Skip to main content
Version: 10.3.0

10.3.1 Release Notes

HYPR 10.3.1 is a patch to the 10.3.0 Enterprise Channel Release.

The Enterprise Release Channel follows a quarterly upgrade cycle, ensuring a stable and predictable update process. This schedule provides organizations with ample time to test, adapt, and implement changes while minimizing disruptions to business operations. With each release, customers receive the latest security, performance, and feature enhancements, allowing them to stay up to date with improvements while maintaining operational stability.

New Section

To enable our customers to be more proactive in anticipating industry changes that affect HYPR architecture and topology needs, we have created the Breaking Changes section of the Release Notes. This section may be updated after the GA Release as information becomes available to HYPR.

Minimum Supported Versions

Release DateHYPR ProductMinimum RequirementNotes
July 18, 2025HYPR Passwordless for Windows 10.3.1Windows (10 "1803", 11)Reboot required if upgrading from 7.6 or below; Security Key Support for YubiKey 5 Series with firmware 5.X, YubiKey Bio Multi-Protocol Edition, IDEMIA ID-One on Cosmo 8.2, Feitian K9 Plus and K40 Plus and its offshoots
July 18, 2025HYPR Passwordless for Mac 10.3.1macOS (High Sierra, Mojave, Catalina, Big Sur, Monterey, Ventura, Sonoma 14.1 [not 14.0])Security Key Support for Yubikey 5 Series with firmware 5.X and Feitian ePass K9 Plus, K40 Plus and their respective offshoots
July 18, 2025HYPR Mobile App for Android 10.3.1Android 8.0+
July 18, 2025HYPR Mobile App for iOS 10.3.1iOS 12.4+
July 18, 2025HYPR Server 10.3.1Java Development Kit (JDK) 17+Upgrade to 7.10 required before upgrading to 8.0.0 or higher
July 18, 2025HYPR SDK for Android 10.3.1Android 8.0+
July 18, 2025HYPR SDK for iOS 10.3.1iOS 12.4+
July 18, 2025HYPR SDK for Java 10.3.1Java Development Kit (JDK) 17+
Backward Compatibility

All HYPR components are fully compatible across the three previous/subsequent minor (X.X) HYPR releases.

Enhancements

  • [Affirm] Updated phone number verification screens to display the last 4 digits instead of 3, ensuring consistency across all relevant screens

  • [Authenticate] Added a new WS Status API endpoint that allows querying workstation status using OAuth or CC API bearer tokens

  • [Authenticate] Enhanced the FIDO2 delete device API with a flag to optionally delete the user after their last device is removed

  • [Authenticate for Mac] Added a configuration setting allowing administrators to define the number of PIN retries before security device lockout during registration

  • [Authenticate for Windows] Added a recovery option to reset a security key if it is detected as locked during the pairing process

  • [Authenticate for Windows] Added an option to disable SSL pinning in WFA

  • [Integrations] Improved the login and pairing screens by presenting the QR code and manual login options side by side

  • [Integrations] Updated bruteforce detection functionality for Keycloak; Bruteforce log messages now appear only when bruteforce protection is actually enforced

Events

See Event Descriptions for a list of all HYPR Events and parameters.

Error Messages

The following error code has been added:

  • 1201097: WORKSTATION_CERTIFICATE_REENROLL_FAILED — Workstation failed to consume the re-enrolled certificate

To see all HYPR errors by component, see HYPR Error Codes Troubleshooting Table.

APIs

  • [User & Device Management]
    • Added a new endpoint to delete FIDO2 devices, with an option to delete the user if it was their last device:
      • POST /cc/api/user/fido/delete
    • Updated user deletion logic to allow deleting users without devices:
      • POST /cc/api/user/delete
    • Added or updated endpoint to query associated users via shared devices:
      • POST /cc/api/versioned/rpUser/registered/associations

You can find detailed descriptors of these and other API calls in HYPR's full Postman API set here.

Bug Fixes

  • [Adapt] API keys are now properly redacted in Event Hook logs to prevent exposure of sensitive credentials

  • [Affirm] Fixed an issue allowing creation of an Affirm flow with a DM outcome but no associated RP app; validation now requires an RP app to be set

  • [Affirm] Fixed an issue where adding or editing a workflow could result in a white screen

  • [Affirm] Fixed an issue where denied outcome results displayed the workflow ID instead of the expected 6-digit code

  • [Affirm] Fixed an issue where entering an incorrect phone number on the phone number screen displayed an error page instead of an appropriate error message

  • [Affirm] Fixed an issue where submitting a blank verification code in the OTP step caused a site error instead of showing a validation message

  • [Affirm] Restored validation on the phone number screen to prevent submission when the field is left blank

  • [Affirm] Updated geolocation logic to use a distance matrix instead of drivable routes

  • [Authenticate] Fixed an issue where an expired Magic Link would cause an Internal Server Error instead of displaying an appropriate expiration message

  • [Authenticate] Fixed an issue where calling GetRegistrations removed SessionId

  • [Authenticate] Fixed an issue where validation could fail for the machineUserPrincipalName field

  • [Authenticate for Mac] Fixed an issue where the unlock dialog remained visible after unlocking with Touch ID while a paired security key was plugged in

  • [Authenticate for Mac] Fixed an issue where users were unable to change the security key PIN when the SecurityKeyPinRetries property was set above zero

  • [Control Center] Azure integration: Deprecated service account and password usage for web integration, added support for certificate-based authentication, and updated documentation for compatibility and migration guidance

  • [Integrations] Fixed an issue where new email notifications were not sent to end users when registering FIDO2 devices

  • [Integrations] Improved username comparison logic to handle Unicode discrepancies

  • [Integrations] Keycloak: Fixed a UI issue where the QR code screen appeared compressed and unreadable on desktop when using the legacy authenticator with Entra integration

  • [Integrations] Keycloak: Fixed an issue where Desktop SSO was not triggering in the KC authenticator

  • [Integrations] Keycloak: Fixed an issue where selecting "login manually" to trigger QR fallback in the legacy authenticator restarted the session

  • [Integrations] Keycloak: Fixed an issue where users received an "Error getting QR code" message and could not authenticate when logging into M365 Copilot with QR authentication enabled

Known Issues

  • [Adapt] The user is not being blocked even after an unsuccessful Monitor Authentication login attempt

  • [Adapt] Upon a cold start of the risk engine (e.g., after an upgrade) blocked policy might not be applied

  • [Authenticate] The HYPR Service does not always restart as intended after resuming from Modern Standby or hibernation, sometimes resulting in multiple restart attempts and network recovery failures

  • [Control Center] Server still sends push notifications with incorrect proxy credentials

  • [HYPR Passwordless for Windows] The text messages in the Windows login screen are replaced with incorrect text by HYPR Passwordless credential provider under certain circumstances

  • [HYPR Passwordless for Windows] HYPR displays an error when a paired Yubikey Bio MPE has the maximum number of fingerprints stored already

  • [HYPR Passwordless for Windows] If the YubiKey mini-driver is updated by HYPR Passwordless installer, a reboot is required

  • [HYPR One App for iOS] The text below the logo on the home screen still says "True Passwordless Security" and has not been updated to "Identity Assurance"

  • [HYPR One App for iOS] Registration isn't blocked and no alert is displayed when a version enforcement policy is set in Control Center for a future date

  • [Integrations - Okta] The Enroll button is displayed for Control Center admins who are not in the Okta directory

  • [Integrations - Okta] New integrations cannot be added due to 'Default Policy' errors

  • [Integrations - Okta] Users deleted from the Integrations rpApp do not get unassigned from the Okta app

  • [Integrations - Keycloak] Missing HYPR theme in local environment