Cumulative Update 4 (CU4)
Release date: November 03, 2021
About this release
StoreFront 1912 LTSR Cumulative Update 4 (CU4) fixes eight issues reported since the CU3 release of the 1912 LTSR.
Fixed issues in 1912 LTSR CU4
StoreFront 1912 CU4 contains all fixes included in CU3, plus the following, new fixes:
When you attempt to launch a user session using Citrix StoreFront services API, the parameters passed to the launch request might be incorrect. [CVADHELP-16834]
SAML authentication might fail on the Citrix Workspace app that is connected internally to a StoreFront. [CVADHELP-17295]
This fix is an enhancement to StoreFront supporting the Local Host Cache feature in Citrix DaaS deployment. This enhancement allows users to launch resources from locations where connectors are not added to the StoreFront as Delivery Controllers when the service is not in the cloud outage mode. [CVADHELP-17385]
StoreFront includes a Cross Site Request Forgery (CSRF) token in the query string of a few URLs. A security concern might arise because the tokens might be retained in the browser history or in the logs of intermediate devices, such as proxy servers.
With this fix, you can disable CSRF token usage for the following URL request.
Add-STFFeatureState -Name "Citrix.DeliveryServices.WebUI.CsrfValidation.IgnoreOnSpecificRequests" -IsEnabled $True
If the feature toggle is ON, you must remove CSRF tokens from the URLs in all WebAPI-based customizations.
If you select Source for Receivers/Workspace app as the Citrix Website using the Deploy Citrix Receiver/Workspace app option, the Citrix Receivers/Workspace app downloads from an insecure site. As a result, the latest Google Chrome browser updates block the download. [CVADHELP-18083]
Upgrading StoreFront from version 7.15 LTSR CU2 to version 1912 LTSR CU3 might fail. Also, uninstalling StoreFront using the Windows Control Panel might fail with this error message:
Uninstalling Citrix StoreFront failed with exit code: 9
When switching accounts to log on to Citrix Workspace app on the same client, icons of featured app groups might launch incorrect applications. For example, if the user clicks the icon of application A on Citrix Workspace app, application B might launch. Also, the detail box of application A displays the information of application B. [CVADHELP-18221]
Highlighted tabs in Citrix Receiver for Web sites ignore the ‘Link color’ value specified in the Customize Appearance tab of the Edit Receiver for Web site dialog. Instead, highlighted tabs display in purple, [LCM-9536]