Corrected an issue where, if the Guest module of a subscriber used the SessionAction API to send any request (including change of authorization (CoA) requests) to the publisher within the same zone, the request failed with a 404 error because the request path was not defined.

Corrected an issue where an enforcement policy was incorrectly mapped if changes were made through a REST API call.

Corrected an issue where a bulk Import of endpoints or endpoint profiles did not trigger a Database Change Notification (DBCN) event, which caused the in-memory endpoints table to not be updated. Database updates for bulk imports of endpoints are now performed correctly.

Corrected an issue where the wrong username was sent to the firewall for Session Logout events if the Username Transformation option was configured for the server at Administration > External Servers > Endpoint Context Servers > Modify Endpoint Context Servers.

Corrected an issue where Post Authentication tried to communicate with endpoint context servers using the HTTP Proxy even if the Bypass Proxy option was enabled at Administration > External Servers > Endpoint Context Servers > Modify Endpoint Context Server.

Corrected an issue where, if an invalid phone number was entered in a guest registration form, the error message was shown but the form was allowed to be submitted and the account was created. The Phone Number field is now correctly validated before the form can be submitted.

If a login banner and forced user acknowledgment were configured in cluster-wide parameters for ClearPass Policy Manager user logins, they were also applied to ClearPass Guest operator logins and guest registration pages. This is still the default behavior; however, an option is now added in ClearPass Guest to override the Policy Manager setting.

To disable or enable the Policy Manager banner and acknowledgment for Guest logins, go to Guest > Administration > Operator Logins > Login Configuration.

Corrected an issue where the length of the randomly-generated MPSK password did not match the configured length. If a number larger than 16 was entered in the Random Password Length field at Administration > Aruba Integrations > MPSK Configuration, ClearPass only generated a 16-character password. The MPSK password length is now increased to a maximum of 63 characters.

Corrected an issue where the root partition (/) sometimes filled with too much data from the Guest application log and the Event Viewer showed the error message "System is runnning with low disk space. Aggressive cleanup for /$ will be initiated when the available disk space falls below 20%."

Log rotation now limits the amount of data that is retained in the log file.

Corrected an issue where users with a custom operator profile that included full access to Insight could not fetch Insight alerts or reports through the REST API, and received a "403 Forbidden" error instead. Only users with the Super Administrator profile could use the API to fetch Insight alerts or reports.

Now if a custom operator profile is created at Guest > Administration > Operator Logins > Profiles and configured with Full Access (Read, Write, Delete) to API Services, plus at least minimum access (Read) to Insight in Policy Manager services, any operator with that profile can use the API to fetch Insight alerts and reports.

Corrected an issue where, when Insight was configured to send email notifications for Insight alerts, the email showed the IP address instead of the qualified hostname of the server.

Corrected an issue where, although license computation should only run on the publisher, license computation was running on an Insight-enabled subscriber in a cluster. The license computation is now correctly run on only the publisher and not run on any subscribers (Insight-enabled or not).

Corrected an issue on Ubuntu clients where the ClearPass OnGuard Agent sometimes failed to connect to the ClearPass Agent Controller service after the interface was bounced.

Corrected an issue on Ubuntu clients where RADIUS authentication did not happen after the OnGuard Agent bounced the wireless interface.

Corrected an issue where the ClearPass OnGuard Agent caused the Ivanti application (ST.EngineHost.exe) to stop abruptly.

Corrected an issue where a Windows client was marked as unhealthy when all of the following conditions were true:

Corrected an issue on macOS clients where the ClearPass OnGuard Agent displayed messages that requested access to some privacy settings.

Corrected an issue on macOS clients where the ClearPass OnGuard Agent bounced the interface after waking from sleep even when the .disableBounceAfterWakeup file was present.

Corrected an issue on Windows clients where the ClearPass OnGuard Agent sent an empty list instead of the missing patches for a Patch Agent application if a previous attempt to read the missing patches had failed.

Corrected an issue on Windows clients where the ClearPass OnGuard Agent did not detect the Check Point Endpoint Security 88.x application. Support is now added for Check Point Endpoint Security 88.x.

Corrected an issue on macOS clients with an M1 chip where the ClearPass OnGuard Agent installer showed a message saying the Rosetta emulator had be installed.

Corrected an issue on macOS 15 (Sequoia) clients where OnGuard displayed the error message "Failed to connect to ClearPass Agent Controller Service." The ClearPass OnGuard Agent for macOS is now supported on macOS 15.

Corrected an issue on Linux clients where the VIA component of the ClearPass OnGuard Agent did not send the value of the User Principal Name field from the selected certificate as the username in the WebAuth request. Instead, the OnGuard Agent sent the value of the Common Name field as the username, which caused authentication failures. This issue was only seen when certificate-based authentication was enabled.

The VIA component now correctly uses the UserPrincipalName (UPN) from the SubjectAltname attribute. If the UPN is not available, the application falls back to using the CN value of the certificate.

Corrected an issue on macOS clients where the ClearPass OnGuard Agent did not report the correct status for "Mac OS X Builtin Firewall 15.x" on macOS 15. The ClearPass OnGuard Agent for macOS is now supported on macOS 15 and correctly reports status for "Mac OS X Builtin Firewall 15.x".

Corrected an issue where the Configuration > Services page of the publisher became uresponsive if one of the subscribers was unavailable.

Corrected an issue where, at Monitoring > Live Monitoring > Access Tracker, rows for requests in TIMEOUT status were displayed in yellow font. The font color reverted to black if the user clicked the row, but sometimes turned yellow again if the page was reloaded. This was a cosmetic issue and could be ignored.

Corrected an issue where, when an enforcement profile that had the Allowed VLAN Names on Trunk (one per line) option configured on the Configuration > Enforcement > Profiles > Role Configuration tab was exported and then imported in again, the VLAN names were treated as a single entry all on one line. Now when the enforcement profile is imported the names are properly treated as different entries on separate lines.

Corrected an issue where, after ClearPass was updated, the server's number in the "Last successful login" banner and the URL was displayed as an encrypted IPv6 address.

Corrected an issue where the default route was sometimes lost during a change to the maximum transmission unit (MTU) and an incomplete restart of the NetworkManager service.

Corrected an issue where ClearPass could not retrieve data properly from MSSQL server 2016 or 2017 as part of authentication or authorization sources.

Corrected an issue where frequent restart of some important services in the system (ClearPass system-auxiliary-service, RADIUS service, etc.) were seen if the syslog server was configured as the Fully Qualified Domain Name (FQDN).

Corrected an issue where, at Monitoring > Live Monitoring > System Monitor, the Disk Usage graph displayed the available space for only the / partition (the root) instead of the total available space for the partition.

Now for the selected server, in addition to showing the graph for the / root partition the System Monitor page also includes Disk Usage graphs for the /var and /var/log partitions. The three graphs are interpreted as follows:

Corrected an issue where, an action was selected in the user interface that opened a pop-up window (for example, an add, import, or show-details action), sometimes the pop-up window displayed the error message “Sorry, an error occurred” instead of the expected content and the action could not be completed.

Corrected an issue where Database Change Notification (DBCN) processing sometimes failed with the error message "[Errno 24] Too many open files," and as a result ClearPass did not apply the changes in OnGuard Application Access Control.

This issue was seen when the number of file descriptors opened by the cpass-dbcn-daemon service was more than 1024.

Corrected an issue where service categorization failed for a device group if the group included both a NAD subnet and an IP address range.

Corrected an issue where the HPE Aruba Networking 5420 switch was not able to communicate with ClearPass using its Trusted Platform Module (TPM). The CN=HPE Aruba Devices Root CA 02,O=Hewlett Packard Enterprise Development,C=US root certificate authority (CA) is now added to the ClearPass Trust List.