Blue Cedar On-Premises Platform 4.1.x Release Notes
What's new
What's new in On-Premises Platform 4.1.30
Mobile Client update
The Blue Cedar On-Premises Platform 4.1.30 (Policy Console) integrates apps with Blue Cedar 4.12.0 Mobile Client technology and Blue Cedar Enforce security policies.
What's new in Mobile Client 4.12.0
Bug fix release in the areas of OAuth, Ping Auth, and VPN connectivity.
What's new in On-Premises Platform 4.1.29
Mobile Client update
The Blue Cedar On-Premises Platform 4.1.29 (Policy Console) integrates apps with Blue Cedar 4.11.0 Mobile Client technology and Blue Cedar Enforce security policies.
What's new in Mobile Client 4.11.0
iOS 15 support
Blue Cedar includes support for the Apple iOS 15 release. Apps that were previously integrated with Blue Cedar and that worked on iOS 14 are expected to work without issues when reintegrated with Blue Cedar. Apps that target new APIs and features for iOS 15 may have issues. Additionally, this release supports the BlackBerry version 9.1 SDK and Microsoft Intune SDK version 7.2.2 for Android and version 14.1.3 for iOS.
iOS limitations
Limitations with this Blue Cedar release for iOS 15 apps include:
- Focus and system filter notifications and apps based on your activity
- HLS HTTP Live Streaming adaptive bitrate communications protocol for HTTP live streaming
- Photos picker: a way to access pictures from the Photo app without requesting direct library access
- App Clips: small parts of an app designed for quick task completion
- Widgets: small app instance that's updated in the background and refreshes information on your home screen
- WKWebView for data persistence handling, such as HTML5, Web SQL
- UIScene support for multiple app windows
What's new in On-Premises Platform 4.1.27
Mobile Client update
The Blue Cedar On-Premises Platform 4.1.27 (Policy Console) integrates apps with Blue Cedar 4.10.15 Mobile Client technology and Blue Cedar Enforce security policies.
What's new in Mobile Client 4.10.15
OpenSSL upgrade
Blue Cedar Mobile Client 4.10.15 is updated to include OpenSSL 1.1.1k, released on 25 March 2021. This update provides a stronger encryption key for Data at Rest protection.
What do I need to do?
You don't need to do anything to migrate DAR-protected apps and their files to the new version of OpenSSL and encryption key. Note that once those files are migrated, they cannot be used by previous versions if you want to downgrade the app for any reason.
Curl upgrade
Blue Cedar Mobile Client 4.10.15 is updated to include curl 7.76.1. This update picks up any security-related fixes curl has made.
What do I need to do?
This curl update is transparent to platform users and mobile users; no action is needed.
What's new in On-Premises Platform 4.1.26
Mobile Client update
The Blue Cedar On-Premises Platform 4.1.26 (Policy Console) integrates apps with Blue Cedar 4.10.14 Mobile Client technology and Blue Cedar Enforce security policies.
What's new in On-Premises Platform 4.1.25
Mobile Client update
The Blue Cedar On-Premises Platform 4.1.25 (Policy Console) integrates apps with Blue Cedar 4.10.13 Mobile Client technology and Blue Cedar Enforce security policies.
What's new in On-Premises Platform 4.1.24
Mobile Client update
The Blue Cedar On-Premises Platform 4.1.24 (Policy Console) integrates apps with Blue Cedar 4.10.12 Mobile Client technology and Blue Cedar Enforce security policies.
What's new in On-Premises Platform 4.1.23
Mobile Client update
The Blue Cedar On-Premises Platform 4.1.23 (Policy Console) integrates apps with Blue Cedar 4.10.11 Mobile Client technology and Blue Cedar Enforce security policies.
What's new in On-Premises Platform 4.1.22
Mobile Client update
The Blue Cedar On-Premises Platform 4.1.22 (Policy Console) integrates apps with Blue Cedar 4.10.10 Mobile Client technology and Blue Cedar Enforce security policies.
What's new in On-Premises Platform 4.1.21
Mobile Client update
The Blue Cedar On-Premises Platform 4.1.21 (Policy Console) integrates apps with Blue Cedar 4.10.9 Mobile Client technology and Blue Cedar Enforce security policies.
iOS 14 support
Blue Cedar includes support for the Apple iOS 14 release. Apps that were previously integrated with Blue Cedar and that worked on iOS 13 are expected to work without issues when reintegrated with Blue Cedar. Apps that target new APIs and features for iOS 14 may have issues. See the Open issues/limitations list below.
Android 11 support
Blue Cedar includes support for the Android 11 release. Apps that were previously integrated with Blue Cedar and that worked on Android 10 are expected to work without issues when reintegrated with Blue Cedar. Apps that target new APIs and features for Android 11 may have issues. See the Open issues/limitations list below.
Open issues/limitations
Limitations with this Blue Cedar release for iOS 14 include:
- Support for new iOS 14 features is not fully implemented in this release, including:
- New Photos picker: a way to access pictures from the Photos app without requesting direct library access
- HTTP Live Streaming (HLS)
- App Clips: small parts of an app designed for quick task completion
Limitations with this Blue Cedar release for Android 11 include:
- No support for Android Emulators running Android 11.
What's new in On-Premises Platform 4.1.20
Mobile Client update
The Blue Cedar On-Premises Platform 4.1.20 (Policy Console) integrates apps with Blue Cedar 4.10.8 Mobile Client technology and Blue Cedar Enforce security policies.
Python compatibility
Blue Cedar Mobile Client versions 4.10.8 and later are Python 3-based, as Python 2.x is no longer supported. Most of the implications of this upgrade are internal to Blue Cedar products. However, if you sign integrated apps with the Blue Cedar export for signing feature, the server where the signing scripts are executed must have Python 3 installed.
For more information, see External app signing with Python 3.
What's new in On-Premises Platform 4.1.19
Mobile Client update
The Blue Cedar On-Premises Platform 4.1.19 (Policy Console) integrates apps with Blue Cedar 4.10.7 Mobile Client technology and Blue Cedar Enforce security policies.
What's new in On-Premises Platform 4.1.18
Mobile Client update
The Blue Cedar On-Premises Platform 4.1.18 (Policy Console) integrates apps with Blue Cedar 4.10.6 Mobile Client technology and Blue Cedar Enforce security policies.
What's new in On-Premises Platform 4.1.17
Mobile Client update
The Blue Cedar On-Premises Platform 4.1.17 (Policy Console) integrates apps with Blue Cedar 4.10.5 Mobile Client technology and Blue Cedar Enforce security policies.
What's new in On-Premises Platform 4.1.16
Mobile Client update
The Blue Cedar On-Premises Platform 4.1.16 (Policy Console) integrates apps with Blue Cedar 4.10.4 Mobile Client technology and Blue Cedar Enforce security policies.
Apache update
The on-premises platform is updated to use this Apache2 version (SPT-2277):
- Apache2: 2.4.38-3+deb10u3
API-only user
Added a user role option for a user to have access only via the API to upload, integrate, and download apps, and not to use the UI. For more about user roles, see adding users in the policy console documentation.
What's new in Blue Cedar Platform 4.1.15
Mobile Client update
The Blue Cedar On-Premises Platform 4.1.15 (Policy Console) integrates apps with Blue Cedar 4.10.3 Mobile Client technology and Blue Cedar Enforce security policies.
Platform user password requirements
Added complexity requirements for on-premises platform user passwords. See SPT-2319 below.
What's new in Blue Cedar Platform 4.1.14
Mobile Client update
The Blue Cedar On-Premises Platform 4.1.14 (Policy Console) integrates apps with Blue Cedar 4.10.2 Mobile Client technology and Blue Cedar Enforce security policies.
What's new in Blue Cedar Platform 4.1.13
Mobile Client update
The Blue Cedar On-Premises Platform 4.1.13 (Policy Console) integrates apps with Blue Cedar 4.10.1 Mobile Client technology and Blue Cedar Enforce security policies.
What's new in Blue Cedar Platform 4.1.12
Mobile Client update
The Blue Cedar On-Premises Platform 4.1.12 (Policy Console) integrates apps with Blue Cedar 4.10.0 Mobile Client technology and Blue Cedar Enforce security policies.
Web Authentication policy
Added Web Authentication policy to configure a base URL and Client ID to generate a redirect URI. Use this redirect URI for users to authenticate with OAuth providers such as Ping. See Web Authentication for details. (BCP-4544)
What's new in Blue Cedar Platform 4.1.11
The Blue Cedar On-Premises Platform 4.1.11 (Policy Console) integrates apps with Blue Cedar Mobile Client 4.9.9 technology and Blue Cedar Enforce security policies.
What's new in Mobile Client 4.9.9
Android minSdkVersion for Enforce, Microsoft
Upgraded the mobile client to support Android SDK minimum version 21. If an Android app has minSdkVersion set lower than 21, integrating that app with Enforce or Microsoft will reset the minSdkVersion to 21. (MOB-871)
What's new in Blue Cedar Platform 4.1.10
The Blue Cedar On-Premises Platform 4.1.10 (Policy Console) integrates apps with Blue Cedar Mobile Client 4.9.8 technology and Blue Cedar Enforce security policies.
What's new in Mobile Client 4.9.6
Upgraded Android SDK build-tools to 29.0.2 for integrating apps. Current Android SDK support level is SDK version 28 and later.
Resolved issues
Resolved in Mobile Client 4.12.0
Item | Mobile OS | Accelerator | Description |
|---|---|---|---|
| SPT-2606 | iOS | Enforce | Fixed a bug with OAuth requests failing. |
| MOB-2865 | iOS | BlackBerry | Fixed an issue with Mattermost not automatically updating new messages received. |
| SPT-2615 | Android, iOS | Microsoft | Fixed an issue where the client ID from MSAL configuration wasn't being honored for the connection to the Microsoft Tunnel Gateway. |
| SPT-2617 | Android, iOS | Microsoft | Fixed a bug with server certificate verification mismatch connecting to the Microsoft Tunnel Gateway. |
| MOB-2987 | Android, iOS | Enforce, Microsoft | Add support for using system trust stores for server certificate verification during VPN connections. |
| SPT-2613 | Android, iOS | Enforce | Fixed a bug with Ping 2-factor running on the same device. |
| MOB-2996 | Android | Enforce, Microsoft | User installed device certificates will not used to verify trust. |
Known Issue in Mobile Client 4.12.0
| Item | Mobile OS | Accelerator | Accelerator |
|---|---|---|---|
| MOB-2996 | Android | Enforce, Microsoft | User installed device certificates will not be used to verify trust. |
Resolved in On-Premises Platform 4.1.29
Item | Mobile OS | Accelerator/Service | Description |
|---|---|---|---|
| SPT-2580 | iOS | Microsoft | Fixed an issue with interactive MSAL authentication for tunnel re-connect, which can be required for Conditional Access policies like Multi-Factor Authentication. |
| BBY-123 | iOS | BlackBerry | Fixed an issue for opening files using a temp directory. |
Resolved in On-Premises Platform 4.1.27
Item | Mobile OS | Accelerator/Service | Description |
|---|---|---|---|
| SPT-2532, SPT-2373 | Android | Enforce | Fixed an issue with app upload and integration failures by increasing max allowed time to integrate app from 15 minutes to 30 minutes. |
Resolved in Mobile Client 4.10.15
Item | Mobile OS | Accelerator/Service | Description |
|---|---|---|---|
| BBY-104 | Android | BlackBerry | Image and video capture on the device is now allowed even when App Kinetics with Data Loss Prevention is enabled. |
| BBY-105 | Android | BlackBerry | Added support for javascript Navigator.sendBeacon() command. |
| BBY-106 | Android | BlackBerry | Fixed an issue where WebView handling was not accessing the secure container correctly for downloaded files. |
| SPT-2347 | Android, iOS | Signing | Fixed an issue where the signing script failed when run on apps with spaces in the filenames. |
| SPT-2548 | iOS | Signing | Resolved an issue with external code signing on iOS with Python 3.9 |
| SPT-2570 | iOS | Microsoft | Fixed a rare hang in an app integrated with Intune. |
Resolved in Mobile Client 4.10.14
Item | Mobile OS | Accelerator | Description |
|---|---|---|---|
| SPT-2546 | iOS | Enforce | Improved app exclusion behavior for Data Sharing policy. |
| SPT-2531 | iOS | Enforce | Fixed an issue where sharing blocked DAR files could result in a crash. |
| SPT-2540 | iOS, Android | Microsoft | Fixed an issue where an app failed to refresh its access token while running, thus preventing reconnections to the VPN Gateway. |
| SPT-2531 | iOS | Enforce | Added support for specifying custom third party share extensions in Preferred Apps. To specify a share extension, In the Preferred Apps section of the Data Sharing policy, click "Add App ID" in the iOS list. Choose Custom app and enter the activity type identifier. |
Resolved in Mobile Client 4.10.13
| Item | Mobile OS | Accelerator | Description |
|---|---|---|---|
| SPT-2380, SPT-2455, SPT-2466 | Android | Blue Cedar | Fixed an issue where Android background notifications were not working in some scenarios where Secure Microtunnel policy was in use. |
| iOS | Blue Cedar | Resolved an issue sharing large files using Data At Rest. | |
BBY-93, BBY-102 | iOS | BlackBerry | Improved support for apps that use multiple windows when integrated with BlackBerry Launcher. |
| BBY-96 | iOS | BlackBerry | Resolved an issue where custom app icons were not correctly being presented for BlackBerry Launcher. |
Resolved in Mobile Client 4.10.12
Item | Mobile OS | Accelerator | Description |
|---|---|---|---|
| SPT-2170 | iOS | Blue Cedar | Resolved issue with multiple "No such file or directory" errors. |
| SPT-2482 | iOS | BlackBerry | Added support for UIScene apps with the BlackBerry accelerator. |
| MOB-1533 | Android | BlackBerry | Improved media playback handling in Android WebView. |
| MOB-1573 | Android | Microsoft | Fixed an issue with packageName parsing on Android. |
| SPT-2486 | iOS | Blue Cedar | Modified file handling to better support file writing. |
| SPT-2494 | iOS | Blue Cedar | Resolved an issue with NSURLSession where authentication challenges were not being handled correctly. |
| SPT-2493 | iOS | Blue Cedar | Resolved an issue where pages using mmap and custom signal handlers may not work correctly when using Data at Rest. |
| SPT-2507 | iOS | Blue Cedar | Resolved an issue where some portrait-only apps may display incorrectly if the device is held in landscape mode. |
| SPT-2512 | iOS | BlackBerry | Resolved an issue where some React-native apps may get stuck on a white screen during enrollment. |
| SPT-2515 | iOS | Policy Console | Fixed an issue with invalid Icon error when uploading iOS apps to the policy console. |
| BBY-73 | Android | BlackBerry | Fixed an issue that was causing hangs during authorization when BlackBerry Dynamics root detection policy was enabled. |
| BBY-86 | Android, iOS | BlackBerry | Resolved an issue where AppConfig values may not be successfully delivered to an app running on a device with MDM. |
Resolved in Mobile Client 4.10.11
Item | Mobile OS | Accelerator | Description |
|---|---|---|---|
| SPT-2305 | Android | All | Improved support for cut/copy/paste protection on Android, particularly on Samsung devices. |
| SPT-2399, BBY-37, BBY-50 | iOS | BlackBerry | Added support for loading file URLs for videos. |
MOB-1439 | iOS | All | All Veracode flaws detected in iOS code were fixed or mitigated (in case they were false positives). See Veracode Scanning Results for current reports. |
| SPT-2424 | iOS | All | Fixed an issue where some React Native apps would display UI incorrectly after rotation on iOS devices with a notched display. |
| BBY-57 | iOS | BlackBerry | Fixed an issue where App Config values configured via UEM were not accessible to iOS apps integrated with the Blue Cedar Accelerator for BlackBerry. |
| SPT-2331 | iOS | All | Added support for WKWebView in storyboards. |
| SPT-2170 | iOS | All | Resolved an issue with authentication challenge handling for iOS apps using platform networking APIs other than WKWebView (such as NSURLSession). |
| SPT-2480 | iOS, Android | All | Fixed an issue with apps hanging when reconnecting to a legacy gateway. |
| SPT-2365 | Android | All | Fixed an issue where a notification lock wasn't always being dismissed properly. |
| MOB-1634 | iOS | Enforce | Fixed an issue where app groups were not always rewritten when integrated without Data at Rest policies enabled. |
| SPT-2484 | Android | Enforce | Fixed an issue with the app groups feature combined with the Local App Authentication policy. |
| BBY-75 | Android | BlackBerry | Fixed an issue with the handling of Android Intent attached extras. |
Resolved in Mobile Client 4.10.10
Item | Mobile OS | Accelerator | Description |
|---|---|---|---|
| MOB-1444 | iOS | BlackBerry | BlackBerry Dynamics 8.1 does not support apps built with any version of Xcode before Xcode 11. During integration, the client detects the Xcode version and integrates older apps with Dynamics SDK 7.0. Apps built with Xcode 11+ will integrate with Dynamics SDK 8.1. This is a BlackBerry limitation. |
| SPT-2315 | Android | Enforce | Fixed an issue where trying to email logs from an integrated app would either crash or send a zip file with no entries. |
| BBY-29, BBY-40 | Android, iOS | BlackBerry | Fixed an issue around opening URLs after backgrounding an app. |
| BBY-37, SPT-2399 | iOS | BlackBerry | Added support for loading file URLs. |
| BBY-51, SPT-2397 | Android | BlackBerry | Fixed issues with file sharing intents and content URI handling. |
| BBY-47, SPT-2389 | Android | BlackBerry | Fixed an issue with launching external apps. |
| BBY-31 | Android, iOS | BlackBerry | Addressed issues handling various media formats. |
| BBY-52 | iOS | BlackBerry | Updated NSStreamSocket handling. |
| BBY-39 | Android | BlackBerry cloud | Added a new option to configure the BlackBerry app security policy to rewrite app IDs when launching apps from integrated apps. This feature is only needed in certain circumstances. See BlackBerry Dynamics SDK options for details. |
Resolved in Mobile Client 4.10.9
Item | Mobile OS | Accelerator | Description |
|---|---|---|---|
| SPT-2358 | Android | Enforce | Fixed a crash that could occur when accessing data encrypted with an unrecognized DAR key after using the "Clear Secure Data" button. |
| SPT-2362 | iOS | All | Resolved an issue where apps implementing BGTaskScheduler may crash on launch. |
| SPT-2338 | iOS | BlackBerry | Added automatic handling of iOS App Group IDs when an app is signed by Blue Cedar scripts with a Provisioning Profile containing exactly one App Group ID. The App Group ID in the Provisioning Profile is used to replace any App Group IDs requested by the app at runtime. This can allow apps with hard-coded App Group IDs to continue to work if they must be re-signed using a different Apple Developer account (such as third-party apps), since App Group IDs are globally unique. |
| SPT-2175 | Android | All | Fixed an issue where apps using illegal Android resource names starting with "$$" failed to integrate. |
| SPT-2372 | Android | BlackBerry | Fixed a crash caused by apps using a sharedUserID. |
| MOB-1323 | Android | All | Fixed an icon overlay issue with apps that do not have round icons. |
Resolved in Mobile Client 4.10.8
Item | Mobile OS | Accelerator | Description |
|---|---|---|---|
| BBY-29 | iOS | Enforce, BlackBerry | Resolved an issue where apps opened via custom URL schemes may not launch or behave correctly. |
| SPT-2211 | Android | Enforce | Fixed an issue where an app would crash when trying to prompt the user while in the background. |
| SPT-2321 | iOS | Enforce | Apps that utilize WKHTTPCookieStore may not properly store/retrieve cookies. Some apps have been seen to have SSO issues related to this issue. This issue has been solved for Blue Cedar in-app security. Note: This issue is still open for the Blue Cedar Accelerator for BlackBerry. |
| SPT-2354 | Android 10 | Enforce | Fixed a failure on Android 10 devices when DAR is enabled, causing a Fiori white screen to occur. |
| SPT-2361 | Android | BlackBerry | Added support for Kony APK package name renaming. |
| SPT-2364 | iOS | Fixed an issue where an app could render pages incorrectly after handling a redirect. Updated cookie handling to better support WebKit cookies. |
Resolved in Mobile Client 4.10.7
Item | Mobile OS | Accelerator | Description |
|---|---|---|---|
| BBY-27 | Android | BlackBerry | Fixed BlackBerry SDK TextView string casting exception. |
| SPT-2286 | Android | Microsoft | Fixed an issue integrating Microsoft accelerator with minified/obfuscated Android Support Libraries existing in an app. |
| SPT-2293 | Android | All | The User Interaction lock notification now only appears on user devices if there are credentials requested. The app must be backgrounded or not running when the system started an app service or broadcast receiver. Previously the lock would always appear if Secure Connectivity or Local App Authentication was configured. |
| SPT-2286 | Android | Microsoft | Fixed an issue with trailing newlines in HTTP header values. |
| SPT-2307 | Android | All | Improved handling of Android broadcast receiver notifications for apps that are not currently running. The integration setup time prior to app control will no longer be a factor in the timely handling of system notifications. |
| SPT-2345 | Android | All | Addressed an issue in the formatting of the generated signing script. |
| SPT-2351 | Android | Blue Cedar | Fixed an issue where the Blue Cedar client would periodically re-take control briefly in an Enforce integrated app with no local auth policy |
| SPT-2352 | Android | All | Fixed an issue where some web requests would take a long time to complete on dual IPv4/IPv6 networks. |
| SPT-2354 | Android | All | Fixed an issue when accessing local authentication data in certain circumstances. |
| SPT-2359 | Android, iOS | All | Resolved an issue where non-standard authentication headers might not be provided correctly to an app. |
| SPT-2366 | iOS | BlackBerry | Fixed an issue where some BlackBerry-integrated iOS apps were crashing when going into the background. |
| MOB-1029 | iOS | Enforce | Enforce is now correctly prompting for auth in XamarinForms with WKWebView |
| MOB-1077 | iOS | BlackBerry | DOMAIN\user style passwords for NTLM authentication are now handled correctly for the BlackBerry Accelerator |
| MOB-1122 | Android | All | Identified potential security risks in certificate trust handling and corrected them. |
| MOB-1128 | Android | All | Resolved an issue where retrieving a cached ADAL token caused the app to hang intermittently. |
Resolved in Mobile Client 4.10.6
Item | Mobile OS | Accelerator | Description |
|---|---|---|---|
| SPT-2308, SPT-2338 | iOS | All | Resolved an issue with app initialization where apps relying on launch storyboards were crashing upon access. |
| SPT-2341 | Android, iOS | All | Fixed an IKEv2 deadlock that was causing app crashes, most frequently when foregrounding an iOS app. |
| SPT-2195 | iOS | All | Removed UIWebView references and push notifications that were triggering warnings for App Store Connect submissions. |
| SPT-2315 | Android | All | Fixed an issue where emailing logs from integrated app caused app to crash. |
| SPT-2292 | Android, iOS | All | Corrected a color contrast issue for accessibility. |
| SPT-2002, SPT-2005, SPT-2007 | iOS | All | Added better support for voiceover and visibility impaired accessibility features. |
Resolved in Mobile Client 4.10.5
Item | Mobile OS | Accelerator | Description |
|---|---|---|---|
| SPT-2318, SPT-2320 | Android, iOS | All | Implemented several improvements for IPv6 connectivity around available DNS servers. |
Resolved in On-Premises Platform 4.1.16
Item | Component | Accelerator | Description |
|---|---|---|---|
| SPT-2319 | On-premises platform | All | Fixed a CSRF vulnerability issue for the on-premises platform UI. |
| SPT-2333 | On-premises platform | Blue Cedar | Fixed an issue that prevented iOS apps from working properly when integrated with Web Authentication policy. |
Resolved in Mobile Client 4.10.4
Item | Mobile OS | Accelerator | Description |
|---|---|---|---|
| SPT-2292 | Android | All | Fixed an issue with accessibility customization. |
| SPT-2305 | Android | All | Fixed an issue caused by cut/copy/paste interception on certain Samsung devices. |
| SPT-2307 | Android | All | Improved handling of Android broadcast receivers. During launch, the integrated app was sometimes interfering with the timing of broadcast handling. The client now handles the message earlier in the setup process. |
| SPT-2149 | Android | BlackBerry | Fixed an issue with BlackBerry integration when full paths to SQLite databases were provided. |
| SPT-2318, SPT-2320 | Android, iOS | All | Fixed an issue with IPv6 connectivity. |
| SPT-2334 | Android | All | Fixed an issue where an accessibility reader was reading element names instead of contents. |
Resolved in On-Premises Platform 4.1.15
Item | Component | Description |
|---|---|---|
| SPT-2319 | On-premises platform | Passwords for newly created platform users now require:
The password for the default user is changed to Qwerty1@ to meet these new requirements. Note: Existing passwords (for users migrated from earlier releases) remain unchanged until updated. This requirements change only applies to password changes for existing users, and to passwords for new users. |
Resolved in Mobile Client 4.10.3
Item | Mobile OS | Accelerator | Description |
|---|---|---|---|
| MOB-1004 | Android | All | Improved handling of broadcasts received by background services in certain circumstances. |
| SPT-2209 | Android | All | Web SQL Databases will not be intercepted/encrypted for Android apps that use WebView. |
| SPT-2224 | Android | All | Removed unneeded manifest permission which was causing integrated apps to hang during login. |
| SPT-2307 | Android | All | Improved handling of background services that require network access. |
| SPT-2312 | Android | All | Fixed an issue where the mobile client added an empty element with an ID of "legal" which caused the word "legal" to be read by an accessibility reader. An empty element is now handled appropriately. |
Resolved in Mobile Client 4.10.2
Item | Mobile OS | Accelerator | Description |
|---|---|---|---|
| SPT-2306 | Android, iOS | BlackBerry | Fixed a cookie-handling issue where single sign-on was not working with apps using WebView and integrated with the Blue Cedar Accelerator for BlackBerry. |
| SPT-2305 | Android 9 | All | Fixed an exception caused by cut/copy/paste interception on certain Samsung devices. |
| SPT-2302 | Android, iOS | All | Fixed an issue where starting the app for the first time with no internet connectivity on the device, allows access to the app without enrollment |
| SPT-2294 | Android | All | Fixed an issue where a connected app would lose connectivity and be unable to reconnect in certain circumstances when connectivity became available. |
Resolved in Mobile Client 4.10.1
Item | Mobile OS | Accelerator | Description |
|---|---|---|---|
| SPT-2266 | iOS | All | Fixed an issue where IPv6 system DNS servers were not being read on an iOS device. |
Resolved in Mobile Client 4.10.0
Item | Mobile OS | Accelerator | Description |
|---|---|---|---|
| MOB-892 | Android | Enforce | Corrected vulnerabilities identified via security scanning tools. |
| MOB-886 | Android | All | Corrected vulnerabilities identified via security scanning tools. |
| SPT-2254 | Android | All | Fixed an issue with interception of JobService. |
| SPT-2272 | Android | All | Fixed an issue when app wouldn't reconnect following background/foreground and Wi-Fi off/on transitions. |
Resolved in Mobile Client 4.9.9
Item | Mobile OS | Accelerator | Description |
|---|---|---|---|
| MOB-647 | Android | All | Corrected vulnerabilities identified via security scanning tools. |
| SPT-2243 | iOS | All | Fixed an issue occurring when a web server closed a connection before sending all its data. |
| SPT-2266 | Android, iOS | All | Fixed an issue where the Mobile Client was unable to fully establish an IKEv2 tunnel over IPv6 to the Blue Cedar Connect Gateway. |
| SPT-2261, SPT-2262 | Android, iOS | All | Fixed a DNS issue occurring when reconnecting to the Connect Gateway. |
Resolved in Mobile Client 4.9.8
Item | Mobile OS | Accelerator | Description |
|---|---|---|---|
| MOB-835 | Android | All | Corrected vulnerabilities identified via security scanning tools. |
| MOB-601 | Android 10 | All | Made improvements to relinking process. To take full advantage of the improvements, remove the app from devices, re-integrate the app, and re-deploy. Note: This change may produce breaking errors in some apps. |
Resolved in Mobile Client 4.9.7
Item | Mobile OS | Accelerator | Description |
|---|---|---|---|
| MOB-691 | Android | All | Corrected vulnerabilities identified via security scanning tools. |
| SPT-2211 | Android, iOS | Gateway | Changed handling of untrusted server certificates. Rather than allow the app user to proceed with an insecure session at launch and then later fail to reconnect, now the app cannot launch if the server certificates are untrusted. |
| SPT-2141 | Android | All | Fixed an issue with apps integrated with the BlackBerry Accelerator using URLConnection. Such apps were not able to access content, but now the order of HTTP headers returned to the apps is consistent with other accelerators. |
Resolved in Mobile Client 4.9.6
Item | Mobile OS | Accelerator | Description |
|---|---|---|---|
| MOB-690 | Android | All | Corrected vulnerabilities identified via security scanning tools. |
| SPT-2226 | Android | All | Fixed an issue with apps hanging/crashing after authentication. |
Resolved in Mobile Client 4.9.5
Item | Component | Description |
|---|---|---|
| SPT-2211 | iOS and Android | Fixed an issue with certificate authentication when certificate-only authentication is enabled on the Blue Cedar Connect Gateway: the client would not present the certificate it received from enrollment. |
Resolved in Mobile Client 4.9.4
Item | Component | Description |
|---|---|---|
| SPT-2113, SPT-2167 | Android 10 | Network requests made through Secure Web Stack now correctly use CA certificates specified for augmented trust on Android 10. This includes requests made via WebView, URLConnection, OkHttp, and Apache HTTP Client. Note that other trust verifications on Android 10 (such as direct calls to X509TrustManager) will not use the additional certificates at this time. |
| SPT-2171 | Android | Fixed app crashing on launch by increasing interception to properly align with app behavior and all supported accelerators. |
| SPT-2175 | Android | Fixed the way the client handles illegal Android resource names starting with "$$". |
| SPT-2204 | iOS, Android | Addressed an issue preventing React Native local storage files from being encrypted. |
Resolved in Mobile Client 4.9.3
Item | Component | Description |
|---|---|---|
| SPT-2196, SPT-2198 | iOS | Fixed an issue that prevented app group permissions from validating correctly. |
| SPT-2109 | Android | Fixed an issue where HTML5 apps could not store or retrieve data from local storage when the Data at Rest policy is enabled. |
| SPT-2180 | Android | Fixed an issue where incorrect URLs could be delivered to WebViewClient following redirects, resulting in undesirable behavior. |
| SPT-2133 | Android | Fixed an issue with unresponsive web views, related to a redirect issue with Secure Web Stack. |
| SPT-2147 | iOS | Fixed a crash that can occur when calling functions from memory address. |
Resolved in Mobile Client 4.9.2
Item | Component | Description |
|---|---|---|
| SPT-2162 | Android | Fixed an integration failure where the client was adding OkHttp during integration when the app already had a copy. No longer adding OkHttp to support HttpUrlConnection traffic. |
| SPT-2148 | Android | Fixed apps integrated with the Blue Cedar Accelerator for BlackBerry that were crashing due to missing permissions. BlackBerry requires these permissions for an app to run properly on all devices. If these permissions are not present in apps before integration, BlackBerry adds them during integration time. If you use maxSDKVersion for any of these permissions, Android removes the permission during installation on devices with an operating system above the maxSDKVersion: this removal makes the app crash. This fix removes maxSDKVersion for these permissions during integration: android.permission.INTERNET |
| SPT-2163 | Android | Fixed data migration failure after a PIN reset. |
| SPT-2056 | iOS | Fixed an issue where body data was being incorrectly dropped for certain requests with relative URLs. |
What's new in Blue Cedar Platform 4.1.2
The Blue Cedar On-Premises Platform 4.1.2 (Policy Console) integrates apps with Blue Cedar 4.8.5 Mobile Client technology and Blue Cedar Enforce security policies.
Release 4.1.0+ reflects a branding update for the UI. Functionality and workflows have not changed.
Resolved in On-Premises Platform 4.1.2
Item | Component | Description |
|---|---|---|
| SPT-2089, SPT-2155 | Android | Fixed an issue with integrating Android apps without internet connectivity; eliminated network dependencies for applying Blue Cedar policies. |
Resolved in Mobile Client 4.8.5
Item | Component | Description |
|---|---|---|
| MOB-434 | iOS, Android | External code-signing allows the signer to override the signing parameters that were uploaded to the Blue Cedar Platform. See Signing apps externally on MacOS for signing script options. |
Resolved in Mobile Client 4.8.4
Item | Component | Description |
|---|---|---|
| SPT-2133 | Android | Fixed a redirect issue with Secure Web Stack on Android. |
Resolved in Mobile Client 4.8.3
Internal fixes.
Resolved in Mobile Client 4.8.2
Item | Component | Summary |
|---|---|---|
| SPT-2123 | On-premises platform, Android | Fixed an issue during badging with parsing Android manifest entries containing URLs. |
Resolved issues
Blue Cedar has tested specific items that have been addressed in this release, but cannot test all customer apps for full functionality. Please reintegrate your apps with Blue Cedar and test your apps at your earliest convenience before moving to production (that is, distributing to your end users).
What's new in Blue Cedar Platform 4.0.x
What's new in Blue Cedar Policy Console 4.0.3
The Blue Cedar Policy Console 4.0.3 (On-Premises Platform) integrates apps with Blue Cedar 4.8.1 Mobile Client technology.
What's new in Blue Cedar Policy Console 4.0.0
The Blue Cedar Policy Console 4.0.0 (On-Premises Platform) integrates apps with Blue Cedar 4.7.1 Mobile Client technology.
See release notes for Blue Cedar Mobile Client 4.x for other upgrades to the Mobile Client.
Blue Cedar includes support for the new Apple iOS 13 Gold Master release. Customers must upgrade to Blue Cedar 4.0+ for iOS 13 support. Apps that were integrated with Blue Cedar that previously worked on iOS 12 are expected to work without any issues when reintegrated with Blue Cedar. Apps that incorporate new APIs and features for iOS 13 may have issues.
Android 10 support
Blue Cedar includes support for the new Android 10 release. Apps that were integrated with Blue Cedar that previously worked on Android P are expected to work without any issues when reintegrated with Blue Cedar. Customers must upgrade to Blue Cedar 4.x for Android 10 support.
IKEv2 support
The Secure Microtunnel policy now includes the option to connect to an IKEv2 VPN gateway or an IKEv1 Blue Cedar Gateway.
Resolved in 4.0.3
Internal fixes.
Updated Apache HTTP Server to apache2 2.4.25-deb9u8.
Resolved in 4.0.0
Item | Component | Headline | Description |
|---|---|---|---|
| SPT-2057 | Android | White screen and no login | Fixed a server certificate trust augmentation issue on some versions of Android (device-dependent, generally Android 9+). |
| SPT-1902, SPT-1915 | iOS, Android | Firebase iOS push notification | Fixed an issue where push notifications were not being properly delivered to a running, backgrounded app. |
Documentation and technical support
This release includes online documentation. To access this documentation, including upgrade instructions, see the knowledge base at apollo.bluecedar.com or this direct link:
Technical support is provided online at success.bluecedar.com