============================ ThinLinc 4.8.0 Release Notes ============================ Introduction ============ Cendio are proud to present ThinLinc 4.8.0, with more than 70 enhancements and fixes! The most prominent changes are: * The platform requirements for Windows has been raised for both ThinLinc Clients and Windows Remote Desktop Services. The minimum requirement is now Windows 7 for the ThinLinc Client and Windows 2008 for Windows Remote Desktop Services. * The ThinLinc Master and Agent services has been optimized for better performance in clusters with a high number of concurrent users. * Many improvements and bug fixes has been made to the ThinLinc Web Access client. ThinLinc works on most modern Linux distributions. We recommend that you deploy ThinLinc on one of these tested platforms: * Red Hat Enterprise Linux Server 7 (x86_64) * SUSE Linux Enterprise Server 12 (x86_64) * Ubuntu Desktop 16.04 LTS (x86_64) Please note that ThinLinc is supported on any platform that fulfills our documented requirements. This includes Oracle Linux, Linux Mint, and Debian. Changes in This Release ======================= In the list below, the bug number is given in parentheses. For more information, visit https://www.cendio.com/bugzilla/. General ------- * The number of free licenses has been changed from 10 to 5 concurrent users per organization. As before, the full product functionality is provided even with the free licenses. (6194) * A minor graphics performance boost for both ThinLinc Server and ThinLinc Native Clients has been achieved by ways of an updated libjpeg-turbo library. (5812) * X.509 certificates that include a BIT STRING type field in their distinguished name are now usable in ThinLinc. (5805) * GnuTLS has been upgraded to version 3.5.6. (6038) * Nettle has been upgraded to version 3.3. (6039) * libtasn1 has been upgraded to version 4.9. (6040) * OpenSSH has been upgraded to version 7.3p1. (6041) * OpenSSL has been upgraded to version 1.0.2j. (6042) * Code signatures for Windows programs are now using SHA-2 file digests. (5879) Server ------ * ThinLinc sessions are no longer discarded if the ThinLinc Agent server hosting them is unavailable for an extended period of time. These sessions will now be marked as unreachable. When a user attempts to reconnect to an unreachable session, they are offered a choice between waiting for the Agent server to become available again, or to abandon the unreachable session, allowing a new user session to be created. (5476) * The ThinLinc Master now verifies all sessions on a ThinLinc Agent at once, instead of verifying each session individually. This reduces resource usage on ThinLinc Master and Agent servers with many concurrent users. (5489, 6142) * A problem logging in on systems with a high number of active network connections has been solved. Because of this, the ThinLinc server now requires the "ss" utility program. (6125) * The ThinLinc server no longer relies on the deprecated "netstat" utility program. (5982) * Multiple issues with shadowing has been identified and addressed. (2809, 5173, 5174, 5722) * A ThinLinc profile for the LXDE desktop environment has been added. (4968) Native Client ------------- * A malicious VNC server could initiate two different buffer overflows in the vncviewer component of the ThinLinc Client. These have been fixed. [CVE-2017-5581] (6141, 6165) * The platform requirements for the ThinLinc Client on Windows has been raised. The minimum requirement is now Windows 7. (5360) * Support for the "armel" processor architecture has been dropped. This includes clients for eLux RT, IGEL IZ1 and Dell Wyse-Enhanced Ubuntu Linux. Note that "armhf" is still supported. (6183) * The ThinLinc Client on macOS did not respond to attempts to close the session window if it was handling frequent graphics updates at the same time. This has been fixed. (5495) * The ThinLinc Client on macOS will now have it's user interface presented in high resolution on high DPI/Retina screens. (6079) ThinLinc Web Access ------------------- * A security issue was fixed where a malicious page could connect to the ThinLinc server if ThinLinc Web Access was used in the same web browser. Access to the session was however still protected. (6157) * A vulnerability in ThinLinc Web Access where a malicious ThinLinc server could inject arbitrary HTML into ThinLinc Web Access by setting the desktop title has been fixed. (6135) * ThinLinc Web Access now uses double buffering to reduce graphical artifacts, often called "tearing", on screen updates. (5611, 6138) * The control bar of ThinLinc Web Access can now be moved between the right and left side of the screen. (6126) * ThinLinc Web Access can now use a touch screen and a regular mouse/touch pad at the same time. (5983) * Horizontal scroll events are now sent properly. In earlier releases, they were translated to vertical scroll events. (5480) * ThinLinc sessions that are larger than the browser window in Safari on macOS 10.10 or later and in Internet Explorer will now have scrollbars. Earlier releases lacked scrollbars in these cases. This made it impossible to use the entire session in Safari and forced users to use panning mode in IE. (5858, 6053) * The server certificate recommendations and instructions in our documentation have been changed for iOS users. (6232, 6233) Administration -------------- * The "Number of users" field for Agent servers, presented in the System load table in ThinLinc Web Administration, was off by two. This has been fixed. (6167) Windows Integration ------------------- * The platform requirements for Windows has been raised for Windows Remote Desktop Services. The minimum requirement is now Windows 2008. (5597) * Support for font smoothing (ClearType) has been added to the Windows Integration components of ThinLinc. (3331) Configuration Changes ===================== New --- * The parameter `/vsmagent/listen_port` has been added to the `/opt/thinlinc/etc/conf.d/vsmagent.hconf` configuration file. In earlier releases, this parameter was documented in the ThinLinc Administrators Guide but not present in the file. (5907) * The folder `/profiles/lxde` has been added to `/opt/thinlinc/etc/conf.d/profiles.hconf` as part of the new LXDE profile. (4968) Modified -------- * The default value of `/profiles/order` parameter in the `/opt/thinlinc/etc/conf.d/profiles.hconf` configuration file now includes `lxde`. (4968) A complete configuration reference can be found in the ThinLinc Administrators Guide. Corrected Issues ================ ThinLinc has also been enhanced in many other ways. The complete list of corrected issues is:: 1131, 2679, 2680, 2700, 2755, 2809, 2853, 3331, 4590, 4968, 5173, 5174, 5297, 5309, 5360, 5476, 5480, 5489, 5495, 5573, 5597, 5605, 5610, 5611, 5708, 5722, 5794, 5805, 5812, 5817, 5857, 5858, 5879, 5907, 5949, 5952, 5965, 5982, 5983, 5989, 6007, 6038, 6039, 6040, 6041, 6042, 6053, 6079, 6084, 6085, 6094, 6106, 6125, 6126, 6132, 6135, 6136, 6137, 6138, 6139, 6141, 6142, 6153, 6157, 6160, 6164, 6165, 6167, 6168, 6169, 6175, 6183, 6194, 6219, 6232, 6233 | ThinLinc is a registered trademark of Cendio AB. | Debian is a registered trademark of Software in the Public Interest, Inc. | Dell and Wyse are registered trademarks of Dell Inc. | eLux is a registered trademark of UniCon Software GmbH. | IGEL is a registered trademark of IGEL Technology GmbH | Linux is a registered trademark of Linus Torvalds. | Oracle is a registered trademark of Oracle Corporation. | macOS is a registered trademark of Apple Computer, Inc. | Red Hat is a registered trademark of Red Hat, Inc. | SUSE is a registered trademark of SUSE LLC. | Ubuntu is a registered trademark of Canonical Ltd. | Windows is a registered trademark of Microsoft, Inc.