What’s new


Prevent .ica file downloads during Hybrid launch

To minimize security risks that might arise with the download of .ica files on local systems, the following settings have been introduced. Admins can configure these settings from the StoreFront admin console as a preventive measure against the misuse of downloaded .ica files. These settings include:

Prevent ica download settings

For more information, see Prevent ICA file download.

Enable the new UI using PowerShell command

Admins can enable the new UI for their end users using the following PowerShell command Set-STFWebReceiverService .

For example:

$rfw=Get-STFWebReceiverService -VirtualPath "/Citrix/StoreWeb"
Set-STFWebReceiverService -WebReceiverService $rfw -WebUIExperence Workspace


for more information on the new UI, see New UI

Enable advanced health check for all stores

Advanced health check is now enabled for all existing stores to improve resiliency. With advanced health checks, StoreFront can more reliably check for any issues in the delivery controller. When used with Citrix Desktops as a Service, the advanced health checks provide additional information about the connectors present at the resource locations. This is useful in the event of an outage. When a user launches a resource, an appropriate connector to launch the resource is selected automatically using Local Host Cache.

If you want to disable Advanced health check for all stores, you can use the following PowerShell script:

foreach ($store in Get-STFStoreService)
    Set-STFStoreFarmConfiguration -StoreService $store -AdvancedHealthCheck $False


Advanced health check has been enabled by default for new stores from StoreFront 2308 CR release.

Deprecation announcement for Windows server 2016

Support for installing StoreFront on Windows server 2016 will be removed in a future release. It is recommended that you upgrade to a newer version of Windows server for continued support. For more information on deprecated items, see Deprecation notices.

Fixed issues

  • If you set the branding settings to default on the new UI (Technical Preview), the old UI default color scheme is applied. [WSUI-8930]

  • App enumeration on StoreFront servers might fail intermittently. [CVADHELP-23196]

  • Activity Manager operations such as Logout, Disconnect, and more are not supported for applications that have App Protection policies enabled. [WSP-21324]

  • The powershell parameter -override is required to make any change to the diagnostics logging settings. [WSP 22214]

  • Names containing special characters might appear corrupted in the Settings dropdown menu. [WSP-22210]

  • The first time a user opens a store website in their browser on ChromeOS, it prompts the user to perform client detection but Citrix Workspace app for ChromeOS does not support client detection. As a result, the client detection fails and the users would need to click “already installed” to continue. With this fix, the website skips client detection on ChromeOS. [WSP-22390]

  • For StoreFront version 2311, policies configured in Studio that should only apply to users connecting through a gateway also apply to internal users. [WSP-22766]

Known issues

There are no new known issues in this release.


Citrix Secure Private Access on StoreFront

You can now connect to the Citrix Secure Private Access on-premises server using new PowerShell commands or StoreFront admin UI controls. It allows users to securely access web and SaaS apps through StoreFront. For more information, see Manage the resources made available in stores.

Uninterrupted VDA launch in case of FAS server unavailability

You can now configure StoreFront so that a VDA launch is successful even if the FAS server is unavailable. In such cases, the end users can sign in using their username and password. Previously, the VDA launch would fail if the FAS servers were unreachable. This feature is disabled by default and can be enabled using the following Powershell command.

Set-STFStoreLaunchOptions with parameter FederatedAuthenticationServiceFailover

You can use the same command to disable this feature, if required. For more information, see FAS.

Improved user-journey logs

Previously by default only errors were logged. The default logging level has now been changed to include warnings and tracing information. In addition the log messages have been improved. This ensures that by default, all the events that are part of the main user journeys are now logged. The default log file size is increased to 1GB (5*200MB) for each service. Typically this will require 1GB (for the roaming service) + 3GB per store (as each store service typically has a corresponding authentication service and receiver for web service). Ensure you have sufficient disk space available. For more information, see Diagnostics logging.

Citrix Workspace web extensions - General Availability

Citrix Workspace web extensions are now generally available for use with StoreFront. These web extensions help you launch resources in your locally installed Citrix Workspace app without prompts to open Workspace launcher or downloading an .ica file, making your experience safer and more reliable. For more information, see Citrix Web Extensions.

The use of Citrix Workspace web extensions is enabled by default for every new installation of StoreFront. However, end users still need to download the extensions to use this feature.


Citrix Workspace web extension is not enabled automatically during a StoreFront version upgrade. If this feature was turned-off before the upgrade, it remains in the same state after the version update. It will be enabled for all deployments in a future release.

When upgrading an existing deployment you can enable this feature using the following command:

Add-STFFeatureState -Name "Citrix.StoreFront.EnableBrowserExtension " -IsEnabled $True

New UI for on-premises stores (Technical Preview)

The new UI, is now available for on-premises stores. This UI, previously available only for cloud stores, ensures a consistent look and feel across cloud and on-prem stores.

The new UI brings the following key improvements:

  • User friendly UI: Reduces visual complexity and provides easy access to essential features. For more information, see Workspace visual and layout improvements.
  • Activity Manager: Facilitates quick actions on active virtual apps and desktops, saving resources and optimizing performance. For more information, see Activity Manager.
  • Enhanced categorization of apps: Multi-level folder structure that is responsive to your end user’s screen size. For more information, see categorization of apps.
  • Improved Search capabilities: New search capabilities provide for better and faster results. For more information, see Search options.

For detailed information on this preview, see New UI (Tech Preview).


You can provide feedback for this feature using this Podio form.

Citrix Workspace app for HTML5

This release includes Citrix Workspace app for HTML5 2310.

Fixed issues

  • Citrix Workspace app for Mac might freeze after waking up from Sleep mode when connected to a StoreFront Store. [CVADHELP-23217]
  • A race condition can cause the Citrix Subscriptions Store service to exit unexpectedly on the StoreFront server with warning messages. [CVADHELP-23326]

Known issues

  • Usernames with special characters might appear corrupted in the Settings dropdown menu. [WSP-22210]
  • The powershell parameter -override is required to make any change to the TraceLevel settings. [WSP-22214]
  • For StoreFront version 2311, policies configured in Studio that should only apply to users connecting through a gateway also apply to internal users. [WSP-22766]


Fixed issues

  • This release addresses a security vulnerability in an underlying component. For more information, see CTX583759. [CVADHELP-23724]


App Protection for hybrid launches

App Protection provides an additional level of security by blocking keyloggers and screen capture. Previously, this functionality was only available when accessing a store through Citrix Workspace apps for Windows, Mac and Linux. When viewing a store through a web browser, protected apps were not displayed. With this release it is now possible to configure a store website to display apps requiring App Protection when viewed through a browser, as long as StoreFront has detected that the user has a sufficiently new version of Citrix Workspace app for Windows, Mac or Linux installed that will be used to launch the app.

For more information see App Protection.

Advanced Health Check enabled by default

From this release onward, the advance health check feature is enabled by default for new stores. Previously it had to be enabled manually.

When used with Citrix DaaS, Advance health check makes StoreFront aware of the connectors present at the resource locations. In the event of an outage, when a user launches a resource, StoreFront chooses an appropriate connector to launch the resource using Local Host Cache.

Fixed issues

This release includes all fixes from 2203 CU3, plus the following:

  • [CVADHELP-22435] A year after detecting that the user has Citrix Workspace app installed, apps are launched in a browser rather than Citrix Workspace app.

  • [CVADHELP-21886] When using the StoreFront Store Service API to launch an app, overriding settings such as audio quality and disabling printers, the settings may affect all subsequent requests rather than just the current request.

Deprecation of XenApp Services

From this release onward, support for XenApp Services URLs (also known as PNAgent) for connecting to stores is deprecated. It will be removed in a future release. Use Citrix Workspace app to connect to stores using the store URL.

Removal of ability to add XenApp 6.5 delivery controllers

It is no longer possible to add new XenApp 6.5 resource feeds using the StoreFront management console. It is still possible to add them using PowerShell Add-STFStoreFarm specifying the FarmType as XenApp. For Example:

$store = Get-STFStoreService
Add-STFStoreFarm -StoreService $store -FarmName "XenApp" -FarmType XenApp -Port 80 -TransportType HTTP -Servers Xen1

Existing XenApp 6.5 resource feeds can be modified using the management console.


XenApp 6.5 is not supported by Citrix. The ability to use XenApp 6.5 delivery controllers will be removed in a future release.

Removal of ability to open resources within Internet Explorer 11

It is no longer possible to open resources within the Internet Explorer 11 web browser. It is still possible to access your store from Internet Explorer 11 but you must install Citrix Workspace app for Windows to be able to launch resources.

Known issues

There are no new known issues in this release.

What’s new