| v1.8.0 | 2026-06-05 | linuxwindowsmacos | - Added MFA checks before Connect so the desktop app waits for successful verification before starting the VPN.
- Added MFA enrollment and verification screens with English and Vietnamese copy, QR setup, and clear error messages.
- Added MFA verification status reporting so access policies can recognize a successfully verified session.
- Preserved existing device registration behavior while adding MFA before connection.
- Improved MFA cleanup on logout, app close, and sign-in failures so stale verification state does not carry over.
| Download |
| v1.7.1 | 2026-05-29 | windowsmacoslinux | - Improved VPN recovery when the VPN daemon restarts or temporarily becomes unreachable, reducing unnecessary logout loops.
- Kept the Reconnecting state visible until controller, network, and VPN health checks have all recovered.
- Fixed internet recovery status so the app no longer shows Connected while another recovery issue is still active.
- Keep macOS user data writable after pkg upgrades.
| Download |
| v1.6.3 | 2026-05-04 | linuxwindowsmacos | - Controller reachability check no longer rolls back a healthy tunnel on a transient probe failure. The agent resolves the controller hostname via a public DNS chain so a tunnel-pushed resolver outage no longer blocks connect.
- Fixed an intermittent login / register failure that surfaced as "error reading response body: context canceled" on busy networks.
- "Trust this certificate?" prompt only fires for genuine certificate-trust events (unknown CA, hostname mismatch, invalid cert). Transport failures (DNS, TCP, timeout) route back through the reconnect loop. The prompt also cancels cleanly on Disconnect / Reset / Logout, fixing a stale rejection that could disconnect a healthy session seconds after connect.
- Clearer "Internal DNS unavailable" notification when the network's internal DNS server cannot be reached through the VPN; clears automatically once the resolver is back.
- VPN auto-recovers after a background service restart instead of flipping to Disconnected — no manual reconnect needed.
- Fixed a stuck white window on app close when the renderer was unresponsive; the app now force-quits after a short probe timeout.
| Download |
| v1.6.2 | 2026-04-29 | linuxwindowsmacos | - Watchdog pipe communication is now cryptographically authenticated to prevent impersonation attacks.
- Resolved a critical update UI hang on slow networks and low-CPU machines — the update progress no longer gets stuck.
- macOS runtime paths unified under a consistent namespace for cleaner behavior and better compatibility.
- Unix runtime directory permissions corrected on upgrade to ensure proper accessibility.
- Fixed stale WireGuard session state before force re-authentication to prevent lingering connection issues.
- Small stability and reliability improvements across all platforms.
| Download |
| v1.6.1 | 2026-04-23 | linuxwindowsmacos | - Fixed connection startup to fail fast with a clear controller outage message instead of hanging or showing internal probe details.
- Restored immediate posture enforcement after VPN connection and prevented stale controller auth keys from crossing registrations.
- Improved Windows posture collection reliability and crash handling so disconnect state is reflected correctly in the UI.
- The app now tears down the VPN tunnel promptly when exiting.
- Strengthened watchdog safeguards around local process verification, background health checks, and service recovery.
- Fixed a macOS issue where the VPN service could get stuck in a reinstall loop — connections now recover cleanly.
- The agent now restores itself automatically if its background service record ever goes missing, so you no longer need to reinstall when that happens.
- Improved stability of background processes with smarter restart behavior under intermittent failures.
- Crisper system tray icon on macOS — smaller, better proportioned, and sharper on high-DPI (Retina) displays.
- Improved Windows posture check reliability by preserving complete process evidence while keeping startup-safe fallback collection paths.
- Faster network fallback behavior during connectivity recovery, reducing fallback transport delay to improve responsiveness.
- Added clearer watchdog timing diagnostics around local process collection to improve troubleshooting on slower machines.
- Small polish and reliability improvements under the hood.
| Download |
| v1.6.0 Critical | 2026-04-17 | linuxwindowsmacos | - VPN connection is now faster and more reliable — the agent manages connections natively without depending on external command-line tools.
- Permission and login issues on Linux, macOS, and Windows have been resolved so connecting works smoothly out of the box.
- Critical updates are now downloaded in the background and installed automatically when you quit the app, so you always stay on the latest version.
- Improved security across the app to better protect against malicious content and unexpected crashes.
- Refreshed system tray icon — now matches the app icon, with clearer visibility for connected and disconnected states.
- Better stability under unexpected conditions: the app keeps running gracefully when something goes wrong instead of crashing.
- Various small fixes and polish to deliver a smoother day-to-day experience. | Download |
| v1.5.1 | 2026-04-14 | linuxwindowsmacos | - WebSocket handler hardening: panic recovery shims on all goroutines processing external input, preventing a single malformed message from crashing the agent.
- Fixed white screen on force-logout when the WebSocket connection is already broken.
- Fixed spurious ERR_ABORTED and sub-frame errors surfacing as fatal did-fail-load events.
- Improved node registration reliability with increased timeout.
- Posture v2: self-healing Bootstrap when token is expired or burned — agent recovers without manual reconnect.
- gRPC: stale unary goroutine is cancelled when the node re-registers, eliminating goroutine leaks.
| Download |
| v1.5.0 | 2026-04-08 | macoslinuxwindows | - Posture v2 with signed device reports and encrypted device key storage.
- Stronger anti-spoofing for process verification (multi-layered signing checks).
- New gRPC unary protocol with automatic TLS probing and TOFU trust for self-signed controllers.
- Enterprise/vendor builds now ship via a dedicated release channel with auto-update support.
- Reliable logout experience with clear messages when a device is removed or access is revoked.
- UI polish: fixed login button jitter, footer alignment, and clipped toolbar icons on macOS/Linux.
| Download |
| v1.4.1 | 2026-03-16 | macoslinuxwindows | - Added support for runtime client configuration updates with automatic token refresh handling.
- Improved configuration update reliability with GRPC fallback support when the primary port is unavailable.
| Download |
| v1.4.0 | 2026-03-13 | linuxwindowsmacos | - Added support to register the Windows app to launch at startup, with in-app toggle control.
- Upgraded the networking core across all platforms for more stable connectivity.
- Improved auto-update workflows and installer behavior across platforms.
- Enhanced post-update app restart behavior.
- Fixed macOS PKG preinstall/postinstall scripts to better detect app bundle paths in Applications and improve install reliability.
- Standardize macOS launchd service management
| Download |
| v1.3.6 | 2026-02-23 | windowsmacoslinux | - Fix finished gracefully without crashing on windows
- Update tunnel service
- Fix passport in agent | Download |