Enhancements

AppViewX now enhances F5 R-Series integration by retrieving the Tenant UUID via F5 APIs to uniquely identify each tenant sharing the same chassis. The Tenant UUID is stored as device metadata, displayed in the Device Inventory UI, and included in inventory exports and inventory-related API responses.

The Device Heatmap and Traffic Stats widgets now support monitoring of device- and host-level statistics, providing improved visibility into performance and traffic metrics.

The exported data will reflect all rows, all visible columns, and any active filters applied to the inventory data, making it ideal for compliance reporting, audits, governance, and multi-project visibility.

The Cloud Account Device Inventory now supports XLSX export when filtered to AWS vendor. Users can download AWS cloud account metadata including Account Name, Services, Status, and Discovery Status. Export automatically includes all records, regardless of pagination.

AppViewX now supports automated daily metadata synchronization with Sectigo CA. This ensures all Sectigo certificates (enrolled or externally discovered) retain the necessary order and renewal attributes required for smooth renewal workflows. Administrators can enable or disable the sync, with warnings provided to avoid renewal failures due to missing metadata.

AppViewX introduces a secure password management mechanism for Windows Certificate Store discovery and push operations. This enhancement eliminates the use of hardcoded passwords for P12/PFX transactions, aligning with security best practices and improving the overall security posture. This feature strengthens credential protection, reduces operational risk, and ensures compliance with enterprise security and cryptographic governance standards.

Certificate Lifecycle Management (CLM) support is enabled for KDB-supported Linux vendors by using the gsk8capicmd_64 and gskcmd tools. This feature introduces clear, user-friendly error handling for KDB enrollment and push operations. Instead of displaying generic failure messages, the system surfaces meaningful, probable-cause–based error messages in the UI.

AppViewX introduces a configurable General Setting that allows administrators to control the fallback behavior when ACL commands fail during certificate deployment and file operations on Linux-based devices. The setting applies only to Linux-based target devices configured with SSH communication mode (Apache Linux, Tomcat Linux, Generic Linux, Websphere Linux, Nginx, SAP ABAP, SAP Webdispatcher, JBOSS Linux, HAProxy, Weblogic Linux).

AppViewX introduces full support for Firewall and WAF device types within Device Onboarding Groups. Discovery results will automatically map devices to the correct group, enabling manual onboarding, auto-onboarding, and improved device visibility.

A new text field, Health Value (%), is introduced in Server > Device Settings > Linux > Under Vendor Specific Details. The threshold value defines the minimum server resource health required. If the SAR-derived health value drops below this limit, the device will remain unresolved to prevent further processing.

AppViewX now supports generating new private keys directly on endpoints during certificate re-enrollment. This enhancement ensures that key material remains securely stored on the device while AppViewX handles CSR submission and certificate issuance. Supported through Visual Workflow, this feature enhances compliance with enterprise key management and data protection policies.

AppViewX now allows administrators to manually onboard devices from unsupported or unrecognized vendors directly from the Discovery > Devices tab. The “Onboard Manually” option launches a prefilled onboarding form with discovery details, enabling users to complete onboarding seamlessly. Once onboarded, the device status automatically updates in the discovery results, ensuring complete visibility and management continuity.

Internal compliance and standards updates for D3 charts were completed to keep visualizations stable and up to date, with no significant change in user-experience.

Appviewx has introduced support for creating multiple WAEP agents with a single cloud connector, rather than requiring a unique cloud connector for each agent’s identification. The correct URL will be provided on the Agents inventory page, allowing users to easily access and utilize it. This eliminates the need for multiple cloud connectors when creating multiple agents, thereby simplifying the process and reducing dependencies.

A new certificate attribute is introduced which automatically captures and stores the ACME account’s registered email address during certificate issuance. This enables the tracking of certificates enrolled using specific user accounts.

AppViewX enhances WAEP to improve flexibility and reliability when integrating with diverse Active Directory environments. Administrators can now select a predefined or custom LDAP search attribute instead of relying solely on cn for directory lookups. WAEP uses the selected attribute during certificate enrollment and automatically falls back to cn if the lookup fails or returns no results.

AppViewX extends Dynamic External Account Binding (EAB) support in ACME settings to include non-AppViewX users. Administrators can now manually enter one or more external user email addresses or upload a CSV file to enable bulk generation and secure delivery of EAB credentials. The system validates all provided email addresses, identifies and reports invalid entries before processing, and proceeds with credential generation only for valid users. AppViewX logs all EAB generation activities whether manual or bulk with audit entries that include timestamps and administrator details, ensuring traceability and compliance.

AppViewX enhances WAEP template configuration to issue machine certificates using the machine name extracted from the CSR during manual enrollment, addressing cases where certificates were previously issued with a user name. This behavior is enabled via a new per-template option, “Issue certificate using machine name from CSR,” and maintains full backward compatibility with audit logging.

AppViewX introduces a bulk configuration capability that allows administrators to apply CA settings to multiple WAEP certificate templates in a single action. Users can now configure CA settings for one template and, upon saving it will display all the available templates not only the unconfigured templates. This enhancement eliminates repetitive manual configuration, reduces effort and errors, and streamlines the management of templates that share identical CA settings.

AppViewX enhances WAEP by adding support for LDAPS to enable secure, encrypted LDAP/Global Catalog communication during device enrollment. Users can now modify existing or configure new LDAP settings and enable LDAPS as part of the configuration. This enhancement provides a unified configuration experience, reduces duplication, and ensures secure directory communication by default.

The EST Agent can now establish MTLS connections to the AppViewX platform over IPv6 for the EST supported certificate lifecycle operations, including enrollment and renewal. This enhancement allows administrators to configure IPv6-based AppViewX endpoints using hostnames or IPv6 addresses.

IP Search now supports advanced search across all fields for every source, with accurate pagination and total record counts displayed in the results table. This improvement ensures consistent, reliable search behavior without requiring UI/UX changes.

AppViewX Native PKI certificates now display the template/profile name in the CERT Inventory, ensuring consistent visibility across all CA types and improving traceability, reporting, and governance for large certificate inventories.

The VisualWorkflow request archival and restore process has been significantly optimized to address performance degradation caused by increasing request volumes.

The D3 library has been upgraded to the latest version for security improvements, and charts previously rendered using the avx-web-commons plugin have been replaced with charts from the avx-web-charts plugin to ensure compatibility and consistent rendering.

An enhancement has been introduced to the Workflow Engine to support resuming workflow requests that are stuck in the in-progress state.

Provides improved visibility into workflow hierarchies by enabling users to view and manage dependent (child) workflows linked to a parent workflow request.

Workflow Export Enhancement: Added an “Export with Dependencies” option to export workflows along with all associated components (magic variables, hooks, and helper scripts) as a single package. Introduced a Dependent Hooks field in Workflow Quick Settings with validation to highlight missing or deleted hooks.

Adds support for REST integrations requiring hybrid authentication using an API key and cookie-based session. The system retrieves a session ID via a configurable session URL and automatically includes it in subsequent REST API calls, with support for proxy-based execution to improve compatibility and reliability.

AppViewX enhances the Notification Center by introducing a Category column for all existing notification event types, enabling better organization and manageability as the number of events grows. The UI now includes the category field to support easier grouping and filtering of notifications.

In addition, AppViewX introduces new preconfigured notification events for platform health monitoring modules such as LDAP, TACACS, and RADIUS, extending proactive monitoring capabilities. These updates prepare the Notification Center to support integration and platform monitoring use cases across components including SSO, PAM, SMTP, Proxy, Log Forwarding, and more, ensuring improved visibility into platform health and integrations.

All LDAP, TACACS, RADIUS, SSO, PAM, SMTP, Proxy, and Log Forwarding events are disabled by default. Users can enable them by selecting the required subscribers. Health check cron jobs run every three hours to monitor system components and generate events accordingly. All monitoring alerts are grouped under the Infrastructure Health category.

AppViewX introduces an integrated framework to monitor Kubernetes infrastructure certificate health for on-premises installations. The platform now automatically collects and inventories certificates from Kubernetes nodes, tracks certificate status and expiry, and generates early warnings for expiring certificates. The framework also detects issues such as inactive or non-updating certificate orchestrators, cleans up stale certificate metadata, and notifies administrators through the Notification Center. This enhancement is categorized under the Infrastructure Certificate category, with the event name Kubernetes Certificate Expiry. The event is enabled by default with in-app notifications. Users must select the required subscribers to receive notifications.

Infrastructure certificates are accessible via Platform → Asset Management → Infrastructure Certificates. A scheduled cron job runs once daily to refresh and update certificate data. Notifications are generated for infrastructure certificates approaching expiry at 30, 15, and 7 days, as well as for expired certificates.

On the fresh installation Cert-orchestrator pod will be up and running post uploading license file into the environment

AppViewX introduces SDK-based integration with Fortanix HSM to enable secure cryptographic operations, including key generation, encryption, decryption, and code signing. The integration leverages the sdkms-client-4.37.2554.jar library and uses an API URL–based configuration model, eliminating PKCS#11 file dependencies such as .so and .cfg files.

This enhancement improves performance through key caching, reducing repeated key fetches, and optimizes code-signing operations using the Fortanix SDK. AppViewX also adds automated monitoring of HSM service availability and responsiveness, records health status, and generates notifications for failures or status changes. In addition, the platform now provides clear, root-cause–based error messages, improving troubleshooting and overall reliability for HSM-dependent operations.

AppViewX upgrades the angus-mail library from version 2.0.3 to 2.0.4, addressing stability and security improvements included in the updated component.

The AppViewX Config Scan Agent and the AppViewX Code Scan Agent are now available for Windows-based installations, extending their capabilities to scan Windows Server configurations (certificate stores, TLS/Schannel registry, IIS bindings, service-level crypto settings).

The scan outcomes are used to build an inventory of cryptographic algorithms, certificates, protocols, and cipher suites currently in use, and identify weak/legacy cryptography that must be replaced during PQC migration.

On Quantum Trust Hub, now option to be made available to switch from the default dark mode to a white/light mode theme

SSH key discovery and search now support SSH2-formatted keys in addition to OpenSSH. A new Key Format filter in Advanced Search allows users to filter keys by OpenSSH or SSH2, with key format details shown in the inventory popup. Filters can be combined (for example, with Fingerprint) to return only matching results.

Introduced a new Key Format option that allows users to select the desired format to be included in the SSH key export.

Devices added through the Device Addition workflow now include a new discovery metadata field to capture the supported SSH key type.