Zscaler App 1.1.2 includes the following improvements and fixes:
Limited Availability: The Zscaler App Portal has been enhanced to act as an Identity Provider (IdP) for the Zscaler service. This feature provides support for silent authentication with Hosted Database and SAML-based single sign-on by enabling the Zscaler App to auto-provision devices and users for the Zscaler service. The App does this by gathering the user ID from a device when it enrolls with the Zscaler service and employs a device token parameter that must be predefined in the Zscaler App Portal.
Fixes an issue where Windows devices could not reach some IP routes because older routes were not removed after the Zscaler App tunnel changed states from Connected to Fail Open, or vice versa. This was due to a known issue where, after such tunnel state changes, the Windows OS could not follow updated routes in the routing table. Cached routes are now removed from the device when adding new routes.
Fixes an issue on the Mac OS X version of the Zscaler App where user login failed due to an error that prevented the web browser engine, WebKit, from redirecting URLs to the Zscaler App.
Fixes an issue where HTTPS sites on non-443 ports were not loading through the Zscaler App when it was in Tunnel with Local Proxy mode. The Zscaler App considered CONNECT requests on non-443 ports to be HTTP requests in local proxy mode, leading to connection failures that resulted from the lack of a port for Server Name Indication (SNI).
Fixes an issue where PAC files on Internet Explorer browsers were being removed after system restart (PAC files on Chrome and Firefox browsers were not affected). Now the Zscaler App removes the existing PAC file, if any, after restart, and then enforces the PAC file as configured in the Zscaler App profile.
Fixes an issue where a user may encounter an Intermediate Authentication Error when the Zscaler App auto-updates immediately after login. This issue was reported only when the Zscaler Central Authority (CA) experienced high loads and the registering device failed. As a workaround, the Zscaler App attempts to authenticate again after one minute when it encounters this error.
Fixes an issue where the Zscaler App was not returning the correct local proxy PAC file when running in Tunnel with Local Proxy mode.
Fixes an issue where the Zscaler App was incorrectly responding to DNS SRV record queries for Zscaler Private Access when the number of DNS resolution requests dropped in volume.
Fixes an issue with the ZPA service where requests for access to an internal application occasionally received a response from a different internal application provisioned for the user.
Fixes an issue with the ZPA service where Kerberos authentication failed for certain applications.
Fixes an issue with the ZPA service where users intermittently could not reauthenticate after an expired session.
Fixes an issue with the ZPA service where DNS resolution for applications intermittently failed.
On September 6, 2016, Zscaler App 1.1.2.000025 was released and included the following minor fixes.
Fixes an issue where the Zscaler App returned invalid characters in Unique Device Identifiers (udid) for Windows devices.
Fixes an issue where the latest version of the Zscaler App was not installed during auto-updates on Windows devices.
Fixes an issue where on Windows devices, the Zscaler App icon was visible in the system tray and taskbar, but users could not launch the App with the icon.
Fixes an issue where the Windows version of the Zscaler App experienced configuration file corruption in certain cases.
On September 26, 2016, Zscaler App 1.1.2.000036 was released and included the following fix:
Fixes an issue users faced upon fresh installation of Zscaler App version 1.1.2.000025, where Windows 7 PCs did not support Zscaler App Network Adaptors signed with SHA-2 certificates. Before this version, the Network Adaptor was signed with a SHA-1 certificate. For improved security, in App version 1.1.2.000025, the Network Adaptor was signed with a SHA-2 certificate. However, to support SHA-2 certificates, Windows 7 PCs require installation of the Windows 7 Service Pack 2, and even after installation, users see an “Untrusted Publisher” dialog box because Windows 7 does not support SHA-2 certificates for kernel mode drivers. To avoid this issue, Zscaler recommends that organizations with Windows 7 PCs in their organization skip version 1.1.2.000025 and deploy this newly released version, 1.1.2.000036.
The Zscaler App now sends CONNECT requests to www.zscaler.com to check the health of Zscaler Enforcement Nodes (ZEN). Previously, the App sent CONNECT requests to www.google.com for this purpose, but users in China faced issues due to the country's block on google.