Skip to content
← Back to release notes
v0.65.9 stable

Release v0.65.9

May 10, 2026

Restores agent auto-update for self-hosted deployments, plus a partner multi-org access fix.

Added

  • Self-hosted deployments now sign their own agent release manifests with a per-deployment key generated on first boot. Agents pin that key on enrollment and verify every future update against it, restoring auto-update for self-hosted operators while keeping the strict signature-verification protection that landed in v0.65.6.

Improved

  • Added a recovery hatch for self-hosted fleets stuck on v0.65.7 or v0.65.8. Operators can now run a single command from the API container to dispatch a one-time update to every affected agent, which bypasses the broken manifest path via a checksum-verified server-relative download.
  • Added a continuous-integration smoke test that boots the API in self-hosted binary mode and verifies the manifest signing round-trip end-to-end, so this class of regression can't slip through again.

Fixed

  • Fixed partner-scope users with access to more than one organization getting 400 errors on Software Library, Software Inventory, Discovery Scan, and Huntress save actions when the org switcher in the top bar was set. The selected organization is now correctly forwarded on those requests; tenant isolation is preserved (foreign organizations still return 403).
  • Corrected the README to remove premature claims about a shipped mobile app and validated SSO. Both have been moved to the upcoming roadmap with honest scoping until they're field-validated.

The headline fix in this release is for self-hosted operators: agent auto-update works again. The strict signing requirement introduced two releases ago was rejecting locally-synced manifests because they weren’t signed; the self-hosted API now generates its own signing key on first boot, signs every manifest it serves, and delivers the public key to agents at enrollment time. That preserves the security upgrade while restoring the auto-update behavior self-hosters depend on.

A recovery command is included for anyone whose fleet got stuck mid-upgrade in the last few releases — one command from the API container queues a one-time update for every affected agent.

On the dashboard side, partner-scope users with access to multiple organizations can again use Software Library, Software Inventory, Discovery, and Huntress without hitting 400 errors when the organization switcher is set.