Release LoadGen Api, Appliance and MCP Server: 1.0.0.11962

LoadGen General

• No general changes in this release.

LoadGen Api

• [#8953] New appliance outbound proxy support, so an appliance on a restricted enterprise network that can only reach the internet through a corporate HTTP proxy can still activate its license, download the Studio, Core, Full, Insight and OBUX agent binaries, and pull container images — complementing the existing air-gapped path for environments with no internet access at all. License activation and agent-binary downloads pick up the proxy immediately with no restart required, and API Testing and uptime-check execution can each opt in per scope (both off by default, since internal targets bypass the proxy out of the box). Configuration is managed through GET /appliance/proxy, PUT /appliance/proxy and POST /appliance/proxy/test, which probes both api.loadgen.cloud and download.loadgen.cloud through the proxy and reports per-target reachability. A tiered exclusion list keeps internal traffic direct — locked entries protect the appliance's own plumbing, private RFC-1918 ranges are pre-seeded but editable, and custom entries accept exact hosts, *.suffix wildcards and CIDR ranges — and the proxy password is encrypted at rest and never returned by the API.
• [#8957] Fixed the per-card Disable check / Enable check toggle on the Uptime Monitoring Dashboard (/uptime) — and the same toggle in the Checks list Actions column — having no effect. The toggle had no backing per-check API operation; it now does, and a disabled check drops out of scheduling on the next pass, exactly as bulk disable does today.
• [#8962] Fixed SessionSight Heatmaps only ever listing the session-entry page / in the Pages panel on single-page applications (such as Blazor Server sites), so every click and session collapsed onto that one row and no other page could be selected. The tracker captured the page URL once at session start; every tracked event now carries the URL of the page it actually occurred on. Classic multi-page sites see no change, sessions still reporting through an older cached tracker keep working via the existing fallback, and historical data is not rewritten — the page list fills in naturally as new sessions arrive under the updated tracker.
• [#8958] Fixed appliances sending a steady stream of DNS lookups for host.docker.internal — a Docker-internal name that should never leave the appliance — to the operator's upstream DNS server. The appliance no longer leaks host.docker.internal lookups to the operator's DNS during normal operation, and setting LOADGENAPPLIANCEAGENTNODNS_PIN disables the DNS pinning if an environment ever needs it.
• [#8919] Improved diagnostics for Connect to Remote API saved connections reported as missing after a disconnect and reconnect. When a bearer token is rejected, the API log now names the exact reason — expired token, unknown signing key, issuer or audience mismatch — and also records when a request arrives with no token at all, so a 401 Unauthorized when fetching saved connections identifies its root cause on the next occurrence; the token value itself is never logged. The full connect, save, disconnect and reconnect round-trip was confirmed working.

LoadGen Appliance

• [#8953] The appliance side of the new outbound proxy support: the appliance agent applies the configured proxy to the host Docker daemon — and optionally to apt package installs — so container image pulls succeed behind a corporate proxy, restarting the daemon to pick up the change. The desired proxy state is persisted on the appliance and re-applied automatically at boot, so the Docker proxy configuration survives appliance upgrades.
• [#8950] Fixed the HTTPS Wizard's Let's Encrypt configuration (DNS-01 / Cloudflare) silently reverting to a previously uploaded custom certificate — after a reboot and even after re-running the wizard — with the Let's Encrypt client showing "Not running". Enabling Let's Encrypt now takes effect and stays active across reboots, the previously uploaded certificate no longer takes precedence, and re-running the wizard on a healthy appliance never drops the live certificate or triggers unnecessary re-issuance against Let's Encrypt rate limits. The previous certificate is backed up and restored if Let's Encrypt is later disabled, and already-deployed appliances self-heal on the next agent restart.
• [#8958] As the second half of the host.docker.internal DNS fix, the appliance agent no longer looks up host.docker.internal from the host — removing the remaining source of the upstream DNS query stream with no other behavior change.

LoadGen MCP Server

• No MCP Server changes in this release.