v2025.2.3

Features

• dgw: write startup failures into boot.stacktrace file (#1416) (78028a6e60) (DGW-292)

  This will make troubleshooting configuration errors much more easier.

• dgw: new TlsVerifyStrict option (#1415) (257d941dd1) (DGW-293)

  This adds a TlsVerifyStrict option for controlling the new stricter
  checks on TLS certificates.

  When enabled (true), the client performs additional checks on the
  server certificate, including:

  • Ensuring the presence of the Subject Alternative Name (SAN)
    extension.
  • Verifying that the Extended Key Usage (EKU) extension includes
    serverAuth.

  Certificates that do not meet these requirements are increasingly
  rejected by modern clients (e.g., Chrome, macOS). Therefore, we strongly
  recommend using certificates that comply with these standards.

  The default configuration for fresh installs will include the
  TlsVerifyStrict key set to true.

• dgw,agent: display config file path during initialization (#1421) (a185df7844)

  Output the full path to the configuration file when initializing the
  configuration for both Devolutions Gateway and Devolutions Agent. This
  simplifies debugging and setup verification.

• dgw: auto-detect proxy setup when performing HTTP requests (#1422) (b380feffe6)

  Look in environment variables to set HTTP, HTTPS or SOCKS proxies.

• agent: auto-detect proxy setup when fetching productinfo.htm (#1420) (9f89c4c15c) (DGW-291)

  Look in environment variables to set HTTP, HTTPS or SOCKS proxies.

Bug Fixes

• pedm: don't error on profile selection if no assignments (#1398) (abe9f7c693)

  If a user has never had a profile assigned, there will be no record of
  them in the user table.

  However, if they try to select a profile, an error is returned. It's
  better to catch this scenario upfront and just return an empty profile
  selection and list.

• webapp: fullscreen handling for ARD web client (#1406) (30b6941406)

• webapp: fix enter fullscreen button during a running session (#1408) (4295a41919)

• pedm: add additional context to virtual account code paths (#1409) (63a0d8c8c9)

  Some users are experiencing an error with the virtual account elevator.
  This adds additional context to the virtual account elevator code paths.

• dgw: set default value of TlsVerifyStrict to false (#1419) (528cada242)

  Previously, strict TLS verification was performed even when the
  TlsVerifyStrict key was absent from the configuration file.

  From now on, if this key is missing, it will default to
  "TlsVerifyStrict": false.

  This change ensures that existing users who are currently using improper
  certificates will not be affected. At the same time, newly generated
  configuration files will continue to include "TlsVerifyStrict": true by
  default, encouraging using proper certificates from the start.

  New users can still opt out of strict verification by explicitly setting
  the value to false or removing the key entirely if they are willing to
  accept potential compatibility issues with some clients, such as Chrome
  or macOS.

  A warning will be logged if the option is disabled as it may hide latent
  issues.
  Hopefully, this lead the user to enable the option, and fix the
  underlying certificate issue if necessary.

• webapp: fix an issue in the VNC client where display scaling was not correctly
  updated after a server-initiated resize.

• webapp: fix excessive scroll speed in VNC client.

• webapp: fix clipboard monitoring treats clipboard updates from the server as
  local clipboard updates.

• webapp: fix the error when navigator.clipboard.write was called when the
  browser window was not focused.