Version 9.4.5 Patch 2$$$Released: January 31; 2025$$$$$$General Improvements:$$$The OVF size has been increased from 8 GB to 32 GB; supporting more robust deployments.$$$$$$Security Enhancements:$$$Enhanced security when communicating with all DDNS providers.$$$Upgraded curl to version 8.11 for improved performance and reliability.$$$$$$GFI AppManager Updates:$$$Fixed an issue where guests were incorrectly reported in GFI AppManager as licensed devices.$$$Added the option in Kerio Control to locally disable GFI Agent functionality

Version 9.4.5 Patch 1$$$Released: December 19; 2024$$$$$$New:$$$Added support for joining Active Directory controllers using encrypted connection. This allows Kerio Control to join domains hosted on Microsoft Windows Server 2025.$$$Added support for creating GeoIP presets in IP address groups in the local user interface without going through GFI AppManager.$$$Fixed:$$$Fixed an issue where an incorrect SSL certificate was being served to VPN users.$$$Fixed an issue where GFI AppManager registration would time out frequently.$$$Fixed an issue where the persistent connection VPN option did not work correctly on MacOS.$$$Fixed an issue where upgrading and downgrading Kerio Control over GFI AppManager did not work correctly.$$$Security Enhancements:$$$Kerio Control 9.4.5p1 has been hardened against XSS exploits. Users on older versions are advised to upgrade to this release.$$$Resolved vulnerability CVE-2024-52875

Version 9.4.5$$$Released: October 17; 2024$$$$$$Improved:$$$Added support for more Wi-Fi adapters (rtl88x2bu).$$$Improved network performance when the GRO option is enabled in certain scenarios.$$$Enhanced GFI AppManager integration. The Control GUI now displays more information about AppManager connections and allows user control over the Agent service.$$$Application awareness updates now correctly categorize AI & ML traffic.$$$Added support for creating IP address groups based on GeoIPs; enabling customized traffic management based on country.$$$Added support for custom DNS servers for IKEv2 VPNs.$$$Added support (via GFI AppManager) to import CSV files with IP addresses$$$Fixed:$$$Restoring configuration from a backup would break AppManager connectivity forcing re-registration.$$$Disconnected devices on IKEv2 VPNs were counted as being active incorrectly.$$$Remote hosts over VPN were incorrectly counted against the local license limit incorrectly.$$$The Linux VPN client failed to start connections correctly due to a MAC address conflict.$$$Traffic rules on interfaces with complex names (e.g.; including quotation marks) failed to apply.$$$Clients on a guest network were not authenticated properly.$$$The reverse proxy incorrectly attempted TLSv1 connections even when configured not to.$$$Traffic routes were not correctly switched when using multiple internet links; causing extended packet loss after switching to a backup.$$$Forbidden words failed to trigger a block correctly when using the Safe Web feature in some rare cases.$$$Generated daily reports had an incorrect date when the configured time zone had a negative offset.$$$Switching from a backup link to primary in failover mode could cause the appliance to hang indefinitely.

Version 9.4.4p1$$$Released: April 18; 2024$$$$$$Fixed:$$$Resolves an issue with HTTPS connections on port 443 in certain setups; particularly over VPNs or between different subnets.

Version 9.4.4$$$Released: February 22; 2024$$$$$$New:$$$IKEv2 support$$$Improved:$$$Significant overall performance improvements$$$More accurate AppManager connectivity display$$$Appliances removed from AppManager stop processing AppManager-related data$$$Fixed:$$$NG511 appliance performance degradation in HA mode$$$Discrepancy between Interface Window and VPN Clients Window for users connected via VPN$$$IPSec Tunnels are no longer disconnected when the configuration is updated$$$SNMP is functional$$$2FA verification message incorrectly showing default 30 days expiration value$$$Custom logo not displayed on the login page$$$Corrected Mexico local time$$$Multiple memory leaks fixed$$$No checksum errors recorded on winroute.cfg after performing IPS or KerioControl updates$$$Errors encountered on some websites during categorization$$$CIDR address formats within the shared definitions are properly handled when synchronized via AppManager

Version 9.4.3 Patch 3$$$Released: January 25; 2024$$$$$$Improved:$$$Updated GFI Agent for better AppManager performance and stability$$$Fixed:$$$Shared definitions - IP Address groups are not synchronized to GFI KerioControl appliances

Version 9.4.3 Patch 2$$$Released: December 13; 2023$$$$$$New:$$$Added new GRO configuration options to the advanced configuration page of network interfaces.$$$Improvement:$$$UEFI Bios support can be activated through the UI$$$New installations can choose to install the product with UEFI BIOS mode support on the install screen$$$Fix:$$$The advanced configuration page of network interfaces is displayed properly$$$The appliance not rebooting properly on the second reboot after UEFI BIOS support was activated

Version 9.4.2 Patch 1$$$Released: October 17; 2022$$$$$$Fixes:$$$The virtual network adapters become unavailable (on VMware deployments only)$$$$$$Missing VMware images

Version 9.4.2$$$Released: October 11; 2022$$$$$$New:$$$Kernel upgrade$$$$$$2FA token expiration configuration for VPN$$$$$$HTTP/S redirection in reverse proxy$$$$$$Fixes:$$$Issues with Mac upload speed degradation$$$$$$Updated IPSec VPN$$$$$$Updated IPsec SNAT$$$$$$WiFi authentication errors with Radius

Product Changes:$$$$$$M1 MAC VPN client support$$$Interface mapping of NG511 Fixed$$$macOS VPN client updated to fix a script that was preventing installation on Big Sur$$$Update Windows VPN Client to make it compatible with Windows 20H2$$$New configuration L2TPUpScriptWaitSeconds and L2TPUpScriptConnectTryCount introduced to recover stuck LT2P connections$$$New configuration DisableUniqueIDs introduced to prevent IPSec VPN disconnects$$$New traffic patterns added to properly block Teamviewer connections$$$Introduce new configuration InternetLinkAutoGatewayInterfaceList to stop probing interfaces which doesnt have a gateway$$$Fix HA interface name validation failure happens when one of HA machine has legacy interface names$$$OpenSSL library is upgraded from 1.0.2j to 1.1.1d$$$HSTS (Strict-Transport-Security) Header added$$$Upgrade and Factory-reset scripts are failing because of signature image issue$$$Links on the IP Blacklist screen were either wrong or timing out. Now all links corrected$$$Info message displayed after distrusting a certificate updated for VPN connections$$$Fix crash in HA Slave machine happens when slave account host activity$$$TLS triple handshake vulnerability fixed by updating /etc/sshd_config configuration file$$$Patch resolution details:$$$$$$Using Active Directory authentication (only). It causes authentication with Active Directory to fail making AD user connections not possible.$$$HSTS causes 2FA fail on Kerio VPN$$$