Skip to content
← Back to release notes
v0.65.16 stable major release

Release v0.65.16

May 18, 2026

Major release: pluggable remote-desktop launcher, Wake-on-LAN, third-party patching, Pushover alerts, a mobile approval app, and dozens of fixes.

Remote Management

  • Pluggable remote-desktop launcher. Configure your own remote tool — RustDesk, ScreenConnect, TeamViewer, or anything with a launch URL — per partner, and the "Connect Desktop" button hands off to it directly. Launch URLs support placeholders for the device id, password, and custom fields, and the built-in WebRTC viewer remains the fallback when no provider is configured.
  • Wake-on-LAN. Wake an offline device straight from the dashboard. The wake request is routed through an online device on the same network, with a full audit trail and a clear result for each of the reasons a wake can't be delivered.
  • Switching organizations while viewing a specific device now takes you to the destination organization's device list instead of reloading into a blank or 404 page.

Patch Management

  • Third-party application patching. A curated catalog of common applications, with vulnerability (CVE) data pulled in automatically from OSV.dev, CVE chips on affected patches, and per-source filter chips so you can separate OS updates from third-party app updates.
  • The patch list now includes version information for each patch, and patch rollback now behaves consistently even when the target device is offline (the rollback runs when the device reconnects).

Alerts & Notifications

  • Pushover is now a supported notification channel, alongside email, Slack, Teams, webhooks, PagerDuty, and SMS. Partner-level Pushover defaults inherit down to organizations that leave the fields blank, and the credentials are encrypted at rest.
  • Notification channels now show readable, specific errors when a test or save fails, instead of a generic failure. Channel handling was consolidated so every channel type behaves consistently.

Mobile App

  • New Breeze mobile companion app (first phase). It acts as a trusted-device surface for approving sensitive AI and automation actions out of band, confirmed with biometrics on your phone.
  • Biometric approval is bound to the exact request you were shown. If a new notification or list refresh arrives while the fingerprint/Face ID prompt is open, your approval still applies only to the request you actually reviewed.

Platform & Productivity

  • Per-link enrollment expiry. Choose how long an enrollment link stays valid right from the Add Device dialog, instead of relying on a single global setting.
  • Devices list page-size selector. Pick 10, 25, 50, 100, or 200 rows per page; your choice is remembered per browser. The device list also loads faster, and the cap was raised to 500 devices for small-MSP fleets.
  • Drag-to-reorder organizations on the Settings page so your most-used customers sit where you want them.
  • The Site form now only requires a site name. The previous version demanded ten fields (address, city, state, postal code, contact details, and more) that the system never actually needed.
  • New remote command to re-enable agent auto-update. Agents that ended up with auto-update turned off can be switched back on from the dashboard instead of editing config on each machine by hand.

Fixes & Reliability

  • User role changes in Settings → Users now save. The role field was being silently dropped from the update, so the dialog appeared to succeed while the role never changed.
  • System-library scripts are now visible to partner-scope and organization-scope users, not just hidden behind the system account.
  • Pending partners — accounts that verified their email but haven't completed payment — can sign in again and reach the billing page. This was a regression from the v0.65.0 security release that returned a generic login error instead.
  • Action buttons such as Wake now reliably show a success or error message, and error messages are correctly announced to screen readers.
  • The Linux agent's network-connection inventory no longer fails to upload when a collected value is unusually long.
  • Agent configuration and secrets files are now written atomically, preventing a zero-length or partially-written config after a power loss or hard reboot.
  • Restored two background jobs that had stopped running after a database-scoping regression: expired approvals now expire on time, and the account-deletion admin queue processes again.
  • On Windows, suppressed a brief black console window that flashed when the agent spawned its user helper, including at logon.
  • Custom field creation now accepts an empty option list and device-type targeting without erroring.
  • Organization and site lookups now honor the organization you explicitly selected rather than an ambient default.
  • Moving a device between organizations now correctly updates every related record attached to that device.

The biggest feature release since the v0.65.0 security push. Three headline capabilities land here. Wake-on-LAN finally connects end to end — you can wake a sleeping or powered-off machine from the dashboard, with the magic packet relayed through another device on its network and every attempt recorded in the audit log. The pluggable remote-desktop launcher lets MSPs that already standardize on RustDesk, ScreenConnect, or TeamViewer wire that tool directly into the “Connect Desktop” button, while keeping the built-in WebRTC viewer as a no-config fallback. And third-party patching extends patch management beyond the operating system to a curated catalog of common applications, automatically enriched with CVE data.

Alongside those, this release introduces the Breeze mobile companion app in its first phase — a trusted-device approval surface, in the lineage of Duo Mobile or 1Password, whose job is out-of-band biometric approval of sensitive AI and automation actions. There’s also a new Pushover notification channel with partner-level inheritance, and a long list of quality-of-life improvements: per-link enrollment expiry, a devices-list page-size selector with a higher device cap, drag-to-reorder organizations, and a much shorter Site form.

The fixes are worth scanning. Two stand out for hosted customers: pending partners (verified email, payment not yet completed) can sign in again to finish billing — a regression from the v0.65.0 hardening — and the approval-expiry and account-deletion background jobs are running again after a database-scoping regression. Self-hosters on Linux should note the agent connection-inventory upload fix, and everyone benefits from agent config files now being written atomically so a power loss can’t corrupt them.