IGEL Universal Desktop LX ========================= Version 4.14.100 Release date 2015-02-23 Last update of this document 2015-02-23 Supported devices: UD2-x31 LX, UD2-x30 LX, UD2-x21 LX, UD2-x20 LX UD3-x40 LX, UD3-x31 LX, UD3-x30 LX, UD3-x21 LX, UD3-x20 LX UD5-x40 LX, UD5-x30 LX, UD5-x20 LX UD9-x31 LX, UD9-x30 LX The online Release Notes can be found at http://edocs.igel.com/index.htm#10202439.htm Registry Keys of parameters are listed there. ============================================================================= Versions: ============================================================================= Clients: - 2X Client 12.0.0-2270 - Cisco VPN Client 4.8.02.0030-k9 - Citrix Access Gateway Standard Plug-in 4.6.3.0800 - Citrix HDX Realtime Media Engine 1.6.0-6 - Citrix Receiver 12.1.8.250715 - Citrix Receiver 13.1.2.295815 - Client for RedHat Enterprise Virtualization Desktops 3 - Dell vWorkspace Connector for Linux 7.7.3 - Ericom PowerTerm 9.2.0.6.20091224.1-_rc_-25848 - Ericom Webconnect 5.6.0.4000-rel.20413 - FabulaTech USB for Remote Desktop 5.0.4 - Firefox 17.0.11 - IBM iSeriesAccess 7.1.0-1.0 - IGEL Legacy RDP Client 1.0 - IGEL RDP Client 2.1 - Imprivata OneSign ProveID Embedded - Leostream Java Connect 3.0.57.0 - NCP Secure Client (Enterprise) 3.25-rev15580-i686 - NX Client 4.2.27 - Oracle JRE 1.7.0_76 - SAP GUI java710rev6 - Thinlinc Client 4.3.0-4538 - ThinPrint Client 7.0.63 - Totem Media Player 2.30.2 - Virtual Bridges VERDE Client 7.1.1_rel.24005 - VMware Horizon client 3.2.0-2331566 - Voip Client Ekiga 3.2.7 Dictation: - Driver for Grundig Business Systems dictation devices - Driver for Olympus dictation devices - Legacy Philips Speech Driver 5.0.10 - Philips Speech Driver 12.2.7 Smartcard: - PKCS#11 Library A.E.T SafeSign 3.0.3665 - PKCS#11 Library Gemalto IDPrime 1.1.0 - PKCS#11 Library SecMaker NetID 6.1.1.21 - Reader Driver ACS CCID 1.0.5 - Reader Driver HID Global Omnikey CCID 4.0.5.5 - Reader Driver MUSCLE CCID 1.4.13 - Reader Driver Omnikey CCID legacy-3.6.0 - Reader Driver Omnikey RFID legacy-2.7.2 - Reader Driver REINER SCT cyberJack 3.99.5final.SP03 - Reader Driver Safenet / Aladdin eToken 8.1.0-4 - Reader Driver SCM Microsystems CCID 5.0.27 - Resource Manager PC/SC Lite 1.8.9 System Components: - Graphics Driver INTEL 2.17.0 - Graphics Driver VIA 5.75.32.87a-59172 - Graphics Driver VIA Legacy 4.1.83 - Xorg X11 Server 1.11.4 - Xorg Xephyr 1.7.6 ============================================================================= Information: ============================================================================= IMPORTANT: This release contains Citrix Receiver versions 12 and 13. The Citrix Receiver 12 is still available for compatibility reasons and activated by default. Version 13 of the Citrix Receiver can be activated at the local setup of the device or through a UMS profile configuration. Only one version can be used. ============================================================================= Known issues: ============================================================================= [Dell vWorkspace Connector] - Seamless applications exported from Win8/8.1 desktops show display errors when dragged to the screen edges. - At dual view configuration flash redirected windows can appear on wrong screen. - After the start of a seamless session the window is initially maximized before being resized to the correct size. - Windows XP sessions might not work properly anymore. - Only standard 105 keys PC keyboards are supported. Not supported anymore: Trimodal, Sun Type 6 or IBM 122 keys. - Mapping of drives to a dedicated drive letter is not possible anymore. - If Com-port redirection is enabled all linux serial ports (/dev/ttySx) will be mapped. - If printer mapping is enabled all printers configured in CUPS are mapped. - For Multimedia Redirection sound redirection with WMV/WMA streams is not working. - USB Redirection may not work reliable. - Session starts only if RDP Local Logon Window (IGEL Setup->Sessions->RDP->RDP Global->Local Logon) is active. [VMware Horizon] - Remote Applications are not seamless in the strict sense. These are rather displayed in an extra window decorated by the TC's window manager. - If more applications defined and started in the same session, all are displayed inside this window. The default size of this window can be defined in the Window section of the Horizon session. - PCoIP user input language synchronization is currently broken. [StepOver] - StepOver serversonet does not work with natureSign signature pad. [Genucard] - Genucard versions 4 or greater currently cannot retrieve an IP adress. [Smartcard] - In mode "IGEL Smart Card without Locking Desktop": when a Horizon session is running and the smart card is removed , the Horizon desktop and application chooser window stays open. - In mode "IGEL Smart Card without Locking Desktop": when a RDP session is running and the smart card is removed, a bogus warning window is shown. - Running 2X sessions from IGEL Smart Card fails with error "server name missing". ============================================================================= New features: ============================================================================= [Citrix Receiver 13] - Integrated Citrix Receiver 13.1.2 - Added support for StoreFront Hints (It is IMPORTANT to read this, if you plan to use Citrix Receiver 13 instead of 12 and/or want to connect to a Citrix StoreFront server): - This firmware contains two Citrix Receivers, but only one of them can be active at a time. Default is Citrix Receiver 12. The version can be switched by the new parameter "Use Citrix Receiver version 13" in the IGEL setup at "Sessions->Citrix->Citrix Receiver Selection" - The new parameter "Citrix server type" on IGEL setup page "Sessions->Citrix->Citrix StoreFront / Web Interface ->Server" defines the capabilities of the Receiver according to the used Citrix server versions (default is "Web Interface"). - For Citrix StoreFront only access via https is supported. If the SSL certificate of your Citrix server is not signed by a trusted certificate authority (like Verigsign, Thawte etc.), you have to install the root certificate of your own certificate authority on each Thin Client. Please use http://edocs.igel.com/index.htm#10200413.htm to access the document on how to install SSL certificate. - Legacy ICA sessions only work with Citrix XenApp servers up to version 6.5. - The parameter "Deferred update mode" has no effect anymore. - Added support for SHA-2 based certificates. - Kerberos is only supported with Legacy ICA Sessions and Web Interface, not with StoreFront. - To enable usage of Smartcard authentication it is necessary to choose Smartcard logon on the redesigned setup page Citrix > Citrix StoreFront / Web Interface > Logon and to choose the correct smart card on page Citrix > Citrix StoreFront / Web Interface > Logon > Smartcard. Passthrough authentication with smart card is only possible with StoreFront. - Added "CGP Address" parameter to support the session reliability feature on page: Citrix > HDX / ICA Global > Options (Please note that this parameter might be overwritten by the Citrix server.) - Added parameter "ica.wfclient.twiavoidfullscreenwhenmaximized" to enable a bug fix from Citrix regarding maximization of windows in a multi-monitor setup with different resolutions (default: Disabled). - Added parameter "ica.wfclient.twisetfocusbeforerestore" to enable a workaround from Citrix to set the focus on windows before restoring them to avoid issues with Java applications.(default: Disabled) - Added parameter "ica.wfclient.applysucconntimeouttodesktops" to let the session sharing timout option "SucConnTimeout" be applied to desktops as well (default: Disabled) - Added registry parameter "ica.pnlogin.use_ctx_auth_mgmt", that enforces usage of the built-in authentication management of the Citrix Receiver 13 instead of the IGEL mechanism. This disables credential related features like passthrough, auto-logon etc. - With Citrix Receiver 13 there is support for new graphics codec parameters: - H264 deep compression codec registry keys: * ica.wfclient.h264enabled (disabled by default) * ica.wfclient.texttrackingenabled * ica.wfclient.smallframesenabled The H264 codec is only usable if the multimedia codec pack is installed. Detailed description of the parameters are available at: http://support.citrix.com/proddocs/topic/receiver-linux-13-1/receiver-linux-13-1.html and http://www.citrix.com/content/dam/citrix/en_us/documents/downloads/citrix-receiver/linux-oem-guide-13-1.pdf - JPEG codec registry keys: * ica.wfclient.directdecode * ica.wfclient.batchdecode (enabled by default) Detailed description of the parameters are available at: http://support.citrix.com/proddocs/topic/receiver-linux-13-1/receiver-linux-13-1.html and http://www.citrix.com/content/dam/citrix/en_us/documents/downloads/citrix-receiver/linux-oem-guide-13-1.pdf [ICA] - Updated Philips Speech drivers to version 12.2.7 - New Grundig dictation driver: increased stability of audio channel. Grundig SoundBox 820, DigtaSonic Mic I and ProMic 840 are not supported any more - Updated driver for dictation with Olympus devices - Added Citrix HDX RTME 1.6.0-6 used for Lync optimization. - ICA sessions with Kerberos Passthrough: it is now possible to choose the Kerberos implementation(s) which are used with Citrix via parameter ica.module.virtualdriver.sspi.kerberosselection default: Heimdal,MIT - Added parameter windowmanager.wm0.variables.igelicaallowminimize in the registry to circumvent problems java-based windows over ICA with a popup window. If set to false, ICA windows with a popup can not be minimized anymore. - Added support to restrict Legacy ICA sessions with workarea window mode to a single monitor at "IGEL Setup->Sessions->Citrix-> Legacy ICA Sessions->[session name]-> Window->Start Monitor". The value "No Configuration" expands the windows over all monitors without hiding the taskbar. - Improved the synchronization of starting Citrix sessions to avoid opening multiple ICA channels, if possible. For fine-tuning, it is possible to configure the maximum waiting time till a session starts, regardless of the status of a previous started session. The parameter is available in the registry: "ica.pnlogin.app_start_max_delay" (default: 30) - Added a mechanism to autostart published applications, configurable on setup page Citrix > Citrix StoreFront / Web Interface > Logon. The new synchronization mechanism mentioned above is applied for autostarts as well. [RDP] - Integrated IGEL RDP Client 2: - New workarea window mode - New Audio-In support - Improved RemoteApp support - Fixes for drive mapping - Without Gateway Support - Without RDP 8 based RemoteFX support (EGFX) - Without Video Optimized Redirection (EVOR) - IGEL Legacy RDP Client 1.0 can be enabled at setup page: IGEL Setup -> Sessions -> RDP -> RDP Global -> Options - Updated Philips Speech drivers to version 12.2.7 - New Grundig dictation driver: increased stability of audio channel. Grundig SoundBox 820, DigtaSonic Mic I and ProMic 840 are not supported any more - Updated driver for dictation with Olympus devices [VMware Horizon] - Updated VMware Horizon Client to version 3.2.0-23315666 - Added support to start a specific application published by a Horizon 6 server. In the IGEL Setup go to Sessions->Horizon Client->Horizon Client Sessions choose a session or create one and specify under Connection Settings the application name to start and set the session type to "Application". (the checkbox "Autoconnect" should also be enabled). In the IGEL setup registry the new keys can be found in each view session: - sessions.vdm_client%.options.appname - sessions.vdm_client%.options.sessiontype (default: "Desktop") - RDP sessions are using the standard IGEL RDP Client 2 client now instead of the legacy rdesktop variant. - The Ctrl+Alt+Delete behavior (for PCoIP sessions) has three options now: * show Horizon Client's chooser dialog to either send the key combo to the host/VM or disconnect from the session * send Ctrl-Alt+Delete directly to the host/VM * do nothing The corrosponding key in the IGEL registry is found in: - vmware.view.handle-ctrl-alt-del (default is "Show chooser") For sessions connected via Microsoft RDP the chooser dialog is the only option. - Added switch for "Ctrl+Alt+Insert" redirection to VM. Depending on server configuration either "Ctrl+Alt+Insert", "Ctrl+Alt+Delete" or no action can be triggered. The registry key is located at "vmware.view.sendctrlaltinstovm" (default: Disabled) [Dell vWorkspace Connector] - Updated Dell vWorkspace Connector for Linux to version 7.7.3 - Added switch to enable bidirectional audio at "IGEL Setup->Sessions-> RDP->RDP Global->Sound->Audio capture" for global configuration, or session-specific at "IGEL Setup->Sessions-> vWorkspace Client Sessions->[session name]->Mapping->Enable Microphone mapping" - Added switch for font-smoothing at "IGEL Setup->Sessions-> RDP->RDP Global->Performance->Enable Font smoothing" for global configuration or session-specific at "IGEL Setup->Sessions-> vWorkspace Client Sessions->[session name]->Performance->Enable font smoothing". - Added switch for vWorkspace connection bar at "IGEL Setup->Sessions ->RDP->RDP Global->Enable Toolbar" for global configuration, or session-specific at "IGEL Setup->Sessions->vWorkspace Client Sessions-> [session name]->Window->Display the connection bar when in full screen mode". [NX-Client] - Updated NX Client to version 4.2.27: New parameters: - Connection service: sessions.nxclient.general.connection_service (Possible values: SSH, NX. Default: SSH) - Logon method: sessions.nxclient.login.login_method (Possible values: Password, Private key. Default: password) [2X Client] - Updated 2X Client to version 12.0.0-2270 New parameters: - TLS Authentication: sessions.twox.local_resources.windows_key_combinations Default: Disabled - Network Level Authentication: sessions.twox.advanced.network_level_authentication Default: Enabled - Pre-Windows 2000 Login Format: sessions.twox.advanced.oldwindows_login_format Default: Enabled - Windows key combinations: sessions.twox.local_resources.windows_key_combinations Default: Local [Shared Workplace] - Shared workplace (SWP) now supports user display configurations (including resolution, orientation, layout, refresh rates). [ThinLinc] - Updated ThinLinc client to version 4.3.0-4538. New parameters: - Multi monitor option: sessions.thinlinc.config.full_screen_all_monitors (default: Enabled) - Resize remote desktop session: sessions.thinlinc.config.remote_resize (default: Enabled) - Send system keys: sessions.thinlinc.config.send_syskeys (default: Enabled) - SmartCard redirection: sessions.thinlinc.config.smartcard_export_enabled (default: Disabled) - Lockdown Local device tab: sessions.thinlinc.options.locklocaldevices (default: Enabled) - Lockdown Security tab: sessions.thinlinc.options.locksecurity (default: Enabled) [Leostream Java Connect] - Updated Leostream Connect_Java Client to Version 3.0.57 [Shadowing/VNC] - Changed VNC version to 0.9.13 - Added VNC secure mode, based on a SSL-encrypted VNC connection. The SSL connection uses a special certificate located in the directory /wfs/ca-certs. This feature requires the Universal Management Suite (UMS) to be involved, to handle the shadowing permissions and double check whether the connection is allowed or not. In addition the UMS is used to assure a secure credential exchange between the TC and the UMS console. IMPORTANT: The UMS must have the version 4.07.100 or higher! The feature can be enabled in IGEL setup at "System->Shadow->Secure Mode" [Smartcard] - Upgraded HID Global Omnikey smart card reader driver to version 4.0.5.5. The following new readers are supported: OMNIKEY CardMan (076B:0596) 2020 OMNIKEY CardMan (076B:3020) 3020 OMNIKEY CardMan (076B:3022) 3021 OMNIKEY CardMan (076B:3620) 3620 OMNIKEY CardMan (076B:7021) 3121 OMNIKEY CardMan (076B:3623) 3621 OMNIKEY CardMan (076B:3822) 3821 OMNIKEY CardMan (076B:3823) 3821 OMNIKEY CardMan (076B:5820) 4121 CL OMNIKEY CardMan (076B:512D) 5025 PROX CL OMNIKEY CardMan (076B:502A) 5025 PROX CL OMNIKEY CardMan (076B:C001) 5121 OMNIKEY CardMan (076B:C100) 5121 OMNIKEY CardMan (076B:C101) 5121 OMNIKEY CardMan (076B:C104) 5125 CL OMNIKEY CardMan (076B:C105) 5125 OMNIKEY CardMan (076B:5127) 5127 CK OMNIKEY CardMan (076B:5220) 5220 Pay CL OMNIKEY CardMan (076B:5221) 5221 Pay OMNIKEY CardMan (076B:5311) 5321 OMNIKEY CardMan (076B:532B) 5321 Pay OMNIKEY CardMan (076B:5340) 5021 CL OMNIKEY CardMan (076B:A521) 5321 OMNIKEY CardMan (076B:5326) 5326 DFR OMNIKEY CardMan (076B:5421) 5421 OMNIKEY CardMan (076B:1784) 6020 OMNIKEY CardMan (076B:6623) 6121 OMNIKEY CardMan (076B:6310) 6311 CL OMNIKEY CardMan (076B:1BD0) 7120 OMNIKEY CardMan (076B:1BD1) 7121 OMNIKEY CardMan (076B:8630) 8630 OMNIKEY CardMan (076B:9621) 9621 CCID SC Reader (076B:A023) CCID SC Reader (076B:A024) CCID SC Reader (076B:A111) Keyboard CCID SC Reader (076B:A112) Keyboard CCID SC Reader (076B:A721) CCID SC Reader (076B:B000) HID identiCLASS CCID SC Reader (076B:B001) iCLASS Smart@Link CCID SC Reader (076B:C000) CCID SC Reader (076B:C200) CCID SC Reader (076B:C300) CCID SC Reader (0BF8:101B) Fujitsu D321 (0BF8:1021) Fujitsu G87 SC Contact Keyboard Cherry SmartTerminal XX44 (046A:007B) Cherry SC Reader (046A:0090) Cherry SC Reader (046A:0091) Cherry SC Reader (046A:0092) Cherry SC Reader (046A:00A3) [Driver] - Updated Softpro VirtualSerialSignpad driver to version 1.4.6.0 [USB Redirection] - Upgraded Fabulatech USB for Remote Desktop up to 5.0.4 [Java] - Updated JRE to version 1.7.0 update 76 [StepOver] - Updated StepOver serversonet to version 0.7.16 [Network] - Added parameter for DHCP user class option (see RFC 3004): * network.dhcp.user_class The default value is empty and means that the option is not used. Non-printable bytes can be specified as \ooo, where each o is an octal digit, or \xhh, where each h is a hexadecimal digit. '\' and '"' must be escaped by prepending '\'. - Added parameters for DHCP client identifier options (see RFC 2132): - network.interfaces.ethernet.device0.dhcp_client_id - network.interfaces.ethernet.device1.dhcp_client_id - network.interfaces.wirelesslan.device0.dhcp_client_id Example values: \x00host.example.org (a FQDN with type byte 0 prepended), \x01\x00\x11\x22\x33\x44\x55 (the MAC address 00:11:22:33:44:55 with type byte 1 prepended) [VPN] - Upgraded NCP Enterprise VPN client up to 3.25-rev15580 [base system] - Active Directory/Kerberos Logon: it is now possible to specify the default lifetime and renewal lifetime of Kerberos tickets with parameters auth.krb5.libdefaults.ticket_lifetime and auth.krb5.libdefaults.renew_lifetime in setup registry. The default values are 10 hours and 7 days respectively. - New TC Setup 4.8.18: Added a quick link bar on many setup pages to find and get to related configuration pages directly. Increased the default size of the setup window to retain the readability of the affected setup pages (only when the setup is started for the first time). - Updated Chinese, Dutch, French and German userinterface translations - Changed english label of start button on Application Launcher's Applications page from "Start" to "Execute". A custom label for the button can be defined with parameter: - userinterface.launcher.displaynames.startbuttonname. - Added possibility to add custom timezone files to /wfs/zoneinfo/ directory. - Increased the default taskbar height to 40. ============================================================================= Resolved issues: ============================================================================= [ICA] - Fixed missing desktop/menu icons with Citrix XenApp/Program Neighborhood - Fixed matching of application names in ICA autostart list - Fixed Citrix XenApp/Programm Neighborhood refresh command - Fixed problems with vanishing systray icons. - Fixed: ICA sessions are not closed anymore, when a USB headset is plugged in or out. - Fixed window focus after closing a dialog. The focus will be set correctly. - Added a workaround to deal with windows of a very low height, that show up. in the taskbar although they shouldn't (e.g. some tooltip windows in seamless Citrix sessions). To use this, adjust the parameter "windowmanager.wm0.variables.tooltipsize" in the registry. A useful value for single-lined tooltip windows would be 20. [XEN] - Fixed a minor bug in xen appliance mode with german keyboard layout and numblock DEL key. [RDP] - Fixed log on with Gemalto .net cards to Windows Server 2008 - Fixed execution problems of RemoteApps with short names. [VMware Horizon] - Added for passthrough authentication the possibility to use the shortened domain name instead of the fully qualified domain name, like "EXAMPLE" instead of "EXAMPLE.COM". To enable shortened domain name for a particular session, go in the IGEL Registry and set the key sessions.vdm_client%.options.passthrough_shortdomain to true. - Fixed bug regarding Horizon/RDP sessions, where session restart was not possible after closing via menu bar (Disconnect desktop and quit). [Dell vWorkspace Connector] - Fixed USB Redirection issues - Fixed hotkey handling [IBM_5250] - Fixed system language detection in IBM iSeriesAccess sessions. - fixed keyboard input of eastern european characters (czech, slovak, etc.) enable registry key "iseriesaccessglobal.iso8859_2_fix", default: Disabled [ThinPrint] - Handling of the "default" mark of a printer configured under Devices/Printer/Thinprint/Printer has been improved. [Shadowing/VNC] - Improved handling of Lock keys in VNC Server. All modifiers will be cleared by default when shadowing is started. Lock keys are handled on client side only by default. (registry: network.vncserver.clear_all (default: Enabled) and network.vncserver.skip_lockkeys (default: Enabled)) [XDMCP] - Fixed X server restart. [Universal MultiDisplay] - Fixed UMD screen arrangement [Smartcard] - Implemented SCARD_ATTR_CURRENT_PROTOCOL_TYPE in pcsc-lite; this helps smart card log on with SafeSign minidriver - Fixed log off with IGEL Smartcard: when additional smart card readers were added or removed during a session, removing the smart card did not trigger log off any more. [base system] - Updated ca-certificates to ubuntus utopic version The list of integrated certificates is available at: http://myigel.biz/index.php?dir=IGEL_UNIVERSAL_DESKTOP_FIRMWARE/LX/V4/ - Fixed CVE-2014-6271 (ShellShock Bug) - Applied bash security patches for CVE-2014-6277, CVE-2014-6278 - Fixed OpenSSL 1.0.1 security issues: CVE-2014-0160 (heartbleed bug), CVE-2014-0076, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470, CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-5139, CVE-2014-3512, CVE-2014-3511, CVE-2014-3510, CVE-2014-3509, CVE-2014-3508, CVE-2014-3507, CVE-2014-3506, CVE-2014-3505, CVE-2014-3568, CVE-2014-3567, CVE-2014-3513, CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205 and CVE-2015-0206 fixed. - Improved OpenSSL 1.0.1 security: Added support to mitigate a protocol downgrade attack to SSLv3 that exposes the POODLE attack. - Fixed OpenSSL 0.9.8 security issues: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2013-0169, CVE-2013-0166, CVE-2012-2333 and CVE-2012-0884 fixed. - Fixed gnuTLS security issues: CVE-2014-0092, CVE-2011-4128, CVE-2012-1573, CVE-2013-1619, CVE-2013-2116, CVE-2014-1959, CVE-2014-0092 and CVE-2014-3466 fixed. - Fixed libtasn1-3 security issues: CVE-2012-1569, CVE-2014-3469, CVE-2014-3468 and CVE-2014-3467 fixed. - Fixed libgcrypt11 security issues: CVE-2013-4242 and CVE-2014-5270 fixed. - Fixed libkrb5 security issues: CVE-2010-1321, CVE-2010-1322, CVE-2010-4020, CVE-2010-1323, CVE-2010-1324, CVE-2010-4022, CVE-2011-0281, CVE-2011-0282, CVE-2011-0284, CVE-2011-1530, CVE-2012-1012, CVE-2012-1013, CVE-2012-1015, CVE-2012-1014, CVE-2014-4345, CVE-2014-4344, CVE-2014-4343, CVE-2014-4342, CVE-2014-4341, CVE-2013-6800, CVE-2013-1418, CVE-2013-1416, CVE-2013-1415 and CVE-2012-1016 fixed. - Fixed: With Kerberos authentication, when typing a wrong password at log on or screen saver unlock, badPwdCount in Active Directory was incremented by 2 instead of 1 and thus the account was locked too soon. - Added security patch to fix CVE-2014-0196 - Fix for identical custom CAs. - Fixed CVE-2014-6271 (ShellShock Bug) - Fixed Active Directory domain logon with user principal names (UPN): Before logon was only working if the first part of the UPN was the same as the sAMAccountName of the user. - Improved FAT USB Stick write performance with using flush,dirsync mount option instead of sync. The corresponding switch is in the IGEL Registry: - devices.autofs.automount%.sync_option, default: Disabled (default was changed) - devices.autofs.automount%.flush_option, default: Enabled (new registry entry) To get back old behaviour switch devices.autofs.automount%.sync_option to enabled. - Fixed glibc 2.15 security issues: CVE-2015-0235 (GHOST), CVE-2012-6656, CVE-2014-6040, CVE-2014-7817, CVE-2014-5119, CVE-2014-0475, CVE-2013-4458, CVE-2014-0475, CVE-2014-4043, CVE-2013-4332, CVE-2012-4412, CVE-2012-4424, CVE-2013-0242, CVE-2013-1914, CVE-2013-4237 and CVE-2013-4332 - Fixed english label in application launcher: renamed "Start ..." in context menu of applications to "Execute ..." - On resume caps-lock/scroll-lock modifiers are reset - Updated timezone information [TC Setup (Java)] - Added hint in setup tooltips that suspend option isn't available with Universal MultiDisplay. - Fixed alphabetical sorting of keyboard layout list on IGEL Setup page User Interface->Language. Previously the sorting was not correct in some languages like German. [Desktop] - Fixed the "Hide Cursor" feature - Added support for DisplayPort Resolution 2560x1080 - Fixed display gamma correction setting on UD2 and UD3 - Fixed wrong background of taskbar separators after screen lock - The System set the focus correctly on desktop after system start. Registryparameter: userinterface.desktop.focusable must be activate. [VPN] - Fixed Genucard DHCP IP retrieval