Skip to main content

9.7.0 Release Notes

HYPR 9.7.0 is an Enterprise Channel Release.

The Enterprise Release Channel caters to customers requiring a less frequent cadence of upgrades, specifically on a quarterly basis, thereby allowing them more time to adapt and implement changes without disrupting their business operations.

The Standard Release Channel is designed for customers who are equipped to accommodate monthly updates, providing regular and more frequent access to new features and improvements. All Standard Release features are available in the next scheduled Enterprise Release.

New Section

To enable our customers to be more proactive in anticipating industry changes that affect HYPR architecture and topology needs, we have created the Breaking Changes section of the Release Notes. This section may be updated after the GA Release as information becomes available to HYPR.

Minimum Supported Versions

Release DateHYPR ProductMinimum RequirementNotes
Dec 4, 2024HYPR Passwordless for Windows 9.7.0Windows (10, 11)Reboot required if upgrading from 7.6 or below; Security Key Support for Yubikey 5 Plus and Feitian ePass K9 Plus, K40 Plus and their offshoots
Dec 4, 2024HYPR Passwordless for Mac 9.7.0macOS (High Sierra, Mojave, Catalina, Big Sur, Monterey, Ventura, Sonoma 14.1 [not 14.0])Security Key Support for Yubikey 5 Plus and Feitian ePass K9 Plus, K40 Plus and their respective offshoots
Dec 4, 2024HYPR Mobile App for Android 9.7.0Android 8.0+
Dec 4, 2024HYPR Mobile App for iOS 9.7.0iOS 12.4+
Dec 4, 2024HYPR Server 9.7.0Java Development Kit (JDK) 17+Upgrade to 7.10 required before upgrading to 8.0.0 or higher
Dec 4, 2024HYPR SDK for Android 9.7.0Android 8.0+
Dec 4, 2024HYPR SDK for iOS 9.7.0iOS 12.4+
Dec 4, 2024HYPR SDK for Java 9.7.0Java Development Kit (JDK) 17+
Backward Compatibility

All HYPR components are fully compatible across the three previous/subsequent minor (X.X) HYPR releases.

New Features

  • [All HYPR] Customer Issues Brought In We've heard your feedback and made changes accordingly.

    • Provisions for slower environments
    • Profile handling improvements
    • Locale mistmatch
    • RDP unlock failure solved
    • CVE fixes
    • SSO command-line parsing

  • [All HYPR] Q4 2024 Branding and Customization for All HYPR Components HYPR extends the Branding and Customization introduced in previous versions of Affirm to encompass all components of the HYPR Passwordless experience:

    • Integrations
    • Adapt
    • Affirm
    • Mobile App/SDK
    • Keycloak

  • [Adapt] UX Updates

    • Error and messaging verbiage additions
    • Improved sorting and search
    • Metrics and testing improvements
    • Handler code management UX

  • [Adapt] Policy/Signal Handler UI Cleanup Working towards a better experience in HYPR Adapt.

    • Organize Templates and Tests
    • Login Limits policy Unit test

  • [Affirm; Control Center - Integrations] Q4/2024 Integrations and Affirm Bug Fixes and Unplanned Work:

    • General UI/UX Improvements across all HYPR components
    • Events payload streamlining
    • Multiple Approvers in chat
    • More realistic timeout and refresh considerations
    • More specific Error conditions and verbiage

  • [Control Center - Integrations] Entra EAM Integration - Beta External Authentication Methods are on the horizon. Contact HYPR Support to see how you can take advantage of this exciting feature.

  • [Control Center - Integrations] Entra: User Management Authenticator Removal Granular workstation or web account removal has been added to Integrations' User Management interfaces.

  • [Passwordless - Both] Security Device Enhancements - Q4 2024 More detail and intuitive use of security keys and smart cards.

    • Improved PIN Security
    • Security Key type listed
    • Security Key certificate operations improved
    • Deletion UI improvements

  • [SDK for FIDO2] FIDO2 Javascript SDK II Implementation HYPR FIDO2 JS SDK gets a refresh.

Enhancements

  • [Adapt; Documentation] Articles review and improvement/update

  • [Adapt; Platform - Keycloak] Hardening II

  • [Adapt] Implement Adapt for Workstation - Beta

  • [Adapt] Inbound Event hooks ingestion

  • [Adapt] Signal Handlers: Add more functions to the ctx API

  • [Adapt] Signal Handlers: Default 'Test action event' JSON improvements

  • [Affirm] Control Center login first time Admin with Affirm

  • [Affirm] Custom Workflow Enhancements and Management in UI

  • [API] Switch /checksettings request justVerifySerialNumber to justValidateSerialNumber

  • [Control Center] Add IP address to "New device added" email

  • [Control Center] HYPR IE SmartCard Hook does not provide the type of the card

  • [Control Center] (PUK) Security Device Unlock Code Support

  • [Control Center] The Viewer role has been restricted to disallow access to some RADIUS endpoints

  • [Control Center] Workstation Settings: Require User Presence UI Corrections

  • [Control Center] Desktop SSO controls ('Activate HYPRSpeed') is no longer in Advanced Mode Login Settings, and is now found in Standard Mode Integrations Login Settings: Desktop SSO Settings

  • [Control Center - Integrations] AD FS Plugin v2: Add support for Desktop SSO/HYPRSpeed

  • [Control Center - Integrations] HYPR Enterprise Passkey: Entra ID FIDO2 Provisioning APIs Security Hardening Integrations

  • [Control Center - Integrations] HYPR Enterprise Passkey: Tap to Login UX PoC

  • [Control Center - Integrations] Okta: Create the integration

  • [Control Center - Integrations] Okta: Inline registration

  • [Mobile App - Both] Transaction Extras in QR code

  • [Mobile App for Android] Single Registration: Call status/registration when needed every time the app starts (instead of relying on Fallback button)

  • [Mobile App for iOS; SDK for iOS] Create wireframe within app

  • [Passwordless - Both] Q4 2024 Passwordless UI Improvements

  • [Passwordless for macOS] HYPR IE SmartCard Hook does not provide the type of the card

  • [Passwordless for Windows] Figure out PRT Validation

  • [Passwordless for Windows] (PUK) Security Device Unlock Code Support; multiple enhancements

  • [Platform - Keycloak] Q4 2024 Keycloak module improvements

  • [SDK for iOS] Mobile SDK Size Reduction

Events

The following Event(s) were added to HYPR:

See Event Descriptions for a list of all HYPR Events and parameters.

Error Messages

The following Errors have been added to HYPR:

  • 1114070 HYPR_DISPLAY_CODE_HYPRLINK_ERROR_EMPTY_LINK

  • 1114071 HYPR_DISPLAY_CODE_HYPRLINK_ERROR_MISSING_PARAMS

  • 1114072 HYPR_DISPLAY_CODE_HYPRLINK_ERROR_INVALID_LINK

  • 1114073 HYPR_DISPLAY_CODE_HYPRLINK_ERROR_ERROR_DATA

  • 1114074 HYPR_DISPLAY_CODE_HYPRLINK_ERROR_MALFORMED_RESPONSE

  • 1114075 HYPR_DISPLAY_CODE_HYPRLINK_ERROR_EXPIRED

  • 1201093 - REQUEST_THROTTLED

  • ek1201094 - SHORT_LINK_NOT_FOUND

  • 1201095 - INVALID_SHORT_LINK

  • 1202077 - UNKNOWN_PUK_DEVICE

  • 1207017 - USER_NOT_PERMITTED_PROBLEM

  • 1207018 - WORKFLOW_PROBLEM

  • 1480001 - kHyprIncompleteConfiguration

To see all HYPR errors by component, see HYPR Error Codes Troubleshooting Table.

APIs

  • [API] /checksettings request attribute justVerifySerialNumber has been changed to justValidateSerialNumber

  • [API] The following search criteria were added to the Bulk Query call:

    • controlpoints
    • deleted_certificates
    • deleted_registrations
    • IdentityVerificationOIDCClientConfig
    • idvcodecustomization
    • idvworkflowconfiguration
    • maintenance_state
    • requested_certificates
    • rpuserproperty
    • rp_workstation_detail
    • securitykey

  • [API] The call /rp/api/rpapp/:rpAppId/certificate/deregistered?from= GET deregistered certificates is now deprecated, and this information should be obtained using the Bulk Query API

  • [API] Where applicable, uses of the term 'IdV flow instance' have been replaced with the term, 'workflow' in references to HYPR Affirm

  • [API] The property loggingOnlyEnforcementEnabled has been added to the following Adapt calls to account for Logging Only mode:

    • List a policy configuration. GET /cc/api/appconfig/adapt

    • Assign the full Adapt configuration to an RP Application. PUT /cc/api/appconfig/adapt

    • Assign a policy to an evaluation point for an rpAppId. POST /cc/api/appconfig/adapt/assign

    • Get policy assignments for all apps. GET /cc/api/appconfig/adapt/assignments

You can find detailed descriptors of these and other API calls in HYPR's full Postman API set here.

Upcoming Changes

Smart Card PIN Unblocking Key (PUK) PIN Reset HYPR accommodates smart card and security key PUK PIN reset functionality from the desktop.

HYPR Documentation Reorganization In the 10.x series, HYPR Documentation will undergo minor but still notable changes in the way articles are grouped. Instead of adhering to the legacy format mirroring the UI layouts, based on feedback from customers, we are making accommodations in an attempt to better reflect the user's journey.

Bug Fixes

  • [Adapt] Fixed: CrowdStrike event gets stored with eventName as 'null'

  • [Adapt] Fixed: Evaluation Response Unavailable on Fallback Assignments appears null for old assignments

  • [Adapt] Fixed: Events aren't valid JSON and are failing to route to the Event bus

  • [Adapt] Fixed: Exclude untrusted Events

  • [Adapt] Fixed: JSONDecodeError WEBAUTHN Event

  • [Adapt] Fixed: Login Limits policy allows negative values in the configuration and the policy evaluation fails

  • [Adapt] Fixed: Missing/misformatted fields in ADAPT_POLICY_EVAL_USER_BLOCKED Events

  • [Adapt] Fixed: Policy home page policy assignment shows no Evaluation Points to choose from

  • [Adapt] Fixed: Signal Handlers: Crowdstrike: HMACTestSecretKey works only for one of the test Events

  • [Adapt] Fixed: Signal Handlers: Values flicker when the mouse is hovered on the success or failure percentage tooltip

  • [Adapt; Control Center - Integrations] Fixed: Okta inbound hook handler code has undefined object error

  • [All HYPR] Fixed: Single Registration: We don't see Recovery PINs for iOS/Android

  • [Control Center] Fixed: Custom Branding: Device Manager redirect URL not saving on Control Center, and not seeing the prompt or redirect link on Device Manager

  • [Events] Fixed: Traceids are not consistent through Enterprise Passkey Event flow

  • [Mobile App for Android] Fixed: Enterprise Passkey: User presence prompt contents are being read incorrectly

  • [Passwordless for Windows] Fixed: Deleting a fingerprint from the middle of the list doesn't re-order the rest of the list

  • [Passwordless for Windows] Fixed: Enterprise Passkey: Accessibility: Incorrect element being read on the on Entra pairing success screen

  • [Passwordless for Windows] Fixed: Enterprise Passkey: Accessibility: Name property for the buttons are null in Wi-Fi/BLE selection screen

  • [Passwordless for Windows] Fixed: Intermittent issue with Passwordless UI when we delete YubiKey registration with API

Known Issues

  • [Adapt] The Monitor Authentication policy toggle for Block User On Failed Authentication Attempt doesn't disable user authentication

  • [Adapt] The policy ID Copy button closes the drawer

  • [Adapt] The user is not being blocked after an unsuccessful Login Limits policy attempt

  • [Adapt] The user is not being blocked even after an unsuccessful Monitor Authentication login attempt

  • [Mobile App for iOS] The text below the logo on the home screen still says "True Passwordless Security" and has not been updated to "Identity Assurance"

  • [Passwordless for Windows] If YubiKey minidriver is updated by WFA installer, a reboot is required

  • [Passwordless for Windows] HYPR displays an error when a paired Yubikey Bio MPE has the maximum number of fingerprints stored already

  • [Control Center] Server still sends push notifications with incorrect proxy credentials

Breaking Changes

mySQL 5.7 Support Ends

  • [Platform - Database] HYPR has discontinued support for mySQL 5.7, as it reached its end-of-life in October 2023.

Android Configuration (Migration from 8.7.X to 9.1.X)

  • Project-wide:

    targetSdk 33 -> 34
    minSdkVersion 23 -> 26
    kotlin version  1.7.22-> 1.9.20

  • gradle-wrapper.properties:

    https\://services.gradle.org/distributions/gradle-7.6-bin.zip -> https\://services.gradle.org/distributions/gradle-8.4-bin.zip

  • project:build.gradle:

    kotlin version  1.7.22-> 1.9.20
    com.android.tools.build:gradle:7.2.2 -> com.android.tools.build:gradle:8.1.4
    com.google.gms:google-services:4.3.14 -> com.google.gms:google-services:4.4.0
    com.guardsquare:dexguard-gradle-plugin:1.3.24 -> com.guardsquare:dexguard-gradle-plugin:9.4.21

  • app:build.gradle:

    • Implementation:

        androidx.appcompat:appcompat:1.5.1 -> androidx.appcompat:appcompat:1.6.1
        com.google.android.material:material:1.7.0 -> com.google.android.material:material:1.10.0
        androidx.lifecycle:lifecycle-process:2.5.1 -> androidx.lifecycle:lifecycle-process:2.6.2
        com.google.code.gson:gson:2.10 -> com.google.code.gson:gson:2.10.1
        org.apache.commons:commons-lang3:3.12.0 -> org.apache.commons:commons-lang3:3.13.0
        com.google.mlkit:barcode-scanning:17.0.0 -> com.google.mlkit:barcode-scanning:17.2.0
        androidx.core:core-ktx:1.9.0 -> androidx.core:core-ktx:1.12.0
        androidx.lifecycle:lifecycle-viewmodel-ktx:2.5.1 -> androidx.lifecycle:lifecycle-viewmodel-ktx:2.6.2
        org.jetbrains.kotlin:kotlin-stdlib-jdk7:1.7.22 -> org.jetbrains.kotlin:kotlin-stdlib:1.9.20
        com.google.firebase:firebase-messaging:23.1.0-> com.google.firebase:firebase-messaging:23.3.1

    • annotationProcessor:

      androidx.lifecycle:lifecycle-common-java8:2.5.1 -> androidx.lifecycle:lifecycle-common:2.6.2

  • You might need to add this (depending on your setup) in app:build.gradle:

    android {
      ...
          compileOptions {
              sourceCompatibility = JavaVersion.VERSION_1_8
              targetCompatibility = JavaVersion.VERSION_1_8
          }
          kotlinOptions {
              jvmTarget = "1.8"
          }
      ...
    }