What’s New

🚀 New Features

Meetings (beta)

Meetings (beta) has been introduced with a new interface and core collaboration features. It is available in the web portal sidebar under “Meetings”.

Currently in beta, Meetings are merged with the legacy ISL Groop meetings, and the dropdown item “New Meeting (beta)” represents the new version. New meetings can run directly in the browser and, with upcoming releases, will also be available in the ISL Light desktop application as the “Meeting (beta)” tab in dashboards.

Web Portal > Meetings (side navigation) > In Meeting

Key updates include:

• Camera and microphone support: join with either or both, manage devices from the People sidebar.
• Screen sharing with stream control: give or revoke control while sharing, viewers can request or cancel control.
• Give control: hand over keyboard and mouse control to another participant, then take it back when needed.
• Chat: exchange text messages.
• People panel: manage participants, privileged users can request or mute camera and microphone.
• Whiteboard (Pen tool): draw on the shared screen, available to all participants, toggle on/off or exit with ESC.
• Video background: choose none, blur, or image for video background when creating or joining a meeting.

On mobile, ISL Meeting supports gestures such as pinch-to-zoom, drag to pan, single tap for click, two-finger tap for right-click, and swipe to scroll.

Meeting history is now stored in /conf, showing details like creator, timestamps, duration, participants, and session information.

PostgreSQL improvements

Database upgrade procedures have been improved for reliability, visibility, and performance.

Key updates include:

• Data verification during upgrade: restored data is now checked using MD5 hash comparison of table rows (with partial checks for large tables), instead of only comparing row counts. Estimated upgrade time now includes hash verification.
• Progress logs: detailed logs added for dump/restore and verification steps.
• GRID awareness: /conf now shows pending PostgreSQL upgrades for all servers in the GRID. Each server reports available upgrades to others.
• Log preservation: old PostgreSQL log files are kept during upgrades and renamed with an old- prefix.
• Version visibility: installed PostgreSQL version is displayed in /conf (Activity monitor → Servers).
• Cleanup on failure: temporary folders from failed upgrades are automatically removed on server startup.
• Asynchronous estimation: space and time estimation for upgrades is now performed asynchronously, so ICP startup is no longer blocked on large databases. Until estimation is complete, /conf shows “Preparing upgrade” and the upgrade option is disabled.

gjrpc2grid & SSO Cache Management

Expired Core Login SAML identity provider certificates are now properly removed from cache when new certificates are acquired. Updating SAML IdP metadata triggers a GRID message that flushes outdated cache entries across all Core Login servers.

For SSO identity providers with rollover certificates, multiple certificates from the same metadata are now grouped under a “meta-group” tag in the /conf certificates panel. Expiry checks are based on an optimistic validity interval, assuming no gaps between certificates and using the maximum validity for evaluation.

User and Domain Deletion Checks

Server administration now verifies ownership of computers and groups before allowing a user or domain to be deleted. A new “Required actions” step lists all associated computer groups or connections that must be reassigned or removed. Deletion can only proceed once these actions are completed. If no ownership is detected, related data is displayed and the deletion continues as before.

SSO SAML Service Provider ECDSA Key Support

The SAML service provider configuration now supports PKCS8-encoded ECDSA keys for the “SAML service provider PEM key file” setting (/conf → Security → Other). Authentication request signing methods have also been extended to include ECDSA-SHA1, ECDSA-SHA256, and ECDSA-SHA512.

Read customization zips on startup

ISL Conference Proxy now loads customization packages automatically during startup. Administrators can place one or more .zip files into ICP/customizations/ and restart the server. If a customization with the same name already exists, the existing one is kept and a warning is shown in /conf with a logged alert. Invalid packages, such as those missing a manifest or containing an invalid zip, block startup until removed or corrected. Successful loads are recorded in the debug logs.

DNS CAA and TXT Record Support

ISL Conference Proxy now supports DNS CAA records, which previously caused errors when added to a zone. Handling of DNS TXT records has also been improved. Quoted strings are now processed correctly by removing surrounding quotes and unescaping characters, ensuring only raw values are stored. Unquoted strings continue to be handled as before.

Raise minimal OS requirements for Linux to CentOS 7.4

The minimum supported environment for ISL Conference Proxy is now Linux 3.10.0 with glibc 2.17, equivalent to RHEL/CentOS 7.4.

Copy Web Pages v2400 to v2500

Web pages from version v2400 were copied into v2500, which is now set as the default.

Update logo “powered by PDQ.com”

Updated ISL Online logo to add “powered by PDQ.com” in v2500 main web_template.html. Logo is now saved in SVG format instead of PNG.

Upgrade Go to 1.24.4

Go has been upgraded to version 1.24.4.

Upgrade libxslt to 1.1.43

libxslt has been upgraded to version 1.1.43.

Upgrade libxml2 to 2.13.8

libxml2 has been upgraded to version 2.13.8.

Upgrade OpenSSL to 3.0.17

OpenSSL has been upgraded to version 3.0.17.

Upgrade libjpeg-turbo to 3.0.3

The internal ImageMagick-based toolchain now uses libjpeg-turbo 3.0.3 (previously 1.0.0).

🐞 Bug Fixes

Optimize Active Sessions Page Queries

The /conf → Activity monitor → Sessions page no longer performs multiple database reads for sorting and fetching active sessions. The logic was redesigned to reduce the number of queries.

Fix Time Range Filtering in Safari

Timestamp filters in Administration pages (Add Filter modal) caused errors in Safari, and navigation produced excessive history.replaceState calls. Both issues have been resolved.

Upgrade jQuery-UI in v2400 v2

The Administration module now uses the latest version of jQuery-UI, loaded from core instead of a bundled copy. Required plugins are included in jquery-ui.min.js, and unused code has been removed from Reports.

Set correct Content-Type in Webapi request

Content type in WebAPI2 requests previously defaulted to application/x-www-form-urlencoded, causing decoding issues with some firewalls. Content type in requests is now set to application/json.

Handle Unknown Query Arguments in /start Links

Unregistered arguments in /start links previously caused “application not found” errors. These arguments are now ignored during initialization.

Fix web_login_cmdline Handling in Program Downloads

Program download links with web_login_cmdline=1 were rejected when the user was not authenticated. ICP now safely expands --web-login and continues with authentication in the application.

Ignore Empty Customization Names

Customizations with an empty name were incorrectly applied as defaults in /conf → Customize. These are now ignored and return an empty string.

Include Customization in Deployment Links

Custom deployment links now correctly include the customization name when a user or domain has a default customization set.

🚀 New Features

ISSC desktop streaming

ISL Light Client on Windows now uses the same desktop streaming plugin as the main ISL Light application (ISSC). With this change, some desktop sharing settings were removed as obsolete (Black screen driver install/uninstall driver, Enable console window streaming, Enable code injection while grabbing OpenGL and DirectX application, Manage hardware acceleration settings).

Improve application sharing

Application sharing was improved. The top bar is now redrawn when a shared application is moved, and background window behavior has been aligned with the old plugin, as ISSC no longer provides its own background window.

Removed use of FFMPEG codec

FFMPEG, previously used for certain video codecs, has been removed.

Replaced yuv2rgb.neon.S with libyuv

The video plugin now uses libyuv instead of yuv2rgb.neon.S.

Updated SoundTouch library

The audio plugin now uses SoundTouch v2.4.0.

Upgrade libjpeg turbo to 3.1.1 and add support for rgb565

Upgraded libjpeg turbo to version 3.1.1, with re-added support for rgb565 encoding on systems using 16-bit graphics capture.

🐞 Bug Fixes

Skip monitor detection on virtual machines

In some cases, a no monitors attached driver was enabled when connecting to virtual machines. The application now checks if it is running on a virtual machine and skips the driver accordingly.

Incorrect version display in executable details

ISL Light Client was previously displaying incorrect version information when viewing the properties of plugin .dll files. The correct version is now shown.

🚀 New Features

Autodownload option for Universal Add-on

A new dialog is now shown when ISL Light is launched, offering users the option to download the Universal Add-on. If accepted, users are redirected to the Google Play Store. This add-on is provided instead of the device-specific signed add-on on supported devices.

Additionally, a new button has been added to the settings screen, allowing users to access the same download option manually.

The dialog and button are displayed on all devices, regardless of compatibility.

ISL Light Android > Universal Add-On Dialog / Settings “Install Universal Add-On”

Add SNI support for AutoTransport in permissive SSL mode

The AutoTransport methods wsstun-direct, wsstun-proxy, https-direct, and https-proxy were updated to include Server Name Indication (SNI) during the SSL handshake. This change improves compatibility with third-party load balancers such as Cloudflare, which rely on the hostname being sent as part of the handshake.

Update to mbedTLS 2.28.10

The internal mbedTLS library has been updated to version 2.28.10.

🐞 Bug Fixes

Starting call from Light Desk when app is minimized leads to crash or incorrect UI

Users experienced an issue where ISL Light on Android would crash when they were connected with ISL Light Desk as the operator, minimized the app, and the operator started a call. The functionality was redesigned, and the issue is no longer reproducible.

Crash when app is minimized and mic is remotely enabled from ISL Light Desk

Users experienced a crash in the ISL Light Android application when connected to a session where ISL Light Desk was used as the operator, and the operator enabled the microphone while ISL Light was minimized on the Android device. The functionality was redesigned, and the issue is no longer reproducible.

Always enable TLS when opening AT MUX channel

In previous versions, some MUX connection channels were not protected by a TLS session. TLS is now enabled on all MUX channels.

Change default for scaling – make scaling disabled by default

In previous versions scaling of device screen was always enabled if device exceeded 1024px on either of the sides of the device. This caused lower quality of remote device screen on operator side. Scaling of device screen is now disabled by default.

Disable selector for MediaProjection streaming

In previous versions users were able to select to stream ISL Light application instead of whole screen. The functionality was redesigned, the selector is now disabled, so streaming is always performed on whole screen.

Prefer Universal addon over Samsung Knox

Users experienced an issue where the Universal Addon dialog was not shown before the Samsung Knox dialog on Samsung devices. The functionality was redesigned, Universal Addon is now preferred over Knox on Samsung devices where it is available.

Connection to macOS does not send uppercase letters

Users experienced an issue where uppercase letters were not sent during a connection from an Android device to a macOS device. The functionality was redesigned, and the issue is no longer reproducible.

🚀 New Features

Change screen resolution

The “Change Resolution” feature has been extended to support ISL Light Client for Windows, in addition to the existing support on ISL AlwaysOn and ISL Light Client for macOS and Linux.

This functionality allows you to adjust the screen resolution on the remote computer during a session. You can either match the resolution with your local monitor or manually select a different resolution that better suits your setup. If the remote computer has multiple monitors with varying resolutions, you can configure the resolution for each monitor individually.

In cases where the selected resolution isn’t supported by the remote system, ISL Light will automatically switch to the next closest supported resolution to ensure a smooth experience.

Importantly, once the session ends, all resolution settings and desktop icon positions on the remote computer will revert to their original state, preserving the user’s environment.

ISL Light > Session > Change Screen Resolution Dialog

Download button for unattended access

A download button has been added to the unattended access setup dialog during a session. It provides a more intuitive way to retrieve the ISL AlwaysOn application, which was previously only accessible through a hyperlink.

ISL Light Client > Set Unattended Access Dialog

Smarter reconnect delay on network failures

A delay mechanism has been introduced between failed reconnect attempts when the connection is not fully established. The delay increases progressively from 1 to 30 seconds. A missing stop call on connection failure was also added for improved stability.

New watchdog in ISL Light Client v3

The legacy watchdog has been replaced with the hefa watchdog implementation. A crash test option is now available in the settings for testing the new watchdog functionality.

Improved SSL compatibility with SNI

AutoTransport methods (wsstun-direct, https-proxy, etc.) now include SNI (Server Name Indication) in the SSL handshake. This improves compatibility with third-party services such as Cloudflare.

ECDH algorithm logging

Log lines now include the ecdh_ctx key, indicating which algorithm was used to establish the shared secret.

Updated mbedTLS to 2.28.10

The internal mbedTLS library has been upgraded to version 2.28.10 for improved security and compatibility.

Updated libdatachannel to 0.22.6 and libjuice to 1.5.9

We upgraded libdatachannel to version 0.22.6 and libjuice to version 1.5.9.

🐞 Bug Fixes

Add support for unicode clipboard

In some cases, copying and pasting Unicode characters between operator and client did not work correctly. The clipboard functionality was redesigned, and the issue is no longer reproducible.

Reduced stack usage in administrative mode

An issue causing occasional crashes during elevation to administrative mode has been resolved by optimizing stack consumption.

Fixed ALTGr key translation

Key combinations involving ALTGr (e.g. ALTGr + C, ALTGr + H, ALTGr + I) now translate properly when operator and client use different keyboard layouts.

Detection of Windows Sandbox environment

Users experienced an issue where they were unable to enable Administrative Mode and Restart & Resume in session where they were connected to a machine with Windows Sandbox environment. The functionality was redesigned and the issue is no longer reproducible.

Fixed crash caused by calculate_string_size

Users sometimes experienced a crash of ISL Light Client application caused by calculate_string_size. The functionality was redesigned and the issue is no longer reproducible.

TLS enabled for all MUX channels

All MUX channels now use TLS encryption. In previous versions, some connections were not protected.

Histogram filtering improved

Only histogram entries that begin with an ASCII character are now sent to the server, ensuring cleaner and more relevant data collection.

Other fixes and improvements

Bug fixes, security updates, missing translations, and other general improvements.

Note: Cloud license is NOT supported. Requires an ISL Online Server License or Enterprise Managed Private Cloud license.

​​​​​​​The official ISL Online Remote Support Integration for ServiceNow is now available.

The ISL Light integration allows ServiceNow users to securely launch and manage remote desktop sessions directly from within ServiceNow tickets.

Sessions can be started from any task-based ticket type, such as incidents, problems, change requests, and service requests. Ticket details like the ID and client email are automatically passed into the ISL Light session for a seamless setup.

Agents can invite clients using ServiceNow’s communication tools, view session status (waiting, active, paused, ended), and end sessions from the ticket interface. Once a session ends, session information and chat transcripts are logged as work notes in the ticket.

Open ServiceNow Store

ServiceNow portal & ISL Light Session

🚀 New Features

Launch ISL Light sessions directly from ServiceNow tickets

Initiate remote support sessions with a single click from incident or service request records.

Automatically populate session details

Ticket ID and client email are automatically included in the ISL Light session.

Invite clients through ServiceNow’s communication tools

Send session invites via the platform’s integrated email or messaging systems.

Live session status display

Track session status—waiting, active, paused, or ended—within the ticket interface.

End sessions remotely via API

Use the “drop” command to terminate sessions directly from the ServiceNow ticket.

Automatic work notes with session summary

Once a session ends, a detailed summary and chat transcript are posted as work notes in the original ticket.

Secure OAuth2-based authentication

Authorize the application securely using industry-standard OAuth2 protocol.

Supports ISL Conference Proxy (self-hosted deployments)

Fully compatible with both MPC and SL (self-hosted) environments.

Optimized for both Classic and Service Operations Workspace

Works across ServiceNow’s Classic UI and the modern Service Operations Workspace.

🚀 New Features

Default dashboard tab now set to “Last active tab” by default

In the previous version of ISL Light, we introduced a new setting under the Default Dashboard configuration, which determines which tab is shown after logging in. The setting, called Last Active Tab, ensures that if users exit the application while on the Computers tab, the same tab will be shown upon relaunching and logging in. The same behavior applies if the Session tab was active before closing the application. This option is now the default value for the Default Dashboard setting.

Add SNI support for AutoTransport in permissive SSL mode

The AutoTransport methods wsstun-direct, wsstun-proxy, https-direct, and https-proxy were updated to include Server Name Indication (SNI) during the SSL handshake.
This change improves compatibility with third-party load balancers such as Cloudflare, which rely on the hostname being sent as part of the handshake.

Update to mbedTLS 2.28.10

The internal mbedTLS library has been updated to version 2.28.10.

Upgrade to libdatachannel 0.22.6 and libjuice 1.5.9

We upgraded libdatachannel to version 0.22.6 and libjuice to version 1.5.9.

🐞 Bug Fixes

Multiple monitor button behavior

An issue was identified when using the multiple monitors feature (opening each remote monitor in a separate view). Although separate views were created, the monitor selection was incorrect—view one would select monitor 1, but view two would show the entire desktop. This functionality has been redesigned to correctly assign each view to the respective remote monitor.

Monitor shortcuts not working with multiple monitor views

In case users used multiple monitors functionality ( each remote monitor in it’s own view ), the monitors shortcuts did not work. Support for monitor shortcuts was added, so users are now able to switch between monitors also when they are using multiple monitors functionality.

Always enable TLS for AT MUX channels

Previously, some MUX channels were not protected by a TLS session. TLS is now always enabled for all MUX channels.

Change dots to underscores for filename on Linux

In previous versions, Linux filenames used dots as delimiters in the version string. This caused an issue when the build number was below 10, as Linux systems sometimes interpreted the file as a manual page and opened it in a text editor. Filenames now use underscores instead of dots, ensuring the application always starts correctly.

Incorrect copyright

When checking the file properties of the downloaded ISL Light application, users would see incorrect copyright information. This issue has been resolved. The application’s details now correctly display XLAB d.o.o. as the copyright.

One-time password prompt appearing incorrectly

If ISL AlwaysOn was configured to support both one-time password and native-only authentication (e.g., Windows, macOS, or Linux account passwords), ISL Light would incorrectly show a one-time password prompt—even when native-only authentication was active. The connection prompt has been redesigned to hide the one-time password input in such cases.

Removed “Verify your email” screen during signup

Previously, after clicking the Sign up button in the ISL Light application, a browser would open, and ISL Light would display a “Verify your email” screen. This intermediate screen has been removed. Now, clicking Sign up simply opens the signup page in the browser, while ISL Light remains on the login screen.

Fix icon copy in secure part on macOS

On macOS, resources could be injected in a way that caused copying to the destination folder to fail. This occurred because the operation was appended in the unsigned part of the package. It is now allowed in the signed part, enabling proper execution in the unsigned portion.

Other fixes and improvements

Bug fixes, security updates, missing translations, and other general improvements.

🚀 New Features

Computers Administration

A new Computers tab has been added to the Administration section, enabling the account owner and domain admin(s) to centrally manage all remote computers registered under their domain, including those added by other users. The page provides a complete overview and essential tools to view, organize, and control access to these computers.

Web Portal > Administration > Computers

• Overview of all computers
  View all remote computers linked to your account, including those registered by users within your domain. The table includes columns such as: Alias, Computer Name, Status, Last Online, Computer Group, Owner, Shares, Tags, Platform, Agent Version, IP Address, MAC Address
• Change computer group
  Move computers between groups to keep them organized.
• Change computer owner
  Reassign ownership of a computer to another user.
  Note: If a computer is added to a computer group, ownership is automatically transferred to the group owner. The group owner can be changed by users with appropriate permissions (e.g., Group Admin, Computer(s) Manager, or Computer Owner).
• Share computer
  Share access to a specific computer with users or user groups in your domain.
  Note: We recommend sharing via “Computer Groups“, as this allows you to set the permission level when sharing the group with other users. Additionally, when you add a new computer to an existing computer group it will automatically be shared with users and user groups with whom the computer group is already shared.
• Add tags
  Use tags to categorize and filter computers based on your own criteria.
• Export to CSV
  Export the computer list and metadata to a .csv file.
• Quick view
  A quick view panel has been added to the computer list. It opens when you click any row in the table.
• Computer details page
  A detailed view is available and can be accessed via quick view or by clicking the computer name in the table.

⚙️ New Setting: Edit computers (domain admin only)

Web Portal > Administration > Settings > General > Edit Computers (domain admin only)

• When enabled (default):
  Domain admins can manage the Computers tab — rename computers, assign groups or owners, share access, and set tags.
• When disabled:
  The user (domain admin) can only view the list of remote computers.
  Note: The user must be an account owner or domain admin to access the Administration section (see the Domain Admin setting).

Computer group administration

Support for managing computer groups has been added to the Administration section. You can now create and delete groups through the Computer Groups tab using Quick View. Once a group is created, computers can be added to it.

Web Portal > Administration > Computer Groups

The Quick View now includes a list of computers in the group, allowing you to easily add or remove them with confirmation prompts.

Additionally, a new Computers subtab has been introduced in the Computer Group Details page, providing a full overview of all computers assigned to the selected group.

Web Portal > Administration > Computer Groups > Computers

⚙️ New Setting: Create, edit and delete computer groups (domain admin only)

Web Portal > Administration > Settings > General > Create, edit and delete computer groups (domain admin only)

• When enabled (default), domain admins can view, create, manage members, and delete computer groups.
• When disabled, groups are read-only.
  Note: The user must be an account owner or domain admin to access the Administration section (see the Domain Admin setting).

New WebAPI methods:

• domain/admin/computergroup/create/1:
  Creates a new computer group with the given name, owner, and members (connect-only). Returns the public code of the new computer group.
• domain/admin/computergroup/delete/1:
  Deletes the specified computer group. The group is not deleted if it is external or still contains computers and/or members.

ISL Light for Web (beta)

The ISL Light for Web (beta) version allows users to view a remote desktop directly from their browser, eliminating the need to download or install the desktop application. While this version offers added convenience, certain features are unavailable due to browser limitations.

Web Portal > Sessions/Computers > Session in browser

✅ Advantages of the web version:

• No installation required
  Ideal for one-time sessions or situations where installation is not feasible or permitted. Access ISL Light directly from your browser without downloading or installing the application.

🚫 Features NOT supported in the web version:

• Screen sharing
  Operators can view the remote desktop but cannot share their own screen.
• Clipboard sharing/syncing
  Copying and pasting between the local and remote machines is not supported.
• File transfer
  Transferring files between the local and remote machines is not supported.
• Session recording
  Recording a session is not available in the web client.
• Multiple monitor management (explode monitors)
  Opening each remote monitor in a separate window is not supported.
• Simulated typing for paste operations
  The Paste (Simulate Typing) feature is not supported.

Browser compatibility:

• Google Chrome: Version 95 or newer
• Mozilla Firefox: Version 90 or newer
• Microsoft Edge: Version 91 or newer
• Safari: Version 14 or newer

Accessing the web version:

You can start a web session from the Sessions page, Computers page.

Sessions page:

A new option to start/open/resume a session using ISL Light in browser was added to the Sessions pages.

Web Portal > Sessions > New Session Browser (beta)

• “Start New Session” was renamed to “New Session” and is now a split button:
  • New Session (default) – standard app download flow
  • New Session in Browser (beta) – opens in a browser tab via ISL Light
• Active sessions:
  • Open in App (default)
  • Open in Browser (beta)
• Paused sessions:
  • Resume in App (default)
  • Resume in Browser (beta)

⚙️ New Setting: Browser session support

/conf > Configuration > ISL Light > Browser session support

• Enabled by default
• If disabled, only New Session (default flow) is available

Computers page:

A new option to connect to a remote computer using ISL Light in browser was added to the Computers pages.

Web Portal > Computers > Connect in Browser (beta)

• The Connect button now offers:
  • Connect in App (default)
  • Connect in Browser (beta)

⚙️ New Setting: Browser connect support

/conf > Configuration > ISL AlwaysOn > Browser connect support

• If disabled, only the default flow is available
• Enabled by default

Join a session in browser:

⚠️ Limitations:
The browser version currently does not support screen sharing from the client side. This means that if the client is expected to share their screen with the operator, the browser version will not be suitable.

However, it can still be useful for viewing the operator’s shared screen (e.g., presentations, guided instructions).

⚙️ New Setting: Join session method

/conf > Configuration > ISL Light > Join session method

Options:

• Ask every time
• Join in app (default)
• Join in browser

Behavior:

• If Ask every time is selected: The join page shows two buttons:
  • Join in App (downloads app)
  • Join in Browser (redirects to ISL Light in browser)
• If Join in app is selected: Uses the standard app-based flow.
• If Join in browser is selected: The page shows only Join in Browser.

Executable signing to prevent false virus detections

Build of Go modules was fixed to sign all .exe files. Executables now contain digital signature which should reduce the probability of being incorrectly detected as virus by antivirus programs.

Add option to upgrade PostgreSQL version on demand

Manual PostgreSQL upgrade support was added (required for major version changes, e.g., 9.3 → 16). Minor version upgrades remain automatic. Manual upgrade is required when upgrading to a major version (e.g., 9.3 → 16). Minor version updates are still performed automatically.

When a new version is available, /conf displays: A new PostgreSQL version (16) is available for installation.

This includes estimated time and disk usage (based on DB row count).
The upgrade process mimics PostgreSQL installation:

• Step 1: Click Upgrade to PostgreSQL version 16...
• Step 2: Click Execute

Bundled PostgreSQL version upgraded from 9.3.25 to 16.8.

Use CPSESSID Cookie in WebAPI2 Handler

Web session cookie support was added to WebAPI2. Clients can now call /users/webapi2 and use the session cookie.

New request format (JSON2):

jsonCopyEdit{
  "hs": "<session web token>",  // optional
  "pt": "<post token for current web session>",
  "hedata": { ... },  // request body (old JSON1 format)
  "ignore_cookie": true  // optional
}

• Use of plain hs token in requests was removed.
• All WebAPI2 requests now rely on the new JSON2 format and cookie-based session control (v2400 pages).

Password history settings

Password history controls are now exposed under:
Administration > Security > Password

These settings help enforce password reuse policies and aging rules.

⚙️ New Settings:

• Password history size: Number of recent passwords stored (default: 24)
• Maximum password history size: Upper limit for history entries (default: 100)
• Minimum password age (1w 2d 3h 4m 5s): Minimum time between password changes
• Maximum password age: Formerly Password expiration interval; users must change passwords after this time

Notes:

• Password history only updates when a user changes their own password.
• Administrative password resets do not affect history.
• Older entries are removed when the limit is exceeded.

Remove timeout from moduleapp startup

The 120s timeout exception when starting or restarting a Go moduleapp process was removed. It is now replaced with a critical log line: module app process has not started yet, logged every 10 seconds.

Support for reCAPTCHA Enterprise and automated browser detection/blocking

Support for reCAPTCHA provided by Google Cloud Services was added. Previously, only standalone reCAPTCHA v2 and v3 were supported.

⚙️ New Settings:

• Project ID: Google Cloud project ID with reCAPTCHA enabled.
• API key: Google Cloud API key associated with the project.
• reCAPTCHA required: Controls if reCAPTCHA is required on protected WebAPIs.
• reCAPTCHA site key: The key associated with the website or application.
• Fail 2 ban reason codes: A list of interpreted reason codes to be flagged for fail2ban (must be prefixed with rc_).

When Google Cloud reCAPTCHA is enabled, v2 and v3 are ignored even if set up. Settings were reorganized and grouped accordingly.

Documentation for supported reason codes: Understand reason codes – Google Cloud reCAPTCHA

To enable better monitoring and abuse detection, a specific user action can now be passed via the new URL parameter: captcha_action.

Add support to send email notification when creating user account

A new email notification is sent when a user account is created. Controlled via two new settings in /conf > Configuration > General > Mail > Templates:

• Account created notification
• Mail template for account created notification

Triggers for sending the notification:

• Server administration
• Domain administration
• Integrator
• SAML login
• External authenticator

Update confirmation and verification code emails

The appearance of confirmation and verification code emails was updated. These emails are sent when logging in with email set as the preferred 2FA method.

SSO username mapping

SSO username mapping allows mapping a username from an identity provider to a domain-specific username (case-insensitive).

Example: If your domain user is \example\joesmith and SSO username is joe.smith@example.com, you can map the two.
When logging in via SSO, the system will authenticate the user as \example\joesmith.

⚙️ New Setting: SSO username mapping

Administration > Security > Authentication > Single Sign-On (SSO)

Add Option to Send Chat Content in HTTP Events

⚙️ New Setting: Send live chat transcripts in HTTP events

/conf > Configuration > ISL Light > Send live chat transcripts in HTTP events

• Requires Send live chat transcripts to be set to Yes
• Disabled by default

New HTTP event type: CHAT_CONTENT

Transcript content is included in the text field.

Chat transfer system messages

System messages for chat transfer and takeover were added. Examples include:

• "Y has taken over the chat"
• "X wants to transfer the chat to Y"

Upgrade OpenSSL to 3.0.16

OpenSSL was upgraded to version 3.0.16.

Upgrade to libxml2 2.12.10 and libxslt 1.1.42

• libxml2 upgraded to 2.12.10
• libxslt upgraded to 1.1.42

Upgrade jemalloc to 5.3.0

jemalloc upgraded from 4.0.4 to 5.3.0 (Linux only)

Upgrade jQuery-UI to 1.14.1 (v2400 Pages)

jQuery-UI was upgraded to 1.14.1 for v2400 pages.

Remove v1 template and web pages v1, v2, v3, v4

Support for the v1 web template and legacy web pages (v1–v4) has been removed. The /join endpoint now redirects to join.html. Deprecated handlers and XPP expressions used exclusively in the removed pages were also removed.

🐞 Bug Fixes

Pass ciphers global map by reference on SSL accept

Previously, the ciphers global map was passed by copy, affecting performance. This was redesigned to pass the map by reference.

The defect was fixed.

Wait for user account to be replicated in loginsso handler

SSO logins could fail if the user was created on one server but not yet replicated to the Web page server. This was redesigned to wait until the user is replicated before proceeding.

The defect was fixed.

Support WebSocket upgrade of existing HTTP connection

WebSocket support was improved to allow upgrades to WebSocket even after preceding HTTP requests on the same TCP connection, and not just at the start of a TCP connection. This should also fix connection issues when ISL Conference Proxy is placed behind a load balancer.

Bulk share did not allow sharing of non-owned computers

In previous versions, bulk sharing of computers in a group failed with the message: "Some computers have been omitted – shared computers cannot be edited."

Redesigned behavior:

• Bulk Share modal now lists all computers, not just owned ones.
• Sharing/unsharing works even for entries with user groups in shares.
• Results are split between success and failure messages.
• A scroller is added when many computers are listed.

The defect was fixed.

Support certificate authorities without a Terms of Service link

Previously, SSL module raised an error: "Could not retrieve terms of service." This occurred when a certificate authority (CA) did not provide a terms link, which is optional under ACME.

Fixes:

• The checkbox to accept terms is hidden if no link is provided.
• A new message was added: "Please install the SSL certificate to enable secure connections."

The defect was fixed.

tlsext_ticket_refresh_task should not use a static watchdog

This task was incorrectly protected by a watchdog, which triggered false alerts when the TLS ticket refresh interval setting changed. Now the task is rescheduled dynamically and no longer monitored by the static watchdog.

The defect was fixed.

Maximum password age lower than minimum caused lockout

Previously, it was possible to set the maximum password age to a lower value than the minimum password age, which could cause user lockouts. The validation logic was updated to prevent this misconfiguration.

The defect was fixed.

Other fixes and improvements

Bug fixes, security updates, missing translations, and other general improvements.

New Features

Updated Black Screen driver for Windows 10 and 11

The implementation of the black screen driver on Windows 10 build 2004 or newer has been redesigned. In previous versions, the black screen functionality used the Magnification API on Windows 8 or newer. The new version now uses a transparent (alpha) window, similar to the implementation on Windows 7. It also leverages the Windows flag WDA_EXCLUDEFROMCAPTURE, which allows the use of the desktop duplication driver alongside the black screen (previously, only polling/hooks were used when the black screen was enabled). Additionally, the polling driver has been optimized for better performance.

Option to disable black screen mode

Support for disabling black screen functionality has been added to ISL Light. Two new command-line arguments were introduced:

On the client side, the following argument prevents enabling black screen mode if initiated:
--on-connect "desktop?allow_black_screen=false"

On the operator side, the following argument hides the button that enables admin mode:
--on-load "customization?hide_black_screen=true"

Reordered and renamed black screen settings

Black screen settings have been reordered and renamed. All related options are now listed together.

ISL Light > Settings > Remote Desktop > Black screen (curtain mode)

Updated signup flow with web redirection and verification step

The signup process within ISL Light has been changed. Users are now redirected to the web signup page, and an additional email verification step has been added.

Custom clipboard retry count and improved clipboard-lock handling

When the ISL_ISSC_DEBUG environment variable is set, ISL Light logs clipboard ownership conflicts. This feature has been extended to allow configuration of how many retry attempts should be made before logging the issue. You can now define the number of retries by setting the ISL_ISSC_clipboard_retry_count environment variable.

Add feedback when creating computer shortcut on desktop

A new confirmation window is now displayed after adding a computer shortcut to the desktop.

ISL Light > Computers > Create Desktop Shortcut

Remove LoginView1fa

The login view was redesigned to immediately show a connection error message if the server is unreachable, without prompting the user to log in.

Upgraded libdatachannel and libjuice libraries

The libdatachannel and libjuice libraries have been updated to the latest versions:

Bug Fixes

Increase setup timeout and update check installed

Users experienced an issue where they were unable to enable the restart&resume during a session. The issue was that setup of ISSC Daemon reached an internal timeout thus failed to get correctly installed.

This timeout was increase and should no longer be causing inability to activate restart&resume.

Update libjpeg turbo to 3.1.0

Desktop streaming sometimes failed due to incorrect JPEG encoding during screen updates. Updating to libjpeg-turbo 3.1.0 resolved this issue.

Forced screen refresh on headless Windows machines

When no display was attached to a remote Windows machine, the screen failed to refresh. The functionality was redesigned, and the issue is no longer reproducible.

Join window now opens on top of other windows

The “Join a Session” window was sometimes placed behind other windows. It now opens in the foreground by default.

“Sign up now” button shown without internet on server license

The “Sign Up Now” button appeared even when no internet connection was available on a Server License installation. The issue was addressed and is no longer reproducible.

Translate ALTGr + C, H, I keys

Users experienced an issue where certain key combinations were not translated correctly in the session when different keyboard layouts were used on operator and client side. The functionality was redesigned and the issue is no longer reproducible.

Fixed incorrect connection time display

In some cases, the connection time was displayed incorrectly. The underlying logic was redesigned to fix the issue.

File transfer window name corrected

The File Transfer window was incorrectly labeled as “ISL Light.” It has been renamed to “File Transfer.”

Fixed crash when querying CPU features on Linux

In rare cases, the application crashed while checking for CPU features on Linux. The defect was fixed.

Chat now shows license usage in all sessions

The license usage message was missing in chats after the first session because it was sent before chat initialization. The handling was redesigned to store the message and inject it into chat after initialization.

Fix cursor size on macos 10.12

Local mouse movements were not visible on operator side when connected to macOS 10.12 or newer. Cursor capture was redesigned to resolve this.

Share group dialog has no name

The share group dialog name was not read by accessibility tools. The defect was fixed.

Fixed keyboard navigation in share computer dialog

Keyboard navigation incorrectly focused on a disabled owner line. The issue was fixed so the line is now skipped.

Added accessibility features to chat content

Chat messages and content were missing accessibility support. Accessibility features have now been added.

Esc key now closes the share group dialog

The ESC key did not previously close the “Share Group” dialog. The issue is now resolved.

Other fixes and improvements

Bug fixes, security updates, missing translations, and other general improvements.

New Features

Introducing the ISL Light Add-On: Universal

The Universal Add-On is used in conjunction with the ISL Light application to enable full remote desktop control of Android devices during sessions. It allows the remote user to control the device using a keyboard and mouse, and to view the screen in real time.

The add-on uses Android’s Accessibility service to inject input events and the MediaProjection API to stream the device’s screen. To enable remote control, users must grant Accessibility permission to the Universal Add-On. The minimum supported Android version is 8.0 (Oreo). On Samsung devices, if the Knox license is cancelled and the Universal Add-On is installed, users will be prompted to enable the Universal Add-On.

Important:

• This is not a standalone application (requires the ISL Light app for Android)
• Accessibility permission is required
• Compatible with Android 8.0 (Oreo) and above

Android > Settings > Accessibility > ISL Light Universal

Add signature check for Universal Add-On

A signature verification check has been added to the Universal Add-On. This ensures that only the ISL Light application can use the Universal Add-On by verifying the calling application’s signature.

Add keyboard control to Universal Add-On

The Universal Add-On now supports Unicode character injection and the Delete key. Additional support has been added for global key inputs, including:

• Home (Home)
• Back (Ctrl + Home)
• Recent apps (Ctrl + Alt + Home)
• Arrow key navigation

New Features

ISL AlwaysOn service auto-start after device boot

Added a feature to start the ISL AlwaysOn service (unattended access service) on device boot. In previous versions, if users rebooted the device, the service did not start until the ISL Light application was launched. The service will now start once the Android device is unlocked for the first time.

Added support for the Universal add-on

Added support for universal addon which will allow remote view and control of Android device.

Local user consent for remote access

Added additional notification options when users connect to an Android device. Users on Android can now specify one of the following options in the remote access interface:

• Show notification of incoming connection
• Notification timeout (available if Show notification of incoming connection is enabled) – Defines how long the notification is displayed before accepting the connection.
• Show consent to start connection (available if Show notification of incoming connection is enabled) – Allows users to either accept or deny the connection.
• Start connection on timeout (available if Show notification of incoming connection and Show consent to start connection are enabled) – Defines the default behavior when the timeout is reached (either accept or deny the connection).

If the session is rejected by the user on an Android device, the operator will receive a message stating that the remote user denied the connection.

ISL Light Android > Menu > Remote Access

Similar settings can be applied to computers through ISL AlwaysOn. To find out more, please check the ISL AlwaysOn Notification / Local Consent manual.

Added option to disable display scaling using AppConfig

Users can now deploy a setting via AppConfig that controls whether the Android device screen is scaled. The restriction key is called restrictionDisplayScaling.

Swipe navigation replaces old tab system

The old tab system (PagerSlidingTabStrip) has been replaced with ViewPager2, improving navigation between sections.

Bug Fixes

Computer groups were not sorted alphabetically

Users experienced an issue in ISL Light on Android devices where Computer Groups were not sorted alphabetically. The functionality was redesigned, and the issue is no longer reproducible.

The defect was fixed.

Unattended access chat history was not cleared

When reconnecting to an Android device via unattended access, old chat messages were sometimes still visible. The chat history now resets correctly when a new session starts.

Toolbar disappeared when using floating keyboard

The toolbar in a session disappeared when users used a floating keyboard. The issue occurred because Android does not provide information about whether the keyboard is open or closed, preventing the toolbar from appearing.

Detection of keyboard status has been redesigned to recognize changes in view size. The toolbar will now always appear correctly.

Microphone and camera permission issues in ISL Light Desk

When connecting from ISL Light Desk to an Android device and starting a video or audio call, the call did not correctly initialize after approving microphone and camera permissions.

Permission handling has been redesigned to ensure video and audio start correctly upon returning to the application.

The defect was fixed.

UI inconsistencies between Android and iOS for calls during screen sharing

When starting an audio/video call while an Android user was already viewing a remote screen, the interface switched to the call view.

This behavior has been unified with the iOS application. Now, if a call starts while viewing the remote desktop, it will open in minimized mode instead of switching the interface.

The defect was fixed.

Recording did not start when connected to ISL Light Desk

When users started recording while connected from ISL Light Desk to an Android device, the recording did not start.

The issue was caused by the recording plugin not being correctly registered when connecting from ISL Light Desk. The recording feature now works as expected.

The defect was fixed.

Mini player did not start after granting overlay permission

When an operator initiated a call, the system prompted the Android user to approve the overlay permission in settings. However, upon returning to the ISL Light app, the mini player was missing.

Permission change handling has been redesigned. The mini player will now appear correctly after users grant overlay permission.

The defect was fixed.

Back button returned to viewer from chat instead of terminating session

Previously, pressing the Back button while viewing the chat during a session would prompt users to terminate the session.

The defect was fixed.

Default camera on mobile devices changed to front camera

The default camera on Android devices was previously set to the back camera. It has now been changed to default to the front camera.

The defect was fixed.

Multiple unattended connections to Android were not limited

Users could start multiple ISL AlwaysOn connections to a remote Android device, which is not supported.

A fix was implemented to now limit the number of ISL AlwaysOn connections to one per remote Android device.

The defect was fixed.

No message was displayed when trying to use disabled features

Previously, no message or feedback was shown when users attempted to access a feature disabled via GUI settings.

The functionality has been redesigned, and users now receive a message explaining that the feature is disabled.

The defect was fixed.

App crashed when trying to share screen with disabled GUI features

Users experienced a crash when attempting to share their screen while GUI features were disabled on the server.

The issue has been resolved, and the app no longer crashes.

The defect was fixed.

Session join was blocked after generating a session code

Users were unable to join a session on their Android device after generating a session code.

The session code generation functionality was redesigned, and users can now successfully join a session after generating a code.

The defect was fixed.

Device rotation interrupted MediaProjection permissions

An ISL Light session from a desktop to an Android device would fail when the Android user rotated the device.

The defect was fixed.

Keyboard input was not sent to remote side after typing in chat

In certain cases, keyboard input was not sent to the remote side after typing in the chat window.

The defect was fixed.

App crashed when opening keyboard in Windows UAC mode

ISL Light crashed on Android devices when a UAC window was shown on a remote Windows machine and the Android user opened their keyboard.

The defect was fixed.

No chat toast or counter was displayed

Users did not receive chat toasts or message counters when chat messages were sent.

The defect was fixed.

run_alwayson.remote message was displayed incorrectly

A message prompting users to add a device to the Computer List was shown on Android devices, even though this feature is not supported.

The defect was fixed.

Other fixes and improvements

Bug fixes, security updates, missing translations, and other general improvements.