Skip to main content
Version: 10.5.0

10.5.2 Release Notes

HYPR 10.5.2 is a Maintenance Release in the 10.5 Enterprise Channel.

The Enterprise Release Channel follows a quarterly upgrade cycle. Maintenance releases contain targeted fixes and minor improvements without schema-breaking changes.

Minimum Supported Versions

Release DateHYPR ProductMinimum RequirementNotes
October 16, 2025HYPR Passwordless for Windows 10.5.2Windows (10 "1803", 11)Reboot required if upgrading from 7.6 or below; Security Key Support for YubiKey 5 Series with firmware 5.X, YubiKey Bio Multi-Protocol Edition, IDEMIA ID-One on Cosmo 8.2, Feitian K9 Plus and K40 Plus and its offshoots
September 24, 2025HYPR Passwordless for Mac 10.5.0macOS (High Sierra, Mojave, Catalina, Big Sur, Monterey, Ventura, Sonoma 14.1 [not 14.0])Security Key Support for YubiKey 5 Series with firmware 5.X and Feitian ePass K9 Plus, K40 Plus and their respective offshoots
September 24, 2025HYPR Mobile App for Android 10.5.0Android 9.0+
October 16, 2025HYPR Mobile App for iOS 10.5.2iOS 12.4+
October 15, 2025HYPR Server 10.5.2Java Development Kit (JDK) 17Upgrade to 7.10 required before upgrading to 8.0.0 or higher
September 24, 2025HYPR SDK for Android 10.5.0Android 9.0+
September 24, 2025HYPR SDK for iOS 10.5.0iOS 12.4+
September 24, 2025HYPR SDK for Java 10.5.0Java Development Kit (JDK) 17+
Backward Compatibility

All HYPR components are fully compatible across the three previous/subsequent minor (X.X) HYPR releases.

Breaking Changes

  • [Control Center] FIDO2 MDS legacy APIs deprecation — with the introduction of granular AAGUID allow/deny controls, legacy metadata management APIs are scheduled to be deprecated beginning in 11.3. Update integrations to the new controls under cc/api/rp/api.

Enhancements

  • [Affirm] Enhanced user directory customizations — improved flexibility for administrators to configure user source customizations based on user roles, allowing different data sources for approvers and regular users.

  • [Affirm] Enhanced OIDC integration — improved compatibility with identity providers that filter requests based on user-agent strings, allowing administrators to customize outbound request user-agents for Affirm Helpdesk and Approver flows.

  • [Integrations - Keycloak] Enhanced cookie handling — improved performance and error handling for HYPR PMC Cookie loading.

Events

See Event Descriptions for a list of all HYPR Events and parameters.

Error Messages

The following error codes have been added:

  • 1202700: REQUEST_PARAM_INVALID — Request parameter validation failed.

To see all HYPR errors by component, see HYPR Error Codes Troubleshooting Table.

APIs

  • [Control Center (cc/api)]
    • Added endpoint to retrieve a nonce for FIDO2 SSO flows: GET /cc/api/idp/fido2/ssoNonce/{rpAppId}

You can find detailed descriptors and other API calls in HYPR's full Postman API set here.

Bug Fixes

  • [Affirm] Improved validation and messaging when a required phone number is missing from user directory data or customization; shows a clear, actionable message instead of a generic lookup error.

  • [Affirm] Corrected role labeling when creating Help Desk users — viewer role now displays as AFFIRM_HELPDESK_VIEWER instead of a generic viewer label.

  • [Affirm] Improved stability and responsiveness of the liveness check to avoid page unresponsive delays during capture; refined timing and retry handling.

  • [Affirm] Fixed injectable outcomes Redirect URL field to show an empty value instead of the string "null" when first opened.

  • [Affirm] Restored visibility of Affirm ctx helper functions in code customizations (e.g., httpGet), ensuring the full helper set is available when initializing custom code.

  • [Authenticate for Windows] Fixed log file path configuration — absolute paths are now used during fresh installations.

  • [HYPR One App for iOS] Fixed registration failure in Single Registration flows — resolved issue where registration was failing with error 102001 when Single Registration was enabled.

  • [Integrations - Keycloak] Fixed QR code rendering with Jamf — resolved issue where QR codes were not displaying properly in Jamf login screens on MacBook devices.

Upcoming Changes

  • [Enterprise Passkey] Third‑party Passkey Provider Support

    • Enterprise Passkey can transform the HYPR One App for Android and iOS into a Third‑Party Passkey Provider, creating a consistent user experience with other passkey providers, either platform or third‑party.
    • Users can use a registered Enterprise Passkey in the HYPR One App through the native passkey support in Android and iOS, enabling native and browser mobile use cases.

  • [Authenticate] [Preview] Single Registration — Certificate Renewal through Control Center

    • Provides administrators with visibility into certificate expiration status and enables automatic certificate renewal for mobile pairings through Control Center.
    • Eliminates manual workstation‑based renewal processes and improves consistency for Single Registration/Web Registration deployments by centralizing renewal.
    • Mobile temporarily holds the current and new certificates and sends both during Unlock until workstation confirms acceptance.
    • Workstation prefers the new certificate when VPN/AD is reachable; otherwise it unlocks with the current certificate and prompts the user to connect VPN and try again.

  • [Authenticate] [Preview] Single Registration — Bi‑Directional

    • Enables both Web‑initiated and Workstation‑initiated Single Registration flows within the same tenant.
    • Establishes scenarios, constraints and UX convergence goals to "pair anywhere, authenticate everywhere," informing future development and demos.

  • [Adapt] HYPR Adapt for Microsoft Edge for Business Integration

    • HYPR Adapt policy risk engine integrates with Microsoft Edge for Business to extend signal collection and exchange with corporate browsers.
    • Provides access to device signals directly through the browser, offering broader coverage by accessing attested information not available from regular web app contexts.

  • [Integrations - Keycloak] OAuth authentication

    • As HYPR adopts OAuth as an authorization mechanism platform‑wide, the Keycloak integration will adopt OAuth exchanges in place of bearer tokens to increase security and flexibility.

Known Issues

  • [Adapt] Upon a cold start of the risk engine (e.g., after an upgrade) blocked policy might not be applied

  • [Authenticate] The HYPR Service does not always restart as intended after resuming from Modern Standby or hibernation, sometimes resulting in multiple restart attempts and network recovery failures

  • [Control Center] Server still sends push notifications with incorrect proxy credentials

  • [HYPR Passwordless for Windows] The text messages in the Windows login screen are replaced with incorrect text by HYPR Passwordless credential provider under certain circumstances

  • [HYPR Passwordless for Windows] If the YubiKey mini-driver is updated by HYPR Passwordless installer, a reboot is required

  • [HYPR One App for iOS] The text below the logo on the home screen still says "True Passwordless Security" and has not been updated to "Identity Assurance"

  • [HYPR One App for iOS] Registration isn't blocked and no alert is displayed when a version enforcement policy is set in Control Center for a future date

  • [Integrations - Okta] The Enroll button is displayed for Control Center admins who are not in the Okta directory

  • [Integrations - Okta] New integrations cannot be added due to 'Default Policy' errors

  • [Integrations - Okta] Users deleted from the Integrations rpApp do not get unassigned from the Okta app

  • [Integrations - Keycloak] Missing HYPR theme in local environment

  • [HYPR One App for iOS] Passkey creation may fail for Entra Federation integration (AccessDenied on creation options); fix targeted for 10.7

  • [HYPR One App for iOS] Two-keys flow: app may not navigate away from My Security Keys after deleting the last passkey; fix targeted for 10.7

  • [HYPR One App for iOS] When two workstations are paired (x509 + Entra hybrid), unlock sometimes fails on both; fix targeted for 10.7

  • [HYPR One App for iOS] Intermittent crash when de-registering WS bubble or web rpApp; fix targeted for 10.7

  • [Control Center] EPK workstation deregistration audit events missing; fix targeted for 10.7