U-Series Appliance 4.6.0 release notes
April 30th, 2026
🆕 New features
Firewall management
We’re introducing a new Firewall page that makes it much easier to see what rules are in place and where they come from. Whether the rule originates from local settings or Group Policy, you can sort, filter, and quickly find what matters.
For more information, see Firewall.
Streamlined Support Package
We’ve streamlined how you create support packages, added clearer controls for retention and deletion, and improved what gets included so support teams can troubleshoot issues more efficiently. Together, these changes aim to reduce back-and-forth during support cases and help you get to a resolution faster.
For more information, see Appliance Support Package.
TLS 1.3 Support
Unlock stronger, faster security with one click. TLS 1.3 is now available on supported Windows Server 2022 appliances directly from the Appliance Security Protocols page. You get clear guidance, smart warnings, and a recommended badge when everything meets the bar. Enable it, reboot, and enjoy the latest protocol with zero guesswork.
For more information, see TLS 1.3.
✨ Enhancements
There are no new enhancements.
🛠️ Issues resolved
| Issue | Resolution |
|---|---|
| During an upgrade to BI 25.3, BI forces connections to use OAuth in the configuration which results in the Features Editor not displaying it accurately. | Stopped suggesting legacy Certificate+User authentication option regardless IUser-REM Windows account existence on Discovery Agent feature configuration panel if BI and Discovery Agent versions are equal or greater than version 25.3. |
| The log files for the Antimalware events server are missing from the logs page, the support package and log export. | The log files are now being included with these features. |
| When the Event Collector feature is set to Off, certain services display false alerts. | Excluded services that are not relevant when the Event Collector feature is disabled from the expected state evaluation logic, preventing false alerts from appearing on the Service Status page. |
| Certificate Management – Private Key Network Service permissions section missing when access is set to Deny. | Appropriate indicators now shown in Certificate Management to reflect that state accurately. |
| For IP Settings, the description on both IPv4 and IPv6 tabs are unclear. | Updated the tooltip descriptions on the IPv4 and IPv6 tabs in IP Settings to read: Enabling this option configures the adaptor to use an IPv4 or IPv6 network address. |
| New Azure image deployed through Marketplace shows multiple settings for IPv4 or IPv6 and produces errors in the Config Wizard. | On the IP Setting Configuration page, filter out Network Adapters that do not allow IP Configuration. |
| Unexpected Service Status alert displays message: Expected to be Stopped as High Availability service when certain features are switched off. | Updated the backend to explicitly communicate expected service state to the Service Status page frontend, rather than having the frontend attempt to determine it independently. |
| After copying the thumbprint, the ellipsis in the table grid becomes clickable, even though the cert details panel is still open. | Fixed the Certificate Management grid actions menu to remain consistently disabled while the certificate details panel is open. |
| When uploading a PFX certificate and entering an invalid password on the Private Key step, the UI does not display a clear password validation error. | Updated certificate import to display a clear, specific password validation error when an incorrect password is entered. |
| When you import a certificate on the SQL‑free Appliance and click Finalize, an error message appears in the logs due to PersistKeySet side effects during PFX preload that incorrectly trigger duplicate thumbprint detection. | Removed the PersistKeySet flag from the PFX certificate preload step to prevent false duplicate thumbprint detection. Updated IIS HTTPS binding to treat an already bound response as success and verify the binding state directly, eliminating false failure reports on the second binding call. |
| BeyondTrust Appliance System Info service display name does not match the actual service name, folder and log file names. | Service installation folder and files changed from SystemDetailsInfo to SystemInfo. |
| In Appliance Feature Configuration, when you make updates to the SQL Server Database area, the Account Management link is blank. | Updated the Account Management navigation link in Appliance Feature Configuration to point to the correct route (/account-management). |
| The View STIG link on the Request Filtering page displays a 404 error. | Updated all STIG reference links in IIS Settings Request Filtering to their current valid URLs. |
| When paired several appliances on the High Availability page, multiple errors display on the console. | Resolved JavaScript console errors on the High Availability page. |
| When the SSL Certificate page rebinds, the SSRS URLs message is inconsistent and may display a 404 error. | Corrected the BeyondInsight Unix and Linux (BIUL) service name resolution order so the modern service name is checked first, preventing intermittent 404 responses from triggering unexpected page redirects during the SSRS URLs refresh action. |
| On the High Availability (HA) page, SQL Server certificate rotation allows cert creation with wrong input value. | Added client-side input validation to HA SQL Server Certificate Rotation that blocks the request from being submitted and displays a banner error when values exceed the maximum limit of 300. |
| When you import a certificate, the banner message displays conflicting information. | Changed the pre-import banner in Certificate Import from Warning to Informational style, as the banner text is static context unrelated to the outcome of any specific import operation. |
| When you go to the Installed Software page, BIUL is not showing as an installed product. | Updated the Installed Software page to correctly detect and display version information for BIUL. |
| When you select Reset to Defaults in a table grid, it does not restore the settings to their default values. | Removed the non-functional Reset to defaults button from all grid toolbars across the Appliance application. |
| When an endpoint checks the MachineStoreKey value, it returns a 404 error if the requested key does not exist. | The system continues to return a 404 response when the Machine Store Key is not found, as other functionality depends on this behavior. However, for the RDP2FactorRequired property, the system returns false instead of throwing an exception, and no log entry is generated. |
| When you logout of the appliance, the URL behaves inconsistency. Sometimes it redirects to / home, and other times to /login. | When you logout, the redirect URL now works as expected. |
| On the Backup page, when you resize columns, several errors display in the console. | Resolved JavaScript console errors that occurred when resizing columns on the Backups page. |
| In an air-gapped environment, the Certificates page may not load. | Fixed certificate timeouts on air-gapped or firewalled appliances by probing CRL Distribution Point (CDP) endpoints in parallel with short timeouts. When endpoints are unreachable, cached revocation data is used with a warning banner; this applies to certificate view, export, and delete operations. |
📝Requirements
- .NET 8.0 or later (available through BT Updater via Supporting Software SUPI subscription)
- SUPI 3.3.2 (available through BT Updater)
🧩 Dependencies
- Security Management Appliance is dependent on BeyondInsight 24.1
