Release Notes SaaS Patch 1 HF3

The AppViewX 2026.1.1.3 (SaaS) release notes describe new features, enhancements, bug fixes, known issues, and known limitations in the software.

New Features

There are no new features in this software release.

Enhancements

There are no enhancements in this software release.

Bug Fixes

CERT
  • Resolved API uploaded CSR generation option incorrectly selecting "AppViewX" instead of "CSR upload". Streamlines automated certificate enrollment pipelines, eliminates manual intervention in CI/CD workflows. Enables seamless integration with infrastructure-as-code tools and DevOps automation frameworks.
  • Resolved certificate expiry alert logic incorrectly including certificates outside configured validity ranges. Eliminates duplicate alerts and inconsistent email notifications to certificate owners and distribution lists. Improves alert accuracy by 100%, reduces manual investigation overhead by 20-30%, prevents premature certificate renewals.
  • Resolved security vulnerability where scheduled expiry alerts accessed certificate groups beyond the alert creator's authorization scope. Prevents unauthorized users from receiving sensitive certificate data for groups outside their permission boundaries, closes ACL bypass. Restores proper access control enforcement during alert execution, ensures credentials remain scoped to user permissions (100% compliance).
  • Filename validation is enhanced to allow certificate and key files to begin with underscore (_) and hyphen (-) characters during certificate push operations for F5 and Citrix vendors.
  • Resolved RFC 4055 compliance issue where certificate AlgorithmIdentifier was missing required NULL parameters. Certificates generated via AppViewX Internal CA and PKI CA now include proper NULL encoding for sha256WithRSAEncryption, enabling successful deployment to Cisco devices and other strict RFC validators.
  • Resolved an issue in Windows Device OS scans by adding Microsoft HTTPAPI detection criteria to the Nmap parser to support proper device onboarding during discovery. Also changed the Parsing logic of NMAP to consider Aggressive OS scan output for Linux devices
  • Disabled onboarding CT Log scan discovery as precertificate ingestion prevents proper management of final certificates in the inventory. CT Log scans are not recommended when push‑and‑bind or other certificate usage methods are in place.
  • Resolved duplication in inventory when the code scan agent runs on a local filesystem without a Git workspace or branch. The scan now updates existing entries instead of creating new entries for each scan.
  • Resolved an issue that prevented the Private Certificate CRL check job from downloading Microsoft CA CRL files when LDAP endpoints were included in the CRL distribution list, ensuring reliable revocation checks and uninterrupted certificate validation.
  • Improved support for large certificate environments by allowing the MongoDB query timeout for certificate count calculations on the Certificate Group page to be configurable, ensuring more reliable performance at scale.
Platform
  • Resolved ProxyRequestHandler firing unnecessary database write queries for ACL datacenter resources on every proxy request. Eliminates forever-running delta during upgrades (previously required 6-8 hours manual cleanup), reduces database load by 60-70%.
  • Resolved the policy engine email approval flow to correctly handle Safe Links generated HEAD requests, preventing false “Request already submitted” messages and ensuring a smooth approval experience on the first click.

Known Issues

There are no known issues in this software release.

Limitations

There are no limitations in this software release.