What’s New

🚀 New Features

Computers Administration

A new Computers tab has been added to the Administration section, enabling the account owner and domain admin(s) to centrally manage all remote computers registered under their domain, including those added by other users. The page provides a complete overview and essential tools to view, organize, and control access to these computers.

Web Portal > Administration > Computers

• Overview of all computers
  View all remote computers linked to your account, including those registered by users within your domain. The table includes columns such as: Alias, Computer Name, Status, Last Online, Computer Group, Owner, Shares, Tags, Platform, Agent Version, IP Address, MAC Address
• Change computer group
  Move computers between groups to keep them organized.
• Change computer owner
  Reassign ownership of a computer to another user.
  Note: If a computer is added to a computer group, ownership is automatically transferred to the group owner. The group owner can be changed by users with appropriate permissions (e.g., Group Admin, Computer(s) Manager, or Computer Owner).
• Share computer
  Share access to a specific computer with users or user groups in your domain.
  Note: We recommend sharing via “Computer Groups“, as this allows you to set the permission level when sharing the group with other users. Additionally, when you add a new computer to an existing computer group it will automatically be shared with users and user groups with whom the computer group is already shared.
• Add tags
  Use tags to categorize and filter computers based on your own criteria.
• Export to CSV
  Export the computer list and metadata to a .csv file.
• Quick view
  A quick view panel has been added to the computer list. It opens when you click any row in the table.
• Computer details page
  A detailed view is available and can be accessed via quick view or by clicking the computer name in the table.

⚙️ New Setting: Edit computers (domain admin only)

Web Portal > Administration > Settings > General > Edit Computers (domain admin only)

• When enabled (default):
  Domain admins can manage the Computers tab — rename computers, assign groups or owners, share access, and set tags.
• When disabled:
  The user (domain admin) can only view the list of remote computers.
  Note: The user must be an account owner or domain admin to access the Administration section (see the Domain Admin setting).

Computer group administration

Support for managing computer groups has been added to the Administration section. You can now create and delete groups through the Computer Groups tab using Quick View. Once a group is created, computers can be added to it.

Web Portal > Administration > Computer Groups

The Quick View now includes a list of computers in the group, allowing you to easily add or remove them with confirmation prompts.

Additionally, a new Computers subtab has been introduced in the Computer Group Details page, providing a full overview of all computers assigned to the selected group.

Web Portal > Administration > Computer Groups > Computers

⚙️ New Setting: Create, edit and delete computer groups (domain admin only)

Web Portal > Administration > Settings > General > Create, edit and delete computer groups (domain admin only)

• When enabled (default), domain admins can view, create, manage members, and delete computer groups.
• When disabled, groups are read-only.
  Note: The user must be an account owner or domain admin to access the Administration section (see the Domain Admin setting).

New WebAPI methods:

• domain/admin/computergroup/create/1:
  Creates a new computer group with the given name, owner, and members (connect-only). Returns the public code of the new computer group.
• domain/admin/computergroup/delete/1:
  Deletes the specified computer group. The group is not deleted if it is external or still contains computers and/or members.

ISL Light for Web (beta)

The ISL Light for Web (beta) version allows users to view a remote desktop directly from their browser, eliminating the need to download or install the desktop application. While this version offers added convenience, certain features are unavailable due to browser limitations.

Web Portal > Sessions/Computers > Session in browser

✅ Advantages of the web version:

• No installation required
  Ideal for one-time sessions or situations where installation is not feasible or permitted. Access ISL Light directly from your browser without downloading or installing the application.

🚫 Features NOT supported in the web version:

• Screen sharing
  Operators can view the remote desktop but cannot share their own screen.
• Clipboard sharing/syncing
  Copying and pasting between the local and remote machines is not supported.
• File transfer
  Transferring files between the local and remote machines is not supported.
• Session recording
  Recording a session is not available in the web client.
• Multiple monitor management (explode monitors)
  Opening each remote monitor in a separate window is not supported.
• Simulated typing for paste operations
  The Paste (Simulate Typing) feature is not supported.

Browser compatibility:

• Google Chrome: Version 95 or newer
• Mozilla Firefox: Version 90 or newer
• Microsoft Edge: Version 91 or newer
• Safari: Version 14 or newer

Accessing the web version:

You can start a web session from the Sessions page, Computers page.

Sessions page:

A new option to start/open/resume a session using ISL Light in browser was added to the Sessions pages.

Web Portal > Sessions > New Session Browser (beta)

• “Start New Session” was renamed to “New Session” and is now a split button:
  • New Session (default) – standard app download flow
  • New Session in Browser (beta) – opens in a browser tab via ISL Light
• Active sessions:
  • Open in App (default)
  • Open in Browser (beta)
• Paused sessions:
  • Resume in App (default)
  • Resume in Browser (beta)

⚙️ New Setting: Browser session support

/conf > Configuration > ISL Light > Browser session support

• Enabled by default
• If disabled, only New Session (default flow) is available

Computers page:

A new option to connect to a remote computer using ISL Light in browser was added to the Computers pages.

Web Portal > Computers > Connect in Browser (beta)

• The Connect button now offers:
  • Connect in App (default)
  • Connect in Browser (beta)

⚙️ New Setting: Browser connect support

/conf > Configuration > ISL AlwaysOn > Browser connect support

• If disabled, only the default flow is available
• Enabled by default

Join a session in browser:

⚠️ Limitations:
The browser version currently does not support screen sharing from the client side. This means that if the client is expected to share their screen with the operator, the browser version will not be suitable.

However, it can still be useful for viewing the operator’s shared screen (e.g., presentations, guided instructions).

⚙️ New Setting: Join session method

/conf > Configuration > ISL Light > Join session method

Options:

• Ask every time
• Join in app (default)
• Join in browser

Behavior:

• If Ask every time is selected: The join page shows two buttons:
  • Join in App (downloads app)
  • Join in Browser (redirects to ISL Light in browser)
• If Join in app is selected: Uses the standard app-based flow.
• If Join in browser is selected: The page shows only Join in Browser.

Executable signing to prevent false virus detections

Build of Go modules was fixed to sign all .exe files. Executables now contain digital signature which should reduce the probability of being incorrectly detected as virus by antivirus programs.

Add option to upgrade PostgreSQL version on demand

Manual PostgreSQL upgrade support was added (required for major version changes, e.g., 9.3 → 16). Minor version upgrades remain automatic. Manual upgrade is required when upgrading to a major version (e.g., 9.3 → 16). Minor version updates are still performed automatically.

When a new version is available, /conf displays: A new PostgreSQL version (16) is available for installation.

This includes estimated time and disk usage (based on DB row count).
The upgrade process mimics PostgreSQL installation:

• Step 1: Click Upgrade to PostgreSQL version 16...
• Step 2: Click Execute

Bundled PostgreSQL version upgraded from 9.3.25 to 16.8.

Use CPSESSID Cookie in WebAPI2 Handler

Web session cookie support was added to WebAPI2. Clients can now call /users/webapi2 and use the session cookie.

New request format (JSON2):

jsonCopyEdit{
  "hs": "<session web token>",  // optional
  "pt": "<post token for current web session>",
  "hedata": { ... },  // request body (old JSON1 format)
  "ignore_cookie": true  // optional
}

• Use of plain hs token in requests was removed.
• All WebAPI2 requests now rely on the new JSON2 format and cookie-based session control (v2400 pages).

Password history settings

Password history controls are now exposed under:
Administration > Security > Password

These settings help enforce password reuse policies and aging rules.

⚙️ New Settings:

• Password history size: Number of recent passwords stored (default: 24)
• Maximum password history size: Upper limit for history entries (default: 100)
• Minimum password age (1w 2d 3h 4m 5s): Minimum time between password changes
• Maximum password age: Formerly Password expiration interval; users must change passwords after this time

Notes:

• Password history only updates when a user changes their own password.
• Administrative password resets do not affect history.
• Older entries are removed when the limit is exceeded.

Remove timeout from moduleapp startup

The 120s timeout exception when starting or restarting a Go moduleapp process was removed. It is now replaced with a critical log line: module app process has not started yet, logged every 10 seconds.

Support for reCAPTCHA Enterprise and automated browser detection/blocking

Support for reCAPTCHA provided by Google Cloud Services was added. Previously, only standalone reCAPTCHA v2 and v3 were supported.

⚙️ New Settings:

• Project ID: Google Cloud project ID with reCAPTCHA enabled.
• API key: Google Cloud API key associated with the project.
• reCAPTCHA required: Controls if reCAPTCHA is required on protected WebAPIs.
• reCAPTCHA site key: The key associated with the website or application.
• Fail 2 ban reason codes: A list of interpreted reason codes to be flagged for fail2ban (must be prefixed with rc_).

When Google Cloud reCAPTCHA is enabled, v2 and v3 are ignored even if set up. Settings were reorganized and grouped accordingly.

Documentation for supported reason codes: Understand reason codes – Google Cloud reCAPTCHA

To enable better monitoring and abuse detection, a specific user action can now be passed via the new URL parameter: captcha_action.

Add support to send email notification when creating user account

A new email notification is sent when a user account is created. Controlled via two new settings in /conf > Configuration > General > Mail > Templates:

• Account created notification
• Mail template for account created notification

Triggers for sending the notification:

• Server administration
• Domain administration
• Integrator
• SAML login
• External authenticator

Update confirmation and verification code emails

The appearance of confirmation and verification code emails was updated. These emails are sent when logging in with email set as the preferred 2FA method.

SSO username mapping

SSO username mapping allows mapping a username from an identity provider to a domain-specific username (case-insensitive).

Example: If your domain user is \example\joesmith and SSO username is joe.smith@example.com, you can map the two.
When logging in via SSO, the system will authenticate the user as \example\joesmith.

⚙️ New Setting: SSO username mapping

Administration > Security > Authentication > Single Sign-On (SSO)

Add Option to Send Chat Content in HTTP Events

⚙️ New Setting: Send live chat transcripts in HTTP events

/conf > Configuration > ISL Light > Send live chat transcripts in HTTP events

• Requires Send live chat transcripts to be set to Yes
• Disabled by default

New HTTP event type: CHAT_CONTENT

Transcript content is included in the text field.

Chat transfer system messages

System messages for chat transfer and takeover were added. Examples include:

• "Y has taken over the chat"
• "X wants to transfer the chat to Y"

Upgrade OpenSSL to 3.0.16

OpenSSL was upgraded to version 3.0.16.

Upgrade to libxml2 2.12.10 and libxslt 1.1.42

• libxml2 upgraded to 2.12.10
• libxslt upgraded to 1.1.42

Upgrade jemalloc to 5.3.0

jemalloc upgraded from 4.0.4 to 5.3.0 (Linux only)

Upgrade jQuery-UI to 1.14.1 (v2400 Pages)

jQuery-UI was upgraded to 1.14.1 for v2400 pages.

Remove v1 template and web pages v1, v2, v3, v4

Support for the v1 web template and legacy web pages (v1–v4) has been removed. The /join endpoint now redirects to join.html. Deprecated handlers and XPP expressions used exclusively in the removed pages were also removed.

🐞 Bug Fixes

Pass ciphers global map by reference on SSL accept

Previously, the ciphers global map was passed by copy, affecting performance. This was redesigned to pass the map by reference.

The defect was fixed.

Wait for user account to be replicated in loginsso handler

SSO logins could fail if the user was created on one server but not yet replicated to the Web page server. This was redesigned to wait until the user is replicated before proceeding.

The defect was fixed.

Support WebSocket upgrade of existing HTTP connection

WebSocket support was improved to allow upgrades to WebSocket even after preceding HTTP requests on the same TCP connection, and not just at the start of a TCP connection. This should also fix connection issues when ISL Conference Proxy is placed behind a load balancer.

Bulk share did not allow sharing of non-owned computers

In previous versions, bulk sharing of computers in a group failed with the message: "Some computers have been omitted – shared computers cannot be edited."

Redesigned behavior:

• Bulk Share modal now lists all computers, not just owned ones.
• Sharing/unsharing works even for entries with user groups in shares.
• Results are split between success and failure messages.
• A scroller is added when many computers are listed.

The defect was fixed.

Support certificate authorities without a Terms of Service link

Previously, SSL module raised an error: "Could not retrieve terms of service." This occurred when a certificate authority (CA) did not provide a terms link, which is optional under ACME.

Fixes:

• The checkbox to accept terms is hidden if no link is provided.
• A new message was added: "Please install the SSL certificate to enable secure connections."

The defect was fixed.

tlsext_ticket_refresh_task should not use a static watchdog

This task was incorrectly protected by a watchdog, which triggered false alerts when the TLS ticket refresh interval setting changed. Now the task is rescheduled dynamically and no longer monitored by the static watchdog.

The defect was fixed.

Maximum password age lower than minimum caused lockout

Previously, it was possible to set the maximum password age to a lower value than the minimum password age, which could cause user lockouts. The validation logic was updated to prevent this misconfiguration.

The defect was fixed.

Other fixes and improvements

Bug fixes, security updates, missing translations, and other general improvements.

New Features

Updated Black Screen driver for Windows 10 and 11

The implementation of the black screen driver on Windows 10 build 2004 or newer has been redesigned. In previous versions, the black screen functionality used the Magnification API on Windows 8 or newer. The new version now uses a transparent (alpha) window, similar to the implementation on Windows 7. It also leverages the Windows flag WDA_EXCLUDEFROMCAPTURE, which allows the use of the desktop duplication driver alongside the black screen (previously, only polling/hooks were used when the black screen was enabled). Additionally, the polling driver has been optimized for better performance.

Option to disable black screen mode

Support for disabling black screen functionality has been added to ISL Light. Two new command-line arguments were introduced:

On the client side, the following argument prevents enabling black screen mode if initiated:
--on-connect "desktop?allow_black_screen=false"

On the operator side, the following argument hides the button that enables admin mode:
--on-load "customization?hide_black_screen=true"

Reordered and renamed black screen settings

Black screen settings have been reordered and renamed. All related options are now listed together.

ISL Light > Settings > Remote Desktop > Black screen (curtain mode)

Updated signup flow with web redirection and verification step

The signup process within ISL Light has been changed. Users are now redirected to the web signup page, and an additional email verification step has been added.

Custom clipboard retry count and improved clipboard-lock handling

When the ISL_ISSC_DEBUG environment variable is set, ISL Light logs clipboard ownership conflicts. This feature has been extended to allow configuration of how many retry attempts should be made before logging the issue. You can now define the number of retries by setting the ISL_ISSC_clipboard_retry_count environment variable.

Add feedback when creating computer shortcut on desktop

A new confirmation window is now displayed after adding a computer shortcut to the desktop.

ISL Light > Computers > Create Desktop Shortcut

Remove LoginView1fa

The login view was redesigned to immediately show a connection error message if the server is unreachable, without prompting the user to log in.

Upgraded libdatachannel and libjuice libraries

The libdatachannel and libjuice libraries have been updated to the latest versions:

Bug Fixes

Increase setup timeout and update check installed

Users experienced an issue where they were unable to enable the restart&resume during a session. The issue was that setup of ISSC Daemon reached an internal timeout thus failed to get correctly installed.

This timeout was increase and should no longer be causing inability to activate restart&resume.

Update libjpeg turbo to 3.1.0

Desktop streaming sometimes failed due to incorrect JPEG encoding during screen updates. Updating to libjpeg-turbo 3.1.0 resolved this issue.

Forced screen refresh on headless Windows machines

When no display was attached to a remote Windows machine, the screen failed to refresh. The functionality was redesigned, and the issue is no longer reproducible.

Join window now opens on top of other windows

The “Join a Session” window was sometimes placed behind other windows. It now opens in the foreground by default.

“Sign up now” button shown without internet on server license

The “Sign Up Now” button appeared even when no internet connection was available on a Server License installation. The issue was addressed and is no longer reproducible.

Translate ALTGr + C, H, I keys

Users experienced an issue where certain key combinations were not translated correctly in the session when different keyboard layouts were used on operator and client side. The functionality was redesigned and the issue is no longer reproducible.

Fixed incorrect connection time display

In some cases, the connection time was displayed incorrectly. The underlying logic was redesigned to fix the issue.

File transfer window name corrected

The File Transfer window was incorrectly labeled as “ISL Light.” It has been renamed to “File Transfer.”

Fixed crash when querying CPU features on Linux

In rare cases, the application crashed while checking for CPU features on Linux. The defect was fixed.

Chat now shows license usage in all sessions

The license usage message was missing in chats after the first session because it was sent before chat initialization. The handling was redesigned to store the message and inject it into chat after initialization.

Fix cursor size on macos 10.12

Local mouse movements were not visible on operator side when connected to macOS 10.12 or newer. Cursor capture was redesigned to resolve this.

Share group dialog has no name

The share group dialog name was not read by accessibility tools. The defect was fixed.

Fixed keyboard navigation in share computer dialog

Keyboard navigation incorrectly focused on a disabled owner line. The issue was fixed so the line is now skipped.

Added accessibility features to chat content

Chat messages and content were missing accessibility support. Accessibility features have now been added.

Esc key now closes the share group dialog

The ESC key did not previously close the “Share Group” dialog. The issue is now resolved.

Other fixes and improvements

Bug fixes, security updates, missing translations, and other general improvements.

New Features

Introducing the ISL Light Add-On: Universal

The Universal Add-On is used in conjunction with the ISL Light application to enable full remote desktop control of Android devices during sessions. It allows the remote user to control the device using a keyboard and mouse, and to view the screen in real time.

The add-on uses Android’s Accessibility service to inject input events and the MediaProjection API to stream the device’s screen. To enable remote control, users must grant Accessibility permission to the Universal Add-On. The minimum supported Android version is 8.0 (Oreo). On Samsung devices, if the Knox license is cancelled and the Universal Add-On is installed, users will be prompted to enable the Universal Add-On.

Important:

• This is not a standalone application (requires the ISL Light app for Android)
• Accessibility permission is required
• Compatible with Android 8.0 (Oreo) and above

Android > Settings > Accessibility > ISL Light Universal

Add signature check for Universal Add-On

A signature verification check has been added to the Universal Add-On. This ensures that only the ISL Light application can use the Universal Add-On by verifying the calling application’s signature.

Add keyboard control to Universal Add-On

The Universal Add-On now supports Unicode character injection and the Delete key. Additional support has been added for global key inputs, including:

• Home (Home)
• Back (Ctrl + Home)
• Recent apps (Ctrl + Alt + Home)
• Arrow key navigation

New Features

ISL AlwaysOn service auto-start after device boot

Added a feature to start the ISL AlwaysOn service (unattended access service) on device boot. In previous versions, if users rebooted the device, the service did not start until the ISL Light application was launched. The service will now start once the Android device is unlocked for the first time.

Added support for the Universal add-on

Added support for universal addon which will allow remote view and control of Android device.

Local user consent for remote access

Added additional notification options when users connect to an Android device. Users on Android can now specify one of the following options in the remote access interface:

• Show notification of incoming connection
• Notification timeout (available if Show notification of incoming connection is enabled) – Defines how long the notification is displayed before accepting the connection.
• Show consent to start connection (available if Show notification of incoming connection is enabled) – Allows users to either accept or deny the connection.
• Start connection on timeout (available if Show notification of incoming connection and Show consent to start connection are enabled) – Defines the default behavior when the timeout is reached (either accept or deny the connection).

If the session is rejected by the user on an Android device, the operator will receive a message stating that the remote user denied the connection.

ISL Light Android > Menu > Remote Access

Similar settings can be applied to computers through ISL AlwaysOn. To find out more, please check the ISL AlwaysOn Notification / Local Consent manual.

Added option to disable display scaling using AppConfig

Users can now deploy a setting via AppConfig that controls whether the Android device screen is scaled. The restriction key is called restrictionDisplayScaling.

Swipe navigation replaces old tab system

The old tab system (PagerSlidingTabStrip) has been replaced with ViewPager2, improving navigation between sections.

Bug Fixes

Computer groups were not sorted alphabetically

Users experienced an issue in ISL Light on Android devices where Computer Groups were not sorted alphabetically. The functionality was redesigned, and the issue is no longer reproducible.

The defect was fixed.

Unattended access chat history was not cleared

When reconnecting to an Android device via unattended access, old chat messages were sometimes still visible. The chat history now resets correctly when a new session starts.

Toolbar disappeared when using floating keyboard

The toolbar in a session disappeared when users used a floating keyboard. The issue occurred because Android does not provide information about whether the keyboard is open or closed, preventing the toolbar from appearing.

Detection of keyboard status has been redesigned to recognize changes in view size. The toolbar will now always appear correctly.

Microphone and camera permission issues in ISL Light Desk

When connecting from ISL Light Desk to an Android device and starting a video or audio call, the call did not correctly initialize after approving microphone and camera permissions.

Permission handling has been redesigned to ensure video and audio start correctly upon returning to the application.

The defect was fixed.

UI inconsistencies between Android and iOS for calls during screen sharing

When starting an audio/video call while an Android user was already viewing a remote screen, the interface switched to the call view.

This behavior has been unified with the iOS application. Now, if a call starts while viewing the remote desktop, it will open in minimized mode instead of switching the interface.

The defect was fixed.

Recording did not start when connected to ISL Light Desk

When users started recording while connected from ISL Light Desk to an Android device, the recording did not start.

The issue was caused by the recording plugin not being correctly registered when connecting from ISL Light Desk. The recording feature now works as expected.

The defect was fixed.

Mini player did not start after granting overlay permission

When an operator initiated a call, the system prompted the Android user to approve the overlay permission in settings. However, upon returning to the ISL Light app, the mini player was missing.

Permission change handling has been redesigned. The mini player will now appear correctly after users grant overlay permission.

The defect was fixed.

Back button returned to viewer from chat instead of terminating session

Previously, pressing the Back button while viewing the chat during a session would prompt users to terminate the session.

The defect was fixed.

Default camera on mobile devices changed to front camera

The default camera on Android devices was previously set to the back camera. It has now been changed to default to the front camera.

The defect was fixed.

Multiple unattended connections to Android were not limited

Users could start multiple ISL AlwaysOn connections to a remote Android device, which is not supported.

A fix was implemented to now limit the number of ISL AlwaysOn connections to one per remote Android device.

The defect was fixed.

No message was displayed when trying to use disabled features

Previously, no message or feedback was shown when users attempted to access a feature disabled via GUI settings.

The functionality has been redesigned, and users now receive a message explaining that the feature is disabled.

The defect was fixed.

App crashed when trying to share screen with disabled GUI features

Users experienced a crash when attempting to share their screen while GUI features were disabled on the server.

The issue has been resolved, and the app no longer crashes.

The defect was fixed.

Session join was blocked after generating a session code

Users were unable to join a session on their Android device after generating a session code.

The session code generation functionality was redesigned, and users can now successfully join a session after generating a code.

The defect was fixed.

Device rotation interrupted MediaProjection permissions

An ISL Light session from a desktop to an Android device would fail when the Android user rotated the device.

The defect was fixed.

Keyboard input was not sent to remote side after typing in chat

In certain cases, keyboard input was not sent to the remote side after typing in the chat window.

The defect was fixed.

App crashed when opening keyboard in Windows UAC mode

ISL Light crashed on Android devices when a UAC window was shown on a remote Windows machine and the Android user opened their keyboard.

The defect was fixed.

No chat toast or counter was displayed

Users did not receive chat toasts or message counters when chat messages were sent.

The defect was fixed.

run_alwayson.remote message was displayed incorrectly

A message prompting users to add a device to the Computer List was shown on Android devices, even though this feature is not supported.

The defect was fixed.

Other fixes and improvements

Bug fixes, security updates, missing translations, and other general improvements.

Bug Fixes

Skip region optimization on low-quality images

If users had a custom skin using 1-bit BMP files, the ISL Light Desk application failed to start (crashed while loading skin files). This issue occurred due to an optimization in skin file loading, which inadvertently removed support for 1-bit skins. The support for 1-bit skins has been restored, ensuring the application starts correctly.

The defect has been fixed.

Ignore show_desktop request during stream restart

Users might have experienced desktop sharing stopping when resuming a session. The issue was that, in certain cases, two desktop streamers started simultaneously, causing both streams to stop. The desktop sharing startup process has been redesigned—if two streaming requests are received, the second request is now ignored, ensuring desktop streaming starts correctly.

The defect has been fixed.

Bug Fixes

Update libjpeg turbo to 3.1.0

In certain cases, desktop streaming stopped working. The operator log showed an issue with JPEG decoding due to incorrect JPEG encoding on the streaming side of the sent screen update, which caused the streaming to stop. libjpeg-turbo was updated to version 3.1.0, and the issue with JPEG decoding was resolved.

The defect was fixed.

Simplify log output on admin logs in desktop plugin

Users sometimes experienced an issue where writing admin mode logs was slowing down the start of the admin mode. The logging functionality was redesigned, and the speed of starting the admin mode should be improved.

The defect was fixed.

Prevent WaitForMultipleObjects starvation

Users sometimes experienced an issue where network events were possibly delayed, which caused an inability to control when a lot of screen updates were sent from the client side. The issue was only present when hooks/polling was chosen as the desktop driver. The functionality was redesigned, and now the scheduler switches between control events and screen updates correctly, improving the control functionality.

The defect was fixed.

Optimize GUI drawing

Users sometimes experienced an issue where the drawing of the GUI was taking a longer time. Optimizations to the GUI were made, skinning was improved, escaping of HTML in chat was improved, and region creation (for the top bar) was improved.

The defect was fixed.

Optimize language load

We have added a new feature that changes the implementation of an internal function that merges translations. The speed of this function is now measured in the metric .language.load_time. We have also moved the loading of the language file to a thread that is preparing a plugin. Before, the language file was loaded just before loading plugin.dll into a process on the main thread. This reduced the UI delay when loading a plugin.

Add field isl_light_v3 to program header

A new field, isl_light_v3, was added to the ISL Light Desk and ISL Light Client header parts of the program, which enables ISL Conference Proxy to distinguish between the ISL Light Client version for Windows and the ISL Light Client version for macOS and Linux.

New Features

Redesigned black screen for Windows 10 2004 and newer

The black screen driver implementation for Windows 10 build 2004 and newer has been redesigned. In previous versions, the black screen functionality used the Magnification API on Windows 8 and newer. The updated version now uses a transparent (alpha) window, similar to the implementation on Windows 7. Additionally, it utilizes the Windows flag WDA_EXCLUDEFROMCAPTURE, which allows the desktop duplication driver to work alongside the black screen feature (previously, only polling/hooks were used when the black screen was enabled).

Additionally, the polling driver has been optimized for improved performance.

Confirmation for “Revoke control”

A confirmation dialog is now displayed when clicking “Revoke Control” in the top toolbar, reducing the risk of accidental actions.

ISL Light Client > Revoke Control Dialog

Hide “Grant control” button in the topbar

Users can now hide the grant/revoke button in the topbar, along with the dropdown menu item for granting and revoking control. The following command-line option must be specified to hide the item:
--on-load "desktop?topbar_control_visible=false".

Support for .extra files

Support for .extra files has been added to reduce the size of unauthenticated blobs. When an .extra file is used, the UA blob contains only a command to jump to the .extra file (which has the same name as the main file but ends with .extra).

When starting the restart and resume feature, the desktop plugin will copy isllight.exe and isllight.extra to a secure location. Previously, this location was in C:\Program Files (x86)\ISL Online\ISL Restart\s_INSTANCE_NUMBER\b; it now uses a new folder at C:\Program Files (x86)\ISL Online\ISL Restart\s_INSTANCE_NUMBER\bb.

C:\Program Files (x86)\ISL Online\ISL Restart

Filter old desktop plugins when .extra file is present

ISL Light Client program was updated with following when .extra file is used for starting the program:

• The .extra file is locked.
• we add environment variable ISL_HAVE_EXTRA with sha of .extra file
• when enabling restart and resume, the program checks that .extra file exists

When ISL Light Client program starts which has support for .extra file and than loads old desktop plugin (plugin does not support .extra file) following fixes were made:

• enable of restart and resume is prevented and chat line about the issue is added
• Command lines for the desktop plugin are sanitized to exclude restart=begin|check and admin=restart instructions.

All this changes fix, situation with new program and old plugin when enabling restart and resume during on demand session or in ISL AlwaysOn session. Note: enable “Download client” option when starting ISL AlwaysOn session.

Allowed file names and CRC32 checks

Support for CRC32 checksums for .extra files has been added on Windows and is now mandatory. If the checksum is incorrect, an error will occur, preventing the program from running. Additionally, only the following extracted files are allowed in the unsigned portion of the executable:

• ISLConfiguration.ini
• cmdline.txt
• branch.txt
• log_on_desktop

WinINet proxy options

Two options have been added to AutoTransport that affect wininet-http and wininet-https transports:

• http_proxy_force_auth: Immediately starts with the configured username and password when connecting, resolving issues where the Windows system account cannot connect through the proxy, but http_proxy_user is allowed.
• http_proxy_bypass: Configures which hostnames should (or should not) use a direct connection without a proxy. Use <-loopback> to allow localhost connections through a proxy.

Updated libdatachannel and libjuice

The libdatachannel and libjuice libraries have been updated.

Bug Fixes

Session time display for direct connections

Fixed an issue where session time was missing in certain languages (e.g., Slovenian) when using direct connections.

Improved topbar text resizing

Topbar text resizing has been redesigned to prevent line breaks in certain languages.

Desktop driver name display

Resolved an issue where, in certain cases, the selected desktop driver was not displayed after connecting to a remote machine when polling/hooks were selected. Desktop driver selection was redesigned, the selected driver should now be correctly displayed.

ISL Light > In Session > Settings > Desktop Driver

Check detected monitors against desktop duplication

In cases where a remote user has two graphics cards and multiple monitors connected, the operator sometimes could not see all monitors. The issue occurred because the desktop duplication driver was unsupported on some graphics cards, leading to an incorrect monitor count. The system now falls back to polling/hooks drivers when the desktop duplication driver is unsupported, ensuring all monitors are detected and visible to the operator.

SSL protocol and cipher configuration

AutoTransport configuration has been improved for SSL protocols and ciphers, now supporting numeric hex codes.

Other Fixes and Improvements

Various bug fixes and minor improvements.

New Features

Chat integration in ISL AlwaysOn sessions

We received feedback that many users utilize ISL AlwaysOn (a remote access agent installed on the remote computer) not only for unattended access but also for attended access sessions initiated via the Computers Dashboard in ISL Light.

To enhance these attended sessions, the ISL AlwaysOn session window now includes a chat dialog, enabling direct communication between end-users and operators during remote access sessions.

ISL AlwaysOn window > Chat

The drag-and-drop feature for file transfer remains fully operational. A hover effect has been introduced to enhance drag-and-drop actions when the chat window is active, and the chat window height can now be adjusted, offering improved flexibility in managing the ISL AlwaysOn interface.

ISL AlwaysOn window > Drag & Drop hover effect for transfering files

Master image provisioning enhancements for VDI environments

To enhance installations in VDI environments, new features have been introduced to improve the behavior of ISL AlwaysOn during master image provisioning.

New Options for VDI environments:

• ISL AlwaysOn\master_hostname
• ISL AlwaysOn\master_constant_uid

These options prevent ISL AlwaysOn from writing its UID during the master image provisioning process. When installed on a master image and the process begins:

• The service performs no actions other than waiting for a quit signal.
• Administrative commands and settings exit with a return code of 0.
• Only the overview functionality remains active.

When using master_hostname, a hostname is required. If unavailable (domain\hostname), installation is delayed by up to 15 seconds.

Example Steps for VDI Master Image Setup:

1. Install ISL AlwaysOn to populate the registry.
2. Set ISL AlwaysOn\constant_uid=true.
3. Delete the current UID.
4. Restart ISL AlwaysOn to calculate a constant UID.
5. Stop ISL AlwaysOn.
6. Rename uid to master_constant_uid.
7. Configure ISL AlwaysOn\master_hostname using the hostname detected in the log file.
8. Set ISL AlwaysOn\delay_start=true.
9. Apply additional registry configurations such as ISL AlwaysOn\grant\1=[grant blob].

Additional improvement:

A new option allows ISL AlwaysOn to start as a delayed service, with a startup delay of approximately 2 minutes. This can be configured using the registry key:

• ISL AlwaysOn\delay_start

These updates ensure smoother and more predictable provisioning processes in VDI environments, addressing issues such as multiple starts of the master image process.

Updated Black Screen driver for Windows 10 and 11

The implementation of the black screen driver on Windows 10 build 2004 or newer has been redesigned. In previous versions, black screen functionality used the Magnification API on Windows 8 or newer. The new version now uses a transparent (alpha) window, similar to the implementation on the Windows 7 operating system. The new implementation also uses the Windows flag WDA_EXCLUDEFROMCAPTURE, which allows the use of the desktop duplication driver along with the black screen (previously, only polling/hooks were used when the black screen was enabled). Additionally, the polling driver has been sped up.

Configuration options for AutoTransport

Two new options have been added to AutoTransport to improve proxy handling for wininet-http and wininet-https:

• http_proxy_bypass: Configures which hostnames should bypass the proxy and use a direct connection. Use <-loopback> to allow localhost connections through the proxy.
• http_proxy_force_auth: Forces the use of a configured username and password immediately when connecting. This resolves issues where the Windows system account cannot use the proxy, but a specific http_proxy_user is allowed, especially in environments using Windows integrated authentication.

These options address specific use cases and enhance proxy configuration flexibility.

Reconnection delay

A delay has been introduced for reconnection attempts in cases where a network error occurs and the connection fails to establish fully. Previously, reconnection attempts were immediate, which could result in unnecessary retries.

The delay now ranges from 1 second to 30 seconds, increasing incrementally based on the number of retries.

Monitor detection and desktop duplication adjustment

When streaming begins and not all monitor outputs can be duplicated, the system automatically disables desktop duplication and switches to polling. This adjustment ensures proper functionality when multiple monitors are in use, addressing issues where some monitors may not appear as selectable.

Desktop lock verification

A system has been implemented across all desktop operating systems to verify the success of screen lock procedures authentication.

Previously, the issc_lock_desktop function could report a successful lock (notably on Win32 systems using LockWorkStation()), even if the screen was not actually locked. This discrepancy could lead to security vulnerabilities.

The updated system now verifies whether the lock procedure was successfully executed. If the screen lock fails, the session is terminated to ensure security compliance.

Upgrade to libdatachannel-0.22.2 and libjuice-1.5.7

We have updated libdatachannel and libjuice to their latest versions.

Bug Fixes

CPU Throttling Adjustments

After users reported performance issues during remote access sessions, our investigation identified areas for optimization in CPU throttling. As part of the improvements:

• Resolved a bug that caused desktop streaming crashes due to uninitialized values at startup.
• Adjusted CPU usage handling by forcing an update after 2 seconds during high usage scenarios.
• Introduced the option to disable CPU throttling by setting ISL_ISSC_CPU_THROTTLING=true.

These adjustments have resulted in improved performance and positive feedback from affected users.

Fixed closed sockets in AutoTransport (Windows, HTTP tunnels)

The HTTP tunnel (httpt-direct) has been updated to prevent the accumulation of TCP connections in the CLOSE_WAIT state. This issue, caused by the client not closing connections properly after the server terminates them, has been resolved to eliminate resource leaks and improve stability.

Fixed selected ISSC desktop driver name

In certain cases, once connected to a remote machine, the selected desktop driver was not displayed when polling/hooks were selected. The desktop driver selection process has been redesigned, and the selected driver should now display correctly.

This defect has been resolved.

Fixed cursor on macOS

An issue where the mouse cursor movement was not visible to the operator when the remote user (local side) moved the mouse has been resolved. This fix applies to macOS 10.12 and newer versions, ensuring that cursor movement is consistently displayed during remote sessions.

Other fixes & improvements

Bug fixes, and other improvements.

New Features

Faster Remote Desktop with Cloudflare Calls and Google STUN

The latest update to ISL Conference Proxy (ICP) optimizes remote desktop performance through improved ICE functionality, enabling faster and more efficient connections with expanded connectivity options.

By default, direct connections will use the Cloudflare Calls STUN address.

ICE functionality has been updated in ISL Conference Proxy to support Cloudflare Calls and Google STUN. The following updates were made:

• “List of ICE servers for RPC” setting under /conf -> ICE Configuration now defaults to: {{google}}, {{cloudflare}}, {{turn_servers}}.
• “Use Cloudflare Calls STUN Address” is enabled by default, so direct connections will use the Cloudflare Calls STUN address when the ICE server list includes {{cloudflare}}.
• “Use Google STUN Addresses” is disabled by default. When enabled, direct connections will use Google STUN addresses if included in the ICE server list.

The DB settings section has been renamed from “Cloudflare API Settings” to “Cloudflare Spectrum API Settings”. Error levels when Spectrum query credentials are not set have been reduced, and faster queries for Spectrum credentials are now performed.

Notify user about email or password change

ISL Conference Proxy now supports sending email notifications to users when their email or password is changed (whether by the user, a domain admin, or a server administrator). New server and domain-level settings have been added under /conf -> Configuration -> General -> Mail -> Templates, allowing you to customize email templates:

• Account name: This setting allows you to personalize the service name that appears in the email subject and body. For instance, the subject could display “[Account Name]: Reset Your Password”. If no name is specified, the installation or server name will be used, in that order of priority.
• Customer service URL: Define a support URL (e.g., www.support.company.com) or an email address (support@email.com) to use as the [customer_service_url] parameter in system emails. By default, this parameter is only included in the “Email Change Notification” template, but it can be added to other emails. If you don’t want to include a customer service URL, leave this field empty.
• Password change notification: When enabled, users receive email notifications when their account password is changed. These notifications do not include the new password for security reasons. If disabled, users will not receive any notifications for password changes. This setting is enabled by default.
• Email change notification: When enabled, users are notified when their account email is changed. These notifications help users stay informed about unauthorized changes. If disabled, users won’t receive any notifications for email changes. This setting is enabled by default.
• Mail template for password change notification
• Mail template for email change notification

Additionally, existing email settings have been reorganized into new groups, renamed, and enhanced with updated descriptions.

Email change notification > Password change

A new log subsystem, [Core] Change User Email (User Action), was added to record user email changes (whether by the user, a domain admin, or a server administrator).

Add icon for mobile platforms in computer and sessions list

Support has been added for displaying a mobile platform status icon for computers. When the platform is “Android”, a mobile icon is shown for connection status. If all connected clients are mobile, a mobile icon will be displayed, otherwise, a computer icon will be used. The icon for the number of connected clients has also been updated.

ISL AlwaysOn – ISL Light integration has been modified so ISL Light reports the operator’s platform.

ISL Conference Proxy > Sessions

Icons on the Sessions page have been updated as follows:

• Icons now adjust based on the client/operator platform.
• Sessions in the “Waiting for Client” state now display the operator’s icon (mobile/desktop).
• Sessions in the “Waiting for Operator” state now show the active icon (previously a grey icon).

File type check for web-based uploads

A file type check was added to ISL AlwaysOn for remote file uploads and downloads via the web. If a file type is not allowed, uploads or downloads will fail. Blocked and allowed file extensions are defined by the existing settings: “Blocked file extensions for user upload” and “Allowed file extensions for user upload”.

Configurable password history

A password history feature was added, preventing users from reusing recently used passwords. The default history size is 24 passwords, with a maximum of 100. Password history is updated only when users change their own passwords; administrative changes do not affect it. When a new password is added, older entries are removed to maintain the defined history size.

The following settings were added under /conf -> Security -> Password:

• Password history size: Specifies how many of a user’s recent passwords will be stored. Default: 24.
• Maximum password history size: Upper limit for the password history size. Default: 100.
• Minimum password age: Defines the minimum time between consecutive password changes. Default: not set.
• Password expiration interval (renamed to “Maximum password age”): Sets the maximum time allowed between password changes before the user is forced to change their password. Default: not set.

Emphasize join session warning

The warning “Only join sessions with people you recognize and trust!” has been emphasized across all session types (ISL Light, ISL AlwaysOn, ISL Groop), including older versions of the session pages and the mobile join page.

ICP > Join Page > Thank you for downloading (Client)

Customization .zip upload support

Support for uploading customizations as .zip files was added. The .zip must contain a manifest.json file and customization files (files listed in the manifest), following this format:

{
    "type": "customization",
    "name": "my_customization",
    "default": "1", //This is set to 1 only if you want to apply this customization as default server wide
    "spec": [
        {
            "key": "program_setting::ISL+Light::grid_nice_name::system",
            "value": "Example ICP Grid"
        },
        {
            "key": "program_setting::ISL+Light::icon",
            "value": "icon.png"
        }
    ]
}

Limit GRID file transfers file size

File transfers via GRID storage are now limited to a maximum of 256 MB. Attempting to transfer files larger than this will fail.

Android Device Limit

A new setting, “Maximum number of owned remote access Android devices within a domain”, was added to limit the number of Android devices that can be owned for remote access within a domain. This setting can be found under /conf -> ISL AlwaysOn -> Owned Remote Access Devices Limit.

If users attempt to add more Android devices than allowed, an error message will appear, indicating that the maximum number of owned devices has been reached. Note that Android devices shared with the user do not count toward this limit.

Minimum window size in ISL Pronto

New settings for ISL Pronto have been added to enforce a minimum size for the browser chat window. The new settings are:

• Minimum chat window width: This setting specifies the minimum width of the chat window in pixels, including the width of the vertical scroll bar (if present). It excludes any toolbar, window chrome, or resizing borders/handles. The chat window will automatically resize to this minimum if reduced below the set width.
• Minimum chat window height: This setting specifies the minimum height of the chat window in pixels, including the height of the horizontal scroll bar (if present). It also excludes any toolbar, window chrome, or resizing borders/handles. The chat window will automatically resize to the minimum height if reduced below this size.

Use consistent subjects in ICP system mail

The email subject prefix “ISL CP” has been replaced with “ISL Conference Proxy” for consistency. Subsystem emails now include the prefix “ISL Conference Proxy: “ to ensure uniformity across all emails.

ICP Go TLS Client

TLS client support with public certificate checking using the trusted system certificate store has been added. Two features were introduced:

• A new SMTP connection type, “SSL/TLS”.
  • existing types were renamed to “STARTTLS without certificate check” and “SSL/TLS without certificate check”
• Existing types were renamed to “STARTTLS without certificate check” and “SSL/TLS without certificate check”.

Additionally, the Map Path to HTTP Backend now includes the option ssl=1 to enable HTTPS (e.g., {path=/test123&remote=www.google.com&ssl=1}).

Added Authorization header to HTTP event sender

A new setting, “Global HTTP Events Authorization Bearer Token”, was added under /conf -> Integration. Similarly, the “Per-domain HTTP Events Authorization Bearer Token” was introduced in the domain settings. When set, the Authorization header will be added to HTTP event senders with the value Bearer VAL, where VAL is the value of the setting.

Require Windows 10 / Windows Server 2016

The minimum required version for running ISL Conference Proxy on Windows has been raised to NT 10.0, meaning Windows 10 or Windows Server 2016 is now required.

Introduce new web version v2400 and switch default to v2400

A new web version, “v2400”, has been introduced and is now the default. Web pages from version v2200 were copied to v2400.

Update database to GeoLite2-City 2024-11-01T16:05:45Z

Updated GeoIP to use the database GeoLite2-City 2024-11-01T16:05:45Z.

Upgrade OpenSSL to 3.0.15

OpenSSL was updated to 3.0.15, osslsigncode tool was updated to version 2.8.

Upgrade to Go 1.22.1

Go was upgraded to 1.22.1.

Upgrade to libxml2 2.12.9

Libxml2 was upgraded to version 2.12.9. Libxslt was upgraded to version 1.1.40.

Bug Fixes

Bulk delete of computers in computer group

In previous versions, bulk deletion of computers was not allowed if some computers were shared. This has been redesigned—deletions are now performed in a loop, and failed attempts are tracked. If a computer cannot be removed due to insufficient permissions, its name will appear in the error message. If all succeed, a success message will be shown.

The defect was fixed.

Do not show computer or computer group owner in the list of shared users/user groups

In previous versions, the computer owner was shown in the “Share Computer” modal under the “Selected” tab. The owner is no longer shown in the “Selected” tab and is disabled in the “Users” tab. The “Selected” table now displays “No results” when the computer or group is not shared with any users or groups.

The defect was fixed.

Users and user groups lists does not load additional items when bottom of list is reached

In previous versions, the list of users did not always load fully when sharing groups. This has been redesigned to ensure additional items load when the bottom of the list is reached.

The defect was fixed.

Show actual reason for killed session instead of generic concurrent error 

In previous versions, when an ISL Light session was terminated before starting, a generic error message indicated that the concurrent limit was reached. The error message has been redesigned to display the correct reason for the termination, such as being terminated by the user or server.

The defect was fixed.

Administration – Use FixPublicCodeAPI

In previous versions, creating external groups did not set the public code, causing the group to be invisible in the Administration pages. This has been redesigned so that public codes are always set.

The defect was fixed.

Operator end chat permission

A new setting was added to allow or disallow ISL Pronto operators to end chats. The new setting is “Allow operator to end chat”.

Other fixes & improvements

Security updates, bug fixes, added missing translations, and log improvements were made to enhance stability, security, and performance.

New Features

Remote access for Android devices

With the new ISL Light for Android, you can remotely access Android devices, including smartphones and tablets. Once remote access is configured on an Android device, it will appear under the Computers tab in ISL Light (desktop or mobile app), allowing you to access and manage the Android device at any time.

Note: Full Remote Control (remote user has full control of your mobile device (rather than view only), and Unattended Access (remote access without user confirmation) are supported on:
• LG devices (add-on downloaded automatically)
• Cyrus devices (add-on downloaded automatically)
• Honeywell devices (add-on downloaded automatically)
• Zebra devices
• Samsung devices (if using Samsung Knox)

Devices without specific add-ons will require confirmation for remote access session and permit only viewing access. For other devices, please contact support. A universal add-on that supports more devices is planned for release soon.

ISL Light (Desktop App) > Computers > Android device aka Google Pixel 9

Additional management options are now available, allowing users to enable or disable remote access directly on the Android device and to manage access credentials by setting or changing the main or connection access passwords. Users can also manage the list of accounts who have access to the device, providing expanded control over Android device management.

ISL Light (Mobile App) > Remote Access

Transition to codebase v4

ISL Light for Android has migrated from v3 to the v4 framework, bringing re-implemented support for Samsung Knox, redesigned chat, and enhanced v4 plugin integration for audio, and screen-sharing capabilities. This update includes improved session control, viewer options, and system information support, along with high-quality desktop streaming and new translation support.

Connect options for remote access

ISL Light for Android now includes support for connect options within the remote access computer information screen, matching the options available on the desktop version. These options will be saved for the next session on mobile device if the connection is successfully established.

ISL Light (Mobile App) > Computers > Computer > Connect Options

Audio/Video call

ISL Light for Android now supports audio or video call, with ringtone alerts for incoming calls.

ISL Light (Mobile App) > Session > Audio/Video Call

Raise target SDK to version 34

ISL Light for Android has raised the target SDK to version 34 to comply with Google Play’s requirement for apps targeting Android 14 (API level 34) or higher, effective August 31, 2024. The following updates were made:

• Android SDK: Updated from version 33 to 34
• Gradle: Updated from version 4.10.2 to 7.5
• Android Gradle Plugin (AGP): Updated from version 3.2.0 to 7.4.2
• sourceCompatibility: Updated from VERSION_1_8 to VERSION_11
• Android Studio: Required upgrade from Chipmunk 2021.2.1 Patch 2 to Koala 2024.1.1 Patch 2

Bug Fixes

Session start issue on non-default server from web

An issue prevented session start when initiated from a web browser with a non-default ISL Conference Proxy server in ISL Light. The functionality has been redesigned, and the issue is resolved.

File storage access issue on Android 11+ devices

On Android 11+ devices, users could not download files from the Files tab due to outdated permission handling. The app now checks the device’s Android version, requesting permissions on Android 10 and lower, while allowing direct downloads on Android 11+ without additional permissions.

Incorrect black screen button state

The black screen button did not update when the remote user ended the black screen. This functionality has been corrected, and the button state now reliably reverts to ‘Enable Black Screen’ as expected.