Release notes for the Citrix Secure Access client for iOS

The release notes describe the new features, enhancements to existing features, fixed issues, and known issues available in a service release. The release notes include one or more of the following sections:

What’s new: The new features and enhancements available in the current release.

Fixed issues: The issues that are fixed in the current release.

Known issues: The issues that exist in the current release and their workarounds, wherever applicable.

Important information:

• Citrix Secure Access for macOS/iOS 24.06.1 and later releases address the TunnelVision vulnerabilities described in CVE-2024-3661.

V25.08.1 (18 Sep 2025)

Important:

If you are using the latest Apple OS versions such as iOS 26 and later, then we recommend that you upgrade to Citrix Secure Access client version 25.08.1 or later. For more information about the NetScaler Gateway client software requirements, see System requirements.

What’s new

• Support for Citrix Secure Private Access

  The Citrix Secure Access client for iOS now supports Citrix Secure Private Access deployments. This enables administrators to enforce ZTNA policies, ensuring users securely access corporate applications and web resources from iOS devices. For more information, see Citrix Secure Private Access for mobile devices.

  [CSACLIENTS-15178]

• Route TCP DNS queries to the application-specific resource location

  The TCP DNS queries for specific host names can now be routed directly to the resource location configured in the corresponding application. This routing improves application performance by ensuring that DNS queries reach the most relevant resource location. Previously, all TCP DNS queries were, by default, routed to the geographically closest resource location, regardless of the application’s actual location.

  [CSACLIENTS-14336]

• SNI support for the Citrix Secure Access client

  The Citrix Secure Access client now sends the Server Name Indication (SNI) field as part of the TLS handshake. This feature is enabled by default. To disable SNI support, contact Citrix Support.

  [CSACLIENTS-15361]

V25.07.1 (12 Aug 2025)

What’s new

• Dropping of QUIC handshake packets

  The Citrix Secure Access client for iOS now drops Quick UDP Internet Connections (QUIC) handshake packets, enabling a faster switch to TCP connection establishment. To enable this feature, contact Citrix Support.

  [CSACLIENTS-14921]

V25.06.2 (11 Jul 2025)

What’s new

• This release addresses some issues to improve the overall performance and stability.

V25.06.1 (09 Jul 2025)

• This release addresses some issues to improve the overall performance and stability.

V25.03.4 (02 June 2025)

Fixed issues

• External applications might load slowly or fail to load when the per-app VPN is enabled in the Citrix Secure Access client for iOS.

  [NSHELP-39673]

• iOS device users might be prompted to transfer their login when both of the following conditions are met:

  • An Intranet IP address (IIP) is assigned to the user.

  • The previous session remains active during network transitions, such as switching between Wi-Fi and mobile data.

  Contact Citrix Support to enable the auto-transfer login feature, which eliminates the need for manual prompts during session transfers.

  [NSHELP-39727]

V25.03.3 (12 May 2025)

What’s new

• This release addresses some issues to improve the overall performance and stability.

V25.03.2 (08 May 2025)

What’s new

• This release addresses some issues to improve the overall performance and stability.

V25.03.1 (10 April 2025)

What’s new

• This release addresses some issues to improve the overall performance and stability.

V25.02.1 (14 Mar 2025)

What’s new

• This release addresses some issues to improve the overall performance and stability.

V25.01.1 (16 Jan 2025)

What’s new

• This release addresses some issues to improve the overall performance and stability.

Fixed issues

• The Citrix Secure Access client on devices running macOS 15.2 and above might fail to complete the configured OPSWAT scans.

  [CSACLIENTS-13099]

V24.11.1 (25 Nov 2024)

What’s new

• This release addresses some issues to improve the overall performance and stability.

V24.10.1 (17 Oct 2024)

What’s new

• Support to exclude DNS traffic by Citrix Secure Access client

  You can now configure the Citrix Secure Access client to exclude DNS traffic from being intercepted. For more information, see Exclude specific domain traffic from client interception.

  [CSACLIENTS-10237]

• This release addresses some issues to improve the overall performance and stability.

V24.09.1 (16 Sep 2024)

Important:

If you are using the latest Apple OS versions such as iOS 18 and later, then we recommend that you upgrade to Citrix Secure Access client version 24.09.1 or later. For more information about the NetScaler Gateway client software requirements, see Citrix Secure Access client system requirements.

What’s new

• This release addresses some issues to improve the overall performance and stability.

V24.08.1 (14 August 2024)

What’s new

• This release addresses some issues to improve the overall performance and stability.

V24.07.1 (15 July 2024)

What’s new

• This release addresses some issues to improve the overall performance and stability.

V24.06.2 (27 June 2024)

What’s new

This release addresses the IPv6 login issues.

V24.06.1 (24 June 2024)

What’s new

• This release addresses the TunnelVision vulnerabilities described in CVE-2024-3661.

  [CSACLIENTS-10918 ]

• This release addresses some issues to improve the overall performance and stability.

• Interoperability enhancements with third-party secure web gateway

  The User-Agent strings for Citrix Secure Access have been updated for an enhanced interoperability with third party secure web gateways.

  [CSACLIENTS-8501]

Fixed issues

• Citrix Secure Access fails to bypass the VPN tunnel for the excluded apps, if per-app VPN with reverse split tunneling is enabled.

  [CSACLIENTS-10340]

V24.04.1 (18 April 2024)

What’s new

• This release addresses some issues to improve the overall performance and stability.

V24.03.1 (14 Mar 2024)

What’s new

• Overall performance and stability improvements

  Citrix Secure Access client is enhanced with the following capabilities to improve the overall performance and stability:

  • An increase in the number of the simultaneous connections that can be tunneled through a VPN.
  • An improved VPN connection resiliency with IPv6 gateways.

  [NSHELP-36903]

V24.02.1 (15 Feb 2024)

What’s new

• This release addresses some issues to improve the overall performance and stability.

V23.12.2 (20 Dec 2023)

What’s new

This release addresses issues to improve the overall performance and stability.

V23.12.1 (06 Dec 2023)

What’s new

• This release addresses other issues to improve the overall performance and stability.

V23.11.1 (27 Oct 2023)

What’s new

• Citrix SSO for iOS is now renamed to Citrix Secure Access. We are updating the UI screenshots in our documentation to reflect this name change.

• This release addresses the following:

  • Connection issues with the Citrix Secure Private Access™ environment.
  • Other issues to improve the overall performance and stability.

V23.10.2 (17 Oct 2023)

This release addresses the IPv6 login issues.

V23.10.1 (09 Oct 2023)

What’s new

• Support for Local LAN access

  Citrix SSO for iOS now support the Local LAN access functionality of NetScaler Gateway. You can configure local LAN access so that once a VPN connection is established, end users are either allowed to or blocked from accessing local LAN resources on their client devices. For more information, see the following:

  • NetScaler Gateway admin configurations
  • End user configurations - iOS

V23.09.1 (07 Sep 2023)

Important:

If you are using the latest Apple OS versions such as iOS 17 and later, then we recommend that you upgrade to Citrix SSO version 23.09.1 or later. For more information about the NetScaler Gateway client software requirements, see Citrix Secure Access client system requirements.

What’s new

• Secured connection insights on the UI

  On the “Connections” screen of the Citrix Secure Access client UI, you can view the secured connection details. The details include the IP address, FQDN, destination port, and the duration of the connection. For more information, see Secured connection insights.

  [SPA-2364]

• Reauthenticate with NetScaler Gateway after a VPN connection failure

  Citrix SSO for iOS now prompt you to reauthenticate with NetScaler Gateway when a VPN connection is lost. You are notified on the UI indicating that the connection to NetScaler Gateway is lost and that you must reauthenticate to resume the connection. For more information, see Reconnect to NetScaler Gateway from iOS after a VPN connection failure.

  [CSACLIENTS-6071]

V23.07.1 (17 Jul 2023)

What’s new

• Various options to share log files

  The “Email Logs” option in Citrix SSO for iOS is now replaced with the “Share Logs” option. The compressed log files can now be shared through options such as email, chat, save to files, and so on.

  For more information, see Send logs.

  [CSACLIENTS-3834]

V23.06.1 (07 Jun 2023)

What’s new

• Help menu on the navigation bar

  A Help menu is now added to the navigation bar of the Citrix Secure Access client. The options (Open Logs, Export Logs, Email Logs, and Clear Logs) in the Help menu can be used for debugging logs.

  An Email Logs option is introduced under the Help menu. It can be used to share the logs over email. For more information, see Send logs.

  [SPA-2361]

Fixed issues

In some cases, the DNS short name resolution fails on Citrix SSO for iOS.

[NSHELP-34568]

Known issues

In some cases, the excluded routes in reverse split-tunneling are tunneled.

[CGOP-24575]

V23.05.2 (11 May 2023)

Fixed issues

After an upgrade, the Citrix SSO for iOS client devices cannot establish per-app VPN connections.

[NSHELP-35224]

V23.05.1 (04 May 2023)

What’s new

• Support for sending events to Citrix Analytics

  Citrix Secure Access for macOS now supports sending events such as session creation, session termination, and app connection to Citrix Analytics service. These events are then logged in the Secure Private Access service dashboard.

  [SPA-2197]

Fixed issues

• When the users are connected to Citrix Secure Access or Citrix SSO, the “Connection Duration” field fails to display the time in the region-specific format.

  [CGOP-23587]

V22.12.1 (07-Dec-2022)

This release addresses issues that help to improve overall performance and stability.

V22.11.1 (29-Nov-2022)

Fixed issues

• Transfer logon does not work for non-nFactor authentication with on-premises gateways.

  [CGOP-22729]

V22.10.1 (17-Nov-2022)

What’s new

• The Citrix Endpoint Analysis plug-in now supports new MAC address validation expression where pattern sets can be created for the list of allowed IP addresses.

  [CGOP-22095]

Fixed issues

• Sometimes, empty proxy settings in NetScaler Gateway release 13.0 or 13.1 causes Citrix SSO to create improper proxy settings.

  [NSHELP-31970]

• Sometimes, VPN clients fail to reconnect after a network outage or after the device wakes up from sleep mode.

  [NSHELP-32483]

• Sometimes, gateway connections fail when using IPv6 literals as the destination.

  [NSHELP-32876]

V22.06.1 (20-Sep-2022)

Fixed issues

• nFactor authentication with an optional client certificate fails when there are no appropriate client certificates on the device.

  [NSHELP-32127 - iOS]

• Citrix Secure Access crashes when an incorrect location value is received from the gateway. This can happen if the administrator defines a responder policy to redirect to another host.

  [NSHELP-32312]

• Direct connections to the resources outside of the tunnel established by Citrix Secure Access might fail if there is a significant delay or congestion.

  [NSHELP-31598]

V22.03.1 (14-Jun-2022)

Fixed issues

• An extra DNS domain is added to the search list. This is because, when the split tunnel is set to “Split” or “Both” only the specified domains and their subdomains are NOT tunneled. If the specified domain is A.B.C, then B.C is also matched in addition to A.B.C and *.A.B.C.

  [CGOP-21657]

• HTTP/HTTPS proxy settings that do not use a PAC file are broken.

  [CGOP-21660]

V22.02.3 (24-Mar-2022)

Fixed issues

• The Citrix Secure Access app breaks some protocols when the server sends data before the client, immediately after the connection is established.

  [NSHELP-29374]

V22.01.1 (08-Feb-2022)

Fixed issues

• Per-App VPN connections with Citrix SSO for iOS devices fail to connect to NetScaler Gateway on ports other than 443.

  [NSHELP-30653]

Fixed issues

• Client certificate authentication fails if the authentication server requests for the client certificate multiple times in the same web view session.

  [CGOP-20388]

• Citrix SSO fails to establish a VPN connection if the server certificate has only an IP address for common name because of a proxy in between the client and the ADC.

  [CGOP-20390]

• EPA scan for checking the antivirus last full system scan fails on macOS.

  [NSHELP-29571]

• Sometimes, the Citrix SSO app crashes while handling large DNS packets.

  [NSHELP-29133]

V1.4.0 (17-Nov-2021)

Fixed issues

• Sometimes, the server validation code fails when the server certificate is trusted. As a result, end users cannot access the gateway.

  [NSHELP-28942]

• Citrix SSO fails to re-establish the VPN connection after network disruption.

  [CGOP-19988]

V1.3.13 (05-Nov-2021)

Fixed issues

• You might experience failures when filtering sessions for managed versus unmanaged VPNs. The initial requests to establish the session are missing the “ManagedVpn” information in the User-Agent header.

  [CGOP-19561]

V1.3.12 (21-Oct-2021)

Fixed issues

• The Citrix SSO app crashes intermittently when receiving notifications.

  [CGOP-19363]

• The VPN extension might crash when the “isFeatureEnabled” parameter is called to check a feature flag.

  [CGOP-19360]

• The gateway VPN extension crashes if the DTLS protocol has an empty payload.

  [CGOP-19361]

• The SSO app crashes intermittently when the device wakes up from the sleep mode and the VPN is connected.

  [CGOP-19362]

V1.3.11 (17-Sep-2021)

Fixed issues

• Citrix SSO crashes in an iOS 12 device when legacy authentication or Intune Network Access Compliance (NAC) is configured.

  [CGOP-19261]

V1.3.9 (13-Aug-2021)

Fixed issues

• On some systems with HTTP proxy software installed, the NetScaler Gateway IP address shows up internally as 127.0.0.1 thus preventing tunnel establishment.

  [CGOP-18538]

• The setting “Block Untrusted Servers” does not work on systems that support non-English localization of Citrix SSO for iOS.

  [CGOP-18539]

• Citrix SSO cannot connect to systems where the DNS name does not match the common name in the server certificate. Citrix SSO now checks for the subject alternative names, and connects correctly.

  [NSHELP-28348]