The VSA 9.5.16 Feature Release (build 9.5.16.5485) includes enhancements and fixes described in the topics below. For minimum system and agent requirements, see these topics in the Kaseya R95 System Requirements Guide: Kaseya Server Minimum Requirements & Configuration and Agent Minimum Requirements.

Release Schedule

SaaS Deployment starts - Wednesday, March 22nd, 2023
SaaS Deployment completed - Saturday, May 13th, 2023
General Availability (On-Prem customers) - Thursday, May 18th, 2023 - available now

(last updated May 18th, 2023)

Note: SaaS customers will be informed of their maintenance window via https://status.kaseya.net.

Dates are subject to change at short notice. On-prem customers are advised to check this page again prior to attempting an upgrade.

Important Security Updates

This release contains important security updates. We recommend that on-premises customers upgrade as soon as possible (No action is required for SaaS customers as updates are automatically applied).

Updated OpenSSL library used by Edge service to v1.0.2zg to remediate multiple vulnerabilities disclosed in this advisory.
Updated .NET SQL client to remediate a Microsoft information disclosure vulnerability (CVE-2022-41064)
Fixed a SQL injection vulnerability.

Dependencies

Agent

This release requires agent version 9.5.0.38. After upgrading from an earlier VSA version, you must update your Windows, macOS, and Linux agents using the Automatic or Manual update process from the Agent module. Agents updated to this version cannot be used to communicate with servers running VSA versions prior to 9.5.8.

Live Connect Application

When starting a Live Connect or Remote-Control session for the first time after installing this release, you will be prompted with a link to download the latest Live Connect build. You must complete the installation before proceeding with the session.

Software Management

This release includes updates to the Software Management client code. Each managed machine will download 120 MB of file updates during the first patch scan or deployment cycle after installing the VSA update. The files will be sourced from a Kaseya download server (SaaS only), the VSA server, or a peer endpoint machine on the local network which already has the files. Recommendations to mitigate the impact on network bandwidth:

(SaaS only) allow outbound internet access from managed machines to download.kaseya.com to optimize file download performance.
Use distribution windows in Scan and Deployment profiles to avoid excessive concurrent downloads.
On larger networks, schedule a patch scan on a small selection of endpoints in advance of the main scan and deployment windows, to leverage peer-to-peer file transfer and reduce the impact on internet bandwidth

Enhancements

BMS Integration

Improved reliability of BMS integration by adding retry logic for situations where the BMS server is temporarily offline, or communication is lost.

Live Connect

Improved performance of file transfers between admin and endpoint machines using Live Connect.

Live View

Added Enable Live View checkbox to System > User Settings > Preferences.
- If checked, LiveView will be displayed instead of Quick View when hovering over the status icon for Windows agents. Quick View can be accessed using ALT + hover.
- If unchecked, Quick View will be displayed when hovering over the status icon for all agents. Live View can be accessed for Windows agents using ALT + hover.
- For macOS or Linux agents, Quick View will be displayed with either configuration.

Ransomware Detection

Updated Ransomware detection engine to v1.1.4.

Software Management

Added an upgrade wizard to guide you through the upgrade process to Software Management 2.0.
Added functionality to patch Windows machines with restricted internet access. Both OS patching and 3rd-Party Software patching are supported.
The Scan and Analysis profile now includes a File Source configuration. There are three options:
- Internet (default) - each Windows-managed machine downloads patches from the internet or WSUS server.
- VSA Server (on-premises only) - the VSA server downloads patch installers from the internet and pushes them to the machine being patched.
- LAN Cache - if the machine being patched is assigned to a LAN Cache, the LAN Cache machine downloads patch installers from the internet and pushes them to the machine being patched.
The Software Management > Management > Machines page is no longer auto-refreshed.
For all new VSA tenants, Kaseya 1.0 Scan profile is disabled.
Split the Software Management > Management > Vulnerabilities page into two tabs:
- Missing: displays all Unapplied Patches. Grid is filterable by the Machines/View filters which already exist on the page.
- Installed: provides the full list of all discovered patches within a given tenant. Grid is filterable by the Machines/Views filters, which already exist on the page.

VSA 10 Content Migration

Created new API routes to enable content migration to VSA 10 :
- GET /automation/agentprocs/proclist - returns a list of user-created Agent Procedures.
- GET /automation/agentprocs/proclist/history - returns execution results of user-created Agent Procedures.
- GET /monitorset/getAll - returns a list of Monitor Sets.
- GET /monitoring/monitorset/getmonset/{MSId} - returns a Monitor Set definition.
- GET /monitoring/monitorset/getmonsetxml/{MSId} - returns a Monitor Set definition in XML format.
- GET /policy - returns a list of Policies.
- GET /policy/{policyId} - returns a Policy definition

VSA 10 Upgrade Messaging

Customers who are eligible for upgrade to VSA 10 will have Product Information messages displayed on login to their VSA 9 instance with important information to guide them through the on-boarding and transition process, including:
- links to demos and training materials.
- a target date for when the next milestone should be completed.
Messages will be targeted to Master and System role users, for eligible customers only.
Click OK or Snooze message for x days to close the message.
This messaging feature is not linked to the "Enable Product Notifications" setting in System > Server Management > Default Settings. It is mandatory for eligible customers.

Bug Fixes

Agent

Removed an unused openSSL library from the agent installation directory.
Fixed an issue where /v switch in an agent install package was not respected when deploying to a VDI environment.

Datto BCDR

Fixed an issue where the Datto BCDR VSA module showed hidden appliances.
Fixed an issue where the Datto BCDR module would fail to load on some On-Prem installations, and the user would be redirected to the Agent tab.

Discovery

Improved error messaging in Audit Log if Domain Watch fails to create a VSA user due to role user limit exceeded.
Fixed an issue where a merged device would be assigned the wrong IP address.
Fixed an issue where the Discovery > Domains > Computers page did not accurately reflect the computers that are included in Domain Watch Container or Computer policies.
Fixed an issue where Network Scan events were duplicated in Discovery > Administration > Audit Log.
Fixed an issue where VSA users could not be created from harvested Azure user accounts if with a space in the display name.

IT Complete

The login page will no longer automatically re-direct to KaseyaOne after an error occurs during IT Complete login so that a user can still log in using their native VSA credentials. Clicking the "Log in with IT Complete" button will re-initiate the re-direction.