted on Docker Hub, making it easier to run Enclave in Docker on arm64 and arm32 devices.

Windows

Fixed Enclave can now handle IPv6 being disabled globally on Windows.

Linux

Fixed On Linux distributions (primarily OpenSUSE) that use Netconfig for DNS management, we now correctly auto-configure our DNS nameservers.

Fixed Enclave Gateway now functions correctly on Linux RHEL-based distributions that use strict IP filtering.

Android, iOS

Added Official Enclave mobile applications now available on the App Store and Google Play.

All platforms

Fixed Agent disconnects and reconnects from our cloud services can lead to OS and version information missing from the Enclave Portal.

Fixed When deploying Enclave on a system already running another virtual network (e.g. OpenVPN), Enclave cannot use that existing virtual network to establish tunnels.

Windows

Fixed Enclave's interactive installer fails to run correctly on Windows Server 2016.

This release introduces Enclave Gateway, a major new feature that allows Linux systems to act as gateways for subnets and enables Zero Trust access to devices that cannot run Enclave directly. This release also adds native Windows ARM64 support for modern Microsoft devices.

All platforms

Added Enclave Gateway functionality, allowing Linux systems running the Enclave Agent to act as gateways for one or more subnets, providing access to IoT devices, printers, VoIP phones, and other systems that cannot run Enclave directly.

Added Gateway Access Policy type that allows tagged systems to connect to devices in available subnets whilst maintaining Zero Trust requirements and ACLs.

Windows

Added Native Windows ARM64 support for modern Microsoft devices such as Surface Pro devices.

Linux

Added Gateway mode functionality allowing Linux systems to provide subnet access through Enclave.

This release introduces support for Public IP Address trust requirements, allowing you to restrict where systems can be based on their IP Address and/or their country. We've also added beta support for exporting IPFIX network metadata from the Enclave fabric for enhanced traffic visibility, and improved Windows authentication by switching to the Windows Account Manager for better compatibility with FIDO2 keys and Windows Hello.

All platforms

Added Support for Public IP Address trust requirements, allowing you to restrict where systems can be based on their IP Address and/or their country.

Added Beta support for exporting IPFIX network metadata from the Enclave fabric to provide enhanced visibility into traffic moving over the overlay.

Windows

Improved Authentication handling by switching to the Windows Account Manager, improving compatibility with FIDO2 keys, Windows Hello, and resolving various login handling issues.

This release focuses on improving container support, authentication handling, and Windows deployment capabilities. We've significantly enhanced support for unattended installation of Enclave on Windows, enabling completely silent deployments optimised for Group Policy or Configuration Manager deployments with automated enrolment.

All platforms

Added Support for graceful shutdown of Enclave docker containers.

Improved Handling of AzureAD authentication errors for better user experience.

Improved The self-test CLI command with additional checks for enhanced diagnostics.

Windows

Improved Support for unattended installation, enabling completely silent deployments optimised for Group Policy or Configuration Manager deployments, including automated enrolment.

This is a major release introducing Trust Requirements, a foundational component that enables real-time evaluation of user/device posture and dynamic network connectivity based on environmental factors. We've also added automatic DNS configuration for Linux systems and enhanced tag management capabilities. These features represent months of coordinated effort across design, back-end engineering, and front-end teams to accelerate Zero Trust network management.

All platforms

Added Trust Requirements, a foundational component that performs real-time evaluation of user/device posture and dynamically controls network connectivity based on environmental factors and system properties.

Added User Authentication trust requirement with support for Enclave Portal authentication and Azure AD tenant integration, including Conditional Access Policies and Security Group membership requirements.

Added Tag Management page to the Enclave Portal, allowing users to view, search, rename, colour-code, and add notes to tags, as well as view associated systems, policies, and DNS records.

Added Support for applying trust requirements to tags, automatically enforcing requirements across all systems and policies using that tag.

Windows

Added Integration with Windows Hello, FIDO key authentication, and other Azure AD-supported login mechanisms for User Authentication trust requirements.

Linux

Added Automatic DNS configuration that detects existing resolver configuration and automatically configures the system to use Enclave as a nameserver, supporting various resolver types including systemd-resolved and Network Manager.

Added Option to disable automatic DNS configuration by setting DisableAutoDns to true under LocalNameserver in the Enclave profile file.

This Linux-focused release addresses compatibility issues with older distributions running glibc versions prior to 2.25, specifically resolving problems on CentOS 7 and Debian 9, as well as fixing issues related to systems with large numbers of network adaptors.

Linux

Fixed Issues running Enclave on CentOS 7 and Debian 9 caused by these distributions running versions of glibc older than 2.25.

Fixed Problems related to instances of large numbers of network adaptors on client systems.

All platforms

Fixed A bug that could lead to erroneous rapid growth in Enclave log files when the system is disconnected and re-connected to the internet repeatedly.

This release introduces support for RPM-based package managers on Linux distributions, enhances the Windows tray application security model, and adds new CLI commands for diagnostics and log management. We've also addressed memory leaks and improved device recovery capabilities.

All platforms

Added New enclave loglevel CLI command that allows temporary adjustment of the running Enclave instance's log verbosity without restarting the process, including options to list available levels and reset to default.

Added New enclave self-test CLI command that performs tests of Enclave and local OS configuration, currently checking DNS configuration and nameserver setup.

Windows

Changed Enclave Tray application no longer runs elevated and can be run by any user account without triggering a UAC prompt, with elevation only occurring when required for specific features like enrolment.

Fixed A memory leak in the tray application related to WMI that could cause steep memory usage increases under certain circumstances.

Improved The Enclave Agent's ability to recover from temporary OS device problems that were causing communication failures after bringing devices out of sleep.

Linux

Added Support for all RPM-based package managers including yum, dnf, and zypper, enabling installation on Fedora, RHEL, OpenSUSE, and any distribution that supports RPM packages.

This release primarily focuses on bug fixes and optimisations for poor network environments with packet loss and high latency, improving overall stability and performance under challenging network conditions.

All platforms

Improved Optimisation for poor network environments with packet loss and high latency to enhance performance and reliability.

Added ACL display functionality to the enclave status command line output, showing current access control rules.

Fixed Various bug fixes to improve overall stability and user experience.

This is a major release introducing protocol/port level Access Control Rules for policies, Ephemeral Systems that automatically recover used seats when containers stop running, and significant CLI improvements. The release also includes in-memory profiles for temporary systems, enhanced API documentation, and improved Windows Tray functionality.

All platforms

Added Access Control Rules for policies, allowing specification of protocols and ports to control traffic flow with receiver-side enforcement and default deny behaviour.

Added Ephemeral Enrolment Keys that automatically remove systems from your organisation when containers or pods stop running, with configurable grace periods for unexpected disconnections.

Added In-memory profiles for systems using ephemeral enrolment keys, storing profile data including private key material and certificates solely in memory rather than persisting to disk.

Added Notes fields (up to 1024 characters) for Enrolment Keys, Systems, Unapproved Systems, and Policies, accessible via both portal and API.

Added New enclave get-ip CLI command to retrieve the local system's Enclave IP or resolve remote peer IPs by DNS name or system ID.

Added New enclave restart CLI command that combines stop and start operations with retry logic for improved reliability on remote systems.

Improved The enclave status command now displays the current log file location and supports --json argument for JSON output format.

Improved API documentation with enhanced visual styling, consistency improvements, and the ability to authenticate using existing Enclave Portal accounts for testing APIs.

Windows

Improved Enclave Tray application now displays warnings when systems require manual approval or have been removed from the account, with direct links to the portal for resolution.

All platforms

Fixed Issues where Enclave occasionally failed to fully restore connectivity when bringing a laptop out of sleep.

Fixed Problems with long-lived RDP sessions that were affecting connection stability.

All platforms

Improved Connection stability in various customer-reported network environments to enhance overall reliability.

This release marks the general availability of Enclave for macOS, expanding platform support to include Mac users alongside existing Windows and Linux support.

macOS

Added General availability of Enclave for macOS, now available for installation via Homebrew using brew install enclave.