Devolutions ForumDevolutions Forum

Version 2026.1.12.0 (April 1, 2026)

Version 2026.1.12.0 (April 1, 2026)

avatar
devolutions-automation

If you are using a client (RDM, PowerShell, etc.), version 2026.1 is required for this DVLS version

IMPROVEMENTS

  • Core - Added dashboard layout reset capability allowing administrators to reset a user's corrupted or misconfigured dashboard layout back to defaults


FIXES

  • SECURITY CVE-2026-4828 Core - Fixed a security issue where MFA check could be bypassed when Emergency Code authentication was disabled
  • SECURITY CVE-2026-4829 Core - Fixed an issue where OAuth session reuse could allow user impersonation, including administrators
  • SECURITY CVE-2026-4924 Core - Fixed a security issue where MFA could be bypassed using an alternate authentication cookie
  • SECURITY CVE-2026-4925 Core - Fixed an issue allowing users to remove their own MFA despite enforced restrictions
  • SECURITY CVE-2026-4927 Core - Fixed an issue where users with management permissions could access other users' MFA secrets
  • SECURITY CVE-2026-4989 Core - Fixed an issue where the gateway health check could be exploited for server-side request forgery (SSRF)
  • Core - Fixed a regression where Microsoft User synchronization failed with an error reading 'UserCleanupDelta'
  • Core - Fixed an issue where approving temporary access requests did not work when only groups were set as approvers
  • Core - Fixed an issue where the contractor welcome email redirect did not work if the user was already logged in
  • Core - Fixed KeePass XML import incorrectly creating Legacy Website entries instead of the correct entry type
  • Core - Fixed Public API path query parameter filtering to work correctly with encoded URLs and nested paths
  • Core - Fixed the scheduler service crashing when custom log retention policy configuration contained invalid data
  • Gateway - Fixed a server-side request forgery vulnerability in the gateway health check route
  • Gateway - Fixed an issue where new vaults could not be selected when changing the member filter in a gateway farm
  • Gateway - Fixed session recording not working when the session does not connect through a gateway
  • Gateway - Fixed the gateway going offline when a connection to a session fails due to a Virtual Gateway rule or other reason
  • Web - Fixed a regression where the "All vault" button in the search stopped working
  • Web - Fixed an issue where Domain/AD users could not be added by browsing and selecting them
  • Web - Fixed normal users receiving an "Unable to save" error in the customize dashboard layout when a default dashboard exists
  • Web - Fixed the credit card edit component missing a reveal sensitive data button
  • Web - Fixed the entry security analyzer where the "Pwned" password filter was not working
  • Web - Fixed the TOTP window display being broken


** CONSOLE RELEASE NOTES **

FIXES

  • Core - Fixed a regression where SQL-to-DVLS migration silently failed to decrypt User Vault (private) entries, causing users to see empty vaults after migration

All Comments (0)