This release contains bug fixes and minor changes to the deviceTRUST Host, Client and Console. See the deviceTRUST 20.1.200 and deviceTRUST 20.1.100 release notes for full details of all of the changes introduced in 20.1. If upgrading, please refer to Compatibility for changes in this release.
New Similarity operator
A new ‘Similarity’ operator has been added which compares the contents of an array value to ensure that a sufficient number of entries are equal. This can be used for scenarios such as ensuring that a remote device is within range of a set of access points. The new operator is currently available within context filters and custom conditions.
Date conditions can now be configured to be relative to the system clock. Previously date conditions were always compared against the time that the user session was established.
All Paths context filters
When using an All Paths context within an action’s context filter, the following operators are now available:
- All Of - Successfully evaluates when all of the selected values are present within the context. The context may include additional values.
- Any Of - Successfully evaluates when one or more of the selected values are present within the context.
- None Of - Successfully evaluates when the context does not contain any of the selected values.
- Equals - Successfully evaluates when the selected values match exactly those within the context. Unlike the All Of operator, this will fail if the context includes any additional values.
- Not Equals - Successfully evaluates when the selected values do not match exactly those within the context.
This is a change of behavior from previous releases, which included the following operators:
- Equals - Previously the same as the new Any Of operator.
- Not Equals - Previously the same as the new None Of operator.
When upgrading from 20.1.200 or earlier, if using All Paths contexts filters please review the operators used.
- All audit events now display with variables such as messages, properties and contexts expanded.
- An action sequence can now reference the same context within multiple context filters.
- Fixed an issue with security group and windows registry conditions not working when the locale of the user differs from the locale of the Windows logon screen.
- Fixed a potential handle leak which may appear after changes to the policy.
- Fixed an issue where the HOST_REMOTECONTROL_GATEWAY_IP property could include random characters after the IP.
- Fixed an issue where the HOST_REMOTECONTROL_REMOTE_IP property could represent the IP address of the Citrix gateway when the remote device is connecting via Citrix from a Linux endpoint via a gateway.
- Fixed an issue where the logical disk properties of a CD-Rom were not real-time when a CD was inserted or removed.
- Policy generated by the 20.1.300 console cannot be read with the 20.1.200 or earlier host when operating on timestamps using context conditions or context filters within actions. If you use the 20.1.300 console to modify your policy, then please ensure that the policy is only deployed to 20.1.300 or later hosts. In future releases we will ensure compatibility is maintained between ‘point releases’.
- The property HOST_REMOTECONTROL_GATEWAY is inaccurately set to true if connecting from a Linux client directly using Citrix over a UDP connection, such as when using HDX Adaptive Transport. The issue can be worked around by replacing any gateway conditions with a check to ensure that HOST_REMOTECONTROL_GATEWAY_IP is actually one of your gateway IP addresses. For assistance please contact deviceTRUST Support.
If upgrading from deviceTRUST 19.4 or earlier, be sure to refer to the deviceTRUST 20.1.100 Compatibility notes.
When upgrading from 20.1.200 or earlier, if using All Paths context filters please review the operators. Please note that the new operators require the deviceTRUST 20.1.200 Host. For consistent behavior with 20.1.200:
- Replace any Equals operators for Any Of within All Paths context filters.
- Replace any Not Equals operators for None Of withhin All Paths context filters.
The 20.1.300 policy is not compatible with the 20.1.200 or earlier hosts. For more information, please see the known issue above.
The ADMX policy definitions contain only cosmetic changes since deviceTRUST 20.1.100.