Horizon-cli 1.16.0 release notes

[HOR-923] - All enrollment commands now support a --dn flag to specify the full Subject DN, enabling use of additional DN attributes such as DC.

[HOR-939] - Ensured Windows Server 2025 support.

[HOR-970] - Panorama discovery is now supported in the netimport section.

[HOR-972] - Tenable.sc is now supported as a scan import source in the importscan section.

[HOR-996] - A new --update flag is now available for protocol enrollment commands, allowing JKS and KDB keystores to be updated in place rather than overridden.

[HOR-1019] - A new HRZ_LOCALDB environment variable is now supported to configure an alternative configuration directory.

[HOR-1021] - A new horizon-cli automate edit command is now available to modify certificate options in the client internal state.

[HOR-809] - A new --generic-windows-archival flag is now available on horizon-cli install to control whether outdated certificates are removed from the Windows store after renewal. This is to ensure compatibility with pre 1.11 versions.

[HOR-1024] - horizon-cli automate list now displays certificates deleted outside the CLI as "Could not retrieve" instead of failing, and horizon-cli automate remove now supports removing such entries from state.

[HOR-1140] - TLS ciphers reported by the NMAP ssl-enum-ciphers script are now parsed and displayed in Horizon scan results.

[HOR-754] - IP SANs are now displayed alongside DNS SANs in horizon-cli automate list output.

[HOR-78] - The --scan-tls flag is now available in netscan to test all TLS versions supported by an endpoint.

[HOR-882] - Fixed an issue where EC certificates were not retrieved during an F5 netimport.

[HOR-1017] - Fixed an issue where horizon-cli webra enroll returned unclear error messages when using a non-existent profile or a profile with a manual password policy.