8.7.1 Release Notes
Patch Release 1/24/2024
8.7.1 is a patch to the 8.7.0 Enterprise Release Channel.
The Enterprise Release Channel caters to customers requiring a less frequent cadence of upgrades, specifically on a quarterly basis, thereby allowing them more time to adapt and implement changes without disrupting their business operations.
The Standard Release Channel is designed for customers who are equipped to accommodate monthly updates, providing regular and more frequent access to new features and improvements. All Standard Release features are available in the next scheduled Enterprise Release.
Minimum Supported Versions
| Release Date | Product/Version | Platform | Notes |
|---|---|---|---|
| January 24, 2024 | HYPR Passwordless for Windows 8.7.1 | Windows (10, 11) | Reboot required if upgrading from 7.6 or below; Security Key Support for Yubikey 5 Plus and Feitian ePass K9 Plus, K40 Plus and their offshoots |
| January 24, 2024 | HYPR Passwordless for Mac 8.7.1 | macOS (High Sierra, Mojave, Catalina, Big Sur, Monterey, Ventura, Sonoma 14.1 [not 14.0]) | Security Key Support for Yubikey 5 Plus and Feitian ePass K9 Plus, K40 Plus and their respective offshoots |
| January 24, 2024 | HYPR Mobile App for Android 8.7.1 | Android 8.0+ | |
| January 24, 2024 | HYPR Mobile App for iOS 8.7.1 | iOS 12.4+ | |
| January 24, 2024 | HYPR Server 8.7.1 | Server | Upgrade to 7.10 required before upgrading to 8.0.0 or higher |
| January 24, 2024 | HYPR Android SDK 8.7.1 | Android 8.0+ | |
| January 24, 2024 | HYPR iOS SDK 8.7.1 | iOS 12.4+ |
Backward Compatibility
All HYPR components are fully compatible across the three previous/subsequent minor (X.X) HYPR releases.
Enhancements
- [All HYPR] The term, "whitelist," has been amended to, "allowlist" where applicable
- [API] Non-ASCII characters are now allowed in API request headers
- [Control Center - Adapt] A couple of policy evaluation points have been renamed:
- PRE_OOB_WEB_AUTH is now PRE_WEB_AUTH; it is triggered before OOB and FIDO2
- POST_OOB_WEB_AUTH is now POST_WEB_AUTH; it is triggered after OOB and FIDO2
- [Control Center - Adapt] Improved user unblocked scenarios messaging, variable output, and inline comments
- [Control Center - Adapt; HYPR SDK for Android] HYPR now sends continuous signals for each profile (
username) instead of for the machine (machineId) - [Control Center - Device Manager] Device Manager user-friendly names (
displayName) are user-editable in accordance with FIDO specifications - [HYPR Passwordless for Windows] More than five devices can now be paired
Events
- Event ADAPT_POLICY_ASSIGNMENT_REMOVED now includes
policyIdin the message content
See Event Descriptions for a list of all HYPR Events and parameters.
Error Messages
To see all HYPR errors by component, see HYPR Error Codes Troubleshooting Table.
APIs
You can find detailed descriptors of these and other API calls in HYPR's full Postman API set here.
Upcoming Changes
Microsoft Entra Nomenclature Updates
HYPR 9.0+ will be updated where Microsoft Azure is mentioned to accommodate the name change to Microsoft Entra. Anywhere in the documentation or UI that uses Azure in HYPR 8.x and prior versions will now use Entra.
Product Documentation Changes
HYPR is consolidating its documentation in an effort to more readily provide the information you are seeking. The overall look and feel will initially remain similar to what you see now. In the second phase, HYPR functions will be defined with a user story in mind, role-dependent, for users, admins, and developers.
HYPR Branding Changes
You may have noticed HYPR content shifting to include a fingerprint theme; likewise, we are changing some of our product names to standardize their labeling. Some are still the old familiar titles you know and love.
We've included the full list of products and features that will be included under the grouping, HYPR Authenticate. HYPR Authenticate includes the suite of components that make up the HYPR system: Control Center (including Integrations and Plugins), HYPR Passwordless, the HYPR Mobile Apps, and the SDKs.
| HYPR Authenticate Name | Legacy HYPR Server Name |
|---|---|
| HYPR Cloud | HYPR Cloud |
| HYPR On Prem | HYPR On Prem |
| RADIUS | HYPR RADIUS Server |
| HYPR Authenticate Name | Legacy HYPR Mobile App Name |
|---|---|
| HYPR for iOS | HYPR Mobile App for Android |
| HYPR for Android | HYPR Mobile App for iOS |
| HYPR Enterprise Passkey | HYPR FIDO2 Mobile Authenticator |
| HYPR Authenticate Name | Legacy HYPR Workforce Access Client Name |
|---|---|
| HYPR Passwordless for Windows | HYPR Workforce Access Client for Windows |
| HYPR Passwordless for Mac | HYPR Workforce Access Client for Mac |
| HYPR Authenticate Name | Legacy HYPR SDK and API Names |
|---|---|
| HYPR SDK for iOS | HYPR SDK for iOS |
| HYPR SDK for Android | HYPR SDK for Android |
| HYPR SDK for Golang | HYPR SDK for Golang |
| HYPR SDK for Java | HYPR SDK for Java |
| HYPR SDK for JavaScript | HYPR SDK for JavaScript |
| HYPR SDK for Python | HYPR SDK for Python |
| HYPR Server APIs | Server API |
| HYPR Authenticate Name | Legacy HYPR Integration Name |
|---|---|
| HYPR for Okta | Okta |
| HYPR for Workspace | Google Workspace |
| HYPR for OneLogin | OneLogin |
| HYPR for Azure | Azure |
| HYPR for Ping DaVinci | Ping DaVinci |
| HYPR Authenticate Name | Legacy HYPR Feature Name |
|---|---|
| HYPRspeed | Desktop SSO |
| HYPR Authenticate Name | Legacy HYPR Plugin Name |
|---|---|
| HYPR for AD FS | AD FS |
| HYPR for Ping Federate | Ping Federate |
| HYPR for SiteMinder | SiteMinder |
| HYPR for ForgeRock | ForgeRock |
Bug Fixes
- [Control Center - Adapt] Android asks for location and phone call permission after the registration is complete; previously it asked much earlier
- [Control Center - Adapt] Android signals are sent with authentication/requests 'COMPLETE' status instead of 'REQUEST_SENT' status, which was what was sent previously
- [Control Center - Adapt]
evalDataStartDateandevalDataEndDatevalues have been corrected in the log - [Control Center - Adapt] Event ADAPT_POLICY_ASSIGNMENT_REMOVED includes
policyIdin the message content - [Control Center - Adapt] Fixed empty RP App configuration parse error in Keycloak
- [Control Center - Adapt] In an RP Application's Login Settings, under the HYPR Adapt Settings section, the Adapt Unavailable Fallback column is now displayed
- [Control Center - Adapt] RP Application Risk Policy assignment now succeeds using the RP Application's own access/bearer token
- [Control Center - Device Manager] Onboarding allows subsequent enrollment of the same type of device without restarting the onboarding flow
- [Control Center - Device Manager] Onboarding Tour QR code refreshes properly; previously it did not refresh in some cases
- [Control Center - Integrations] Deletion of the workstation from the HYPR Mobile App does not remove the paired credential from CC and Entra (previously it did)
- [HYPR Mobile App for Android; HYPR SDK for Android] HYPR Enterprise Passkey: When pairing two different workstations logged in with same Entra account, HYPR creates individual workstation bubbles in HYPR Mobile App; previously it would replace the existing workstation bubble
- [HYPR Passwordless for Mac] Fixed Kerberos error when requesting a certificate from Active Directory
- [HYPR Passwordless for Windows] Client validates the PIN during a local account pairing
- [HYPR Passwordless for Windows] Incompatibility between iOS BLE broadcasting and Windows 11 signal interpretation preventing completion of Entra FIDO2 pairing has been resolved
- [Platform: Keycloak] JSON logging enablement has been fixed
Known Issues
- [HYPR Control Center - Adapt] FIDO2 authentication attempts are not blocked when FIDO2 is not exempted and the Authentication Failure Threshold is exceeded
Updated 3 months ago