1. The load balancer now supports automatic failover between configured nodes.
   
2. ChangeDB.bat, the Windows batch file for migrating ADSelfService Plus to an external database, now supports transferring existing data through its GUI.
   
3. Admins can now receive notifications when the SSL certificate used in ADSelfService Plus is nearing expiration.
4. The macOS login agent is now supported for macOS 26 Tahoe.
5. Linux machines running CentOS versions 8.x - 9.x can now be secured with machine login MFA.
6. The exported Enrolled Users Report now includes each user's enrolled authenticators as a separate column for easier tracking and auditing.
7. Super admins can now view Conditional Access (CA) policies configured by other admins in read-only mode. The ability to edit a CA policy remains restricted to the default admin and the policy creator.
8. The JRE version used in the product has been updated to Zulu 8.92.0.19.
9. The Tomcat version used in the product has been updated to 9.0.117.

Issue fixes

1. ADSSP-11396: An issue where Password Policy Enforcer rules were not applied using the password sync agent when new users' passwords were reset using native tools has been fixed. This issue occurred when users were created on DCs other than the one with the highest priority in ADSelfService Plus.
   
2. ADSSP-15665: Authentication issues that occurred during RSA SecurID MFA have been resolved. These issues were caused by new parameter requirements introduced in RSA Authentication Manager 8.8.
   
3. ADSSP-15291: A performance issue that occurred when a large number of Soon-to-expire Password Expiry notifications were triggered simultaneously has been fixed.
4. ADSSP-11855: An issue where users under a policy created by copying an existing policy were prevented from logging into ADSelfService Plus has been fixed. This issue occurred from builds 6100 to 6526.
5. ADSSP-11870: An issue that prevented MFA for Exchange/OWA when a very large number of MFA requests originated from a single Exchange API endpoint has been fixed.
6. ADSSP-15454: An issue that prevented the ADSelfService Plus built-in database from being backed-up automatically when High Availability or Load Balancing was configured has been fixed. This issue affected builds 6513 to 6526.
7. ADSSP-15769: An issue that prevented the Security Question and Answer report from being generated when a large number of users were enrolled for Security Question and Answer has been fixed.
8. ADSSP-15144: An issue which prevented machines listed across multiple pages in the GINA/macOS/Linux Installation Report from being selected simultaneously has been fixed.
9. ADSSP-15120: An issue which prevented radio buttons and checkboxes within the ADSelfService Plus web portal from being selected using touch screens on laptops and monitors has been fixed.
10. ADSSP-15094: A validation issue in the soon-to-expire password notifications scheduler that occurred when mobile numbers contained spaces has been fixed. This issue occurred from builds 6513 to 6526.
11. ADSSP-15748: Trailing spaces and duplicate SameSite attributes in the Set-Cookie browser header message have been removed.
    
12. ADSSP-23300: A display issue in the Windows login agent caused by mismatched encoding types has been fixed.
13. ADSSP-23629: An issue causing permission set failures for user accounts when installing the NPS Extension on machines set to a language other than English has been fixed.
14. ADSSP-22772: The reset/unlock login agent link can now be repositioned to the left corner of the login screen on macOS machines.
15. ADSSP-22840: I18N resource key updates for languages other than English has been added on the Windows and macOS login agents. GIF loading on offline machines has also been streamlined.
16. ADSSP-23108: An issue that prevented SAML SSO configuration by recognizing ACS URLs as valid only when the URLs contained root domains has been fixed.
17. ADSSP-23360: Password policy rules displayed to users when changing password from the machine login (Ctrl+Alt+Del) screen on Windows machines are now aligned correctly. Admins can also hide the How do I sign into another domain? link on the machine login screen and the Change Password page, using registry parameters.
18. ADSSP-15879: An issue where password synchronization with Microsoft 365/Entra ID failed when DisplayName was selected as the target attribute has been fixed. This occurred because the correct Azure environment for the user was not looked up, causing the sync to fail.
19. ADSSP - 23457: Fixed a rare issue in builds 6407–6526 where SSO-initiated logins could result in MFA failures and inconsistent audit records.
    

• The Apple Push Notification service certificate for the ADSelfService Plus iOS app has been renewed. 

1. The 7-Zip compression library used to archive ADSelfService Plus database backups has been updated to version 25.01.

Issue fixes

1. A potential broken authentication access vulnerability has been fixed.

2. An issue that prevented SMTP SMS notifications from being sent via ADSelfService Plus has been fixed.

3. An issue where user logins were met with a "You do not have the permission (rights) to access the self-service features" error has been fixed. This issue occurred when more than 50 domains were configured in ADSelfService Plus.