Skip to main content
Version: 10.5.0

10.5.3 Release Notes

HYPR 10.5.3 is a Maintenance Release in the 10.5 Enterprise Channel.

The Enterprise Release Channel follows a quarterly upgrade cycle. Maintenance releases contain targeted fixes and minor improvements without schema-breaking changes.

Minimum Supported Versions

Release DateHYPR ProductMinimum RequirementNotes
November 5, 2025HYPR Passwordless for Windows 10.5.3Windows (10 "1803", 11)Reboot required if upgrading from 7.6 or below; Security Key Support for YubiKey 5 Series with firmware 5.X, YubiKey Bio Multi-Protocol Edition, IDEMIA ID-One on Cosmo 8.2, Feitian K9 Plus and K40 Plus and its offshoots
October 1, 2025HYPR Passwordless for Mac 10.5.1macOS (High Sierra, Mojave, Catalina, Big Sur, Monterey, Ventura, Sonoma 14.1 [not 14.0], Sequoia, Tahoe)Security Key Support for YubiKey 5 Series with firmware 5.X and Feitian ePass K9 Plus, K40 Plus and their respective offshoots
September 24, 2025HYPR Mobile App for Android 10.5.0Android 9.0+
October 16, 2025HYPR Mobile App for iOS 10.5.2iOS 12.4+
November 5, 2025HYPR Server 10.5.3Java Development Kit (JDK) 17Upgrade to 7.10 required before upgrading to 8.0.0 or higher
September 24, 2025HYPR SDK for Android 10.5.0Android 9.0+
September 24, 2025HYPR SDK for iOS 10.5.0iOS 12.4+
September 24, 2025HYPR SDK for Java 10.5.0Java Development Kit (JDK) 17+
Backward Compatibility

All HYPR components are fully compatible across the three previous/subsequent minor (X.X) HYPR releases.

Breaking Changes

  • [Control Center] FIDO2 MDS legacy APIs deprecation — with the introduction of granular AAGUID allow/deny controls, legacy metadata management APIs are scheduled to be deprecated beginning in 11.3. Update integrations to the new controls under cc/api/rp/api.

Enhancements

  • [Affirm] Enhanced single user workflow API — improved flexibility for creating workflows with non-email login identifiers, allowing administrators to use various identifier formats for user authentication.

  • [Authenticate for Windows] Enhanced password filtering controls — added option to control password-based login filtering separately for console and remote desktop sessions, providing administrators with granular control over authentication methods.

Events

See Event Descriptions for a list of all HYPR Events and parameters.

Error Messages

To see all HYPR errors by component, see HYPR Error Codes Troubleshooting Table.

APIs

You can find detailed descriptors and other API calls in HYPR's full Postman API set here.

Bug Fixes

  • [Affirm] Fixed workflow initialization issue — resolved problem where flows could not be initialized when email field was left blank after being accessed.

  • [Affirm] Fixed activity log display for unused features — resolved liveness check and name comparison steps showing "pass" instead of "N/A" when not included in the verification flow.

  • [Authenticate for Windows] Fixed log file path configuration — absolute paths are now used during fresh installations.

  • [Adapt] Fixed event ingestion behavior — resolved issue where the ENABLE_ADAPT_POLICIES feature flag was incorrectly ingesting events into the Adapt database. The feature flag now only enables the Adapt UI pages and allows creating policies without requiring event ingestion.

  • [Control Center] Fixed role visibility in user creation — resolved issue where Control Center admin users could see helpdesk roles when creating new users; helpdesk roles are now properly hidden from Control Center admin user creation interface.

  • [Affirm] Fixed single user workflow generation — resolved issue where flows with empty string rpAppIdReference and no custom user directory could not be used to generate single user workflows; empty string values are now properly handled.

Upcoming Changes

  • [Enterprise Passkey] Third‑party Passkey Provider Support

    • Enterprise Passkey can transform the HYPR One App for Android and iOS into a Third‑Party Passkey Provider, creating a consistent user experience with other passkey providers, either platform or third‑party.
    • Users can use a registered Enterprise Passkey in the HYPR One App through the native passkey support in Android and iOS, enabling native and browser mobile use cases.

  • [Authenticate] [Preview] Single Registration — Certificate Renewal through Control Center

    • Provides administrators with visibility into certificate expiration status and enables automatic certificate renewal for mobile pairings through Control Center.
    • Eliminates manual workstation‑based renewal processes and improves consistency for Single Registration/Web Registration deployments by centralizing renewal.
    • Mobile temporarily holds the current and new certificates and sends both during Unlock until workstation confirms acceptance.
    • Workstation prefers the new certificate when VPN/AD is reachable; otherwise it unlocks with the current certificate and prompts the user to connect VPN and try again.

  • [Authenticate] [Preview] Single Registration — Bi‑Directional

    • Enables both Web‑initiated and Workstation‑initiated Single Registration flows within the same tenant.
    • Establishes scenarios, constraints and UX convergence goals to "pair anywhere, authenticate everywhere," informing future development and demos.

  • [Adapt] HYPR Adapt for Microsoft Edge for Business Integration

    • HYPR Adapt policy risk engine integrates with Microsoft Edge for Business to extend signal collection and exchange with corporate browsers.
    • Provides access to device signals directly through the browser, offering broader coverage by accessing attested information not available from regular web app contexts.

  • [Integrations - Keycloak] OAuth authentication

    • As HYPR adopts OAuth as an authorization mechanism platform‑wide, the Keycloak integration will adopt OAuth exchanges in place of bearer tokens to increase security and flexibility.

Known Issues

  • [Adapt] Upon a cold start of the risk engine (e.g., after an upgrade) blocked policy might not be applied

  • [Authenticate] The HYPR Service does not always restart as intended after resuming from Modern Standby or hibernation, sometimes resulting in multiple restart attempts and network recovery failures

  • [Control Center] Server still sends push notifications with incorrect proxy credentials

  • [HYPR Passwordless for Windows] The text messages in the Windows login screen are replaced with incorrect text by HYPR Passwordless credential provider under certain circumstances

  • [HYPR Passwordless for Windows] If the YubiKey mini-driver is updated by HYPR Passwordless installer, a reboot is required

  • [HYPR One App for iOS] The text below the logo on the home screen still says "True Passwordless Security" and has not been updated to "Identity Assurance"

  • [HYPR One App for iOS] Registration isn't blocked and no alert is displayed when a version enforcement policy is set in Control Center for a future date

  • [Integrations - Okta] The Enroll button is displayed for Control Center admins who are not in the Okta directory

  • [Integrations - Okta] New integrations cannot be added due to 'Default Policy' errors

  • [Integrations - Okta] Users deleted from the Integrations rpApp do not get unassigned from the Okta app

  • [Integrations - Keycloak] Missing HYPR theme in local environment

  • [HYPR One App for iOS] Passkey creation may fail for Entra Federation integration (AccessDenied on creation options)

  • [HYPR One App for iOS] Two-keys flow: app may not navigate away from My Security Keys after deleting the last passkey

  • [HYPR One App for iOS] When two workstations are paired (x509 + Entra hybrid), unlock sometimes fails on both

  • [HYPR One App for iOS] Intermittent crash when de-registering WS bubble or web rpApp

  • [Control Center] EPK workstation deregistration audit events missing