IGEL Universal Desktop LX / IGEL Zero ===================================== Version 10.03.570 Release date 2018-02-01 Last update of this document 2018-01-30 [> IGEL eDOCS Release Notes](http://edocs.igel.com/releasenotes) Supported Devices ------------------------------------------------------------------------------- * IZ2-RFX, IZ2-HDX, IZ2-HORIZON * IZ3-RFX, IZ3-HDX, IZ3-HORIZON * UD2-LX 40 * UD3-LX 50, UD3-LX 42, UD3-LX 41, UD3-LX 40 * UD5-LX 50, UD5-LX 40 * UD6-LX 51 * UD9-LX Touch 41, UD9-LX 40 * UD10-LX Touch 10, UD10-LX 10 Component Versions ------------------------------------------------------------------------------- | Clients | | | ----------------------------------------- | -------------------------------- | | Citrix HDX Realtime Media Engine | 2.3.0-1075 | | Citrix Receiver | 13.3.2.366713 | | Citrix Receiver | 13.5.0.10185126 | | Citrix Receiver | 13.7.0.10276927 | | deviceTRUST Citrix Channel | 17.2.100.0 | | Ericom PowerTerm | 12.0.1.0.20170219.2-_dev_-34574 | | Evidian AuthMgr | 1.5.6362 | | Evince PDF Viewer | 3.18.2-1ubuntu4.2 | | FabulaTech USB for Remote Desktop | 5.2.23 | | Firefox | 52.6.0 | | IBM iAccess Client Solutions | 1.1.5.0 | | IGEL RDP Client | 2.2 | | Imprivata OneSign ProveID Embedded | | | deviceTRUST RDP Channel | 17.2.100.0 | | Leostream Java Connect | 3.3.7.0 | | NX Client | 5.3.12 | | Open VPN | 2.3.10-1ubuntu2.1 | | Oracle JRE | 1.8.0_152 | | Parallels Client (64 bit) | 16.2.0.19039 | | Remote Viewer 7.0 for RedHat Enterprise Virtualization Desktops | | | Systancia AppliDis | 4.0.0.17 | | Thinlinc Client | 4.8.0-5456 | | ThinPrint Client | 7.5.83 | | Totem Media Player | 2.30.2 | | VMware Horizon client | 4.6.0-6617224 | | Dictation | | | ----------------------------------------- | -------------------------------- | | Diktamen driver for dictation | | | Driver for Grundig Business Systems dictation devices | | | Nuance Audio Extensions for dictation | B048 | | Olympus driver for dictation | 20161103 | | Philips Speech driver | 12.5.4 | | Signature | | | ----------------------------------------- | -------------------------------- | | signotec Citrix Channel | 8.0.6 | | signotec VCOM Daemon | 2.0.0 | | StepOver TCP Client | 2.1.0 | | Smartcard | | | ----------------------------------------- | -------------------------------- | | PKCS#11 Library A.E.T. SafeSign | 3.0.101 | | PKCS#11 Library Athena IDProtect | 623.07 | | PKCS#11 Library cryptovision sc/interface | 6.6.3.502 | | PKCS#11 Library Gemalto IDPrime | 1.2.3 | | PKCS#11 Library SecMaker NetID | 6.6.0.30 | | Reader Driver ACS CCID | 1.1.3 | | Reader Driver Gemalto eToken | 9.0.43 | | Reader Driver HID Global Omnikey | 4.2.4 | | Reader Driver Identive CCID | 5.0.35 | | Reader Driver Identive eHealth200 | 1.0.5 | | Reader Driver MUSCLE CCID | 1.4.27 | | Reader Driver REINER SCT cyberJack | 3.99.5final.sp09 | | Resource Manager PC/SC Lite | 1.8.22 | | Cherry USB2LAN Proxy | 3.0.0.4 | | System Components | | | ----------------------------------------- | -------------------------------- | | Bluetooth stack (bluez) | 5.46-0ubuntu3 | | MESA OpenGL stack | 17.2.2-0ubuntu1 | | VAAPI ABI Version | 0.40 | | VDPAU Library version | 1.1.1-3ubuntu1 | | Graphics Driver INTEL | 2.99.917+git20171109-igel | | Graphics Driver ATI/RADEON | 7.10.0-1 | | Graphics Driver ATI/AMDGPU | 1.4.0-1 | | Graphics Driver VIA | 5.76.52.92-009-005f78-20150730 | | Graphics Driver FBDEV | 0.4.4-1build5 | | Graphics Driver VESA | 2.3.4-1build2 | | Input Driver Evdev | 2.10.5-1ubuntu1 | | Input Driver Elographics | 1.4.1-1build5 | | Input Driver eGalax | 2.5.5814 | | Input Driver Synaptics | 1.9.0-1ubuntu1 | | Input Driver Vmmouse | 13.1.0-1ubuntu2 | | Input Driver Wacom | 0.34.0-0ubuntu2 | | Kernel | 4.10.17 #43.47-ud-r1961 | | Xorg X11 Server | 1.19.5-0ubuntu2 | | CUPS printing daemon | 2.1.3-4ubuntu0.3 | | Lightdm graphical login manager | 1.18.3-0ubuntu1.1 | | XFCE4 Windowmanager | 4.12.3-1ubuntu2 | | ISC DHCP Client | 4.3.3-5ubuntu12.7 | | NetworkManager | 1.2.0-0ubuntu0.16.04.3 | | ModemManager | 1.4.12-1ubuntu1 | | GStreamer 0.10 | 0.10.36-2ubuntu0.1 | | Features with Limited IGEL Support | | | ----------------------------------------- | -------------------------------- | | Mobile Device Access USB | | Security Fixes ------------------------------------------------------------------------------- * Fixed kernel security issues CVE-2017-16939, CVE-2017-12192, CVE-2017-1000370, CVE-2017-1000371, CVE-2017-12190, CVE-2017-15274, CVE-2017-14156, CVE-2017-14140, CVE-2017-15115, CVE-2017-14489, CVE-2017-12153, CVE-2017-16525, CVE-2017-7542 and CVE-2017-8824. * Fixed kernel security issues CVE-2017-1000405 (aka Huge Dirty Cow). * Fixed Intel meltdown problem CVE-2017-5754 with Kernel Page Table Isolation (KPTI) Patch. General Information ------------------------------------------------------------------------------- ### The following clients and features are not supported anymore * Citrix Receiver 12.1 and 13.1 * Citrix Access Gateway Standard Plug-in * Dell vWorkspace Connector for Linux * Ericom PowerTerm Emulation 9 and 11 * Ericom Webconnect * IGEL Legacy RDP Client (rdesktop) * Virtual Bridges VERDE Client * PPTP VPN Support * IGEL Upgrade License Tool with IGEL Smartcard Token * Remote Management by setup.ini file transfer (TFTP) * XC Font Service * Remote Access via RSH * Legacy Philips Speech Driver * Digital Persona Support * Sane Scanner Support * Softpro/Kofax Citrix Virtual Channel * t-Systems TCOS Smartcard Support * DUS Series touch screens * Elo serial touch screens * IGEL Smartcard without locking desktop * Video Hardware Acceleration Support is discontinued on UD3-LX 42, UD3-LX 41, UD3-LX 40 (M320C/M330C) and UD10-LX Touch 10, UD10-LX 10 * H.264 Hardware Acceleration Support is discontinued on UD3-LX 42, UD3-LX 41, UD3-LX 40 (M320C/M330C) and UD10-LX Touch 10, UD10-LX 10 * Storage Hotplug devices are not automatically removed anymore, instead they must be always ejected manually: - by panel tray icon - by an icon in the 'In-Session Control Bar' (configurable at `IGEL Setup > User Interface > Desktop`) - by a 'Safely Remove Hardware' session (configurable at `IGEL Setup > Accessories`) ### The following clients and features are not available in this release * Voip Client Ekiga * X session (Xorg Xephyr) * XDMCP * Cherry eGK Channel * Open VPN Smartcard Support * NCP Secure Client * Asian Input Methods * Composite Manager Known Issues ------------------------------------------------------------------------------- ### Citrix Receiver 13 * With Citrix Receiver 13.5 print problems in legacy sessions can occur. ### VMware Horizon * External drives mounted already before connection, do not appear in the remote desktop. Workaround: map the directory /media as a drive in your desktop. Then the external devices will show up inside the media drive. * Client drive mapping and USB redirection for storage devices should not be enabled both at the same time. - On the one hand, if you want to use USB redirection for your storage devices: Note that the USB on-insertion feature is only working if the client drive mapping is switched off. In the IGEL Setup client drive mapping can be found in: `Sessions > Horizon Client > Horizon Client Global > Drive Mapping > Enable Drive Mapping`. It is also recommended to disable local Storage Hotplug: On page `Devices > Storage Devices > Storage Hotplug`, put number of storage hotplug devices to 0. - On the other hand, if you use drive mapping instead, it is recommended that you should either switch off USB redirection entirely or at least deny storage devices by adding a filter to the USB class rules. And because Horizon Client relies on the OS to mount the storage devices itself, please go to setup page: `Devices > Storage Devices > Storage Hotplug` and switch on 'Enable dynamic drive mapping' and put 'Number of storage hotplug devices' to at least 1. ### Firefox * Support for the gstreamer framework was dropped by recent Firefox versions. Therefore support for H264 decoding in the browser is not possible anymore, due to licensing restrictions. * After firmware update, a fullscreen browser session starts onetime in window mode. Afterwards the fullscreen mode is functional again. ### Audio * Headphone jack detection doesn't properly work on IGEL UD3 (M330C and M340C). The audio controlling system is unable to notice status change of the audio jack. Release Notes 10.03.570 (Based On 10.03.550) ------------------------------------------------------------------------------- Security Fixes ------------------------------------------------------------------------------- * Fixed Firefox security issues: CVE-2018-5091, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117, CVE-2018-5089. New Features ------------------------------------------------------------------------------- ### Firefox * Updated Adobe Flash Player download URL to version 28.0.0.137 * Updated Mozilla Firefox to version 52.6.0 ESR Resolved Issues ------------------------------------------------------------------------------- ### Firefox * Added possibility to permit downloads Path in setup: Browser Session > Window -> Hide local filesystem When set, user is not allowed to download or use any save-as functionality from menu, context or keyboard shortcut. ### Network * Changed SMB protocol version default v1.0 to v2.0 for mounting windows shares to improve security. Added the possibility to change the SMB protocol version for smbmounts. | | | | ----------| ---------------------------------------------------------------- | | Parameter | `SMB protocol version` | | Registry | `network.smbmount.smb_version` | | Range | [1.0][2.0][2.1][3.0] | | Value | **2.0** (default) | > When using a very old Windows file server, change of > version back to 1.0 could be necessary. ### Base system * Removed Intel Spectre Microcode Updates due to various issues with them (Intel officially withdrawn them). * Fixed nvidia-graphics-drivers-384 security issue CVE-2017-5753. ### X11 system * Fixed bug Elo-USB Touchscreen isn't working after reboot. ### Audio * Fixed automatic switch to output over analog headphones. --- Release Notes 10.03.550 (Based On 10.03.510) ------------------------------------------------------------------------------- Resolved Issues ------------------------------------------------------------------------------- ### RDP/IGEL RDP Client 2 * Fixed the RDPdebugger to work again (was broken in previous release). ### Base system * Updated kernel to Ubuntu-hwe-4.10.0-43.47_16.04.1. * Fixed kernel security issues CVE-2017-16939, CVE-2017-12192, CVE-2017-1000370, CVE-2017-1000371, CVE-2017-12190, CVE-2017-15274, CVE-2017-14156, CVE-2017-14140, CVE-2017-15115, CVE-2017-14489, CVE-2017-12153, CVE-2017-16525, CVE-2017-7542 and CVE-2017-8824. * Fixed kernel security issues CVE-2017-1000405 (aka Huge Dirty Cow). * Fixed Intel meltdown problem CVE-2017-5754 with Kernel Page Table Isolation (KPTI) Patch. --- Release Notes 10.03.510 (Based On 10.03.500) ------------------------------------------------------------------------------- New Features ------------------------------------------------------------------------------- ### Parallels Client * Integrated Parallels Client version 16.2.0 (19039) 64 bit. Resolved Issues ------------------------------------------------------------------------------- ### RDP/IGEL RDP Client 2 * Fixed smartcard redirection: after session reconnection readers and cards were not connected anymore in some cases. ### Parallels Client * Fixed crash after closing one session if started 2 same sessions before ### Smartcard * Fixed driver for Elatec RFID readers. Before this fix the readers sometimes were not available after boot. --- Release Notes 10.03.500 ------------------------------------------------------------------------------- Security Fixes ------------------------------------------------------------------------------- * Fixed wpa security issues (KRACK vulnerability) CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088, CVE-2016-4476 and CVE-2016-4477. * Fixed libgd2 security issues CVE-2017-7890 and CVE-2017-6362. Fixed graphite2 security issues CVE-2017-7778, CVE-2017-7777, CVE-2017-7776, CVE-2017-7775, CVE-2017-7774, CVE-2017-7773, CVE-2017-7772 and CVE-2017-7771. * Fixed ghostscript security issues CVE-2017-9835, CVE-2017-9739, CVE-2017-9727, CVE-2017-9726, CVE-2017-9612, CVE-2017-9611 and CVE-2017-11714. * Fixed libmspack security issues CVE-2017-6419 and CVE-2017-11423. * Fixed libsoup2.4 security issue CVE-2017-2885. * Fixed xorg-server security issues CVE-2017-10971, CVE-2017-10972, CVE-2017-13721, CVE-2017-13723, CVE-2017-12176, CVE-2017-12177, CVE-2017-12178, CVE-2017-12179, CVE-2017-12180, CVE-2017-12181, CVE-2017-12182, CVE-2017-12183, CVE-2017-12184, CVE-2017-12185, CVE-2017-12186 and CVE-2017-12187. * Fixed bluez security issue CVE-2017-1000250. * Fixed kernel security issues CVE-2017-7541, CVE-2017-1000112, CVE-2017-1000111, CVE-2017-7487, CVE-2017-7533, CVE-2017-1000251, CVE-2017-14106, CVE-2017-11176, CVE-2017-10911, CVE-2017-14340, CVE-2017-10663, CVE-2017-1000252, CVE-2017-12188, CVE-2017-12146, CVE-2017-1000405, CVE-2017-16939, CVE-2017-12192, CVE-2017-1000370, CVE-2017-1000371, CVE-2017-12190, CVE-2017-15274, CVE-2017-14156, CVE-2017-14140, CVE-2017-15115, CVE-2017-14489, CVE-2017-12153, CVE-2017-16525, CVE-2017-7542, CVE-2017-8824 and CVE-2017-5754. * Partially addressed CVE-2017-5715 (Spectre Branch Target Injection) with intel microcode updates version 20180108. * Fixed gdk-pixbuf security issues CVE-2017-6311, CVE-2017-2870 and CVE-2017-2862. * Fixed tcpdump security issues CVE-2017-13725, CVE-2017-13690, CVE-2017-13689, CVE-2017-13688, CVE-2017-13687, CVE-2017-13055, CVE-2017-13054, CVE-2017-13053, CVE-2017-13052, CVE-2017-13051, CVE-2017-13050, CVE-2017-13049, CVE-2017-13048, CVE-2017-13047, CVE-2017-13046, CVE-2017-13045, CVE-2017-13044, CVE-2017-13043, CVE-2017-13042, CVE-2017-13041, CVE-2017-13040, CVE-2017-13039, CVE-2017-13038, CVE-2017-13037, CVE-2017-13036, CVE-2017-13035, CVE-2017-13034, CVE-2017-13033, CVE-2017-13032, CVE-2017-13031, CVE-2017-13030, CVE-2017-13029, CVE-2017-13028, CVE-2017-13027, CVE-2017-13026, CVE-2017-13025, CVE-2017-13024, CVE-2017-13023, CVE-2017-13022, CVE-2017-13021, CVE-2017-13020, CVE-2017-13019, CVE-2017-13018, CVE-2017-13017, CVE-2017-13016, CVE-2017-13015, CVE-2017-13014, CVE-2017-13013, CVE-2017-13012, CVE-2017-13011, CVE-2017-13010, CVE-2017-13009, CVE-2017-13008, CVE-2017-13007, CVE-2017-13006, CVE-2017-13005, CVE-2017-13004, CVE-2017-13003, CVE-2017-13002, CVE-2017-13001, CVE-2017-13000, CVE-2017-12999, CVE-2017-12998, CVE-2017-12997, CVE-2017-12996, CVE-2017-12995, CVE-2017-12994, CVE-2017-12993, CVE-2017-12992, CVE-2017-12991, CVE-2017-12990, CVE-2017-12989, CVE-2017-12988, CVE-2017-12987, CVE-2017-12986, CVE-2017-12985, CVE-2017-12902, CVE-2017-12901, CVE-2017-12900, CVE-2017-12899, CVE-2017-12898, CVE-2017-12897, CVE-2017-12896, CVE-2017-12895, CVE-2017-12894, CVE-2017-12893, CVE-2017-11543, CVE-2017-11542, CVE-2017-11541 and CVE-2017-11108. * Fixed libxml2 security issues CVE-2017-9050, CVE-2017-9049, CVE-2017-9048, CVE-2017-9047, CVE-2017-7376, CVE-2017-7375 and CVE-2017-0663. * Fixed samba security issues CVE-2017-12163, CVE-2017-12151, CVE-2017-12150, CVE-2017-15275 and CVE-2017-14746. * Fixed libplist security issue CVE-2017-7982. * Fixed nss security issue CVE-2017-7805. * Fixed libidn security issue CVE-2017-14062. * Fixed poppler security issues CVE-2017-9776, CVE-2017-14977, CVE-2017-14975, CVE-2017-14929, CVE-2017-14928, CVE-2017-14926, CVE-2017-14617, CVE-2017-14520, CVE-2017-14519, CVE-2017-14518 and CVE-2017-15565. * Fixed dnsmasq security issues CVE-2017-14496, CVE-2017-14495, CVE-2017-14494, CVE-2017-14493, CVE-2017-14492 and CVE-2017-14491. * Fixed libxfont security issues CVE-2017-13722, CVE-2017-13720 and CVE-2017-16611. * Fixed curl security issues CVE-2016-9586, CVE-2017-2629, CVE-2017-7407, CVE-2017-7468, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000254, CVE-2017-1000257, CVE-2017-8816 and CVE-2017-8817. * Fixed libxfont2 security issues CVE-2017-13722, CVE-2017-13720 and CVE-2017-16611. * Fixed nvidia security issues CVE-2017-6266, CVE-2017-6267 and CVE-2017-6272. * Fixed icu security issue CVE-2017-14952. * Fixed wget security issues CVE-2017-6508, CVE-2017-13090, CVE-2017-13089 and CVE-2016-7098. * Fixed systemd security issue CVE-2017-15908. * Fixed openssl security issues CVE-2017-3736 and CVE-2017-3735. * Fixed perl security issues CVE-2017-12883 and CVE-2017-12837. * Fixed webkit2gtk security issues CVE-2017-13803, CVE-2017-13802, CVE-2017-13798, CVE-2017-13796, CVE-2017-13795, CVE-2017-13794, CVE-2017-13793, CVE-2017-13792, CVE-2017-13791, CVE-2017-13788, CVE-2017-13785, CVE-2017-13784 and CVE-2017-13783. * Fixed db5.3 security issue CVE-2017-10140. * Fixed ldns security issues CVE-2017-1000232 and CVE-2017-1000231. * Fixed python2.7 security issue CVE-2017-1000158. * Fixed python3.5 security issue CVE-2017-1000158. * Fixed libxcursor security issue CVE-2017-16612. * Fixed a security issue in the base system with not resetting certain environment variables. * Updated Firefox to version 52.5 ESR: Fixes for mfsa2017-25, also known as: CVE-2017-7828, CVE-2017-7830, CVE-2017-7826. Fixes for mfsa2017-22, also known as: CVE-2017-7793, CVE-2017-7818, CVE-2017-7819, CVE-2017-7824, CVE-2017-7805, CVE-2017-7814, CVE-2017-7823, CVE-2017-7810. New Features ------------------------------------------------------------------------------- ### Citrix Receiver 13 * Integrated **Citrix Receiver 13.7.0**. Citrix Receiver version 13.4.2 was removed. Available Citrix Receiver versions: 13.3.2, 13.5.0, 13.7.0 (default) * With Receiver version 13.7.0 the **HDX Adaptive Transport over EDT** feature is supported. Details about HDX Adaptive Transport can be found here: [> Citrix Product Documentation](https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/hdx/adaptive-transport.html) | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Sessions > Citrix XenDesktop/XenApp > HDX/ICA Global > Options | | Parameter | `HDX Adaptive Transport over EDT` | | Registry | `ica.wfclient.hdxoverudp` | | Range | [UDP without fallback to TCP] [TCP Only - UDP disabled] [**UDP with fallback to TCP** (default)] | * Added **CEIP configuration** for Citrix Receiver 13.7.0. (Citrix Customer Experience Improvement Program). Details about CEIP can be found here: [> About CEIP](https://www.citrix.com/community/cx/ceip.html) | | | | ---------- | --------------------------------------------------------------- | | Parameter | `Participate in CEIP` | | Registry | `ica.module.enableceip` | | Range | [**Disable** (default)] [Enable] | * Citrix Receiver 13.7.0 introduces a new, stricter, validation policy for server certificates to ensure a continuous improvement of client security. * Added Citrix HDX RTME 2.3.0. This is used for Skype for Business optimization in ICA sessions. * Added new parameter for mouse button remapping: | | | | ---------- | --------------------------------------------------------------- | | Parameter | `Mousebutton remapping` | | Registry | `ica.wfclient.mousemap` | > Mouse button remapping: a string of up to ten of the letters X, B, W, C. M, with an optional unsigned integer parameter, each specifying an action for a mouse button: > X - ignore; B - send a (possibly different) button to the server > W - send a vertical scroll wheel up/down event > H - send a horizontal scroll wheel left/right event > C - send an ASCII character with left- control down > M - like C, but only to Windows servers, otherwise send the button > Buttons have the 'natural" numbering, so the middle of three main buttons is 2, not 3 as in MS Windows. The default, "BBBW1WH1HB4B5", is good for Linux/Unix clients with X11, where wheels are presented as buttons 4-7. An alternative string for cut and paste: "BM118BW1WH1HM99M120". For Windows servers, Ctrl-V, C and X are available on buttons 2, 8 and 9. (Button 2 is normally "Paste PRIMARY" in X11. ### RDP/IGEL RDP Client 2 * Added option to **expand RDP fullscreen sessions** across all monitors: | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Sessions > RDP > RDP Global > Window | | Parameter | `Multi-monitor fullscreen mode` | | Registry | `rdp.winconnect.usemonitorfullscreen` | | New option | Expand fullscreen session across all monitors | | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Sessions > RDP > RDP Sessions ... > Window | | Parameter | `Multi-monitor fullscreen mode` | | Registry | `sessions.winconnect%.option.usemonitorfullscreen` | | New option | Expand fullscreen session across all monitors | * Added option to execute the **post session command** only for a RDP session logoff and not for a RDP session disconnect: | | | | ---------- | --------------------------------------------------------------- | | Parameter | `Perform post session command only on RDP logoff` | | Registry | `auth.login.autologoff_only_on_session_logoff` | | Value | enabled / **disabled**(default) | > The post session command configuration is available at setup page > `System > Firmware Customization > Custom Commands > Post Session` * Added option to configure the RDP sessions **log verbosity**: | | | | ---------- | --------------------------------------------------------------- | | Parameter | `Debug Log Level` | | Registry | `rdp.winconnect.loglevel` | | Range | [TRACE] [DEBUG] [INFO] [WARN] [**ERROR**(default)] [FATAL] [OFF] | * Added parameters to select the TLS ciphers. Choice of the SSL library, which should be used for a connection. I.e. this is needed to connect to Windows 2003r2 Servers with KB2345886 hotfix installed (see "TLSv1.0 ciphers"). | | | | ---------- | --------------------------------------------------------------- | | Parameter | `TLS Encryption Ciphers` | | Registry | `rdp.winconnect.tls-ciphers` | | Range | [**Default ciphers** (default)] [TLSv1.0 ciphers] [TLSv1.2 ciphers] [High strength ciphers only] [Medium strength ciphers only] [All ciphers] | | | | | ---------- | --------------------------------------------------------------- | | Parameter | `TLS Encryption Ciphers` | | Registry | `sessions.winconnect%.option.tls-ciphers` | | Range | [**Global setting** (default)] [Default ciphers] [TLSv1.0 ciphers] [TLSv1.2 ciphers] [High strength ciphers only] [Medium strength ciphers only] [All ciphers] | ### VMware Horizon * Integrated **VMware Horizon Client 4.6.0-6617224** * Added **media provider optimization for Skype for Business**: | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Sessions > Horizon Client > Horizon Client Global > Unified Communications > Skype for Business | | Parameter | `Virtualization Pack Skype for Business` | | Registry | `vmware.view.mediaprovider_skype` | | Value | **enabled**(default) / disabled | * Added new parameter to modify the **USB redirection behavior**: | | | | ---------- | --------------------------------------------------------------- | | Parameter | `Redirect HID functionality of some headsets or headphones` | | Registry | `vmware.view.redirect_headset_hid` | | Value | **enabled**(default) / disabled | > If enabled, Jabra, Plantronics and Sennheiser headsets/headphones > will be ignored as HID devices by the X-server. * Added possibility regarding USB redirection to **split up composite USB devices** and redirect only a subset of their interfaces. This can be done automatically according to their class type or explicitly by naming the interfaces' number to exclude. Enable this parameter for automatic device splitting: | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Sessions > Horizon Client > Horizon Client Global > USB Redirection | | Parameter | `Automatic splitting of composite USB devices` | | Registry | `vmware.view.usb.allowautodevicesplitting` | | Value | enabled / **disabled**(default) | | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Sessions > Horizon Client > Horizon Client Global > USB Redirection | | Parameter | `Device Rules > Rule` | | Registry | `vmware.view.usb.devicepolicy.product_rule.rule` | | Range | [**Deny** (default)] [Allow] [Split] [No auto-split] | > In addition: Possibilty to 'Deny' and 'Allow' for every usb device, there are > two new rules: 'Split' and 'No auto-split'. > Default is "Deny". | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Sessions > Horizon Client > Horizon Client Global > USB Redirection | | Parameter | `Device Rules > Interface Exclude List` | | Registry | `vmware.view.usb.devicepolicy.product_rule.excludeif` | > If the rule is set to 'Split', specification of the interfaces to > exclude is possible. Default is empty. Interface numbers can be > separated by commas. > If the rule is set to 'No auto-split', restraint of the specific > USB device from being split. (This is only effective if > `Automatic splitting of composite USB devices` is enabled.) ### Parallels Client * Updated Parallels 2X Client to version 16.0.1-18456. ### NX client * Updated NoMachine NX Client to version 5.3.12 ### Firefox * Added the possibility to restrict download and direct filesystem access. | | | | -----------| --------------------------------------------------------------- | | Parameter | `Deactivate Hotkeys` | | Registry | `browserglobal.app.deactivate_hotkeys` | | Range | [**None** (default)][All][Related to File Access] | > In addition, choice to deactivate selected hotkeys. > Possible settings here are: > 'None' (default), 'All' or the ones 'Related to File Access'. * The internal pdf viewer of Firefox could be used instead of the external (which needs a proper download of the pdf file). | | | | ---------- | --------------------------------------------------------------- | | Parameter | `Use internal pdf viewer` | | Registry | `browserglobal.app.use_pdfjs` | | Value | enabled / **disabled** (default) | * In addition, IGEL Registry key must be set browserglobal.app.mimetypes_template to "Minimal" (default is "Standard"). | | | | ---------- | --------------------------------------------------------------- | | Parameter | `Mimetype template to use` | | Registry | `browserglobal.app.mimetypes_template` | | Range | [**Standard** (default)][Minimal] | * Added a whitelist of subdirectories to restrict the file access in the browser. In IGEL registry the subdirectories of the TC file system can be specified and accessed by the browser: | | | | ---------- | --------------------------------------------------------------- | | Parameter | `Local Subdirectories Whitelist` | | Registry | `browserglobal.app.local_subdirs_whitelist` | > There one or more directories can be added and separated by semicolons, e.g.: > /.ffpro/www; /www > For persistency writeable filesystems should be used > like /wfs or /.ffpro (the latter is the Browser's profile dir). > /.ffpro is recommended because it could contain more than /wfs. > Usage of a dedicated subdirectory like /wfs/www or /.ffpro/www, > is recommended for prevention. Otherwise the whole file system would be accessible. > > The web content can be deployed; e.g. by UMS filetransfer. > > Note: To enable the whitelist and hide the local file system, > following parameter has to be set: | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Sessions > Browser > Browser > Browser Sessions > Window | | Parameter | `Hide local filesystem` | | Registry | `sessions.browser.app.filepicker_dialog_hidden` | | Value | enabled / **disabled** (default) | * Updated Adobe Flash Player to version 27.0.0.187 * Updated Firefox to version 52.5 ESR. Fixes for mfsa2017-25, also known as: CVE-2017-7828, CVE-2017-7830, CVE-2017-7826. * Fixes for mfsa2017-22, also known as: CVE-2017-7793, CVE-2017-7818, CVE-2017-7819, CVE-2017-7824, CVE-2017-7805, CVE-2017-7814, CVE-2017-7823, CVE-2017-7810. ### Evidian * Integrated **Evidian AuthMgr** version 1.5.6362. Evidian AuthMgr sessions can be configured at `IGEL Setup > Evidian`, registry keys: `sessions.rsuserauth%`. ### WiFi * Added feature to prevent permanent storage of credentials via **Wireless Manager (Cafe wireless)**: | | | | ---------- | --------------------------------------------------------------- | | Parameter | `Allow storage of credentials` | | Registry | `network.applet.wireless.allow_storing_credentials` | | Value | **enabled**(default) / disabled | > If disabled, the Wireless Manager doesn't allow to permanently store: > 1. The passphrase in the case of WPA(2) Personal (by skipping the > connection configuration dialog). > 2. The credentials in the case of EAP/PEAP methods that require username > and password. ### Smartcard * Updated **PC/SC Lite** smartcard resource manager to version 1.8.22. ### Base system * Added a feature to **display a countdown** before either the screen gets locked or an arbitrary shell command gets executed. The purpose is to give the user a chance to avoid the screen lock or the command respectively: | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | User Interface > Screen Lock/Saver > Options | | Parameter | `Countdown duration in seconds` | | Registry | `sessions.xlock0.options.countdown_seconds` | | Default | 0 (means disabled) | > If the value is greater than 0, the actions mentioned above will be > delayed by this amount of seconds. Size, position and appearance > of the counter is determined by the **clock settings** at IGEL Setup > `User Interface > Screen Lock/Saver > Screensaver`. The counter is > only visibile, if the parameter `Clock display monitor` is set to > `All` or to a display number. > The time when the counter appears is specified by the > same setting as for the ordinary screensaver. | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | User Interface > Screen Lock/Saver > Options | | Parameter | `Countdown visual effect` | | Registry | `sessions.xlock0.options.countdown_visual_effect` | | Range | [**Dark screenshot** (default)] [Gray screenshot] | > A range of visual effects of which one is applied when the > countdown starts. | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | User Interface > Screen Lock/Saver > Options | | Parameter | `Countdown background image` | | Registry | `sessions.xlock0.options.countdown_background_image` | > A background image to be shown with the counter. The display > mode is fullscreen letterbox. | | | | ---------- | --------------------------------------------------------------- | | Parameter | `Countdown done command` | | Registry | `sessions.xlock0.options.countdown_done_cmd` | > This should be left empty, when a local screen lock is configured that is > supposed to start after the countdown has reached 0. Alternatively an > arbitrary command can be specified that is supposed to have a similar > effect, e.g. log off from an appliance mode session. > The command is executed synchronously before the countdown goes away. > If the command doesn't terminate quickly it must be sent to the > background by appending "&". | | | | ---------- | --------------------------------------------------------------- | | Parameter | `Countdown condition command` | | Registry | `sessions.xlock0.options.countdown_condition_cmd` | > This is only relevant if the `countdown_done_cmd` value is not empty. > A command can be specified, which is executed before the countdown is > started. A non-zero exit code means that the countdown shall not be > started. E.g. it might not be desirable to try to terminate a > user session when there is currently none. | | | | ---------- | --------------------------------------------------------------- | | Parameter | `Continue screensaver after countdown done command` | | Registry | `sessions.xlock0.options.countdown_done_cmd_continue` | > If enabled the ordinary screensaver is shown after the command has > been executed. (Some applications stop the screensaver, when they get > restarted. So this doesn't always have the desired effect.) * Added possibility to customize mouse buttons. Create a new instance for a new mouse button action. The following registry keys have been added: | | | | ---------- | --------------------------------------------------------------- | | Parameter | `Mouse button` | | Registry | `userinterface.mouse.mousemapping.button` | | | | | ---------- | --------------------------------------------------------------- | | Parameter | `Command` | | Registry | `userinterface.mouse.mousemapping.cmdline` | For further information refer the official pages of xbindkeys, xautomation and xdotool. * Added SSO by 802.1X authentication. The following registry key decides on enabling the feature as a whole | | | | ---------- | --------------------------------------------------------------- | | Parameter | `Login with 802.1x Authentication` | | Registry | `auth.login.igel8021x` | | Value | enabled / **disabled** (default) | > At least one of the following keys must be set to true, depending on > which network interface shall be used for login by 802.1X authentication: | | | | ---------- | --------------------------------------------------------------- | | Parameter | `Used for login with 802.1x Authentication` | | Registry | `network.interfaces.ethernet.device0.ieee8021x.igellogin8021x` | | Value | enabled / **disabled** (default) | | | | | ---------- | --------------------------------------------------------------- | | Parameter | `Used for login with 802.1x Authentication` | | Registry | `network.interfaces.ethernet.device1.ieee8021x.igellogin8021x` | | Value | enabled / **disabled** (default) | | | | | ---------- | --------------------------------------------------------------- | | Parameter | `Used for login with 802.1x Authentication` | | Registry | `network.interfaces.wirelesslan.device0.wpa.igellogin8021x` | | Value | enabled / **disabled** (default) | > The keys refer to eth0, eth1, and wlan0 respectively. > It is supposed that those network interfaces are basically configured for > 802.1X authentication (referred to as WPA2 Enterprise in the case of wlan0) > with one of the methods that require username and password. > Handling of credentials entered on the login screen, two cases: > 1. Username with domain appended (\@\) > \@\ with domain changed to all-uppercase is used for > 802.1X > authentication. All the information is used in RDP, Citrix, VMware sessions > that are configured for passthrough authentication. > 2. Bare username > Bare username is used for 802.1X authentication. Passthrough authentication > will use the domain configured in the setup, if the value is non-empty. * Added warning when CapsLock is active in password field of login window or screen lock window. * Added an overlay button to open and close the on-screen keyboard for touch screen operation. With touch and hold, the button can be moved around. | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Accessories > On-Screen Keyboard | | Parameter | `Show button` | | Registry | `userinterface.touchscreen.keyboard_touchkey` | | Value | enabled / **disabled**(default) | | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Accessories > On-Screen Keyboard | | Parameter | `Button size` | | Registry | `userinterface.touchscreen.window_size` | | Value | [40px] [50px] [60px (default)] [70px] [80px] | | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Accessories > On-Screen Keyboard | | Parameter | `Touch and hold delay in ms` | | Registry | `userinterface.touchscreen.time_to_hold` | | Value | 1000 | * Added support for automatic license deployment via UMS. Requires UMS Version 5.08.100 or higher. HowTo: [> Automatic License Deployment](http://edocs.igel.com/index.htm#15274.htm) * It is now possible to configure custom wallpapers by Shared Workplace User profiles with the following parameters: | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | User Interface > Desktop > Background (1st Monitor) | | | System > Firmware Customization > Corporate Design > Background (1st Monitor) | | Parameter | `Custom wallpaper download (1st monitor)` | | Registry | `windowmanager.customization.custom_wallpaper.wallpaper.enabled` | | Value | enabled / **disabled** (default) | | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | User Interface > Desktop > Background (1st Monitor) | | | System > Firmware Customization > Corporate Design > Background (1st Monitor) | | Parameter | `Custom Wallpaper file (1st Monitor)` | | Registry | `windowmanager.customization.custom_wallpaper.wallpaper.filename` | > * The wallpaper for the 2nd - 8th monitor is also configurable by Shared > Workplace User profiles. > * The wallpaper download server is also configurable by Shared Workplace > User profiles. > > Caution: The download area for the custom wallpapers is limited to ~ 25 MB. ### Driver * Updated Philips Speech Driver to version 12.5.4. New supported device SpeechMike Premium Air. * Added support for Fibocom L831-EAU WWAN module. ### Storage Devices * Added support for SATA drives in DriveLock. ### X11 system * Updated Mesa to version 17.2.6. * Updated Xorg X11 Server to version 1.19.5-0ubuntu2. * Updated graphic drivers to current versions: - Intel graphic driver to version 2.99.917+git20171109-igel - ATI/Radeon driver to version 7.10.0-1 - AMDGPU driver to version 1.4.0-1 * Touchscreen will also work on unlicensed thin clients from now on. ### Window manager * Added the thin client desktop to the window manager window cycle. Switching to the desktop is possible with these default hotkeys: Ctrl+Alt+Tab Ctrl+Alt+Shift+Tab Ctrl+Alt+CursorUp Ctrl+Alt+CursorDown Ctrl+Esc The hotkeys are configurable here: | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | User Interface > Hotkeys > Commands | | Parameter | `Switch between active windows using Task Switcher` | | Parameter | `Switch between active windows using Task Switcher (backwards)` | | Parameter | `Switch focus to next window` | | Parameter | `Switch focus to next window (2)` | | Parameter | `Switch focus to next window (reverse order)` | > Switching to the desktop causes all windows to be minimized. Switching > back to a window right after that, will effect that all minimized windows > are restored again. ### Audio * Added option to configure **default sound output and input**: | | Default sound output | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Accessories > Sound Preferences > Options | | Parameter | `Port Name` | | Registry | `userinterface.sound.default_sink.port_name` | | Range | [**Automatic** (default)] [HDMI / DisplayPort] [Speakers] [Headphones] | | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Accessories > Sound Preferences > Options | | Parameter | `Device Name` | | Registry | `userinterface.sound.default_sink.device_name` | | | Default sound input | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Accessories > Sound Preferences > Options | | Parameter | `Port Name` | | Registry | `userinterface.sound.default_source.port_name` | | Range | [**Automatic** (default)] [Microphone] [Headset Microphone] | | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Accessories > Sound Preferences > Options | | Parameter | `Device Name` | | Registry | `userinterface.sound.default_source.device_name` | > The port and device names must be the same as the corresponding names > in the "Sound Preferences" dialog. Automatic method works as follows: > 1. USB devices before PCI devices > 2. HDMI before internal speaker > 3. Unplugged ports are ignored ### Misc * Added support for deviceTRUST in Citrix and RDP sessions. Enable for Citrix in setup on page | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Sessions->Citrix XenDesktop/XenApp->HDX/ICA Global->Mapping->Device Support | | Parameter | `deviceTRUST channel` | | Registry | `ica.module.virtualdriver.devicetrust.enable` | | Value | enabled / **disabled** (default) | | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Sessions->RDP->RDP Global->Mapping->Device Support | | Parameter | `deviceTRUST channel` | | Registry | `rdp.winconnect.plugins.devicetrust.use` | | Value | enabled / **disabled** (default) | ### Hardware * Updated AMDGPU kernel driver to version 17.30. ### Java * Updated Oracle JRE to 1.8U152 ### TC Setup (Java) * The automatic system suspend on inactivity is now independend from the configuration of the shutdown dialog. Added these new parameters to configure the auto suspend dialog after inactivity: | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | System > Power Options > System | | Parameter | `Without dialog` | | Registry | `userinterface.shutdown_dialog.auto_suspend_disable_dialog` | | Value | enabled / **disabled** (default) | | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | System > Power Options > System | | Parameter | `Dialog timeout` | | Registry | `userinterface.shutdown_dialog.auto_suspend_dialog_timeout` | | Value | **10** | > Reworked setup page System > Power Options > System ### Fabulatech * Updated Fabulatech client to v5.2.23. * Added new parameters for the following options: - Postpone: Will take the device from the system on network connection only, and return it to the system after disconnect. By default, all shared devices are not available to the host system. | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Sessions > Citrix XenDesktop / XenApp > HDX / ICA Global > Fabulatech USB Redirection | | | Sessions > RDP > RDP Global > Fabulatech USB Redirection | | Parameter | `Postpone` | | Registry | `rdp.usbredirection.devicepolicy.class_rule.postpone` | | Value | enabled / **disabled** (default) | | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Sessions > Citrix XenDesktop / XenApp > HDX / ICA Global > Fabulatech USB Redirection | | | Sessions > RDP > RDP Global > Fabulatech USB Redirection | | Parameter | `Postpone` | | Registry | `rdp.usbredirection.devicepolicy.product_rule.postpone` | | Value | **enabled** (default) / disabled | - Takeaway: Allow client to withdraw the device. | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Sessions > Citrix XenDesktop / XenApp > HDX / ICA Global > Fabulatech USB Redirection | | | Sessions > RDP > RDP Global > Fabulatech USB Redirection | | Parameter | `Takeaway` | | Registry | `rdp.usbredirection.devicepolicy.class_rule.takeaway` | | Value | enabled / **disabled** (default) | | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Sessions > Citrix XenDesktop / XenApp > HDX / ICA Global > Fabulatech USB Redirection | | | Sessions > RDP > RDP Global > Fabulatech USB Redirection | | Parameter | `Takeaway` | | Registry | `rdp.usbredirection.devicepolicy.product_rule.takeaway` | | Value | **enabled** (default) / disabled | - no-reset: Does not reset the device after disconnect. | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Sessions > Citrix XenDesktop / XenApp > HDX / ICA Global > Fabulatech USB Redirection | | | Sessions > RDP > RDP Global > Fabulatech USB Redirection | | Parameter | `No Reset` | | Registry | `rdp.usbredirection.devicepolicy.class_rule.noreset` | | Value | enabled / **disabled** (default) | | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Sessions > Citrix XenDesktop / XenApp > HDX / ICA Global > Fabulatech USB Redirection | | | Sessions > RDP > RDP Global > Fabulatech USB Redirection | | Parameter | `No Reset` | | Registry | `rdp.usbredirection.devicepolicy.product_rule.noreset` | | Value | **enabled** (default) / disabled | - override-serial: Assign new serial number. | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Sessions > Citrix XenDesktop / XenApp > HDX / ICA Global > Fabulatech USB Redirection | | | Sessions > RDP > RDP Global > Fabulatech USB Redirection | | Parameter | `Override serial` | | Registry | `rdp.usbredirection.devicepolicy.class_rule.overrides` | | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Sessions > Citrix XenDesktop / XenApp > HDX / ICA Global > Fabulatech USB Redirection | | | Sessions > RDP > RDP Global > Fabulatech USB Redirection | | Parameter | `Override serial` | | Registry | `rdp.usbredirection.devicepolicy.product_rule.overrides` | - override-name: Assign new device description. | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Sessions > Citrix XenDesktop / XenApp > HDX / ICA Global > Fabulatech USB Redirection | | | Sessions > RDP > RDP Global > Fabulatech USB Redirection | | Parameter | `Override name` | | Registry | `rdp.usbredirection.devicepolicy.class_rule.overriden` | | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Sessions > Citrix XenDesktop / XenApp > HDX / ICA Global > Fabulatech USB Redirection | | | Sessions > RDP > RDP Global > Fabulatech USB Redirection | | Parameter | `Override name` | | Registry | `rdp.usbredirection.devicepolicy.product_rule.overriden` | Resolved Issues ------------------------------------------------------------------------------- ### Citrix Receiver 13 * Fixed an issue regarding window focus with some applications (e.g. Adobe Reader). Focus hints of seamless application windows are ignored by default now. The fix can be disabled by this key: | | | | ---------- | --------------------------------------------------------------- | | Parameter | `Ignore focus hints of ICA windows` | | Registry | `windowmanager.tweaks.wfica_ignore_focus_hints` | | Value | **enabled**(default) / disabled | * Fixed SSL connection errors once connecting to a Citrix session via Netscaler, when the hardware accelerated H.264 codec is activated. * Citrix Receiver 13.7.0: Fixed detection of smartcard readers (e.g. Kobil mIdentity) to be useable with DATEV Sicherheitspaket within Citrix sessions. * Fixed Citrix logoff while still being in login phase. * Fixed sticky shift and right control keys in ICA sessions when generic keyboard mapping is specified. Before this fix, the status of these modifiers inside the session window could be wrong after the window got active again. * Fixed problems with Citrix Receiver >= 13.6 using trusted certificates in certain cases. ### RDP/IGEL RDP Client 2 * Fixed dynamic client drive mapping for USB devices containing whitespaces in the device name. * Fixed audio recording feature in RDP session to Windows 10 and Server 2016. Now compression in audio recording can be configured in IGEL Setup: | Global | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Sessions > RDP > RDP Global > Mapping > Audio | | Parameter | `Compression in audio recording` | | Registry | `rdp.winconnect.rdpeai.compression` | | Range | [**Automatic** (default)][Off][A-Law][Mu-Law][IMA ADPCM][Microsoft ADPCM] | | Per session | | | ----------- | -------------------------------------------------------------- | | IGEL Setup | Sessions > RDP > RDP Sessions > RDP Session > Mapping | | Parameter | `Compression in audio recording` | | Registry | `sessions.winconnect.option.rdpeai.compression` | | Range | [**Global setting** (default)][Automatic][Off][A-Law][Mu-Law][IMA ADPCM][Microsoft ADPCM] | * Fixed time settings not getting send correctly to the RDP session * RD Web Access login now remembers username and domain, when `set user from last login` is activated: | | | | ---------- | --------------------------------------------------------------- | | IGEL Setup | Sessions > RDP > RDP Global > Local Logon | | Parameter | `Type` | | Registry | `rdp.login.saveusertype` | | Range | [**set user/domain from last login** (default)][set user/domain from session setup] | * Fixed a problem where using a smartcard reader and having dynamic drive mapping enabled, could lead to the RDP session is losing the connection to the smartcard reader. * Fixed support for **shell variables in local logon** configurations. The shell variable configuration is available at setup page `System > Firmware Customization > Environment Variables` * Fixed reading German health care cards with reader Cherry ST-2052 via RDP. - Fixed possible crash of RDP client when using smartcards. * Fixed sporadic display freezes for RDP sessions ### RD Web Access * Fixed RD Web Access autostart/restart issue. ### VMware Horizon * Fixed an issue with VMware Blast on older Intel graphic chipsets: H.264 rendering was broken with a green screen after 20 min. ### Parallels Client * Fixed audio issue in Parallels Client * Fixed crash after closing one session, when two same sessions were started before ### RedHat Enterprise Virtualization client * Fixed logoff/disconnect issue. Browser will keep the current user logged in, instead of starting a new session. * Fixed support for "Native Client" option. ### Firefox * Fixed browser profile handling, where once configured credentials remained in the profile after removing them from the settings. ### Network * Fixed an needless network notification that occurred, when DHCP lease was renewed. * Fixed USB mode switching (necessary for mobile broadband USB sticks) * Improved ethernet hotplug handling, e.g. in the case where the TC gets connected to a docking station. * Fixed bug in 10.03.170: Missing tray icon for HiLink devices, particularly Huawei E3372 * Fixed wpa security issues (KRACK vulnerability) CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088, CVE-2016-4476 and CVE-2016-4477. * Fixed bug in Mobile broadband configuration editor. Previous settings for password and SIM PIN were messed up, when they were not entered again. * Fixed bug: DHCP notification for wwan0 didn't vanish. ### WiFi * Fixed non working Ralink RT3290 WiFi card. * Fixed a bug where setting the following registry keys to a BSSID or "bestsignal" resulted in network configuration failure: | | For the first configured SSID | | ---------- | --------------------------------------------------------------- | | Parameter | `BSSID` | | Registry | `network.interfaces.wirelesslan.device0.bssid` | | | For additional SSIDs | | ---------- | --------------------------------------------------------------- | | Parameter | `BSSID` | | Registry | `network.interfaces.wirelesslan.device0.alt_ssid.bssid` | > If the BSSID (MAC address) is configured, then the WPA supplicant > is restricted to associate only with this access point. > The BSSID parameter can be set to the string value "bestsignal", > then the BSSID of the access point with the best signal level is > selected. The detection of the access point providing best > signal level is executed once during network configuration. > Detection of the access point providing best signal level isn't > supported for VIA VNT VT6656. ### genucard VPN * Fixed genucard connection failure. ### Smartcard * Fixed login with IGEL Smartcard. Before this fix, the smartcard wasn't detected after a few log-in cycles. ### CUPS Printing * Fixed issues with print job names longer than 255 characters. Now it is possible to print from certain applications which disregard the IPP definitions of a well defined job name. To enable this, following key has to be disabled: | | | | ---------- | --------------------------------------------------------------- | | Parameter | `Validate print job name` | | Registry | `print.cups.jobname-validation` | | Value | **enabled**(default) / disabled | * Fixed printing to CUPS printers connected to the serial port. * Fixed the feature to disable print-to-file in the printer dialog by disabling the IGEL Registry key | | | | ---------- | --------------------------------------------------------------- | | Parameter | `Enable print to file in GTK-Programs` | | Registry | `print.printtofile` | | Value | *enabled* (default) / disabled | ### Base system * Fixed "Update of Bootcode ongoing" loop. * Fixed Secure Shell (SSH) access with public key authentication (caused due to wrong /wfs directory permissions). [> Best Practice](http://edocs.igel.com/index.htm#10204371.htm) * Clear unwanted log messages from console 1, shown on shutdown. * Fixed local log on with smartcard: when inserting smartcard, stop screen saver and switch on monitors * Fixed video playback issue for UD3-LX 41/42 devices (VIA GPU). * Fixed occasional desktop hang in the local login or the network login mask after successful authentication. * Fixed unmount of the custom partition - stop all processes accessing files on the custom partition before unmount. * Fixed libgd2 security issues CVE-2017-7890 and CVE-2017-6362. Fixed graphite2 security issues CVE-2017-7778, CVE-2017-7777, CVE-2017-7776, CVE-2017-7775, CVE-2017-7774, CVE-2017-7773, CVE-2017-7772 and CVE-2017-7771. * Fixed ghostscript security issues CVE-2017-9835, CVE-2017-9739, CVE-2017-9727, CVE-2017-9726, CVE-2017-9612, CVE-2017-9611 and CVE-2017-11714. * Fixed libmspack security issues CVE-2017-6419 and CVE-2017-11423. * Fixed libsoup2.4 security issue CVE-2017-2885. * Fixed xorg-server security issues CVE-2017-10971, CVE-2017-10972, CVE-2017-13721, CVE-2017-13723, CVE-2017-12176, CVE-2017-12177, CVE-2017-12178, CVE-2017-12179, CVE-2017-12180, CVE-2017-12181, CVE-2017-12182, CVE-2017-12183, CVE-2017-12184, CVE-2017-12185, CVE-2017-12186 and CVE-2017-12187. * Fixed bluez security issue CVE-2017-1000250. * Fixed kernel security issues CVE-2017-7541, CVE-2017-1000112, CVE-2017-1000111, CVE-2017-7487, CVE-2017-7533, CVE-2017-1000251, CVE-2017-14106, CVE-2017-11176, CVE-2017-10911, CVE-2017-14340, CVE-2017-10663, CVE-2017-1000252, CVE-2017-12188 and CVE-2017-12146. * Fixed gdk-pixbuf security issues CVE-2017-6311, CVE-2017-2870 and CVE-2017-2862. * Fixed tcpdump security issues CVE-2017-13725, CVE-2017-13690, CVE-2017-13689, CVE-2017-13688, CVE-2017-13687, CVE-2017-13055, CVE-2017-13054, CVE-2017-13053, CVE-2017-13052, CVE-2017-13051, CVE-2017-13050, CVE-2017-13049, CVE-2017-13048, CVE-2017-13047, CVE-2017-13046, CVE-2017-13045, CVE-2017-13044, CVE-2017-13043, CVE-2017-13042, CVE-2017-13041, CVE-2017-13040, CVE-2017-13039, CVE-2017-13038, CVE-2017-13037, CVE-2017-13036, CVE-2017-13035, CVE-2017-13034, CVE-2017-13033, CVE-2017-13032, CVE-2017-13031, CVE-2017-13030, CVE-2017-13029, CVE-2017-13028, CVE-2017-13027, CVE-2017-13026, CVE-2017-13025, CVE-2017-13024, CVE-2017-13023, CVE-2017-13022, CVE-2017-13021, CVE-2017-13020, CVE-2017-13019, CVE-2017-13018, CVE-2017-13017, CVE-2017-13016, CVE-2017-13015, CVE-2017-13014, CVE-2017-13013, CVE-2017-13012, CVE-2017-13011, CVE-2017-13010, CVE-2017-13009, CVE-2017-13008, CVE-2017-13007, CVE-2017-13006, CVE-2017-13005, CVE-2017-13004, CVE-2017-13003, CVE-2017-13002, CVE-2017-13001, CVE-2017-13000, CVE-2017-12999, CVE-2017-12998, CVE-2017-12997, CVE-2017-12996, CVE-2017-12995, CVE-2017-12994, CVE-2017-12993, CVE-2017-12992, CVE-2017-12991, CVE-2017-12990, CVE-2017-12989, CVE-2017-12988, CVE-2017-12987, CVE-2017-12986, CVE-2017-12985, CVE-2017-12902, CVE-2017-12901, CVE-2017-12900, CVE-2017-12899, CVE-2017-12898, CVE-2017-12897, CVE-2017-12896, CVE-2017-12895, CVE-2017-12894, CVE-2017-12893, CVE-2017-11543, CVE-2017-11542, CVE-2017-11541 and CVE-2017-11108. * Fixed libxml2 security issues CVE-2017-9050, CVE-2017-9049, CVE-2017-9048, CVE-2017-9047, CVE-2017-7376, CVE-2017-7375 and CVE-2017-0663. * Fixed samba security issues CVE-2017-12163, CVE-2017-12151, CVE-2017-12150, CVE-2017-15275 and CVE-2017-14746. * Fixed libplist security issue CVE-2017-7982. * Fixed nss security issue CVE-2017-7805. * Fixed libidn security issue CVE-2017-14062. * Fixed poppler security issues CVE-2017-9776, CVE-2017-14977, CVE-2017-14975, CVE-2017-14929, CVE-2017-14928, CVE-2017-14926, CVE-2017-14617, CVE-2017-14520, CVE-2017-14519, CVE-2017-14518 and CVE-2017-15565. * Fixed dnsmasq security issues CVE-2017-14496, CVE-2017-14495, CVE-2017-14494, CVE-2017-14493, CVE-2017-14492 and CVE-2017-14491. * Fixed libxfont security issues CVE-2017-13722, CVE-2017-13720 and CVE-2017-16611. * Fixed curl security issues CVE-2016-9586, CVE-2017-2629, CVE-2017-7407, CVE-2017-7468, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000254, CVE-2017-1000257, CVE-2017-8816 and CVE-2017-8817. * Fixed libxfont2 security issues CVE-2017-13722, CVE-2017-13720 and CVE-2017-16611. * Fixed nvidia security issues CVE-2017-6266, CVE-2017-6267 and CVE-2017-6272. * Fixed icu security issue CVE-2017-14952. * Fixed wget security issues CVE-2017-6508, CVE-2017-13090, CVE-2017-13089 and CVE-2016-7098. * Fixed systemd security issue CVE-2017-15908. * Fixed openssl security issues CVE-2017-3736 and CVE-2017-3735. * Fixed perl security issues CVE-2017-12883 and CVE-2017-12837. * Fixed webkit2gtk security issues CVE-2017-13803, CVE-2017-13802, CVE-2017-13798, CVE-2017-13796, CVE-2017-13795, CVE-2017-13794, CVE-2017-13793, CVE-2017-13792, CVE-2017-13791, CVE-2017-13788, CVE-2017-13785, CVE-2017-13784 and CVE-2017-13783. * Fixed db5.3 security issue CVE-2017-10140. * Fixed ldns security issues CVE-2017-1000232 and CVE-2017-1000231. * Fixed python2.7 security issue CVE-2017-1000158. * Fixed python3.5 security issue CVE-2017-1000158. * Fixed libxcursor security issue CVE-2017-16612. * Fixed resizing of custom partition, when no contents are configured. * Fixed a security issue in the base system regarding of not reseting certain environment variables. * Fixed non working x.global.forcenumlock registry key. * Fixed console default numlock state. ### Storage Devices * Fixed various issues with Mobile Device Access: - Fixed the need to manually 'Refresh' after android granted 'File Transfer' permission - Fixed table refresh bug, 'Mountpoint' now gets updated as soon as the device is available - Fixed fuzzy behavior when using Apple and Android at the same time - Fixed Mobile Device Access with iOS11 devices. - Added ability to remember iDevices after reboot. | | | | ---------- | --------------------------------------------------------------- | | Parameter | `Remember iDevices after reboot` | | Registry | `sessions.mtp-devices0.remember_idevices` | | Value | disabled / **enabled** (default) | > Mobile Device Access must be enabled at > `IGEL Setup > System > Firmware Customization > Features`. ### X11 system * Fixed non present 180ø screen rotation (worked only for screen 1 up to now). * Fixed encoding issue with legacy X11 misc fonts. ### Window manager * Fixed bug that causes windows to lose focus, when Ctrl+Alt+Tab is pressed while holding down the minimize button ### Audio * Fixed automatic selection of the sound output on IGEL H830C, IGEL M340C and IGEL D220 devices. ### Hardware * Fixed 'CPU Power Plan' configuration so that the 'Power Saver' mode is usable again. * Fixed non working Lenovo Professional Wireless Keyboard. ### IGEL Cloud Gateway * Fixed too short timeout (5 seconds) in ICG Setup. The connection timeout now is 60 seconds. * Fixed error handling while transferring files from TC to UMS over ICG. ### VNC * Fixed VNC shadowing on M330 device (VIA GPU).