Technical Changelog

This page contains the technical changelog and is intended for an experienced audience. You can find the release notes containing a lot more explanation here →.


  • Java support
    • Starting with Relution 5.18.0, Java versions below Java 17 are marked as deprecated. Please migrate to Java 17. Support for older Java versions will be dropped with a future release.
    • Compatibility with older Java 11 patch versions: Please make sure to use at least Java 11.0.12 or newer
  • MariaDB support
    • Relution will start requiring MariaDB 10.6 or higher with a future release. Device groups (beta) are not supported on versions below MariaDB 10.5
    • MariaDB can run into a caching issue when creating database views on older versions due to a bug. Please make sure to use the latest patch version of your respective minor version (MariaDB MDEV-17124)

Version 5.19.5


  • Optimized memory usage for the LDAP connector [REL-2032] [REL-2133]
Important Fixes
  • Bound cluster communication to local port 7800 instead of a random port [REL-2317]

Version 5.19.4


  • Allow login for LDAP users with non-matching user DN [REL-2270]

Version 5.19.3


  • Set default location permissions of Agent on managed Android Enterprise devices based on COD location settings and allow to override default Agent settings with a manage apps configuration [REL-1829] [REL#225955] [REL#227344]
Important Fixes
  • Resolve potential performance issue of database migration for 5.19.0 [REL-2202]
Minor Fixes
  • Add missing permissions to Portal dynamic role configuration view and make settings visible for users having only LDAP settings permissions [REL-2195]
  • Display iOS WiFi configuration EAP details for published policy versions [REL-2197] [REL#227354]

Version 5.19.2


Minor Fixes
  • Adjust imprint floating behaviour on login page [REL-2185]
  • Adjust allowed checksums for liquibase changes for instances with PostgreSQL or SQL Server which had 5.19.0 installed before [REL-2154]
  • Fix SQL Server failing to acquire device group lock due to FOR UPDATE clause allowed only for DECLARE CURSOR [REL-2165]

Version 5.19.1


Important Fixes
  • Fix failing of database migration to duplicate entries in filter_holder_acl table which should not exist on productive systems. Migration was updated so that this defect is dealt with appropriately [REL-2154]

Version 5.19.0


  • Support Android Enterprise devices in Secure Mail Gateway by identifying them as Android devices and add the placeholder ${device.exchangeDeviceId} for managed configuration [REL-909]
  • Allow blocking users automatically after a configurable set of consecutive failed login attempts [REL-693]
  • Add support for IP blocking in system organization [REL-1199]
  • Add script configuration for Windows [REL-1329]
  • Add action to locate Windows devices [REL-1469]
  • Add default permission roles in the system organization. The system groups created automatically for each organization now get these permission sets attached [REL-1480]
  • Support setup of OIDC single sign on via Portal, also server wide via store organization [REL-840] [REL-841]
  • Display deleted and withdrawn devices in a separate device view [REL-1198]
  • Display all devices of the server in the device inventory of the store organization [REL-1375]
  • Add dynamic links to navigate from the Dashboard to the data sources [REL-1613]
  • Show information about the assigned user in device inventory list [REL-1591]
  • Add support for VPN on demand rules to additional VPN types [REL-1421]
  • Throw explicit error when trying to access Relution using a login cookie without SSL when not originating from localhost and cookie secure flag setting now depends on how the client accesses the Relution server. Correct setup of reverse proxy forward headers is required [REL-1766]
  • Remove message prefix in the action message column of the action table in a device [REL-1478]
  • Add deep link to windows landing page and use access token for login page [REL-1565]
  • Add option to use placeholders in script content [REL-525]
  • Display warning when Azure group could not be synced because group with same name already exists [REL-1007]
  • Keep only the latest pending, successful and failed education action of each device to limit excessive growth of device action history [REL-1371]
  • Simplify VPP app association for single device to improve performance [REL-1611]
  • Display the configured privacy policy of the server on the enrollment landing page during an Apple enrollment [REL-1644]
  • Prevent triggering additional VPP syncs when encountering error 9646 (too many requests) [REL-1760]
  • Simplify parsing in Relution SCEP servlet [REL-790]
  • Display supplemental build version in iOS system details [REL-1349] [REL-1771] [REL-1860]
  • Remove unknown ownership column from device management settings [REL-1477]
  • Apply Angular Material Design Components (MDC) migration [REL-1496]
  • Remove modes from location sharing from Android Enterprise policies that are no longer supported by Google [REL-1586]
  • Use locally served GAPI scripts instead of loading it from remote [REL-1866]
  • Restrict the selection of dynamic permission roles to permissions which are available in the organization of the role [REL-1871]
  • Add support for additional WiFi EAP modes for Android Enterprise [REL-356] [REL#224386]
  • Support deployment of AE WiFI EAP TLS certificates [REL-1497] [REL#225686] [REL#226256]
  • Restrict LDAP UI feature to paid licenses [REL-1789] [REL-1790]
  • Perform automated VPP app updates on all Apple platforms [REL-1652]
  • Use Apple product name for ‘model’ column content on CSV export [REL-1583] [REL#226423]
  • Rename installed app list column name ‘Publisher’ to ‘Managed App’ [REL-1849]
  • Filter data received on cluster port before deserialization [REL-2136]
Important Fixes
  • Fix LDAP UI incorrectly using the teacher’s search scope for classes and never setting the teacher’s search scope [REL-1841]
Minor Fixes
  • Attempting to sign in with invalid credentials is logged as a warning again [REL-1756]
  • An installer (msi/exe) writing a single new line to Standard Error is no longer treated as a failed uninstallation [REL-1224]
  • Allow legacy Relution clients to update device details [REL-1459]
  • Fix LDAP connection check without a port, because the server incorrectly used 386, instead of 389 as default [REL-1616]
  • Do not query for activation lock bypass code on Shared iPads as it is not applicable in this case [REL-1832]
  • Certificate Authority or Certificate Template update delete does not delete issued certificates [REL-1884]
  • Immediate update of dynamic device groups filtering on device name [REL-900]
  • Add drag and drop delay to list column selectors on mobile devices, to allow scrolling and dragging via the same gesture [REL-1403] [REL#226035]
  • Fix update of device names via CSV [REL-1526]
  • Update underscoreJS to fix CVE-2021-23358 in enrollment landing page [REL-1730]
  • Fix handling of Android Enterprise system update configuration start and end time fields [REL-1827] [REL#226800]
  • Enable ‘Add’ button in installed apps list for iOS and macOS user enrolled devices [REL-1849]
  • Fix display of editing a device name in the device inventory [REL-351]
  • Add missing icon label to the add shortcut action [REL-677]
  • Remove unsupported filter type ‘BuiltIn’ from macOS Web Content Filter configuration [REL-687] [REL#224941]
  • Fix clear selection button when editing assigned user of a device [REL-1619]
  • Fix null as CN of Apple device identity certificates for devices enrolled with legacy certificates. Also fixes repeated unnecessary MDM profile updates [REL-2125] [REL#227063]
  • Android agent is correctly auto-deployed when native iOS agent is present in store [REL-2009]
  • Avoid unnecessarily reapplying currently inactive policies when refreshing device information [REL-2122]

Version 5.18.2


  • Support usage of Relution client apps on enrolled devices with users requiring MFA [REL-1620]
Minor Fixes
  • Fix failure of LDAP UI connection checks for non-LDAPS connections without an explicitly specified port. The server incorrectly used 386, instead of 389, as default [REL-1616]
  • Remove orphaned entries in role, user and group tables to ensure migration of organization column works as expected, especially on long-running Relution servers [REL-1625] [REL#226517]
  • Fix restoring certificates previously marked as deleted in settings [REL-1629]

Version 5.18.1


Important Fixes
  • Resolve a potential performance issue when accessing the security_group_members_view introduced with 5.18.0 [REL-1588]
Minor Fixes
  • Fix automated deployment of Relution Files when having a Files configuration but no required app [REL-1582] [REL#226421]
  • Fix filter menu header overlapping first filter [REL-1585]

Version 5.18.0


  • Mark Java below 17 as deprecated and adjust requirements and installation guide [REL-1257]
  • Add option configure LDAP connections via UI [REL-1511]
  • Add public dynamic permission role support in the store organization [REL-1373]
  • Add option to enable and retrieve the activation lock bypass code on supervised iOS/iPadOS and macOS devices [REL-1140] [REL-1144]
  • The impersonation of arbitrary users available to the system administrator using the portal UI can now be disabled by setting in application.yml configuration [REL-1063]
  • Set default location permissions of Companion on managed Android Enterprise devices based on COD location settings [REL-1436] [REL#225955]
  • Allow to override default Companion for Android Enterprise settings with a manage apps configuration [REL-1436]
  • Display compliance violation details for Android Enterprise restrictions configurations [REL-1037]
  • Add option to enforce bluetooth in lessons [REL-1102]
  • Add action to enable or disable bluetooth on iOS or macOS devices [REL-1149]
  • Configure log levels via Relution API [REL-1195]
  • Configure certificate and key via new signer properties and support standard certificate formats [REL-946]
  • Log stack trace on ERROR level by default [REL-1197]
  • Drop app-installation repeat logic for un-managed apps to force app-updates. [REL-1328]
  • Add option to specify JWT secret key and signature algorithm via configuration properties. When no secret is specified, servers create an ES512 key pair automatically on first start. For existing servers this will happen immediately after update, so that they benefit from improved security. As a consequence users need to authenticate and are asked for credentials. [REL-1411]
  • Display the enrollment type and platform in the device header box [REL-1067]
  • Display the external ID at the device information page of Windows and Android Enterprise devices [REL-1262]
  • Update portal dependencies to Angular 15 [REL-1359]
  • Add badges for AP7 only features in the Promethean configuration [REL-690]
Important Fixes
  • Execute policy assignments in sequential mode, to avoid deadlocks on SQL server [REL-1274]
  • Use BYTEA instead of OID data type on PostgreSQL for and sso_login_request_state.request [REL-511]
  • Avoid Apple devices having broken identity certificates after restoring from a time machine backup [REL-1062]
  • LDAP correctly accepts alternate names for ldap-base (ldapBase, ldap_base), manual mappings, synthetic groups and group roles [REL-1038]
Minor Fixes
  • Correct database transaction boundaries in periodic cleanup operations and some other cases [REL-1178]
  • Fix the iOS VPN configuration payload generation, when it defines a specific provider type [REL-1276] [REL#225610]
  • Set MFA status correctly after unimpersonation [REL-1282] [REL#225832]
  • Fix stopping of education lesson with deleted course [REL-1348]
  • Adjust device inventory database view (mdm_dvc_view) to match correct set of devices on Aurora, MySQL and MS SQL Server [REL-1449]
  • Fix OS names in device header box for Android Enterprise devices [REL-1067]
  • Fix LDAP group selection for rule set action modal. [REL-1230]
  • Fix clearing the selection of LDAP users or groups for rule set action modal. [REL-1230]
  • Fix LDAP group selection in the user details form [REL-1242]
  • Adjust displayed version in policy applied on devices view [REL-1277]
  • Sorting by version column in policy applied on devices view [REL-1277] [REL#225238]
  • Fix dialog actions not being visible on desktop screens which are zoomed to 125% [REL-1283] [REL#225832]
  • Fix saving of fields when editing an app [REL-1284] [REL#225840]
  • Fix access to home organization details for mulit-tenant user in system organization [REL-1311]
  • Deactivate delete action for externally provided courses [REL-1406]
  • Fix the search icon size in Android Enterprise managed app configuration, and add missing translations [REL-375]
  • Android Enterprise Home Screen Layout light and dark theme are applied when no wallpaper is defined [REL-1564] [REL#226352]

Version 5.17.5


Important Fixes
  • Show local login option also on the organization login page [REL-1476] [REL#226247]
  • Always display the correct SAML2 provider name [REL-1476] [REL#226247]

Version 5.17.4


  • Allow to override default permissions of the Companion for AE on managed devices with a Manage Apps configuration [REL-1423]
Important Fixes
  • Fix login and token handling, especially for users requiring MFA [REL-1404] [REL-1411] [REL#226085] [REL#226086] [REL#226093]
Minor Fixes
  • Ensure LDAP connections revert to correct bind context after user authentication errors [REL-1414]
  • Adjust redirect handling during user registration [REL-1420]

Version 5.17.3


Important Fixes
  • Fix wrong MongoDB database name if connection string is used [BR-11479]

Version 5.17.2


Important Fixes
  • Allow users of other organizations, to login via the custom login screen of the store organization, during the DEP login process [REL-1327] [REL#225885]

Version 5.17.1


Important Fixes
  • Use the updated designated VPN identifier from app to VPN mapping when installing managed apps [REL-1297] [REL#225863]

Version 5.17.0


  • Allow configuring scheduled activation and deactivation of policies [REL-849]
  • Add support for exporting and importing dynamic permission roles via JSON files [REL-952] [REL-953] [REL-1026] [REL-1027]
  • Create a Home Screen Layout Configuration for Android Enterprise devices when starting a lesson [REL-684]
  • Add setting to disable users after a configurable amount of consecutive failed login attempts [REL-851] [REL-852]
  • Show a script history for latest script execution results and errors [REL-958]
  • Keep the latest IPv4 address devices connected from and the country the address is associated to, and add a history entry when this country changes [REL-703] [REL-704] [REL-705]
  • Add a dashboard widget displaying devices grouped by country based on the latest known IP address and roaming status [REL-701]
  • Display ICCID and roaming status in device inventory and device details [REL-698]
  • Support user CSV import in system organization [REL-1025]
  • Show organization specific login page during DEP login process instead of the generic login page [REL-947]
  • Update design of settings overview including adding a keyword-sensitive search [REL-371]
  • Renew Apple push certificates, valid until February 2024. The previous ones will expire in October 2023 [REL-654]
  • Allow configuring login management settings of the system organization [REL-890]
  • Show that Windows Companion is not supported on Windows Home edition and do not try to install it or trigger actions only available with it [REL-896] [REL-981]
  • Add notification if the used Java version is deprecated and will soon be no longer supported [REL-950]
  • Add auto update mode to Android Enterprise Policy [REL-375]
  • Save large script execution output as a separate resource [REL-402] [REL-866]
  • Display the installed certificates in the device information page for macOS and tvOS devices [REL-1069]
  • Add setting to disallow guest sessions on a Shared iPad to iOS/iPadOS restrictions [REL-895]
  • Add new Android Enterprise configuration to manage Always-On VPN [REL-373]
  • Add new Android Enterprise configuration to configure a personal profile on a managed device [REL-386]
  • Add auto update mode setting to Android Enterprise App compliance policy [REL-749]
  • Add preferential network service settings to Android Enterprise restrictions [REL-383]
  • Add stay on plugged modes and maximum time to lock for Android Enterprise kiosk configuration [REL-827] [REL-828]
  • Replace deprecated microphone disable, camera disable and auto date and time zone settings in the Android Enterprise Restriction configuration [REL-378] [REL-380]
  • Add encryption policy property to Android Enterprise Advanced Security Overrides configuration [REL-381]
  • Show details of health status for users with SYSTEM_HEALTH permission, also when using an access token [REL-1121]
  • Adjust VPNUUID value for Apple per app/account VPN configurations to optimize behaviour during policy changes [REL-1147]
  • Let the device base info endpoint /api/v1/devices/baseInfo now also use the inventory database view which leads to slight changes in the response model [REL-275]
  • Allow configuration of setup modes in the WiFi configuration for macOS [REL-1118]
  • Improve the performance of the installed app list of devices [REL-590]
  • Add general endpoint to enable cancellation of internal actions for users with the respective permission [REL-600]
  • Update Spring Boot to 2.7.8 which includes support for Java 17 [REL-74]
  • Reduce WARN log messages for VPP assignment failures [REL-806] [REL#225066]
  • Update enrollment settings since Google no longer enforces a 90 day limit for Android Enterprise enrollments [REL-1116]
  • Optimize display of policy status in device compliance details [REL-264]
  • Show the current version of the Windows companion in the Settings and make Processor architecture in device details easier to read [REL-555]
  • Display the username field in Apple WiFi configurations when only TLS is selected as EAP type [REL-977] [REL#225413]
  • Automatically provide organization unique name on organization specific login page to bind login to the given organization [REL-990]
  • Show Android classic devices having a given public app installed even though deployment is not supported in this case [REL-1045]
  • Make connect timeout and response timeout for LDAP configurable in application.yml [REL-1225]
Important Fixes
  • Resiliently handle broken content-type response header of in secure mail gateway [REL-992]
  • Ensure that a DEP account with too long meta data can still be created [REL-1091] [REL#225598]
  • Remove extra license checks in courses API [REL-920] [REL#225354]
Minor Fixes
  • Fix permission check in CSV device import [REL-843] [REL#225037]
  • Fix Query Device Info messages stuck on state “Delivered” for some Windows Devices [REL-869] [REL#225180]
  • Allow configuring column dimensions of license allocation table [REL-959] [REL#223574] [REL#225292]
  • Fix loading of large app metadata for Windows Store apps [REL-870] [REL#225159]
  • Ensure Windows wallpaper text placeholders will be replaced correctly [REL-533]
  • Prevent displaying out-dated Azure AD sync results [REL-575]
  • Support triggering refresh device information action via Relution Agent on Android Enterprise [REL-798]
  • Disable affiliation changes for courses synchronized via LDAP [REL-820]
  • Fix the disabled state of the setup guide Policy configured step [REL-998]
  • Ensure that the state of the device policy reflects the compliance violation state of the device [REL-1175]
  • Fixed deletion dialog in device inventory [REL-799]
  • Reduce default connect timeout for LDAP to ensure health check doesn’t block indefinitely [REL-1225]

Version 5.16.8


Important Fixes
  • Remember authentication of SingleSignOn provider [BR-11274]

Version 5.16.7


  • Make pub/sub able to gracefully handle intermittent loss of database connectivity [REL-963]
  • Optimized SQL query to retrieve the type of the last delivered action for a device [REL-986]
Important Fixes
  • Resiliently handle broken content-type response header in secure mail gateway [REL-992]

Version 5.16.6


Minor Fixes
  • Work around an issue where the Android Management SDK fails to serialize a device returned by itself when disabling devices [REL-908]

Version 5.16.5


  • Generate device certificates based on a given CA or intermediate certificate with key without using an external certificate authority [REL-559]
Minor Fixes
  • Attach device to new enrollment on re-activation to ensure lookups work as expected [REL-902]

Version 5.16.4


  • Ensure all Android Enteprise device models enrolled with COPE are not non-compliant due to keyguard restrictions [REL-874]
  • Ensure Android Enterprise devices running old Android versions do not get non-compliant due to unsupported app permissions [REL-876]

Version 5.16.3


  • Acknowledge incoming Android Enterprise enrollment requests when trying to enroll devices with deleted enrollments to prevent Google from sending the message again [REL-867]
  • Optimize rare case where Android Enterprise compliance violation detail status updates where not acknowledged to prevent Google from sending the message again [REL-867]

Version 5.16.2


  • Reintroduce Android Enterprise status handling for expired enrollments or confirmed deleted devices disabled in 5.16.1 without triggering any device deletion [REL-845]
Important Fixes
  • Ensure Android devices with work profile are not subject to enforcement rules they cannot comply with [REL-845]
Minor Fixes
  • Ensure the update OS action is shown in all device action lists [REL-861]

Version 5.16.1


Important Fixes
  • Do not delete Android Enterprise devices when Google sends enrollment messages for existing but no longer valid enrollments [REL-603]

Version 5.16.0


  • Support for MFA with TOTP or email on user login in Relution Portal. Can be enabled in settings and required for users having specific roles. Support in the Relution clients will be added with one of their next releases [REL-127] [REL-317] [REL-318] [REL-477] [REL-480] [REL-481] [REL-517] [REL-516] [REL-518] [REL-519] [REL-696]
  • Support reboot and shutdown action on macOS devices [REL-186] [REL-188]
  • Add 802.1X Global Ethernet configuration for macOS [REL-197]
  • Add support for viewing and managing all lessons. With the upcoming release of Relution Teacher, users with the required permissions will be able to see an overview of all lessons, including a history of each lesson, and to modify or finish still running lessons [MDM-25182] [REL-336] [REL-337]
  • Allow managing PowerShell scripts in Relution and executing them on Windows devices [REL-405] [REL-410] [REL-412] [REL-413] [REL-414] [REL-428] [REL-578]
  • Add refresh cellular plans action for iOS (eSIM) [REL-454]
  • Show and allow editing course membership in user edit form [REL-424] [REL-502]
  • Add Windows SharedPC configuration [REL-393]
  • Added getting started guide [REL-81] [REL-82]
  • Support PKCS12 certificates by Windows WiFi and VPN [REL-504]
  • Use database view for device base info endpoint to enable sorting for additional columns in device inventory and improve its performance [REL-275] [REL-616]
  • Add Freeform to known iOS System Apps [REL-528]
  • Allow declaring required permissions in a more streamlined way [REL-580]
  • Remove legacy Windows device reactivation [REL-352]
  • Use organization’s default language as fallback to search public app store [REL-196]
  • Support forgot-password feature in clustered installations by sharing state using the database [REL-220]
  • Remove implementation and database entities concerning legacy disabled app signing and publishing feature [REL-364]
  • Report additional database, operating system and Relution configuration parameters when requesting license information [REL-390]
  • Add support for formatting 22H2 Windows versions for display [REL-452]
  • Add Preserve Data Plan option to wipe action for iOS [REL-455]
  • Download native client apps, e.g. Windows companion, earlier after system start by default [REL-521]
  • Prevent that the user filter for push notifications is persisted since for customers with many users it could grow pretty huge [REL-532]
  • Do not set login date for impersonated users [REL-631]
  • Enhance Secure Mail Gateway preparing for future Java updates and offering better performance [REL-77]
  • Improve cluster performance with JGroups version 5.2.11.Final. Also upgrade stack protocols and switch to asynchronous I/O transport [REL-78]
  • Set default values for block delay to 20 days and wipe delay to 30 days for Android Enterprise instead of Google’s implicit default of 3 and 10 days [REL-644]
  • Support configuring auto-deployments in the details of web link apps [REL-305]
Important Fixes
  • Relution properly handles Android Enterprise communication when Enrollment is no longer valid [REL-603]
  • Properly handle character sequences applying XML-output escaping when creating property lists for iOS device configurations. This corrects an issue when using ampersand in passwords, for example. [REL-308] [REL#224075]
  • Always set the scope of imported policies to non-public [REL-556] [REL#224716]
  • Do not remove client app from Relution Shared Device when lesson is finished [REL-713] [REL#224805]
  • Use commandline arguments on MSI installment via app compliance [REL-715] [REL#224953]
  • Fix execution of automated background actions for iOS System Updates configuration [REL-602] [REL#224694] [REL#224523]
Minor Fixes
  • Add support for Message action on iOS user enrolled devices [REl-482] [REL#224514]
  • Do not log premature client-side connection aborts, incl. any I/O errors caused by the client disconnecting while the response was partly transfered already. Both cases indicate normal webserver operation [REL-219]
  • Ensure LDAP users can log in again after being unlocked and emit additional diagnostic when authentication magic value is missing [REL-221]
  • Fix calculation of MD5 checksum for resources stored in Azure Blob Storage [REL-592]
  • Fix count of migratable Android devices when using a branded agent [REL-636]
  • Fix disable state of “Password for outgoing email server” in iOS Email configuration [REL-486]
  • Fix and unify stepper icons [REL-557]

Version 5.15.2


Important Fixes
  • Fixed the issue that a large number of devices were stored in RAM, resulting in an OutOfMemoryError: Java heap space [BR-10270] [BR-10462]

Version 5.15.1


Important Fixes
  • Fix issues with Shared iPad caused by a possible bug in iPadOS on devices running iPadOS 16+ [REL-537] [REL#224195] [REL#224310]
  • Fix PostgreSQL reporting the error “Cannot change transaction isolation level in the middle of a transaction” in some cases [REL-473]

Version 5.15.0


  • Deploy the Windows Companion on enrolled devices and support tasks like installing apps, executing scripts and more [MDM-23016]
  • Allow teachers to logout shared devices participating in their lesson. The feature will be available in Relution Teacher app soon [MDM-24909] [REL-141]
  • Change OS version filter in device inventory to allow selecting multiple versions [MDM-24990]
  • Start polling device actions if the device user has changed via device header box [MDM-25485]
  • Extend wipe action for macOS devices [REL-128]
  • Adjust action state after successful withdraw action on apple devices [REL-128]
  • Remove DISABLE_JWT_AUTHENTICATION feature toggle and unused session handling logic [MDM-25436]
  • Adjust iOS agent migration when specific feature toggles are enabled [REL-191]
  • Ensure to always send education updates [REL-200]
  • Remove redundant compliance history entries for remote logout of shared devices and adjust the text of the entries. [REL-228]
  • Discontinue query parameter versionNameLocaleFallback of api/v1/content/apps/baseInfo [REL-256]
  • Improved the UI feedback of the policy deletion process [MDM-25190]
  • Add option to refresh the device history [MDM-25418]
  • Ignore work profile passcode configuration on fully managed devices [REL-222] [REL#223727]
Important Fixes
  • Avoid adding the supervision host certificate to remote profiles more than once to ensure robustness when multiple DEP accounts are used [MDM-25497]
  • Handle SQL server delivering query results as integer instead of long for action metrics [REL-340]
Minor Fixes
  • Trigger Companion refresh info action on Windows app installation, and skip unnecessary queries [MDM-25337]
  • Fix exception when Android classic clients confirm the default app compliance configuration [REL-255]
  • Fix clearing of app version mappings in the store organization [MDM-25357] [REL#223978]
  • Fix App permission mapping view showing bug reporter when users are removed [MDM-25358] [REL#223978]
  • Fix UTF-8 encoding of uploaded .mobileconfig files in the Apple Configurator 2 configuration [REL-247] [REL#224168]
  • Fix possible rendering crash of tabs under Safari 16.1 on macOS Ventura [REL-292] [REL-224]

Version 5.14.1


  • Adjust username field to be case insensitive on PostgreSQL during login [REL-269]
  • Improve robustness of health check [REL-296]
  • Extend logging of progress when migrating details JSON data [REL-297]
  • Optimize details JSON column data migration to run once per device and table only [REL-299]
Minor Fixes
  • Handle publisher names with more than 255 characters for installed apps on Windows devices [REL-301]
  • Exclude expired Android Enterprise enrollments having an account identifier from the one-time migration process [REL-300]
  • Fix exception that can occur during health checks when formatter is re-used by multiple threads [REL-306]

Version 5.14.0


  • Add macOS update configuration [MDM-24376]
  • Add monitoring metrics regarding Relution database operations, device actions, web requests, DEP, VPP, Autopilot and Azure AD [MDM-24583] [MDM-24585] [MDM-24589] [MDM-24590] [MDM-24591] [MDM-24828]
  • Add configuration for scheduled logout to Relution Shared Device policy [MDM-24621] [MDM-24619]
  • Allow teachers to logout students on shared device in the active lesson when deactivating them or finishing the lesson [MDM-24622]
  • Add support for Relution Shared Device login via access token based QR codes [MDM-24739] [MDM-24736]
  • Automatically retry to subscribe for VPP notifications in background if the subscription state is failed [MDM-24882]
  • Provide case-insensitive search and login using the proprietary ILIKE operator on PostgreSQL databases [MDM-25318]
  • Validate passwords also in Portal during password reset [MDM-24806]
  • Reduce the response time for VPP test notifications sent during the subscription process [MDM-24882]
  • Add android classic policy for additional interactive whiteboard devices [MDM-25071]
  • Ensure showing the app name in action details when the Relution Agent is deployed during enrollment [MDM-24106]
  • Add EAP option to inner authentication for iOS and tvOS Wi-Fi configuration [MDM-25199]
  • Support sorting additional device inventory columns, e.g. Wi-Fi MAC, lost mode status or Shared iPad [MDM-24732]
  • Adjust and clean up log messages according to log level definition [MDM-24899]
  • Add again automatic refresh of the status of installing apps after triggering an installation on Apple devices. Feature was disabled with 5.13.1 due to performance issues on some databases [MDM-25078] [MDM-25076] [MDM-24122]
  • Add human-readable product names of new Apple devices [MDM-25109]
  • Improve error responses for cases where no error code was present [MDM-25110]
  • Always ping devices in ping interval regardless of last connection date so that device details are updated at least once per ping interval [MDM-25319]
  • Redesign history views [MDM-22891] [MDM-22892]
  • Set initial zoom level of maps to a more sensible value when a location is known [MDM-24778]
  • Adjust tooltip position of action menu in lists to not block another element with which a user can interact [MDM-25176]
  • Change order of uninstall parameters and path for .exe files [MDM-25202]
  • Make version code read-only in most cases [MDM-25202]
  • Automatically focus the input field for the username or password on the login page [MDM-24952]
Important Fixes
  • Fix duplicate key errors when fetching VPP entity details for inconsistend VPP data [MDM-25159]
  • Fix automated fetching of metadata for existing public store apps [MDM-25326] [REL#223899]
  • Fix possible race condition when enrolling Windows devices and directly assigning a policy caused by not yet available push token [MDM-25449] [REL#223974]
  • Allow teachers to access VPP license base info so the legacy iOS teacher console can still be used with default permissions [MDM-25455]
Minor Fixes
  • Ensure at least the Settings app is always whitelisted for devices in an active lesson [MDM-25018] [REL#223426]
  • Generate form-data bodies in OpenAPI [MDM-25050]
  • Fix the certificate field extractor for long values [MDM-25145]
  • Ensure not yet managed apps are updated correctly for iOS devices [MDM-25227] [REL#223434]
  • Handle case when Apple device reports installed app without name, fallback to identifier [MDM-25372]
  • Fix the automatic reset of the encryption type when the SSID is changed in the Windows Wi-Fi configuration [MDM-24934]
  • Fix Windows Wi-Fi configuration layout in case any Personal encryption type is selected [MDM-24935]
  • Fix tvOS Wi-Fi configuration layout and add option to toggle the password visibility [MDM-25022]
  • Adjust icon in menu updates when side navigation opens/collapses [MDM-25048]
  • Fix possible null reference error when accessing iOS/macOS device details [MDM-25129]
  • Remove duplicate toast message, when the deletion of an enrollment fails [MDM-25175]
  • Ensure selecting or removing certificates in the iOS exchange configuration always opens certificate modal [MDM-25234]
  • Fix display of some compliance violations in rule-sets [MDM-25303]
  • Fix highlighting of the current active main menu entry [MDM-25305]
  • Disable save button until the required apps are fully loaded in iOS and macOS app compliance views [MDM-25317] [REL#223909]
  • Fix login via “organization\username” format in Portal [MDM-25368]
  • Skip invalid accounts during DEP sync [MDM-25498]
  • Polices applied to Windows devices during enrollment no longer cause invalid noncompliance state [REL-177]
  • Avoid adding the supervisioning host certificate to remote profiles more than once to ensure robustness when multiple DEP accounts are used [MDM-25497]

Version 5.13.5


Minor Fixes
  • Deploy the custom galneoscreen Relution agent also for galneoscreen 9 devices during migration instead of the default agent [MDM-25112]

Version 5.13.4


Important Fixes
  • Fix DEP profile lookup for auto-enrollments in store organization using authorization and default profile device name and distributing to other organizations [MDM-25128] [REL#223539]
Minor Fixes
  • Speed up home screen layout editor for Android Enterprise devices by querying installed apps by platform of specific organization only [MDM-25173]
  • Avoid periodically logging failures when repeatedly trying to reach Android devices having outstanding ping actions [MDM-25177]
  • Fix visibility of location tab for iOS devices which are in the new lost mode states [MDM-25178] [REL#223665]

Version 5.13.3


Important Fixes
  • Ensure a value is set for lost mode in auto-enrollments, to avoid entries not to be shown in Portal due to filtering [MDM-25105] [REL#223539]
Minor Fixes
  • Fix downloading supervision certificates with tenant users belonging to a different organization [MDM-25118] [REL#223594]
  • Fix display of device details when OS update information is not up-to-date [MDM-25129] [REL#223611]

Version 5.13.2


Important Fixes
  • Fix an issue preventing iOS/iPadOS devices from receiving new policy versions when they have an enabled iOS update configuration as part of the policy [MDM-25083]

Version 5.13.1


  • Even though the version used by Relution was not affected, update Apache Commons Text to 1.10 due to CVE-2022-42889 [MDM-25077]
Important Fixes
  • Disable automatic refresh of the status of installing apps after triggering an installation on Apple devices due to performance implications on some databases, which has been added with 5.13.0. Will be re-introduced once they are resolved [MDM-25076]

Version 5.13.0


  • Enable the new permission system. Custom sets of permissions can now be defined via Relution Portal and assigned to groups and users [MDM-20013]
  • Support multiple DEP accounts per organization [MDM-23979]
  • Support per-user certificates for S/MIME signing and/or encryption in iOS Email and Exchange configuration [MDM-22832]
  • Automatically trigger MDM profile update to update the signer certificate of Apple devices to avoid showing a warning on the device [MDM-22899]
  • Automatically enable lost mode after DEP device reset if enabled before [MDM-24118]
  • Automatically refresh the status of installing apps after triggering an installation on Apple devices [MDM-24122]
  • Generate and configure an MDM supervision identity when enrolling new DEP devices. The identity can be downloaded from Relution and imported into Apple Configurator to allow connecting to devices even if pairing is disabled [MDM-24173]
  • Dynamically adjust the Apple education configuration on devices when starting a lesson with an ad hoc class [MDM-24247]
  • Add macOS OS Update action and configuration [MDM-24374] [MDM-24376]
  • Add macOS System Policy Control configuration [MDM-24513]
  • Renew Apple push certificates, valid until October 12th, 2023. The previous ones will expire on May 1st, 2023 [MDM-22876]
  • Validate the state of BitLocker configurations on “Refresh device info” and add compliance violations if necessary. [MDM-24230] [REL#222393]
  • Prevent timeout when publishing a ruleset version [MDM-23759]
  • Prohibit updating a DEP token with a token from a different MDM server [MDM-23959]
  • Handle duplicate VPP notifications [MDM-24406]
  • Optimize performance when updating information about installed apps on Windows devices [MDM-24804]
  • Extended macOS accounts configuration with mobile account configuration [MDM-24512]
  • Omit auto-enrollment synchronization for DEP accounts that are not linked to an Apple Business or School manager account [MDM-24762]
  • Migrate storage configuration properties in application.yml to a new human-readable structure. The legacy format and environment variables are still supported [MDM-22557]
  • Prevent selecting teachers as students of ad hoc lessons [MDM-24925]
  • Update Apple education configuration also on inactive or non-compliant devices since the restriction preventing this is no longer necessary [MDM-24989] [REL#223386]
Important Fixes
  • Restore the certificate resource reference of the iOS certificate configuration [MDM-24764]
  • Ensure metadata of remaining certificates is updated even when a certificate in store is expired or cannot be processed [MDM-24761]
  • Fix authentication problem with Relution-Agent and Teacher-Console app for Android-Enterprise if more than one Manage Apps Configuration is present [MDM-24984] [REL#223280]
  • Allow saving users without email imported by LDAP in Portal [MDM-25016] [REL#223280]
Minor Fixes
  • Adjust links to Relution documentation to point to for native packages [MDM-24763]
  • Fix updating the domain or password of a Windows Exchange policy leading to an unintended compliance violation [MDM-24418]
  • Disable chips delete if configuration is disabled [MDM-24298]
  • Fix modal validation when creating lost mode actions for iOS devices [MDM-24572]
  • Fix enabling the personal hotspot on iOS devices when the action is triggered via Portal [MDM-24665] [REL#222900]
  • Fix No policy filter option in device inventory [MDM-24780] [REL#223087]
  • Fix and enhance organization search in store organization [MDM-24819] [REL#223162]
  • Fix an issue preventing users with few permissions from installing Play Store apps through the Relution agent on Android Enterprise devices [MDM-24982]

Version 5.12.2


  • Support compression when setting application.yml via environment variables in cloud scenarios [MDM-24705]
Important Fixes
  • Fix display of license views when using system organization based licensing [MDM-24706]
Minor Fixes
  • Fix database migration failing when encountering unexpected invalid references in database [MDM-24704]

Version 5.12.1


Important Fixes
  • Fix issue preventing import of Windows Store Apps due to breaking changes in the Windows Store API [MDM-24597]
  • Fix issue preventing a login via a SSO provider during a DEP enrollment on macOS [MDM-24613]
  • Fix database schema migration on PostgreSQL [MDM-24605]
  • Fix issue which caused duplicate group creations during a LDAP synchronization [MDM-24617]
  • Fix issue when a new LDAP user tries to login, that not all group memberships are resolved [MDM-24639]

Version 5.12.0


  • Deploy Relution Agent for Android Enterprise devices [MDM-23697]
  • Allow enrolling Autopilot auto enrollments from the store organisation into other organisations [MDM-23356] [MDM-23906]
  • Add Android Enterprise home screen layout configuration to configure Relution Home Screen app [MDM-23415]
  • Provide active branding to client apps over managed configuration [MDM-23898]
  • VPP tokens uploaded to the store-organisation will be publicly available in all other organisations [MDM-23827]
  • Show an error in the notification center if Android Enterprise communication has issues [MDM-23838]
  • Make it possible for Android and Windows devices to download native apps assigned via policies without the explicit need for general app store access [MDM-23970]
  • Use built-in APNS push credentials to handle push notifications for the Relution Agent [MDM-24049]
  • Use web views supporting single-sign on accounts for DEP authentication and shared device login [MDM-24240] [MDM-24241]
  • Add new field to the Android Enterprise Work profile passcode configuration to define if a separate passcode for the work profile is required [MDM-24324]
  • Add new restriction flags for iOS 16 and macOS 13 devices [MDM-24476]
  • Automatically try to reassign VPP licenses whenever deployment actions get retried [MDM-24454]
  • Add the count of open actions and last connection date to lesson device information [MDM-24209]
  • Persist additional meta data when parsing certificates [MDM-22995]
  • Optimize education updates and removals for Apple devices [MDM-23478]
  • Make DEP accounts in store organization global by default [MDM-23725]
  • Allow customizing the external VPP notification URL via relution.vpp.notificationUrl [MDM-23974]
  • Separate roles from authorities to comply with new permission schema in current authorization response [MDM-24032]
  • Set actions to error when no push notification could be sent for Windows devices [MDM-24258]
  • Consider action priorities when processing Windows actions [MDM-24258]
  • Use Gigabyte instead of Gibibyte based conversion for cache limit in macOS content caching configuration [MDM-24269]
  • Always activate users synchronized through LDAP even when deactivated on Relution side; users that should not be able to sign in need to be disabled in LDAP instead [MDM-24467]
  • Enable reset password action on android enterprise devices with personal profile [MDM-22661]
  • Adjust colors of enrollment page for Windows devices [MDM-23595]
  • Require the name field of an app version only for the default language [MDM-23619]
  • Add more filter options to the device history [MDM-24348]
  • Hide Windows paid apps from search results [MDM-23622]
  • Change styles of enrollment landing page dynamically, if needed [MDM-23595] [REL#221602]
Important Fixes
  • Fix creation of organizations when administrator password does not conform to password policy [MDM-23127]
  • Apple education configuration updates no longer fail if a user is configured as both teacher and student in different courses [MDM-23790]
Minor Fixes
  • Updating a course as Content Manager updates the education configuration on the devices of the users involved. [MDM-23760]
  • Fix the first Relution Agent deploy action failing with LicenseNotFound error when enrolling a device with DEP [MDM-23954] [REL#222092] [REL#222025]
  • Fix error responses not providing an error code in some rare cases [MDM-24107]
  • Ensure license restrictions for servers where the system organization has an education or enterprise license are checked correctly [MDM-24128]
  • Ensure next synchronization date no longer incorrectly shows never after manual AzureAD device synchronization [MDM-24163]
  • Update Windows UpdatePush action to error, if it fails several times, with confurable retry count [MDM-24196] [MDM-24196]
  • Fix sample app import for new organizations created via a tenant user [MDM-24473]
  • Allow Windows platform to download file for action [MDM-24009]
  • Fix deletion of rule actions [MDM-23758] [REL#221630]
  • Fix unintended clearing of policies when extending enrollments [MDM-23811]
  • Fix unintended duplication of version constraints, when switching between app versions [MDM-24100]
  • Fix license information menu entry ignoring permission when the user switches between tenants [MDM-24249] [REL#222392]

Version 5.11.4


  • Allow disabling Clustering support on network or even service layer via configuration for restricted network environments [MDM-24131]
Important Fixes
  • Fix issue preventing apps to be installed with VPP via Relution iOS agent and legacy client [MDM-23960] [REL#222264]
  • Avoid a possible issue in cluster channel initialization when also having a lot of LDAP connections [MDM-24145]
Minor Fixes
  • Fix issue in the smart board configuration preventing to configure lock screen on specific boards [MDM-24144]
  • Fix handling of pagination for requests currently preventing CSV export in some scenarios [MDM-24149] [REL#222294]

Version 5.11.3


  • Assign VPP license to devices early when creating a deploy app action [MDM-23960] [REL#222264]
  • Retry deploy app actions automatically after a short period of time when they fail with a LicenseNotFound error [MDM-23961] [REL#222033]
Important Fixes
  • Include new authorities in well-known system permissions to improve performance when loading groups [MDM-24016]
Minor Fixes
  • Fix Relution Agent deploy action possibly failing once when enrolling an iOS device [MDM-23954] [REL#222092] [REL#222025]
  • Do not perform unnecessary multiple re-installations in rare case when an app appears to be stuck in installation [MDM-24025]
  • Add vertical scrolling for confirmation step in Apply action modal for multiple devices [MDM-23939]

Version 5.11.2


  • Display a message that explains that installation of the new Relution Teacher App after iOS client migration must happen manually. This can also be done with an App Compliance configuration [MDM-23849]
Minor Fixes
  • Fix SSO login button, when single sign on is active for a specific tenant [MDM-23858]
  • Fix default value of client migration on Microsoft SQL Server [MDM-23856]

Version 5.11.1


  • Optimize descriptions and translations for iOS client app migration wizard [MDM-22700]
  • Optimize handling of client migration on devices with a Relution shared device configuration [MDM-23791]
Minor Fixes
  • Fix display of organization push certificates in Portal after migrating to Relution Agent for iOS [MDM-23700]
  • Fix logout on shared devices for users which do not have any permissions [MDM-23798]

Version 5.11.0


  • Use the new Relution iOS apps for new organizations as a default and allow existing organizations using the public Relution app to migrate to them via the settings view [MDM-22700] [MDM-22705] [MDM-23118]
  • Allow making DEP configuration public in the store organization, so auto-enrollments can be assigned to other organizations [MDM-23332]
  • Use Json Web Tokens for session handling [MDM-23578]
  • Add user impersonation for system administrators using Json Web Tokens [MDM-20138]
  • Save and show the most recent synchronization result of Azure AD device sync, user sync and group sync [MDM-22818]
  • Add scheduled automated synchronization of Windows Autopilot devices [MDM-22929]
  • Renew Apple push certificates, valid until May 1st, 2023. The previous ones will expire on November 30th, 2022 [MDM-22876]
  • Automatically renew the Apple device SCEP CA and device certificates issued by it before it expires, default starting 180 days before expiration [MDM-22742]
  • Extend the Azure AD configuration wizard and allow checking the azure ad configuration on the fly while configuring it [MDM-22819] [MDM-22817]
  • Provide information about the most recent logged in Azure AD user on Autopilot devices [MDM-22936]
  • Make parsing of PKG files for macOS distribution more permissive to support more PKG formats [MDM-22288]
  • Automatically clean-up app history and device compliance history entries, per default after two years [MDM-22711] [MDM-22713]
  • Save Apple education configuration per device, no longer per action [MDM-22769]
  • Assign default groups to teachers & students imported from LDAP even when no courses can be created [MDM-22802] [REL#22820]
  • Even if Relution is not affected, add mitigation for Spring4Shell as suggested by the Spring team as an additional safeguard [MDM-23193]
  • Disable app signing by default unless the feature toggle APP_SIGNING is set since it is due to be removed [MDM-23458]
  • Use the Azure AD User Principle Name field for the Relution user email when importing users [MDM-23552]
  • Show the SSID for tvOS Wi-Fi configurations as name in tables [MDM-22814]
  • Use unified field names for user and groups and device CSV import and export [MDM-23061] [MDM-23060]
  • Show additional information in the VPP user and VPP license assignment views [MDM-23143] [MDM-23187]
Important Fixes
  • Synchronization errors no longer trigger post-sync actions, which could incorrectly delete users [MDM-22991][REL#221066]
Minor Fixes
  • Fix manual LDAP sync in cluster environments not running when connected to a secondary node [MDM-23125]
  • Fix applying a policy in a tenant organization, when the policy contains a Relution Shared Device configuration [MDM-23249] [REL#221342]
  • Fix being stuck on login page because of missing permissions after page redirect [MDM-22783]
  • Fix organization icon in the portal header not refreshing after switching the organization [MDM-23530] [REL#221485]
  • Fix background transparency of information box in the DEP settings [MDM-23551]
  • Fix device custom fields only being displayed when the settings were loaded before [MDM-23130] [MDM-23721] [REL#221759]
  • Fix print view in Portal [MDM-23247]

Version 5.10.1


  • Use new Microsoft Store endpoints to fetch meta data of Windows public apps [MDM-23642]

Version 5.10


  • Use Apple VPP v2 API including real-time notifications for updated data [MDM-22114]
  • Execute high priority actions (e.g. enable lost mode, reset passcode, locate device) before regular actions for Apple Devices [MDM-22708]
  • Add support for Windows Autopilot enrollment [MDM-21897]
  • Add properties to Windows Antivirus configuration to improve scheduling defender scans [MDM-22563]
  • Make helpdesk link configurable via [MDM-22915]
  • Make imprint link configurable via [MDM-22917]
  • Add configurable privacy policy and EULA links which will be used instead of the previous privacy policy setting [MDM-22586] [MDM-23126]
  • Support user-defined custom device properties names as column header names in the CSV import for auto-enrollments and devices [MDM-22916]
  • Add full S/MIME support for iOS Mail configuration [MDM-22602]
  • Add custom JSON code for Android Enterprise to enroll a device via a Zero Touch profile. [MDM-23040] [REL#22979]
  • Add MDM-initiated auto-renewal of Apple device identity certificates [MDM-22656]
  • Disallow spotlight internet results for students in exams [MDM-22812]
  • Prevent starting on Oracle databases with a human-readable error message since Oracle is no longer supported [MDM-22099]
  • Extend ping action clean-up [MDM-22268]
  • Allow Relution client in iOS App Compliance under required apps and allowed apps [MDM-22390]
  • Refine API usage and permissions for listing groups and users [MDM-22808] [MDM-22804]
  • Reduce log output when SMG is configured [MDM-22810]
  • Optimize SQL queries used when checking for pending app or webclip installations [MDM-22908]
  • Remove the extra enabled state for categories [MDM-22986]
  • Remove supporting for deploying apps onto devices enrolled in other MDMs [MDM-23013]
  • Remove URL shortener setting which is no longer used [MDM-22677]
  • Allow updating the Apple MDM profile on devices with a legacy MDM server URL when triggered from the devices [MDM-22895]
  • Allow entering multiple search values into search bar [MDM-21477]
  • Adjust default values for new Windows Firewall configurations [MDM-22575]
  • Include original language name in profile language selector [MDM-22657]
  • Reduce network traffic when publishing a policy version [MDM-22734]
  • Adjust icon style of the state column in the sub action list [MDM-22752]
  • Allow uploading user certificates on profile page [MDM-22813]
  • Adjust email validation when updating existing user [MDM-22947]
  • Show Windows version name instead of build number in the device header box [MDM-22934]
  • Add managed app configuration to Relution Teacher when is deployed to iOS devices [MDM-22704]
  • Add new setting to deploy Relution Agent for iOS instead of legacy client [MDM-22706]
  • Force HTTPS for configured external URL [MDM-22710]
Important Fixes
  • Fix education being removed from a device prematurely when the user only had indirect class memberships left [MDM-23132] [REL#221150]
  • Fix issue with installation of required apps in tvOS App Compliance configuration [MDM-22840] [REL#22914]
  • Fix deletion of users with user certificates [MDM-22883]
  • Fix “Elevation prompt for standard users” option for Windows Local Device Security confguration [MDM-23072] [REL#221192]
Minor Fixes
  • Fix device filter when searching for devices without a policy [MDM-22945] [REL#221055]
  • Handle the update case of Windows Exchange configuration [MDM-22177]
  • Remove existing compliance violations for Windows configurations that are deleted but not applied on the device [MDM-22568]
  • Set name, description and custom properties for a Windows device from enrollment, unless reactivation is enabled [MDM-22573]
  • Fix server startup when the system administrator was removed [MDM-22811]
  • On Relution Shared Devices, when a user is logged in, enable only the Relution client and Settings if no apps are whitelisted [MDM-22898]
  • Abbreviate long name and artist name for VPP publications to avoid errors when these values are excessively long [MDM-22941] [REL#221043]
  • Do not add Windows store apps without an internal name [MDM-23173]
  • Distinguish between Windows 11 and Windows 10 in the version name [MDM-22850]
  • Fix template for Apple User Enrollment configuration shown in settings [MDM-22111]
  • Adjust DEP profile status filter to avoid receiving false positive results [MDM-22803]
  • Make sure selecting configuration types in the configuration list now always navigates to configuration details [MDM-22827]
  • Clearing the position field in the user profile raises an exception [MDM-22992]
  • Allow resizing the columns in the VPP synchronization history view [MDM-23010]
  • Optimize initial performance and fix pagination counts of app selectors [MDM-22997]
  • Access of content manager permission to user and group view [MDM-23105] [REL#221228]

Version 5.9.2


Important Fixes
  • Fix pub/sub not working as expected in cluster environments after registration for Android Enterprise in some cases [MDM-22690] [REL#22750]
  • Fixed an issue with handling no longer valid VPP tokens that could lead to VPP synchronisations being blocked [MDM-23000] [REL#221095]
Minor Fixes
  • Fix device filter when searching for devices without a policy [MDM-22945] [REL#221055]
  • Abbreviate long name and artist name for VPP publications to avoid errors when these values are excessively long [MDM-22941] [REL#221043]

Version 5.9.1


  • Assign public policies of store organisation DEP auto-enrollments to enrolled devices [MDM-22823] [REL#22813]
  • Extend logging of LDAP services [MDM-22824]
Minor Fixes
  • Fix display of “location” tab for locatable devices [MDM-22503] [MDM-22776] [REL#22603] [REL#22801]
  • Fix basic auth login, e.g. during DEP authentication, when the password starts with the basic auth separator character (colon) [MDM-22824]
  • Fix navigation bar entries [MDM-22800]

Version 5.9


  • Support for user enrollment of macOS devices [MDM-21927]
  • Support account-driven user enrollment for Apple devices [MDM-22343] [MDM-22111] [MDM-22529] [MDM-21749]
  • Add VPN type “Custom SSL” to iOS/macOS VPN configuration [MDM-22183]
  • Synchronize users, groups and their members from Azure AD [MDM-21382]
  • Synchronize Windows Autopilot devices [MDM-21896]
  • Manage auto enrollments for Windows Autopilot devices [MDM-22508]
  • Reactivate Windows devices [MDM-22419]
  • Use local short URLs for manual enrollments instead of external URL shortening [MDM-22641]
  • Add Spanish, French, Italian and Turkish as supported languages to the enrollment landing page [MDM-22556]
  • Allow managing pre-installed apps not available in Play Store in Android Enterprise configurations by entering their package name [MDM-21686] [RS-4549] [RS-7101]
  • Prioritize “Lost Mode”, “Reset Passcode”, “Wipe” and “Withdraw” actions for Apple devices. [MDM-22370] [REL#22235] [REL#22517]
  • Recreate Android Enterprise enrollments that still use a user account identifier automatically [MDM-22595]
  • Use name of a category’s default language as fallback for other languages [MDM-22387]
  • Search devices by UDID [MDM-22519]
  • Add Android Enterprise managed configuration for Relution Agent [MDM-22250]
  • Automatically install Relution Teacher Console alongside SCM on Android Enterprise devices of teachers with a Samsung Classroom Management configuration [MDM-21406]
  • Ignore policies specified in a DEP auto-enrollment when the device is enrolled in a different organization (system-wide DEP) [MDM-22166] [RS-7858]
  • Allow specifying ownership for auto-enrollments [MDM-22295] [RS-5709]
  • Base docker images on AlmaLinux 8 instead of CentOS 8, since CentOS Linux 8 has reached End Of Life (EOL) on December 31st, 2021 [MDM-22385]
  • Do not send push notifications to Apple devices when they are detected as being in-active [MDM-22388]
  • Ensure MDM profile of devices with disabled signature validation is also renewed [MDM-22534]
  • The education certificates will be checked and, if need be, fixed automatically if the last education deployment action failed with a specific certificate error [MDM-22660]
  • The enrollment validation date for Android Enterprise can only be chosen up to 89 days in the future since Google does not allow a longer period of time [MDM-22208]
  • Add missing Windows edition badges in the Restriction policy configuration [MDM-22276]
  • Remove deprecated calendar domains, contact domains and mail domains from Apple VPN configuration [MDM-22381]
  • Optimize the filter query in iOS app compliance configuration [MDM-22481] [REL#22337]
  • Hide remove app action for windows until device and user scope is fully supported [MDM-22571]
  • Persist how a policy was assigned to a device (auto-assignment, enrollment, manual) [MDM-21786]
  • Adjust S3 Connector to handle partial downloads correctly which improves the performance [MDM-22554]
Important Fixes
  • Prevent additional automated re-install actions for devices when another action is already pending [MDM-22394] [REL#22257]
  • Create an app history entry when the version number of a public app changes [MDM-22482] [REL#22376]
  • Fix rendering of Android Enterprise managed configuration editor in various cases [MDM-22511]
  • Fix activation of URL blocklist setting in Samsung Classroom management app configuration [MDM-22392]
  • Fix exporting and importing policies as multi tenant user [MDM-22536] [REL#22346]
Minor Fixes
  • Fix update behaviour of Windows certificate configuration [MDM-22170]
  • Fix update behaviour of Windows update configuration [MDM-22179]
  • Hide details of persistence exceptions and show generic message instead regardless of user permissions [MDM-22269]
  • Add missing checks for Windows versions and editions to Windows restriction configuration [MDM-22310]
  • Manually created add/remove shortcut actions for Shared iPads and macOS [MDM-22528] [REL#22404]
  • Fix installation of missing apps on iOS devices when being triggered by a PING action [MDM-22560] [REL#22478]
  • Do not pre-fill user phone number when editing enrollments [MDM-22322]
  • Hide empty entry for device serial number in device header box [MDM-22371]
  • Inviting VPP users again after having removed them once already [MDM-22375]
  • Prevent showing an empty three dots menu if the user selects an item on the VPP synchronization history page [MDM-22431]
  • Truncate x-axis label of charts to avoid flickering [MDM-22533] [REL#22437]
  • Fix disappearing of multi tenant switcher after switching tenant with a text search active [MDM-22562] [REL#22483]
  • Fix unintended removal of multiple policies when assigning DEP profile in auto enrollment list via the short action [MDM-22601] [REL#22464]
  • Allow editing the ownership state of a device with ownership state unknown [MDM-22644]

Version 5.8.1


  • Even though Relution does not use Log4j for logging, update log4j-api again to the newly released 2.17.0 with respect to CVE-2021-45046 and CVE-2021-44228 [MDM-22301]

Version 5.8


  • Automatically register managed AppleIDs with VPP when enrolling devices with Apple User Enrollment [MDM-22017]
  • Automatically associate VPP licenses to assigned users of Apple User Enrollment devices when apps are installed [MDM-22018]
  • Display if Apple devices are currently in “Not now” state [MDM-22252]
  • Enable public policies for Android Classic [MDM-21732]
  • Show all available network adapters on Windows devices in device details [MDM-21962]
  • Add Spanish, French and Italian translations [MDM-22149]
  • Support managing associated apps in the details of app categories [MDM-21902] [RS-6802] [RS-6848]
  • Show all supported app platforms for newly added or refreshed public apps for Apple platforms [MDM-21721]
  • Remove Beta badge for iOS User-Enrollment [MDM-22018]
  • Even though Relution does not use Log4j for logging, update log4j-api to 2.15.0 and always enable formatMsgNoLookups as a default with respect to CVE-2021-44228. Also update the Splunk logging dependency so it no longer bundles log4j-core [MDM-22301]
  • Show user assigned VPP licenses in details of user enrolled devices [MDM-22193]
  • Allow filtering apps and app requests by categories [MDM-21901]
  • Add iOS system apps “Magnifier” and “Translate” for selection in app compliance and home screen layout [MDM-22104]
  • Extend known Apple product names for new devices [MDM-22155]
  • Register VPP users with managed Apple IDs without inviting them via mail [MDM-22156]
  • Optimize retrieval of installed and managed apps of Android Enterprise devices [MDM-22207] [RS-7940]
  • Enable Per-App-VPN configurations for iOS User Enrollment [MDM-22241]
  • Optimize installed app list in device details [MDM-21353]
  • Remove the option to create unsupervised devices via DEP enrollment since it is no longer supported in iOS 13+ [MDM-21985]
  • Remove no longer available app download count from apps list and app version details and remove most downloaded apps widget from dashboard [MDM-22041]
  • Hide already selected apps from multiple app selection lists [MDM-22052]
  • Adapt Windows email configuration [MDM-22110]
  • Hide private Android Enterprise apps when adding apps from Google Play [MDM-22137]
  • Display VPP licenses also for newly added apps in required apps list [MDM-18978]
Important Fixes
  • Fix upload of files in specific multi tenant environments [MDM-22303] [RS-7980] [REL#22050]
Minor Fixes
  • Fix Windows Email configuration [MDM-21849]
  • Fix icon retrieval and display for Microsoft Store apps [MDM-21854] [MDM-22004]
  • Fix handling of compliance violations for Windows configurations in general and especially for the Windows app compliance [MDM-21960]
  • Fix sending notification mails concerning keystore expiration [MDM-22012]
  • Prevent adding Microsoft Store apps multiple times by using different country stores [MDM-22057]
  • Remove support of Windows 10 Home Edition in Windows update configuration [MDM-22154]
  • Do not set the app package name in Windows app compliance policy configuration for public apps from the Windows store [MDM-22047]
  • Fix upload button alignment when creating apps [MDM-22077]
  • Fix importing policies [MDM-22157]
  • Fix saving of certificates in tvOS Wi-Fi config [MDM-22164]
  • Allow changing device ownership according to organization settings [MDM-22180]
  • Fix translation of iOS restriction Allow USB connection while locked [MDM-22253]
  • Fix using user’s phone number as a default when creating new enrollments [MDM-22254] [RS-7991]
  • Add redirect for link format used in app request mail notification [MDM-22277] [RS-7966]

Version 5.7.3


  • Display the most recently used communication channel with a Windows device in device details [MDM-22261]
  • Show if Windows deploy app and remove app actions belong to user or device scope [MDM-22261]
Important Fixes
  • Avoid blocking windows actions on device scope due to user scope being blocked [MDM-22206] [RS-7938]

Version 5.7.2


  • Optimize performance of Android Enterprise status report processing and exclude Android system apps from installed app list [MDM-22214]
Important Fixes
  • Make Android Enterprise status report handling more robust [MDM-22171]

Version 5.7.1


Important Fixes
  • Clean up duplicate entries from the device lending settings table automatically [MDM-22165]
  • Fix importing of policies from exported files [MDM-22157]
  • Remove invalid search results from Microsoft Store search instead of throwing an error [MDM-22108]
  • Fix an issue with Android Enterprise status reports when the Relution store contains the same app twice (public and native) [MDM-22171]

Version 5.7


  • Allow making policies public in the store organisation, so all organisations on the server can use them. Currently Android Enterprise, iOS/iPadOS, tvOS and macOS policies are supported. [MDM-21503]
  • Make it possible to install Play Store apps on Android Enterprise with an action by dynamically adjusting a device’s policy [MDM-21119]
  • Make it possible to hide notifications from the notification center [MDM-21484]
  • Add support for cron schedules in LDAP synchronization [MDM-21636]
  • Enable configuration of cross profile communication for managed apps on Android Enterprise devices [MDM-21718]
  • Make it possible to enforce iOS app uninstallation on MDM profile removal in server properties [MDM-21892] [RS-7290]
  • Enabled customized icon arrangement for Android Kiosk mode [MDM-21893]
  • Don’t allow the user of a user enrolled device to be changed [MDM-21910]
  • Add support for starting an ASM SFTP sync manually in the settings page [MDM-21925] [RS-6868]
  • Add a Windows local device security options configuration [MDM-21471]
  • Add settings for setup assistant account creation for macOS devices to DEP profile support, which allows creating MDM-controlled local administrators [MDM-21490]
  • Allow changing the password of MDM-controlled local administrator accounts on macOS via an action [MDM-21496]
  • Allow powering off interactive whiteboards via the reboot action [MDM-21923]
  • Activate device lending system [MDM-22058]
  • Add filter for hiding none existing apps to VPP apps list [MDM-21634]
  • Add new iOS 15.1 restriction allowMailPrivacyProtection to iOS restrictions configuration [MDM-22002]
  • Show sub actions of actions in device details [MDM-21872]
  • Make assigning of modified DEP profiles run asynchronously to make updates faster for profiles assigned to a large number of devices [MDM-21510]
  • Support multiple access tokens per device [MDM-21541]
  • Extend the lesson schedule settings to include configuring days on which lessons are held [MDM-21632]
  • Replace deprecated black and white list with deny and allow list for devices with iOS 15 or above [MDM-21670]
  • Display more details for Android Enterprise app policy compliance violations [MDM-21728] [RS-7106]
  • Optimize performance when saving education courses [MDM-21857]
  • Always show the store organization in the tenant organization switcher [MDM-21935]
  • Extend tooltip for allow simple password checkbox in Windows passcode configuration [MDM-21955]
  • Display policy export report [MDM-19798]
  • Improve handling of database exceptions [MDM-21432]
  • Remove “Screen resolution”, “Phone” and “IMEI” and “Wi-Fi MAC” information from Windows device details since they are not available for Windows devices [MDM-21729] [MDM-21865] [MDM-21886]
  • Extend hint shown in the Windows global proxies configuration [MDM-21832]
  • Add label and url of “Add Shortcut” actions to tooltip in device action list [MDM-21870]
  • Allow cancelling actions in “push sent” state for Apple devices [MDM-21873]
  • Display day of week selection as a toggle button group [MDM-21903]
  • Make sure the profile name of Windows VPN configurations is unique inside a single policy [MDM-21926]
  • Make sure the SSID of Windows Wi-Fi configurations is unique in a policy [MDM-21926]
  • Ensure that in case of multiple Windows Wi-Fi or VPN configurations with the same identifier only the one with the highest priority is applied on the device [MDM-21954] [MDM-21956] [MDM-21984]
  • Improve display of battery level values [MDM-21931]
  • Improve Windows BitLocker configuration and set additional fields validators [MDM-21939]
  • Extend hint for iOS home screen layout configuration [MDM-21951] [RS-7503]
  • Allow using the user’s email address as a placeholder in Windows email configuration [MDM-22009]
Important Fixes
  • Avoid prematurely verifying the MDM signature certificate as a side effect when retrieving it for the Apple MDM signature verification [MDM-22101]
  • Make handling of challenge passwords cluster save even in scenarios without IP tables [MDM-22010]
  • Truncate action comment field to ensure that the comment does not exceed the database limits [MDM-21924] [RS-7476]
  • Fix VPP synchronization error on servers with more than 2,100 licenses when using Microsoft SQL Server [MDM-22027]
  • Prevent deploying multiple Wi-Fi configurations with the same SSID on Apple devices [MDM-21743] [RS-7150]
Minor Fixes
  • Prevent duplicated mails for rules when Relution runs as cluster [MDM-18737] [RS-4744]
  • Prevent web-links from being added as required apps in Android app compliance configuration [MDM-20352] [RS-4523]
  • Use the lesson schedule time zone when checking if a lesson can be started [MDM-21632]
  • Handle delivery confirmed not as finished state for actions [MDM-21817]
  • Prevent that Windows Wi-Fi configurations are applied on devices that do not have a Wi-Fi adapter attached [MDM-21834]
  • Change app management on Windows 10 devices by using the user scope instead of the device scope [MDM-21841]
  • Prevent deploying Windows apps that do not have a package family name [MDM-21847]
  • Retrieving public app icons from Microsoft Store [MDM-21854]
  • Fix copying of Apple Configurator 2 configuration from store organization to other organizations [MDM-21930]
  • Remove password enabled checkbox from Windows passcode configuration [MDM-21955]
  • Add missing validations for Windows passcode configuration [MDM-21955]
  • Support all locales for Windows app store [MDM-22006]
  • Prevent the cross-profile communication setting from being applied on Android Enterprise devices with an incompatible enrollment type [MDM-22016]
  • Prevent uploading files that are not images in the app details screenshots and icon sections [MDM-21845]
  • Display per app vpn section even if configuration is not editable [MDM-21862] [RS-7352]
  • Fix checkbox states not being displayed correctly when removing policy from auto enrollments [MDM-21881] [RS-7389]
  • Add enabled option for status bar handling in Android Enterprise Kiosk Mode configuration [MDM-21942]
  • Fix a race condition that might lead into browsers default language being selected over the one selected in the user profile [MDM-21961]
  • Remove emojis that are not processable for Windows configurations or actions [MDM-21838]

Version 5.6.5


Important Fixes
  • Fix race condition on Shared Device sign in, causing the Relution app to incorrectly detect no user and ask for credentials again [MDM-22039] [RS-7561]

Version 5.6.4


  • Make the dynamic delay used in the MDM push queue configurable via relution.push.queue properties and adjust default values [MDM-22029]

Version 5.6.3


  • Optimize handling of events in various additional services in cluster environments [MDM-21947]

Version 5.6.2


  • Optimize handling of events in education service in cluster environments [MDM-21947]
Important Fixes
  • Fix possible error in Apple MDM signature validation when multiple concurrent requests arrive at the same time [MDM-21958] [RS-7521]

Version 5.6.1


Important Fixes
  • Fix broken Android Enterprise Work Profile enrollment which used an erroneous setting for personal usage since 5.6 [MDM-21944]

Version 5.6


  • Add enrollment setting to allow creating personal profiles on fully managed Android Enterprise devices [MDM-21800]
  • Add Windows local device security policy [MDM-21284]
  • Add allow personal usage setting for Android Enterprise enrollments [MDM-21716]
  • Allow removal of teachers, when they are referenced in a lesson or lesson template [MDM-20712] [RS-5508] [RS-6810] [RS-5421]
  • Allow custom separator for CSV files [MDM-21547] [RS-6781]
  • Extend MDM signature validation for Apple devices [MDM-21639] [MDM-15205] [MDM-21212]
  • Add support for Windows 10 to Secure Mail Gateway [MDM-20142] [MDM-20137] [MDM-21654] [MDM-21676]
  • Allow configuring when to send push notifications to devices on compliance state changes [MDM-21542]
  • Show cancel button always in the VPP token dialog [MDM-20732]
  • Do not report Android Enterprise devices as non-compliant when a device reports an app as not installed with the reason in-progress [MDM-21607] [RS-6040]
  • Recreate APNS client periodically to ensure a stuck client does not block push messages indefinitely [MDM-21612]
  • Update APNS client to the latest version which fixes channel clean-up after exceptions [MDM-21612] [RS-6882]
  • Update APK file parser to allow parsing of additional Android app configurations [MDM-21679] [RS-7102]
  • Display a hint if the old password is not correct during password change request [MDM-21474]
  • Optimize UI of Android Enterprise Kiosk Mode configuration [MDM-21646] [RS-7017] [RS-7018] [RS-7019] [RS-7020]
  • Update text for Android Enterprise Wi-Fi restrictions to better describe what is being disabled [RS-7192]
Important Fixes
  • Fix updating devices via CSV [MDM-21652] [RS-7046]
  • Never enforce Relution client single app mode for Apple Shared iPad devices since it is not supported [MDM-21672] [RS-7055]
Minor Fixes
  • Do not block server startup until could be reached [MDM-21475]
  • Prevent that devices which are no longer matching the Secure Mail Gateway restrictions are sending additional requests to synchronize emails, contacts etc. [MDM-21668]
  • Rename SMTP parameter TTLS to STARTTLS, but allow incorrect spelling for backwards compatibility [MDM-21674]
  • Fixed a rare deadlock in pub/sub that could result in subscriptions no longer being polled [MDM-21717]
  • Fix app upload with two different apps if the first upload was aborted [MDM-20916]
  • Fix column alignments in several modals [MDM-21454]
  • Do not ask for the old password of a user, when the system administrator or the organization administrator tries to override the password [MDM-21474]
  • Clear all selected elements on all pages on hitting “clear selection” [MDM-21476]
  • Set current start page explicitly to dashboard for the user when he accepts terms and conditions for the first time [MDM-21605]
  • Set correct OS version filters in device inventory [MDM-21660]
  • Deactivate prohibited actions on public policies in standard organizations [MDM-21693]
  • Show a confirmation for successfully triggered deploy app actions [MDM-21706]
  • Fix deploying Windows apps via the “Installed Apps” tab in device details [MDM-21706]
  • Remove phone number validation in the user details [MDM-21735] [RS-7253]
  • Do not affect the search result when clearing search values [MDM-21737]
  • Fix saving of LDAP users without email address [MDM-21779] [RS-7164]
  • Remove required validator on server proxy PAC URL field in tvOS WiFi [MDM-21858] [RS-7412]

Version 5.5.5


Important Fixes
  • Prevent a possible race condition for Shared iPads in guest mode leading to their action queue waiting until the next login [MDM-21804]

Version 5.5.4


  • Disable automatic update of iOS/iPadOS/tvOS managed apps for outdated management flags setting as a default. Can be enabled again by setting to true [MDM-21487]

Version 5.5.3


  • Always use device based Google accounts instead of user accounts when enrolling Android Enterprise devices to avoid the 10 devices per user limit [MDM-21733] [RS-6041]
Important Fixes
  • Fix slow requests on systems with many Apple devices and profiles due to a missing database index [MDM-21739] [RS-7242]

Version 5.5.2


Minor Fixes
  • Fix processing error if full sensor data or position estimate batches are completely outdated [BR-2416]

Version 5.5.1


Important Fixes
  • Fix an issue with Deploy and Remove App actions on Windows devices which are setting the action state to Error although the (de-)installation is still in progress [MDM-21610]

Version 5.5


  • Add support for certificate templates and user specific certificates to Android Enterprise Wi-Fi configuration [MDM-21304]
  • Add kiosk mode configuration for Android Enterprise fully managed devices [MDM-19518] [MDM-19519]
  • Add DNS settings configuration for iOS and macOS [MDM-21489] [RS-6167]
  • Add macOS content caching configuration [MDM-21488]
  • Add Windows wallpaper configuration [MDM-21273]
  • Display known Apple product names in a readable format (e.g. iPhone 12 instead of iPhone13,2) [MDM-21231]
  • Add new iOS 15 restrictions to iOS restrictions configuration [MDM-21431]
  • Extend iOS and macOS device details with information about active user accounts [MDM-21495]
  • Use already existing Android Enterprise device if it matches the device identifier of a newly enrolled device [MDM-21434]
  • Do not prevent data migration of managed apps on iOS and tvOS to new devices via device backup by disabling automated uninstallation on MDM profile removal [MDM-21487]
  • Count delivered actions as open actions for devices [MDM-21527]
  • Allow requested apps in released status in teacher console [MDM-21531] [RS-6744]
  • Reduce logged warnings when fetching files on Microsoft SQL Server [MDM-21537]
  • Clear device location data when lost mode is disabled [MDM-21561] [RS-6831]
  • Extend list of known Windows editions [MDM-21608]
  • Add filter for devices without a policy [MDM-21361]
  • Show tooltip for Android Enterprise enrollment type if Android Enterprise is not set up [MDM-21478]
  • Display homescreen layout editor by default [MDM-21519]
  • Allow editing search field badges [MDM-21577]
  • Add missing iOS 14.5 restrictions tooltips [MDM-21535]
Important Fixes
  • Allow every user to access their home organization, even when not member of the “User” group [MDM-21153] [MDM-21385] [RS-6518] [RS-6650]
  • Fix duplicate and missing history entries for Android Enterprise devices [MDM-21417]
  • Fix app compliance configurations on Windows 10 devices which prevented other configuration within the same policy to be applied [MDM-21601]
  • Fix deploying and removing certain apps on Windows 10 devices [MDM-21610]
Minor Fixes
  • Fix pagination and sorting in the list “Devices with this app” [MDM-21536] [MDM-21552]
  • Fix error when LDAP server does not return a group member attribute (e.g. Novell eDirectory) [RS-6874] [MDM-21571]
  • Fix persisting pinning state of navigation bar [MDM-21352] [RS-6253] [RS-6424]
  • Fix saving of Android Enterprise managed app configuration after filtering [MDM-21526]

Version 5.4.2


Important Fixes
  • Generated Wi-Fi payload for apple devices with type enterprise WPA2 and enterprise WPA3 [MDM-21562] [RS-6728]

Version 5.4.1


  • Exclude empty bundles and arrays from managed app configurations for Android Enterprise [MDM-21473] [RS-6682]
  • Improve rendering of Android Enterprise Managed App Configurations which do not follow Google’s specification [MDM-21472]

Version 5.4


  • Support bulk enrollments with provisioning packages for Windows devices [MDM-21110]
  • Restrict allowed lesson time frame to lesson schedule when enabled in organisation settings [MDM-18332]
  • Managed app configurations for Android Enterprise are now merged when multiple policies are applied [MDM-20962]
  • Add 3 new fields to the iOS restriction configuration for iOS 14.5+ devices [MDM-21298]
  • Verify whether iOS device has published policy versions applied when device refresh completes and update if needed [MDM-21302]
  • Update device name and user via CSV upload in device inventory [MDM-21326] [RS-3906] [RS-4726] [RS-4870] [RS-6137] [RS-6363]
  • Add Windows Antivirus configuration [MDM-20792]
  • Add Windows Licensing configuration [MDM-21054] [MDM-21044]
  • Add Windows version/edition badges for all actions and configurations [MDM-21182] [MDM-21291]
  • Add iTunes ID and bundle identifier columns to purchased apps list [MDM-21296]
  • Add filter in user list to filter by direct group memberships [MDM-21297]
  • Add “created by” column in enrollment list [MDM-21354] [RS-6431]
  • Reduce log messages on WARN level when fetching file content fails because of stream abortion [MDM-21263] [RS-5859]
  • Allow update of MDM profile if device certificate is expired [MDM-21349]
  • Extend “devices with this app” list in app details with columns containing general device information [MDM-21396]
  • Display device serial number in basic device information [MDM-21362] [RS-6159]
  • Adjust error code message to clarify that the action can not be cancelled any more as the device is already performing it [MDM-19686] [RS-4208]
  • Merge first column and context menu in all table views [MDM-21305]
  • Display the configuration name in the policy list of a device [MDM-21346] [RS-6425]
  • Adjust color of app history comments to black instead of light grey [MDM-21370]
  • Display restricted Play Store mode hint for Android Enterprise restrictions configuration [MDM-21416]
  • Remove duplicate translation files from i18n folder [MDM-21436]
  • Always re-apply policies on log in on Apple Shared iPad [MDM-21325] [RS-6375]
Important Fixes
  • Fixed a race condition for rules that could prevent scheduled actions from being canceled when a previously inactive device became active again [MDM-21113] [RS-6091]
  • Creation of new policy versions no longer fails completely if a single configuration is invalid [MDM-21265] [RS-6268]
  • Fixed an error that could leave a VPP sync in a zombie state when an error with a message too large to be logged occurred [MDM-21429] [RS-6597]
Minor Fixes
  • Assigned user is now correctly cleared when an iOS device is enrolled as a shared device [MDM-21257]
  • Ensure the latest published policy versions are assigned to device when re-apply policy is used [MDM-21302]
  • Resolve performance issues when retrieving auto enrollments [MDM-21347] [RS-6396]
  • Fix prefilling of password field in the web portal, when a password manager was used [MDM-21162]
  • Pressing enter on username field during login did not perform a login attempt, when password is already filled [MDM-21163]
  • Password reset view was still visible after being logged in [MDM-21248] [RS-6604]
  • Re-add the option to create a policy version, if the current version is already published [MDM-21274]
  • Disable all fields in Windows Wi-Fi configuration if it was published previously [MDM-21333]
  • Set android enterprise fully managed device mode as default for Android Enterprise enrollments [MDM-21379]
  • Display issues on information page of an Android Enterprise device [MDM-21415]

Version 5.3.3


  • Add support for JMX based analysis of cluster environments [MDM-21462]
Important Fixes
  • Fix transaction borders when handling user saved events, and skip some handlers not necessary for newly created users [MDM-21458]

Version 5.3.2


Important Fixes
  • Adjust configuration of PKCS 12 key store generation on OpenJDK version 11.0.12 and above. The default settings have been changed in this OpenJDK version and the new defaults currently result in broken PKCS 12 archives which are not accepted by Apple devices [MDM-21410] [RS-6567]
  • Make Google Cloud Pub/Sub use the system proxy again [MDM-21405] [RS-6489]

Version 5.3.1


Important Fixes
  • Fix Android Enterprise devices having no assigned policies any more after being inactive [MDM-20628] [RS-6512] [RS-6208] [RS-6074] [RS-5332] [RS-5296]

Version 5.3


  • Allow resizing table columns and save them in user’s preferences [MDM-21047] [MDM-21052] [MDM-21126]
  • Display list of devices on which a specific app is installed [MDM-18611] [MDM-21142] [RS-5851]
  • Support combining multiple app compliance configurations on Apple device [MDM-20551]
  • Add app compliance configuration for Windows devices [MDM-20407]
  • Add Samsung Classroom Management configuration [MDM-21118]
  • Support app installation for lessons on Android Enterprise devices [MDM-21124] [MDM-21267]
  • Add Shared iPad settings configuration [MDM-21232]
  • Display a custom JSON which can be used to enroll KME devices via Android Enterprise in the QR code view and enrollment details [MDM-21258] [RS-6005]
  • Ensure that policies are only applied on devices which are using the supported Windows edition and version [MDM-21237]
  • Extend app selection options for remove app action [MDM-20971]
  • Add Windows BitLocker configuration, which allows controlling disk encryption [MDM-21012]
  • Allow to define the certificate store in Windows certificate configuration [MDM-21089]
  • Add Windows Hello configuration [MDM-21136]
  • Apply actions on multiple devices with a single bulk request [MDM-21046]
  • Add wipe action for Android Enterprise fully managed devices [MDM-20955]
  • Add VPP licensed information to apps list and app details [MDM-21227]
  • Show available placeholders in certificate templates view [MDM-21228]
  • Support groups in CSV import for classes [MDM-20633] [RS-3586] [RS-5009] [RS-5884]
  • Add support to deploy and remove Windows public apps [MDM-21100]
  • Check MariaDB version requirement for 10.3 or newer during startup [MDM-21112]
  • Require to explicitly set a password for exiting the Android Kiosk mode [MDM-21211]
  • Fail VPP sync immediately when token expired, send no network requests [MDM-21229]
  • Extend model of lesson device with information about its platform and enrollment type [MDM-21320]
  • Add new properties on Windows Start Menu configuration - start layout and edge assets [MDM-20873]
  • Make Windows Update Auto-Update time a dropdown selection field [MDM-21058]
  • Add context menu actions “Use default device name from DEP profile” and “Use auto-assigned policies” to auto enrollment list [MDM-21067] [RS-5966]
  • Rename whitelist and blacklist to allow list and block list [MDM-21121]
  • Add CSV export to Windows account action and improve user interface [MDM-21125]
  • Update Windows Update Configuration to use the list of available Windows versions [MDM-21221]
  • Ensure Relution iOS client is always allowed if Relution Shared Device Configuration is active, especially when conflicting app compliance settings are present [MDM-21268] [RS-6261]
Important Fixes
  • Android Enterprise devices no longer stay non-compliant when all violations have been resolved [MDM-20944] [RS-5943] [RS-6034] [RS-5771]
  • Fix issue with per app VPN connections not being associated correctly [MDM-21111]
Minor Fixes
  • The CORS preflight request (OPTIONS) now also responds with a HTTP 200 message for clients that do not provide credentials [BR-1710]
  • Deleting apps and weblinks referenced in a lesson or lesson template [MDM-21135] [RS-6084]
  • Fix enable state for new remote desktop service configurations [MDM-21180]
  • Show the missing icon for new device action state DELIVERY_CONFIRMED [MDM-21189]
  • Fix Windows Wi-Fi Configuration Open authentication type creation [MDM-21217]
  • Fix add app modal not closing after uploading a new app using drag and drop [MDM-21218]
  • Fix device name change validation in device inventory list and edit device page error messages [MDM-21235]
  • Fix multi tenant file upload for non file endpoints [MDM-21276] [RS-6305]
  • Fix Android Enterprise Work Profile device deletion [MDM-21286]
  • Fix formatting of battery level in device inventory [MDM-21327] [RS-6397]
  • Fix incorrect active task count shown in health indicator after deleting a VPP token [MDM-21301]
  • Fix potential endless recursion in VPP sync when multiple pending requests fail to send [MDM-21301]

Version 5.2.4


  • Change policy publishing mechanism to run in its own thread pool instead of the global one [MDM-21285]
Important Fixes
  • Extend REST endpoint to reactivate Windows devices by changing the Device ID for active devices as well [MDM-21247] [RS-6231]
  • Add missing Android Enterprise platform option to policy prioritisation [MDM-21272]

Version 5.2.3


Important Fixes
  • Add a new REST endpoint to reactivate Windows devices which were marked as deleted due to Device IDs used by multiple devices [MDM-21247] [RS-6231]

Version 5.2.2


Important Fixes
  • Fix Android Enterprise platform migration for no longer needed policy configurations linked to violations [MDM-21239]

Version 5.2.1


  • Add defining initial Android Enterprise policies to enrollments [MDM-21222]
Important Fixes
  • Allow soft deletion also for expired certificates [MDM-21219]

Version 5.2


  • Make Android Enterprise a separate device platform. Devices and policies including configurations are migrated to the new platform automatically [MDM-20819]
  • Add managed app configuration editor for Android Enterprise [MDM-20724]
  • Add Android Enterprise system update policy [MDM-19756]
  • Add custom device variables [MDM-19888] [MDM-20970] [RS-2838] [RS-3662] [RS-4242] [RS-5019]
  • Add configuration to persist enrollment user in device’s custom property on enrollment [MDM-20556]
  • Allow deleting certificates [MDM-20695] [RS-5915]
  • Delete device actions automatically after a configurable period, default two years (730 days) [MDM-20907]
  • Add client widget for desktop browsers [MDM-20959]
  • Add information box to policy details [MDM-19940]
  • Add information card to device details [MDM-20160]
  • Add Windows Defender scan action [MDM-20405] [MDM-20422]
  • Show Windows Defender Antivirus health data in device details [MDM-20798]
  • Add Action to add local accounts on Windows devices [MDM-21056]
  • Renew iOS App Store push certificate, the previous one will expire on December, 13th 2021 [MDM-20704]
  • Renew iOS MDM push certificate, the previous one will expire on November, 17th 2021 [MDM-20704]
  • Give all users “User” and “Device User” permissions regardless of group membership [MDM-18356]
  • Required apps, which refer to non-installable system apps, are not taken into account during compliance status detection [MDM-20714] [RS-5441]
  • Adjust off-time mode for iOS devices: Allow Settings app only for devices during off-time instead of activating lost mode as this allows to change Wi-Fi even during off-time. [MDM-20818] [RS-4630]
  • Enable remove app action for tvOS and macOS devices [MDM-20956] [RS-5852]
  • Allow triggering supervised device actions only on supervised devices [MDM-16290]
  • Adjust translation and information for DEP profile allow pairing setting [MDM-20884]
  • Display hint if selected VPN type does not support per app and account VPN connections [MDM-20957]
  • Add auto-scroll to column selector drop list [MDM-20958]
  • Hide unneeded checkboxes in Android app compliance [MDM-20966]
  • Removed contacts and calendar from Windows Email configuration [MDM-20979]
  • Change password field in the Windows Exchange configuration to no longer be required [MDM-20998]
  • Update validation of Windows Update configuration [MDM-21058]
  • Extend device state filter with the option to filter devices in status “withdraw pending” in device inventory [MDM-21070]
  • Extend add app options to allow selecting from both standard Google Play and the Android Enterprise managed Play Store [MDM-21076]
  • Optimize IOT license metric gathering [MDM-21186] [RS-5695]
Important Fixes
  • Fix installation of .pkg files [MDM-20845] [RS-5571] [RS-5380]
  • Remove non-optimal JPQL to query parent groups when native SQL is not available and use legacy implementation instead [MDM-21057]
  • Fix adding of new members to existing courses during CSV import [MDM-21104] [RS-5974]
Minor Fixes
  • Hide the option to enable Secure Mail Gateway in Exchange configuration for Windows [MDM-21093]
  • Prevent error log message occurring in rare cases on system shutdown [BR-1417]
  • Hide confusing warning on startup when LDAP is not configured [MDM-20692]
  • Prevent education content synchronisation for manually triggered LDAP synchronisation if LDAP education synchronisation is not configured. [MDM-20896]
  • Fix saving the user profile with an empty phone number [MDM-21033]
  • Improve performance of user and device inventory when performing select or deselect actions [MDM-19991] [MDM-19992]
  • Fix overlapping device name pattern for Windows 10 devices [MDM-20908]
  • Ignore deprecated user preferences for dashboard [MDM-20918]
  • Disable autofocus on auto deployment search field in users and groups edit view [MDM-20934]
  • Display the collected ethernet MAC address on macOS [MDM-21006] [RS-5874]
  • Fix deploy action name shown for Microsoft Store application [MDM-21013]
  • Fix disabled next button in app selectors [MDM-21027]
  • Fix row selection with single click on tablet size screens [MDM-21065] [RS-5968]
  • Add missing translations in auto enrollment inventory [MDM-21066] [RS-5964]

Version 5.1.4


  • Add network rate-limiter to pub/sub and increase stability on large instances [MDM-21083]
  • Add ability to restore pub/sub subscriptions that were deleted (due to inactivity) [MDM-21071] [RS-5527]

Version 5.1.3


  • Support meta data update of public macOS apps [MDM-21084]
Important Fixes
  • Meta data update of public apps not working in some cases [MDM-21084]

Version 5.1.2


  • Optimize pub/sub poll for large instances with support for parallel poll requests [MDM-21078]

Version 5.1.1


  • Replace CTE and native SQL resource files with string constants to avoid issues on some Windows installations [MDM-21035]
Important Fixes
  • Fix initial state of checkbox in Android Enterprise Play Store management configuration [MDM-21038]
  • Fix update script that removes duplicate Content Manager groups, which could produce a contraint violation in rare cases [MDM-20936]
  • Fix saving organization administrator group, which incorrectly reported the administrator member as missing, preventing modifications such as adding new administrators [MDM-21034] [RS-5916]
  • Fix configuration of authentication types in Windows Wi-Fi configuration [MDM-21025] [RS-5893]
  • Fix persisting the automatic assignment of policies when being edited [MDM-21030] [RS-5898]
  • Add missing indicator for already used email addresses when editing the user profile of users created before Relution 5 [MDM-21031]

Version 5.1


  • Add support for uploading modern Windows apps [MDM-20953] [MDM-20739] [MDM-20790] [MDM-20917]
  • Add deploying modern Windows apps to devices [MDM-20952] [MDM-20759] [MDM-19789]
  • Add removing modern Windows apps from devices [MDM-20954] [MDM-20760] [MDM-19790]
  • Add selecting public applications from Windows App Store [MDM-20145]
  • Add Windows Update policy [MDM-20401]
  • Automatically renew education CA certificates when they will expire in the next 180 days [MDM-19930]
  • Add global proxy configuration for Android Enterprise [MDM-20080]
  • Allow multiple restriction configurations on Apple devices [MDM-20162]
  • Prevent modification of LDAP groups and system groups [MDM-20384]
  • Optimize new native client version notifications in notification center [MDM-20510]
  • Add Android Enterprise Play Store management configuration [MDM-20394]
  • Add full support for installation of .pkg files on macOS devices [MDM-20845] [RS-5571] [RS-5380]
  • Allow ignoring auto-assigned policies also for auto-enrollment [MDM-20717]
  • Add automatic refresh of notification center [MDM-20555]
  • Make all failing permission checks respond with a 401 (Unauthorized) instead of 403 (Forbidden) status when no valid authentication is provided [BR-996]
  • Update connection date of Apple devices only on MDM communication [MDM-17936]
  • Add possibility to perform partial downloads of resources [MDM-20380]
  • Add support for custom client names to SAML2 registrations and support additional attribute value formats [MDM-20691]
  • Prohibit changing the password of a user, when the user is managed by a 3rd party user management system [MDM-20719]
  • Add optional configuration for automatic removal of completed VPP tasks older than a defined period of time [MDM-20795]
  • Do not include hidden ping actions in open action count [MDM-20871] [RS-5611] [RS-5669]
  • Replace several dropdown filters in device inventory with a list of selectable options [MDM-20509]
  • Optimize translations in app compliance configurations [MDM-20543]
  • Add installed apps selection list for remove app action [MDM-20550]
  • Update certificate lists to the standard list style [MDM-20711]
  • Add Windows platform in app release workflow [MDM-20713]
  • Show user’s groups and group members for content manager [MDM-20718]
  • Update compliance violation views to the standard list style [MDM-20726]
  • Check if email is available when editing user details on the profile page [MDM-20774]
  • Remove Windows Update configuration from Windows restrictions policy configuration as it will be available as a standalone configuration [MDM-20825]
  • Improve performance when loading auto deployments [MDM-20705]
Important Fixes
  • Fix VPP sanity check in cluster environments on server startup and optimize its performance [MDM-20795]
  • Fix removal of organizations with VPP publications [MDM-19989]
  • Fix extracting bundle identifier of .pkg files with a different format [MDM-20666] [RS-5571] [RS-5380]
Minor Fixes
  • Retry on VPP token upload when Apple responds with a temporary error, to avoid a 422 HTTP status [MDM-19826] [RS-5145] [RS-4388]
  • Fix refresh device info actions being marked as an error on Shared iPads, even if all available information could be retrieved successfully [MDM-20639] [RS-5520]
  • Fix calculation of file sizes and hashes when using MongoDB based GridFS [MDM-20927]
  • Ensure that Windows devices can be enrolled by using the Device User group instead of a specific user [MDM-20941]
  • Do not enable the update OS button for tvOS devices if no update is available [MDM-20226]
  • Move selection labels into search field in app selector modals [MDM-20706]
  • Prevent issues with translations using the same property name from a translation file, e.g. apps [MDM-20755]
  • Fix policy export when using special characters in the passcode [MDM-20786] [RS-5519]
  • Show correct available storage space units for a Windows device [MDM-20789]
  • Showing line breaks in reason why action buttons are disabled [MDM-20860]
  • Fix enrolling Windows 10 devices again after they have already been enrolled on the server before [MDM-20975]

Version 5.0.3


Important Fixes
  • Fix handling of illegal characters in certificate file names on Windows platform [MDM-20877] [RS-5619]

Version 5.0.2


Important Fixes
  • Fix important security issue, same as 4.79.4 [MDM-20765]
  • Fix database update on Microsoft SQL Server [MDM-20771]

Version 5.0.1


  • Serve the new Relution portal directly in / and fully replace the legacy portal [MDM-19864] [MDM-20563]
  • Add support for assigning multiple policies to a device [MDM-19741] [MDM-19742] [MDM-19743] [MDM-20440] [MDM-20449] [MDM-20440] [MDM-20507] [MDM-20450]
  • Add support for managing Windows 10 devices [MDM-19781] [MDM-19782] [MDM-19784] [MDM-19785] [MDM-19789] [MDM-19790] [MDM-19871] [MDM-19874] [MDM-19875] [MDM-19876] [MDM-19877] [MDM-19878] [MDM-19879] [MDM-19883] [MDM-19884] [MDM-20063] [MDM-20383]
  • Show all configurations of applied policies in device details, not only those with a compliance status [MDM-20507]
  • Replace default policy with more versatile automatic assignment to all devices or specific users or groups[MDM-20446]
  • Use the managed Google Play Store to select apps to add into the Relution app store when Android Enterprise is configured in the organization [MDM-20079]
  • Add a setting to make enrollments reusable which allows enrolling multiple devices with a single enrollment [MDM-20087]
  • Add configuring managed accounts to use a specific VPN on Apple devices [MDM-20128] [MDM-20128]
  • Add configuring managed apps to use a specific VPN on iOS and tvOS devices [MDM-20136]
  • Require email addresses of users to be unique on the system [MDM-20564]
  • Add device name configuration for supervised Apple devices [MDM-20447]
  • Add time zone configuration for supervised iOS and tvOS devices [MDM-20582]
  • Add the “Skip passcode” option also to Android Enterprise Work Profile enrollments [MDM-20526]
  • Require Java version 11 or higher and, when using MySQL, version 8.0 or higher [MDM-20564]
  • Reset the database baseline for version 5. Version 4.79 is required before updating to version 5 [MDM-19865]
  • Migrate Spring Boot to 2.4.2 which also supports running with Java 15 [MDM-19894]
  • Move all API endpoints to the unified /api/ path, the previous endpoints are redirected [MDM-19950] [MDM-19951]
  • Make table list headers sticky [MDM-20679]
  • Remove Development Hub [MDM-19868]
  • Remove App Store Ratings [MDM-19870]
  • Add “untrusted apps policy” to Android Enterprise restrictions, replacing deprecated unknown sources setting [MDM-19997] [RS-5029] [RS-4596] [RS-5230]
  • Optimize retrieval of devices with many installed apps [MDM-20635]
  • Reorder dashboard widgets [MDM-19565]
  • Add logging in as organization admin context menu action to system organization list [MDM-20445]
  • Change default visibility of the platform and enrollment type column in the device list as all devices now have an enrollment type [MDM-20557]
  • The members of a course are now sorted alphabetically [MDM-20596]
  • Replace legacy icons [MDM-20640]
  • Adjusted app compliance configurations to new list design [MDM-20543]
  • Adjusted auto deployment list to new list design [MDM-20644]
  • Automatically disassociate VPP licenses on device deletion also for tvOS and macOS [MDM-20553]
  • Hide the link into the device in VPP license details when the current user does not have the permissions to access it [MDM-20549]
  • Clean Up Windows Mobile implementation [MDM-19979]
Important Fixes
  • Fix persisting LDAP referenced fields in user preferences that could accidently be removed [MDM-20399] [RS-4960]
  • Fix a problem causing Relution to forget the policy assigned to Android Enterprise devices [MDM-20628] [RS-5296] [RS-5332]
  • Fix cloning policies on systems with MS SQL Server [MDM-20579] [RS-4993]
Minor Fixes
  • Add missing translations to paginator [MDM-20665]
  • Remove the words in progress from app history titles [MDM-20654]
  • Sort VPP apps by name in the device VPP license list [MDM-20175]
  • Hide issued certificates in the certificate view as there is a separate view for them [MDM-20597]
  • Link from app settings to app categories [MDM-20600]
  • Fix various elements where the default font size was not honored [MDM-20641]
  • Fix header in VPP lists breaking the table layout [MDM-20642]
  • Fix VPP association modal layout [MDM-20646]
  • Fix empty state when no version was found in the current release state [MDM-20647]