IGEL OS 11 ========== Firmware version 11.06.250 Release date 2022-02-07 Last update of this document 2022-02-07 [> IGEL Release Notes](https://kb.igel.com/igelos11/releasenotes) Supported Devices ------------------------------------------------------------------------------- UD2-LX 51, UD2-LX 50, UD2-LX 40 UD3-LX 60, UD3-LX 51 UD6-LX 51 UD7-LX 20, UD7-LX 11, UD7-LX 10 UD9-LX Touch 41, UD9-LX 40 [> Supported IGEL OS 11 thirdparty devices](https://kb.igel.com/os11-supported-hardware) Release Notes 11.06.250 (Based On 11.06.240) -------------------------------------------------------------------------------- Security Fixes -------------------------------------------------------------------------------- ### Base system * Update policykit-1 package for˙CVE-2021-4034 (fixes Polkit Escalation of Privilege). Resolved Issues -------------------------------------------------------------------------------- ### Citrix * Fixed window settings for Citrix Desktop sessions * In 2112 CWA, Citrix introduced a fix for a video flicker by always capturing the camera at maximum resolution (1080 or 720p depending on the camera´s capabilities) and then scaling down dynamically to match the constraints set by Teams servers. Example: in a conference call, the Teams servers might only require 360p at the beginning of the call and 480p as the call progresses. This scaling causes high CPU usage on thin clients as we are capturing HD video constantly, even if the endpoint is low-powered. Workaround: Add the following custom command under System > Firmware Customization > Custom Commands > Desktop > Final desktop command: mkdir -p /var/.config/citrix/hdx_rtc_engine touch /var/.config/citrix/hdx_rtc_engine/config.json echo "{" > /var/.config/citrix/hdx_rtc_engine/config.json echo "\"UseDefaultCameraConfig\":0" >> /var/.config/citrix/hdx_rtc_engine/config.json echo "}" >> /var/.config/citrix/hdx_rtc_engine/config.json ### Base system * Fixed product id for IGEL UD6. * Fixed prevented detection of USB device by its UUID * Fixed missing generation number in Product ID (About and UMS). * Added new registry key to include systemd information in the support files. +------------+-----------------------------------------------------------------+ |Parameter |`Collect systemd information for support files` | +------------+-----------------------------------------------------------------+ |Registry |`debug.collect_sysd_info_for_support` | +------------+-----------------------------------------------------------------+ |Value |**disabled** (default) / enabled | +------------+-----------------------------------------------------------------+ * Added new registry key to include systemd-analyze plot in the support files. +------------+-----------------------------------------------------------------+ |Parameter |`Include systemd-analyze plot svg-image in support files` | +------------+-----------------------------------------------------------------+ |Registry |`debug.create_sysd_plot_for_support` | +------------+-----------------------------------------------------------------+ |Value |**disabled** (default) / enabled | +------------+-----------------------------------------------------------------+ Component Versions ------------------------------------------------------------------------------- +-------------------------------------------+----------------------------------+ | Clients | | +===========================================+==================================+ | Amazon WorkSpaces Client | 3.1.9 | +-------------------------------------------+----------------------------------+ | Chromium | 95.0.4638.69-igel1635513789 | +-------------------------------------------+----------------------------------+ | Cisco JVDI Client | 14.0.3 | +-------------------------------------------+----------------------------------+ | Cisco Webex VDI plugin | 41.12.0.20899 | +-------------------------------------------+----------------------------------+ | Cisco Webex Meetings VDI plugin | 41.10.9.15 | +-------------------------------------------+----------------------------------+ | Cisco Webex Meetings VDI plugin | 41.12.6.12 | +-------------------------------------------+----------------------------------+ | Cisco Webex Meetings VDI plugin | 42.1.1.20 | +-------------------------------------------+----------------------------------+ | Zoom Media Plugin | 5.4.59458 | +-------------------------------------------+----------------------------------+ | Zoom Media Plugin | 5.8.4.21112 | +-------------------------------------------+----------------------------------+ | Zoom Media Plugin | 5.9.0.20720 | +-------------------------------------------+----------------------------------+ | Citrix HDX Realtime Media Engine | 2.9.400 | +-------------------------------------------+----------------------------------+ | Citrix Workspace App | 20.10.0.6 | +-------------------------------------------+----------------------------------+ | Citrix Workspace App | 21.11.0.20 | +-------------------------------------------+----------------------------------+ | Citrix Workspace App | 21.12.0.18 | +-------------------------------------------+----------------------------------+ | deviceTRUST Citrix Channel | 20.2.310.0 | +-------------------------------------------+----------------------------------+ | Crossmatch DP Citrix Channel | 0125 | +-------------------------------------------+----------------------------------+ | deskMate Client | 2.1.3 | +-------------------------------------------+----------------------------------+ | DriveLock Agent | 20.1.4.30482 | +-------------------------------------------+----------------------------------+ | Ericom PowerTerm | 14.0.1.62267 | +-------------------------------------------+----------------------------------+ | Evidian AuthMgr | 1.5.7789 | +-------------------------------------------+----------------------------------+ | Evince PDF Viewer | 3.28.4-0ubuntu1.2 | +-------------------------------------------+----------------------------------+ | FabulaTech Plugins | 3.7.3 | +-------------------------------------------+----------------------------------+ | FabulaTech USB for Remote Desktop | 6.0.28 | +-------------------------------------------+----------------------------------+ | FabulaTech Scanner for Remote Desktop | 2.7.0.1 | +-------------------------------------------+----------------------------------+ | FabulaTech Webcam for Remote Desktop | 2.8.10 | +-------------------------------------------+----------------------------------+ | Firefox | 91.3.0 | +-------------------------------------------+----------------------------------+ | IBM iAccess Client Solutions | 1.1.8.6 | +-------------------------------------------+----------------------------------+ | IGEL RDP Client | 2.2igel1639469055 | +-------------------------------------------+----------------------------------+ | IGEL AVD Client | 1.0.37igel1639058670 | +-------------------------------------------+----------------------------------+ | deviceTRUST RDP Channel | 20.2.310.0 | +-------------------------------------------+----------------------------------+ | Imprivata OneSign ProveID Embedded | onesign-bootstrap-loader_1.0.523630_amd64 | +-------------------------------------------+----------------------------------+ | Lakeside SysTrack Channel | 9.0 | +-------------------------------------------+----------------------------------+ | NCP Secure Enterprise Client | 5.10_rev40552 | +-------------------------------------------+----------------------------------+ | NX Client | 7.1.3-1igel9 | +-------------------------------------------+----------------------------------+ | Open VPN | 2.5.1-3igel1621236751 | +-------------------------------------------+----------------------------------+ | Zulu JRE | 8.0.302-1 | +-------------------------------------------+----------------------------------+ | Parallels Client | 18.2.0 | +-------------------------------------------+----------------------------------+ | Spice GTK (Red Hat Virtualization) | 0.39-1igel106 | +-------------------------------------------+----------------------------------+ | Remote Viewer (Red Hat Virtualization) | 8.0-2git20191213.e4bacb8igel83 | +-------------------------------------------+----------------------------------+ | Usbredir (Red Hat Virtualization) | 0.8.0-1+b1igel71 | +-------------------------------------------+----------------------------------+ | SpeechWrite | 1.0 | +-------------------------------------------+----------------------------------+ | Stratusphere UX Connector ID Key software | 6.5.0-2 | +-------------------------------------------+----------------------------------+ | Systancia AppliDis | 6.0.0-4 | +-------------------------------------------+----------------------------------+ | Teradici PCoIP Software Client | 21.03.0-18.04 | +-------------------------------------------+----------------------------------+ | ThinLinc Client | 4.13.0-2172 | +-------------------------------------------+----------------------------------+ | ThinPrint Client | 7-7.6.126 | +-------------------------------------------+----------------------------------+ | Totem Media Player | 2.30.2-0ubuntu1igel55 | +-------------------------------------------+----------------------------------+ | Parole Media Player | 4.16.0-1igel1611217037 | +-------------------------------------------+----------------------------------+ | VNC Viewer | 1.11.0+dfsg-2igel19 | +-------------------------------------------+----------------------------------+ | VMware Horizon client | 2111-8.4.0-18957622 | +-------------------------------------------+----------------------------------+ | Voip Client Ekiga | 4.0.1-9build1igel6 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | Dictation | | +===========================================+==================================+ | Diktamen driver for dictation | 2017/09/29 | +-------------------------------------------+----------------------------------+ | Grundig Business Systems dictation driver | 0.12/21-12-21 | +-------------------------------------------+----------------------------------+ | Nuance Audio Extensions for dictation | B301 | +-------------------------------------------+----------------------------------+ | Olympus driver for dictation | 4.0.1 | +-------------------------------------------+----------------------------------+ | Philips Speech driver | 12.9.1 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | Signature | | +===========================================+==================================+ | Kofax SPVC Citrix Channel | 3.1.41.0 | +-------------------------------------------+----------------------------------+ | signotec Citrix Channel | 8.0.9 | +-------------------------------------------+----------------------------------+ | signotec VCOM Daemon | 2.0.0 | +-------------------------------------------+----------------------------------+ | StepOver TCP Client | 2.4.2 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | Smartcard | | +===========================================+==================================+ | PKCS#11 Library A.E.T. SafeSign | 3.6.0.0-AET.000 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library Athena IDProtect | 7-20210902 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library cryptovision sc/interface | 7.3.1 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library Thales SafeNet | 10.8.28 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library OpenSC | 0.21.0-1igel39 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library SecMaker NetID | 6.8.3.21 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library 90meter | 20190522 | +-------------------------------------------+----------------------------------+ | Reader Driver ACS CCID | 1.1.8-1igel1632136057 | +-------------------------------------------+----------------------------------+ | Reader Driver HID Global Omnikey | 4.3.3 | +-------------------------------------------+----------------------------------+ | Reader Driver Identive CCID | 5.0.35 | +-------------------------------------------+----------------------------------+ | Reader Driver Identive eHealth200 | 1.0.5 | +-------------------------------------------+----------------------------------+ | Reader Driver Identive SCRKBC | 5.0.24 | +-------------------------------------------+----------------------------------+ | Reader Driver MUSCLE CCID | 1.4.36-2igel1636006599 | +-------------------------------------------+----------------------------------+ | Reader Driver REINER SCT cyberJack | 3.99.5final.sp13igel15 | +-------------------------------------------+----------------------------------+ | Resource Manager PC/SC Lite | 1.9.1-1igel18 | +-------------------------------------------+----------------------------------+ | Cherry USB2LAN Proxy | 3.2.0.3 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | System Components | | +===========================================+==================================+ | OpenSSL | 1.0.2n-1ubuntu5.7 | +-------------------------------------------+----------------------------------+ | OpenSSL | 1.1.1-1ubuntu2.1~18.04.13 | +-------------------------------------------+----------------------------------+ | OpenSSH Client | 8.4p1-5igel6 | +-------------------------------------------+----------------------------------+ | OpenSSH Server | 8.4p1-5igel6 | +-------------------------------------------+----------------------------------+ | Bluetooth Stack (bluez) | 5.56-0ubuntu2igel12 | +-------------------------------------------+----------------------------------+ | MESA OpenGL Stack | 21.1.5-1igel145 | +-------------------------------------------+----------------------------------+ | VAAPI ABI Version | 0.40 | +-------------------------------------------+----------------------------------+ | VDPAU Library Version | 1.4-3igel1099 | +-------------------------------------------+----------------------------------+ | Graphics Driver INTEL | 2.99.917+git20200515-igel1013 | +-------------------------------------------+----------------------------------+ | Graphics Driver ATI/RADEON | 19.1.0-2igel1066 | +-------------------------------------------+----------------------------------+ | Graphics Driver ATI/AMDGPU | 19.1.0-2+git20210202igel1122 | +-------------------------------------------+----------------------------------+ | Graphics Driver Nouveau (Nvidia Legacy) | 1.0.16-1igel867 | +-------------------------------------------+----------------------------------+ | Graphics Driver Nvidia | 460.91.03-0ubuntu0.20.04.1 | +-------------------------------------------+----------------------------------+ | Graphics Driver VMware | 13.3.0-2igel857 | +-------------------------------------------+----------------------------------+ | Graphics Driver QXL (Spice) | 0.1.5-2build2-igel925 | +-------------------------------------------+----------------------------------+ | Graphics Driver FBDEV | 0.5.0-1igel1012 | +-------------------------------------------+----------------------------------+ | Graphics Driver VESA | 2.4.0-1igel1010 | +-------------------------------------------+----------------------------------+ | Input Driver Evdev | 2.10.6-2igel1037 | +-------------------------------------------+----------------------------------+ | Input Driver Elographics | 1.4.2-1igel1113 | +-------------------------------------------+----------------------------------+ | Input Driver eGalax | 2.5.8825 | +-------------------------------------------+----------------------------------+ | Input Driver Synaptics | 1.9.1-1ubuntu1igel1009 | +-------------------------------------------+----------------------------------+ | Input Driver VMMouse | 13.1.0-1ubuntu2igel957 | +-------------------------------------------+----------------------------------+ | Input Driver Wacom | 0.39.0-0ubuntu1igel1036 | +-------------------------------------------+----------------------------------+ | Input Driver ELO Multitouch | 3.0.0 | +-------------------------------------------+----------------------------------+ | Input Driver ELO Singletouch | 5.1.0 | +-------------------------------------------+----------------------------------+ | Kernel | 5.12.19 #mainline-lxos_dev-g1634042087 | +-------------------------------------------+----------------------------------+ | Xorg X11 Server | 1.20.11-1igel1120 | +-------------------------------------------+----------------------------------+ | Xorg Xephyr | 1.20.11-1igel1120 | +-------------------------------------------+----------------------------------+ | CUPS Printing Daemon | 2.2.7-1ubuntu2.8igel32 | +-------------------------------------------+----------------------------------+ | PrinterLogic | 25.1.0.500 | +-------------------------------------------+----------------------------------+ | Lightdm Graphical Login Manager | 1.26.0-0ubuntu1igel14 | +-------------------------------------------+----------------------------------+ | XFCE4 Window Manager | 4.14.5-1~18.04igel1600422786 | +-------------------------------------------+----------------------------------+ | ISC DHCP Client | 4.3.5-3ubuntu7.3 | +-------------------------------------------+----------------------------------+ | NetworkManager | 1.30.0-2igel114 | +-------------------------------------------+----------------------------------+ | ModemManager | 1.10.0-1~ubuntu18.04.2 | +-------------------------------------------+----------------------------------+ | GStreamer 0.10 | 0.10.36-2ubuntu0.1igel201 | +-------------------------------------------+----------------------------------+ | Gstreamer 0.10 Fluendo aacdec | 0.10.42 | +-------------------------------------------+----------------------------------+ | Gstreamer 0.10 Fluendo asfdemux | 0.10.92 | +-------------------------------------------+----------------------------------+ | Gstreamer 0.10 Fluendo h264dec | 0.10.59 | +-------------------------------------------+----------------------------------+ | Gstreamer 0.10 Fluendo mp3dec | 0.10.41 | +-------------------------------------------+----------------------------------+ | Gstreamer 0.10 Fluendo mpegdemux | 0.10.85 | +-------------------------------------------+----------------------------------+ | Gstreamer 0.10 Fluendo mpeg4videodec | 0.10.44 | +-------------------------------------------+----------------------------------+ | Gstreamer 0.10 Fluendo vadec | 0.10.229 | +-------------------------------------------+----------------------------------+ | Gstreamer 0.10 Fluendo wmadec | 0.10.70 | +-------------------------------------------+----------------------------------+ | Gstreamer 0.10 Fluendo wmvdec | 0.10.66 | +-------------------------------------------+----------------------------------+ | GStreamer 1.x | 1.18.5-1igel1633086114 | +-------------------------------------------+----------------------------------+ | Gstreamer 1.0 Fluendo aacdec | 0.10.42 | +-------------------------------------------+----------------------------------+ | Gstreamer 1.0 Fluendo asfdemux | 0.10.92 | +-------------------------------------------+----------------------------------+ | Gstreamer 1.0 Fluendo h264dec | 0.10.59 | +-------------------------------------------+----------------------------------+ | Gstreamer 1.0 Fluendo mp3dec | 0.10.41 | +-------------------------------------------+----------------------------------+ | Gstreamer 1.0 Fluendo mpeg4videodec | 0.10.44 | +-------------------------------------------+----------------------------------+ | Gstreamer 1.0 Fluendo vadec | 0.10.229 | +-------------------------------------------+----------------------------------+ | Gstreamer 1.0 Fluendo wmadec | 0.10.70 | +-------------------------------------------+----------------------------------+ | Gstreamer 1.0 Fluendo wmvdec | 0.10.66 | +-------------------------------------------+----------------------------------+ | WebKit2Gtk | 2.32.4-1igel1632209494 | +-------------------------------------------+----------------------------------+ | Python2 | 2.7.17 | +-------------------------------------------+----------------------------------+ | Python3 | 3.6.9 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | VM Guest Support Components | | +===========================================+==================================+ | Virtualbox Guest Utils | 6.1.22-dfsg-1igel55 | +-------------------------------------------+----------------------------------+ | Virtualbox X11 Guest Utils | 6.1.22-dfsg-1igel55 | +-------------------------------------------+----------------------------------+ | Open VM Tools | 11.0.5-4ubuntu0.18.04.1 | +-------------------------------------------+----------------------------------+ | Open VM Desktop Tools | 11.0.5-4ubuntu0.18.04.1 | +-------------------------------------------+----------------------------------+ | Xen Guest Utilities | 7.10.0-0ubuntu1 | +-------------------------------------------+----------------------------------+ | Spice Vdagent | 0.20.0-2igel104 | +-------------------------------------------+----------------------------------+ | Qemu Guest Agent | 5.2+dfsg-3igel17 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | Features with Limited IGEL Support | | +===========================================+==================================+ | Mobile Device Access USB (MTP) | 1.1.17-3igel5 | +-------------------------------------------+----------------------------------+ | Mobile Device Access USB (imobile) | 1.3.0-6igel12 | +-------------------------------------------+----------------------------------+ | Mobile Device Access USB (gphoto) | 2.5.27-1igel8 | +-------------------------------------------+----------------------------------+ | VPN OpenConnect | 8.10-2igel6 | +-------------------------------------------+----------------------------------+ | Scanner support | 1.0.27-1 | +-------------------------------------------+----------------------------------+ | VirtualBox VM within IGEL OS | 6.1.22-dfsg-1igel55 | +-------------------------------------------+----------------------------------+ +--------------------------------------------+--------+------------------+ | Services | Size | Reduced Firmware | +============================================+========+==================+ | Asian Language Support | 24.8M | Included | +--------------------------------------------+--------+------------------+ | Java SE Runtime Environment | 43.0M | Included | +--------------------------------------------+--------+------------------+ | Citrix StoreFront | 361.2M | Included | | Citrix Workspace app | | | | Citrix Appliance | | | +--------------------------------------------+--------+------------------+ | Ericom PowerTerm InterConnect | 11.5M | Included | +--------------------------------------------+--------+------------------+ | Media Player | 768.0K | Included | +--------------------------------------------+--------+------------------+ | Citrix Appliance | 94.8M | Included | | Local Browser (Firefox) | | | +--------------------------------------------+--------+------------------+ | VMware Horizon | 6.2M | Included | | RDP | | | +--------------------------------------------+--------+------------------+ | Cendio ThinLinc | 11.5M | Included | +--------------------------------------------+--------+------------------+ | Printing (Internet printing protocol CUPS) | 23.8M | Included | +--------------------------------------------+--------+------------------+ | NoMachine NX | 31.8M | Included | +--------------------------------------------+--------+------------------+ | VMware Horizon | 251.0M | Included | +--------------------------------------------+--------+------------------+ | Voice over IP (Ekiga) | 7.2M | Included | +--------------------------------------------+--------+------------------+ | Citrix Appliance | 768.0K | Included | +--------------------------------------------+--------+------------------+ | NCP Enterprise VPN Client | 30.8M | Not included | +--------------------------------------------+--------+------------------+ | Fluendo GStreamer Codec Plugins | 7.5M | Included | +--------------------------------------------+--------+------------------+ | IBM i Access Client Solutions | 128.2M | Not included | +--------------------------------------------+--------+------------------+ | Red Hat Enterprise Virtualization | 3.5M | Included | +--------------------------------------------+--------+------------------+ | Parallels Client | 6.8M | Included | +--------------------------------------------+--------+------------------+ | NVIDIA graphics driver | 181.5M | Not included | +--------------------------------------------+--------+------------------+ | Imprivata Appliance | 16.0M | Included | +--------------------------------------------+--------+------------------+ | AppliDis | 256.0K | Included | +--------------------------------------------+--------+------------------+ | Evidian AuthMgr | 3.0M | Included | +--------------------------------------------+--------+------------------+ | Hardware Video Acceleration | 15.8M | Included | +--------------------------------------------+--------+------------------+ | Extra Font Package | 1.2M | Included | +--------------------------------------------+--------+------------------+ | Fluendo GStreamer AAC Decoder | 1.2M | Included | +--------------------------------------------+--------+------------------+ | x32 Compatibility Support | 4.0M | Included | +--------------------------------------------+--------+------------------+ | Cisco JVDI client | 75.5M | Included | +--------------------------------------------+--------+------------------+ | PrinterLogic | 53.2M | Not included | +--------------------------------------------+--------+------------------+ | Biosec BS Login | 10.2M | Not included | +--------------------------------------------+--------+------------------+ | Login VSI Login Enterprise | 32.8M | Not included | +--------------------------------------------+--------+------------------+ | Stratusphere UX CID Key software | 3.2M | Not included | +--------------------------------------------+--------+------------------+ | Elastic Filebeat | 25.0M | Not included | +--------------------------------------------+--------+------------------+ | AVD | 120.5M | Included | +--------------------------------------------+--------+------------------+ | Local Browser (Chromium) | 105.5M | Not included | +--------------------------------------------+--------+------------------+ | Amazon WorkSpaces Client | 36.8M | Included | +--------------------------------------------+--------+------------------+ | deskMate Client | 6.5M | Included | +--------------------------------------------+--------+------------------+ | Cisco WebEx VDI | 55.0M | Not included | +--------------------------------------------+--------+------------------+ | Cisco Webex Meetings VDI | 103.8M | Not included | +--------------------------------------------+--------+------------------+ | Zoom Media Plugin | 145.0M | Not included | +--------------------------------------------+--------+------------------+ | DriveLock | 14.8M | Included | +--------------------------------------------+--------+------------------+ | SpeechWrite Client | 256.0K | Included | +--------------------------------------------+--------+------------------+ | Fluendo Browser Codec Plugins | 4.5M | Included | +--------------------------------------------+--------+------------------+ | HP Factory deployment documentation | 27.5M | Included | +--------------------------------------------+--------+------------------+ | Teradici PCoIP Client | 18.2M | Included | +--------------------------------------------+--------+------------------+ | 90meter Smart Card Support | 256.0K | Included | +--------------------------------------------+--------+------------------+ | Mobile Device Access USB (Limited support) | 256.0K | Not included | | Scanner support / SANE (Limited support) | | | | VPN OpenConnect (Limited support) | | | | Virtualbox (Limited support) | | | | Limited Support Features | | | +--------------------------------------------+--------+------------------+ | Mobile Device Access USB (Limited support) | 512.0K | Not included | +--------------------------------------------+--------+------------------+ | VPN OpenConnect (Limited support) | 1.2M | Not included | +--------------------------------------------+--------+------------------+ | Scanner support / SANE (Limited support) | 2.8M | Not included | +--------------------------------------------+--------+------------------+ | Virtualbox (Limited support) | 70.8M | Not included | +--------------------------------------------+--------+------------------+ Known Issues -------------------------------------------------------------------------------- ### Citrix * To launch multiple desktop sessions with Citrix HDX RTME and Citrix H.264 acceleration plugin the following registry key needs to be enabled: +------------+-----------------------------------------------------------------+ |Parameter |`Activate workaround for dual RTME sessions and H264 acceleration` | +------------+-----------------------------------------------------------------+ |Registry |`ica.workaround-dual-rtme` | +------------+-----------------------------------------------------------------+ |Range |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * This workaround is not applicable when "Enable Secure ICA" is active for the specific delivery group. * Adding smartcard readers during running / active session does not work. The reader is visible, but cannot be used due to unknown reader status. Only relevant for CWA versions earlier than 2112. * There are known issues with GStreamer 1.0 and usage in Citrix. These occure with multimedia redirection of H.264, MPEG1 and MPEG2. (GStreamer 1.0 is used if browser content redirection is enabled active.) * Browser content redirection does not work when DRI3 and hardware accelerated H.264 deep compression codec is enabled. * Enabled DRI3 and an AMD GPU Citrix H.264 acceleration could lead to a freeze. Selective H.264 mode (API v2) is not affected from this issue. * Citrix H.264 acceleration plugin does not work with **enabled** server policy "Optimize for 3D graphics workload" in combination with server policy "Use video codec compression" -> *"For the entire screen"**. ### OSC Installer * OSC not deployable with IGEL Deployment Appliance: New version 11.3 is required for 11.06 deployment. ### VMware Horizon * After disconnect of an RDP-based session, the Horizon main window which contains the server or sessions overview, cannot be resized anymore. * Copying Text from Horizon Blast sessions is not possible. * The on-screen keyboard in Horizon appliance mode does not work correctly with local logon. It is necessary to switch off local logon and enable the following two keys via IGEL registry: userinterface.softkeyboard.autoshow userinterface.softkeyboard.autohide * Zoom VDI Media Plugin versions below 5.8.0 make Horizon Client crash upon connection to the remote desktop in cases when TCSetup is running at the same time. * With usage of PCoIP protocol, the virtual channel provided by VMware used for serial port and scanner redirection could freeze on logout from remote session. This happens only with enabled scanner or serial port redirection. The freeze does not occur if both redirection methods are enabled or none of them. The Blast Protocol is not affected by this bug. The respective settings can be found in the IGEL Registry: vmware.view.enable-serial-port-redir vmware.view.enable-scanner-redir * Keyboard Input Source Language Synchronization works only with usage a local layout with deadkeys enabled. If a keyboard layout is used which has deadkeys disabled (which is the default on IGEL OS), Horizon client falls back to en-US layout. * PCoIP sessions may crash in some cases, switch to Blast Protocol is recommended then. H.264/HEVC encoding can be disabled when overall performance is too low.. * Client drive mapping and USB redirection for storage devices can be switched on at the same time, but could lead to problems under some circumstances: Horizon Client tracks the drives which are dynamically mounted and adds them to the remote session using client drive mapping, I.e. USB redirection is then not used for theses devices. However in case of devices like USB SD card readers, Horizon does not map them as client drives but forcefully uses USB-redirection which results in an unclean unmount. As a work-around the IDs of these card readers can be added to IGEL USB access rules and denied. ### Parallels Client * Attached storage devices at the Thinclient will appear as network drives in the remote session * USB device redirection is considered as experimental for the Parallels client for Linux ### Firefox * With enabled Citrix Browser Content Redirection, Firefox has no H.264 and AAC multimedia codec support. Means, when codec support is needed in Firefox, BCR needs to be disabled. Citrix Browser Content Redirection is disabled by default. ### Network * Wakeup from system suspend fails on DELL Latitude 5510 ### WiFi * TP-Link Archer T2UH WiFi adapters does not work after system suspend/resume. Workaround: Disable system suspend at IGEL Setup > System > Power Options > Shutdown. ### Cisco JVDI Client * There may be a segfault shown in the logs (during logout of Citrix Desktop session). Occurs only when using Citrix Workspace App 2010 and Cisco JVDI. ### Base system * Hyper-V (Generation 2) needs a lot of memory (RAM). The machine needs a sufficient amount of memory allocated. * Update from memory stick requires network online state (at least when multiple update stages are involved) * Wrong license information may be shown in product id. In detail, `Starter License´ is indicated sporadically by product id suffix `Starter`, even with deployed and enabled WE license. ### Conky * The right screen when using multiscreen environment may not be shown correctly. Workaround: The horizontal offset should be set to the width of the monitor (e.g. if the monitor has a width of 1920, the offset should be set to 1920) ### Firmware update * On devices with 2 GB of flash storage it could happen that there is not enough space for updating all features. In this case, a corresponding error message occurs. Please visit [https://kb.igel.com/igelos-11.04/en/error-not-enough- space-on-local-drive-when-updating-to-igel-os-11-04-or-higher-32870765.html] for a possible solution and additional information. ### Appliance Mode * When ending a Citrix session in browser appliance mode, the browser is restarted twice (instead of once). * Appliance mode RHEV/Spice: spice-xpi firefox plugin is not longer supported. The "Console Invocation" has to allow 'Native' client (auto is also possible) and should be started in fullscreen to prevent any opening windows. * Browser Appliance mode can fail when the Web URL contains special control characters like ampersands (& character). Workaround: Add quotes at the beginning and the end of an affected URL. E.g.: 'https://www.google.com/search?q=aSearchTerm&source=lnms&tbm=isch' ### Audio * IGEL UD2 (D220) fails to restore the volume level of the speaker when the device used firmware version 11.01.110 before. * Audio jack detection on Advantec POC-W243L does not work. Therefore, sound output goes through a possibly connected headset and also the internal speakers. * UD3-M340C: Sound preferences are showing Headphone & Microphone, although not connected. ### Multimedia * Multimedia redirection with GStreamer could fail when using Nouveau GPU driver. ### Hardware * Some newer Delock 62599 active DisplayPort to DVI (4k) adapters only work on INTEL-based devices. ### Remote Management * AIT feature with IGEL Starter License is only supported by UMS version 6.05.100 or newer. Release Notes 11.06.240 (Based On 11.06.230) -------------------------------------------------------------------------------- New Features -------------------------------------------------------------------------------- ### Smartcard * Updated smartcard reader driver MUSCLE CCID to version 1.4.36. * Updated smartcard reader driver ACS CCID to version 1.1.8. ### Cisco JVDI Client * Updated Cisco JVDI to version 14.0.3 ### Base system * Added support for Thai keyboard layout and localization. ### zoomvdi * Integrated **Zoom Plugin 5.9.0.20720** Available Zoom Plugins in this release: 5.9.0.20720(default), 5.8.4.21112, and 5.4.59458 Security Fixes -------------------------------------------------------------------------------- ### Citrix * Removed registry key (ica.appprotection) due to possible security vulnerability. Please follow this document for more information ([https://support.citrix.com/article/CTX338435]) Resolved Issues -------------------------------------------------------------------------------- ### OSC Installer * Fixed OSC Recovery with enabled "Migrate Old Settings" ### RDP/IGEL RDP Client 2 * Fixed native USB redirection of Elatec TWN4 MultiTech 2 LF RFID reader. * Fixed wrong error message when RDP session was closed by idle timeout. ### AVD * Added full support for Thai(Kedmanee) keyboard layout * Added support for Thai(Pattachote) only with sessions.wvd%.options.remote- keymapping=on * Added potential support for other keyboard layouts when the special key codes are of the type 0xeXX ### RD Web Access * Fixed downloading published applications. ### VMware Horizon * Fixed not starting Firefox if called by Horizon client for 2FA. Libraries from Horizon installation were prevented by apparmor. ### Firefox * Added apparmor exception to fix webrtc. * Fixed usage of Athena IDProtect smartcards. ### Network * Fixed: Network interfaces were unusable when name assignment failed due to length. In such cases names are now determined according to NamePolicy=mac. * Improved synchronization of IPv4 and IPv6 when both are desired ### WiFi * Fixed "bestsignal" in˙network.interfaces.wirelesslan.device0.bssid and˙network.interfaces.wirelesslan.device0.alt_ssid%.bssid had no effect. * Improved reconfiguring regulatory domain settings at runtime ### Smartcard * Fixed smartcard PIN verify with HP Skylab smartcard keyboard. ### Base system * Fix USB deny rules not working in certain situations * Added new parameter to enable english international dead keys: +------------+-----------------------------------------------------------------+ |Parameter |`English(International) dead keys` | +------------+-----------------------------------------------------------------+ |Registry |`userinterface.keyboard.us_intl_compose` | +------------+-----------------------------------------------------------------+ |Value |**disabled (default)* / enabled | +------------+-----------------------------------------------------------------+ * Added parameter to enable dead keys: +------------+-----------------------------------------------------------------+ |IGEL Setup |`User Interface > Input > Keyboard` | +------------+-----------------------------------------------------------------+ |Parameter |`Enable dead keys` | +------------+-----------------------------------------------------------------+ |Registry |`userinterface.keyboard.usedeadkeys` | +------------+-----------------------------------------------------------------+ |Value |**disabled (default)* / enabled | +------------+-----------------------------------------------------------------+ * Fixed Setup Assistant - After acceptance of EULA, Demo License flow was not available * Fixed removal of Kerberos credential cache after session logoff. ### Firmware update * Implemented support for FTP over implicit TLS (port 990). ### Driver * Updated Grundig Dictation driver to version 0.12/21-12-21. - Fix crashes with newer Citrix clients - Add support to setup default speaker & microphone in Citrix & RDP session - Add support for Olympus DS-xxxx configuration - Various bug fixes ### X server * Fixed XC font service support. ### Audio * Fixed multimedia.disable_audio.pci registry key setting. Release Notes 11.06.230 (Based On 11.06.220) -------------------------------------------------------------------------------- New Features -------------------------------------------------------------------------------- ### Citrix * Integrated **Citrix Workspace app 21.12** Available Citrix Workspace Apps in this release: 21.12 (default), 21.11, and 20.10 * New Features: * The cursor color inverts based on the background color of a text +------------+-----------------------------------------------------------------+ |Parameter |`Support for cursor color inverting` | +------------+-----------------------------------------------------------------+ |Registry |`ica.wfclient.invertcursorenabled` | +------------+-----------------------------------------------------------------+ |Value |**False** (default)/ True | +------------+-----------------------------------------------------------------+ * Enhancement on smartcard support. +------------+-----------------------------------------------------------------+ |Parameter |`SmartCard driver` | +------------+-----------------------------------------------------------------+ |Registry |`ica.module.VirtualDriver.SmartCard.drivername` | +------------+-----------------------------------------------------------------+ |Value |**VDSCARD.DLL** (default)/ VDSCARDV2.DLL | +------------+-----------------------------------------------------------------+ * Note: VDSCARDV2.DLL supports the Plug and Play functionality for smart card reader * The PulseAudio library is used instead of ALSA to access multiple audio devices within a session (Experimental). +------------+-----------------------------------------------------------------+ |Parameter |`Multiple Audio Device support` | +------------+-----------------------------------------------------------------+ |Registry |`ica.module.audioredirectionv4` | +------------+-----------------------------------------------------------------+ |Value |**False** (default)/ True | +------------+-----------------------------------------------------------------+ * Note: The VdcamVersion4Support is renamed to AudioRedirectionV4, so registry key "ica.module.vdcamversion4support" is removed. * UDP audio through Citrix Gateway (Experimental). +------------+-----------------------------------------------------------------+ |Parameter |`UDP audio through Citrix Gateway` | +------------+-----------------------------------------------------------------+ |Registry |`ica.module.enableudpthroughgateway` | +------------+-----------------------------------------------------------------+ |Value |**False** (default)/ True | +------------+-----------------------------------------------------------------+ * Webcam redirection for 64-bit apps (Technical Preview) For 64bit webcam redirection the following parameters must be enabled. ica.wfclient.allowaudioinput = True (default) ica.wfclient.hdxh264inputenabled = True ### VMware Horizon * Updated Horizon Client to version 2111 8.4.0-18957622 ### Cisco Webex * Available Cisco WebEx Meetings VDIs in this release: 42.1.1.20 (default), 41.12.6.12, and 41.10.9.15 * Integrated **Cisco WebEx VDI 41.12.0.20899** Resolved Issues -------------------------------------------------------------------------------- ### Firefox * Removed superflous permission dialog before starting Horizon client or Citrix receiver from the browser. ### Network * Added a registry key for specifying a period in seconds to wait for Ethernet link settings. A value greater than 0 can be beneficial in the case where applying the link settings would interfere with 802.1X authentication. +------------+-----------------------------------------------------------------+ |Parameter |`Wait for Ethernet link configuration` | +------------+-----------------------------------------------------------------+ |Registry |`network.interfaces.ethernet.device%.wait_for_link_config` | +------------+-----------------------------------------------------------------+ |Type |integer | +------------+-----------------------------------------------------------------+ |Value |1 **Default** | +------------+-----------------------------------------------------------------+ ### Remote Management * Fixed evaluation of the exit status of a UMS generic job if the corresponding generic command is implemented as a systemd service. Release Notes 11.06.220 (Based On 11.06.210) -------------------------------------------------------------------------------- New Features -------------------------------------------------------------------------------- ### Citrix * Integrated **Citrix Workspace app 21.11** Available Citrix Workspace Apps in this release: 21.11 (default), 21.09, and 20.10 * For Browser Content Redirection the Chromium Embedded Framework is used by default now. Parameter ica.allregions.usecefbrowser was set to default value true. ### Cisco Webex * Updated WebEx VDI plugin to version 41.10.0.20213 ### zoomvdi * Integrated Zoom Plugin 5.8.4.21112 Available Zoom Plugins in this release: 5.8.4.21112(default), 5.8.0.36438, and 5.7.6.20822 ### Multimedia * Added libcam-tools to firmware. Resolved Issues -------------------------------------------------------------------------------- ### Citrix * Fixed, no useless "to" icon is created with the storefront session. * Fixed startup of Self-Service after reboot in some cases. * Added a parameter to control if the cache of Self-Service files is persistent over reboots: +------------+-----------------------------------------------------------------+ |Parameter |`Persistent cache of configuration and UI` | +------------+-----------------------------------------------------------------+ |Registry |`ica.selfservice.persistentcache` | +------------+-----------------------------------------------------------------+ |Value |**true** (default)/false | +------------+-----------------------------------------------------------------+ ### AVD * Added new parameter for avoiding incompatibilities between the AAD login and the QWebEngine we use. Enablement of˙ this new parameter is needed when AAD login hangs (likely showing a white screen after the username has been entered) +------------+-----------------------------------------------------------------+ |Registry |`sessions.wvd%.options.compact-login-view` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ ### WiFi * Fixed: Enabling wpa supplicant's background scan was broken (settings network.interfaces.wirelesslan.device0.bgscan.**) since the step to Network Manager 1.30.0 ### Smartcard * Fixed pcsc_scan and ATR_analysis tools and updated list of known smartcards. ### Base system * Fixed faulty suspend with locked screen. ### Audio * Fixed switch of Speaker / Headsets Release Notes 11.06.210 (Based On 11.06.150 / 11.06.200) -------------------------------------------------------------------------------- Security Fixes -------------------------------------------------------------------------------- ### Firefox * Updated Mozilla Firefox to 91.3.0esr * aka mfsa2021-49: CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, MOZ-2021-0008, CVE-2021-38508, CVE-2021-38509, MOZ-2021-0007. (MOZ-* pending CVE assignment) * aka mfsa2021-45: CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-32810, CVE-2021-38500, CVE-2021-38501. * aka mfsa2021-40: CVE-2021-38495. * aka mfsa2021-37: CVE-2021-29991. * aka mfsa2021-33: CVE-2021-29986, CVE-2021-29981, CVE-2021-29988, CVE-2021-29984, CVE-2021-29980, CVE-2021-29987, CVE-2021-29985, CVE-2021-29982, CVE-2021-29989, CVE-2021-29990. ### Chromium * Fixed Chromium browser security issues CVE-2021-37973, CVE-2021-37972, CVE-2021-37971, CVE-2021-37970, CVE-2021-37969, CVE-2021-37968, CVE-2021-37967, CVE-2021-37966, CVE-2021-37965, CVE-2021-37964, CVE-2021-37963, CVE-2021-37962, CVE-2021-37961, CVE-2021-37960, CVE-2021-37959, CVE-2021-37958, CVE-2021-37957, CVE-2021-37956, CVE-2021-30633, CVE-2021-30632, CVE-2021-30631, CVE-2021-30630, CVE-2021-30629, CVE-2021-30628, CVE-2021-30627, CVE-2021-30626, CVE-2021-30625, CVE-2021-30624, CVE-2021-30623, CVE-2021-30622, CVE-2021-30621, CVE-2021-30620, CVE-2021-30619, CVE-2021-30618, CVE-2021-30617, CVE-2021-30616, CVE-2021-30615, CVE-2021-30614, CVE-2021-30613, CVE-2021-30612, CVE-2021-30611, CVE-2021-30610, CVE-2021-30609, CVE-2021-30608, CVE-2021-30607, CVE-2021-30606, CVE-2021-30604, CVE-2021-30603, CVE-2021-30602, CVE-2021-30601, CVE-2021-30600, CVE-2021-30599, CVE-2021-30598, CVE-2021-30597, CVE-2021-30596, CVE-2021-30594, CVE-2021-30593, CVE-2021-30592, CVE-2021-30591, CVE-2021-30590, CVE-2021-30589, CVE-2021-30588, CVE-2021-30587, CVE-2021-30586, CVE-2021-30585, CVE-2021-30584, CVE-2021-30583, CVE-2021-30582, CVE-2021-30581, CVE-2021-30580, CVE-2021-30579, CVE-2021-30578, CVE-2021-30577, CVE-2021-30576, CVE-2021-30575, CVE-2021-30574, CVE-2021-30573, CVE-2021-30572, CVE-2021-30571, CVE-2021-30569, CVE-2021-30568, CVE-2021-30567, CVE-2021-30566, CVE-2021-30565, CVE-2021-37976, CVE-2021-37975, CVE-2021-37974, CVE-2021-37977, CVE-2021-37979, CVE-2021-37980, CVE-2021-37981, CVE-2021-37982, CVE-2021-37983, CVE-2021-37984, CVE-2021-37985, CVE-2021-37986, CVE-2021-37987, CVE-2021-37988, CVE-2021-37989, CVE-2021-37990, CVE-2021-37991, CVE-2021-37992, CVE-2021-37993, CVE-2021-37996, CVE-2021-37994, CVE-2021-37995, CVE-2021-38003, CVE-2021-38002, CVE-2021-38001, CVE-2021-38000, CVE-2021-37999, CVE-2021-37998 and CVE-2021-37997. New Features -------------------------------------------------------------------------------- ### Citrix * Updated Citrix Workspace app 2109 Available Citrix Workspace Apps in this release: 2109 (default), 2104, and 2010 * New features: * The user agent strings are added to the network traffic to make it easier to identify the origin of the request. . +------------+-----------------------------------------------------------------+ |Parameter |`Add custom user-agent string in network requests` | +------------+-----------------------------------------------------------------+ |Registry |`ica.authman.useragentsuffix` | +------------+-----------------------------------------------------------------+ |Value | [default empty string]* (default) [App/AppVersion] | | | [Edit custom string] | +------------+-----------------------------------------------------------------+ * Adaptive audio optimizes the audio settings, eliminating the need for manual configuration of audio quality on the VDA. +------------+-----------------------------------------------------------------+ |Parameter |`Adaptive Audio for better quality` | +------------+-----------------------------------------------------------------+ |Registry |`ica.module.EnableAdaptiveAudio` | +------------+-----------------------------------------------------------------+ |Value |**on** (default)/off | +------------+-----------------------------------------------------------------+ * In case of a connection problem, a message is displayed in the desktop session. +------------+-----------------------------------------------------------------+ |Parameter |`Shows Session Reliability Notification during the desktop session` | +------------+-----------------------------------------------------------------+ |Registry |`ica.module.srnotification` | +------------+-----------------------------------------------------------------+ |Value |**on** (default)/off | +------------+-----------------------------------------------------------------+ ### VMware Horizon * Updated Horizon Client to version 2106.1 ### Firefox * Updated Mozilla Firefox to version 91.3.0 ESR * Added a check at boot-time which triggers a reset of the firefox profile if the usage is reaching a certain threshhold level. This is to prevent a complete fill-up in which the browser would be not usable anymore. ### Chromium * Updated Chromium Browser to version 95.0.4638.69. * Added support for hardware accelerated video decoding. ### Power Term * Updated Ericom PowerTerm LTC to version 14.0.1.62267. This fixes special characters of Eastern European languages. * Removed legacy Ericom PowerTerm version 12.0.1.0.20170219.2-_dev_-34574 due to technical limitations. ### Parallels Client * Updated Parallels client to version 18.2 ### ThinLinc * Updated ThinLinc client to version 4.13.0 ### Smartcard * Updated Athena IDProtect smartcard library to version 7-20210902. This fixes smartcard logon using Horizon client and CRYPTAS TicTok v2 cards. * Updated Gemalto/Thales SafeNet libraries to version 10.8.28. * Added configuration parameters for options of PC/SC lite smartcard daemon which are needed in some cases: +------------+-----------------------------------------------------------------+ |Parameter |`Maximum number of threads` | +------------+-----------------------------------------------------------------+ |Registry |`scard.pcscd.max_thread` | +------------+-----------------------------------------------------------------+ |Value |**200** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |Parameter |`Maximum number of card handles per thread` | +------------+-----------------------------------------------------------------+ |Registry |`scard.pcscd.max_card_handle_per_thread` | +------------+-----------------------------------------------------------------+ |Value |**200** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |Parameter |`Maximum number of card handles per reader` | +------------+-----------------------------------------------------------------+ |Registry |`scard.pcscd.max_card_handle_per_reader` | +------------+-----------------------------------------------------------------+ |Value |**200** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |Parameter |`Keep card always powered on` | +------------+-----------------------------------------------------------------+ |Registry |`scard.pcscd.power_on` | +------------+-----------------------------------------------------------------+ |Value |**false** (default) | +------------+-----------------------------------------------------------------+ ### Cisco JVDI Client * Updated Cisco JVDI to version 14.0.2 ### Cisco Webex * Updated Cisco Webex Meetings VDI Clients to version 41.10.1.18. Available Cisco WebEx Meetings VDI clients in this release: 41.10.1.18 (default), 41.8.4.11, and 41.6.7.16 ### Base system * Add a prompt to accept the IGEL EULA for usage of IGEL Starter License. * Updated IGEL EULA. ### Window manager * The location of the notification pop-up window is now configurable. +------------+-----------------------------------------------------------------+ | Parameter | `Location of notifications` | +------------+-----------------------------------------------------------------+ | Registry | `windowmanager.wm%.variables.notifications.location` | +------------+-----------------------------------------------------------------+ | Range | [Top left][Bottom left][Top right][Bottom right][Center] | +------------+-----------------------------------------------------------------+ | Value | **Bottom right** | +------------+-----------------------------------------------------------------+ ### Shadowing/VNC * Added a parameter to adjust the position of the shadow indicator popup window. +------------+-----------------------------------------------------------------+ | IGEL Setup | System > Remote Access > Shadow | +============+=================================================================+ | Parameter |`Position of the indicator` | +------------+-----------------------------------------------------------------+ | Registry |`userinterface.vncserver.indicatorposition` | +------------+-----------------------------------------------------------------+ |Range | [Bottom left][ **Bottom right** ][Top left][Top right] | +------------+-----------------------------------------------------------------+ ### Zoom Media Plugin * Updated Zoom Plugin to version 5.8.0.36438 Available Zoom Plugins in this release: 5.8.0.36438(default), 5.7.6.20822, and 5.5.8.20606 ### Misc * Added representation of all systemd units - installed in the firmware. This is now part of the generel support information in UMS (via Support Wizard). ### TC Setup (Java) * Updated TC Setup to version 6.9.7. * Added display of Energy-Star Logo in Setup Tool for specific 3rd party devices and when requirements are fullfilled. * Added a center snapping feature in TCSetup Display page. ### Driver * Updated of Olympus driver for dictation to version 4.0.1. * Added driver for˙WiFi chipset MediaTek MT7921. Resolved Issues -------------------------------------------------------------------------------- ### VMware Horizon * Fixed Zoom VDI Media Plugin. ### Base system * Fixed sporadic firmware update issue, where not all partitions were updated and features not usable. In 11.06.200 a reboot was necessary to get the missing partitions - the 11.06.210 substitutes the withdrawn 11.06.200. ### Citrix * Fixed rarely occurring startup issue with Selfservice and Storefront. * The parameter **HDX Adaptive Transport over EDT** on the setup page Sessions -> Citrix -> Citrix Global -> Options has been removed. From now on, this value should be set by policy at Citrix server. * Added a workaround for Citrix client in order to correctly check the certificate validity period, independently of the local time zone. To enable the workaround, following registry key is needed: +------------+-----------------------------------------------------------------+ |Parameter |`Activate workaround for certificate validity check` | +------------+-----------------------------------------------------------------+ |Registry |`ica.workaround-cert-validity` | +------------+-----------------------------------------------------------------+ |Value |enabled/**disabled** (default) | +------------+-----------------------------------------------------------------+ ### VMware Horizon * Fixed omission of already mapped drives, which are created before the Horizon session is started. These drives are now usable in addition to the drives which are plugged during the runtime of the session. ### Chromium * Fixed set of multiple urls did not work properly for Chromium Browser Sessions ### Network * Improved behaviour of ethernet with 802.1X authentication under these conditions: network.interfaces.ethernet.device%.ieee8021x.secure_only=false and network.interfaces.ethernet.device%.insistence=true An authenticated and then an unauthenticated connection is tried not only on startup but also when a cable is plugged in late. * Fixed global no-proxy list getting effective via gconf2. This e.g. can help Citrix Workspace App using the right proxy configuration. * Fixed global no-proxy list: in certain cases entries were not getting effective. ### Open VPN * Added following new config parameter: +------------+-----------------------------------------------------------------+ | Registry | `sessions.openvpn%.vpnopts.extend_opts` | +------------+-----------------------------------------------------------------+ | Value | extend parameter as string | +------------+-----------------------------------------------------------------+ These parameters extend the arguments of the VPN command. Parameters that are already set in the GUI must not be used. Enter parameter starting with `--`. Example: `--ping 10 --ping-restart 120` ### Base system *˙Fixed suspend action when closing the laptop lid, this is now working properly again. * Fixed issue with losing all data on encrypted partitions on each reboot (happened only in rare and special cases). * Fixed issues with update/downgrade firmware and encryption key handling. * Fixed vanishing of custom partition and chromium/firefox partition in a very special up/downgrade cycle. * Fixed missing bluetooth tray icon after login. * Fixed missing audio tray icon after login. ### Conky * Fixed compositor parameter windowmanager.wm0.variables.usecompositing - is not forced off anymore, if opacity is set to 255 for conky. ### Window manager * Fixed an issue where some taskbar settings from the TCSetup did not trigger the supposed changes. ### VNC * Fixed keyboard mapping in shadowing sessions, especially with backslash, euro and (at) keys in French keyboard layout. Release Notes 11.06.150 (Based On 11.06.120) -------------------------------------------------------------------------------- New Features -------------------------------------------------------------------------------- ### Audio * Updated EPOS Connect to 7.0.0.19714. Resolved Issues -------------------------------------------------------------------------------- ### Remote Management * Fixed keepalive mechanism in rmagent. The mechanism must prevent premature closing connection by the UMS if a remote command takes a time period over 30 seconds. Release Notes 11.06.120 (Based On 11.06.100) -------------------------------------------------------------------------------- Security Fixes -------------------------------------------------------------------------------- ### Base system * Fixed vim security issues CVE-2021-3796 and CVE-2021-3778. * Fixed libgd2 security issues CVE-2021-40145, CVE-2021-38115 and CVE-2017-6363. * Fixed qtbase-opensource-src security issues CVE-2021-38593 and CVE-2020-17507. * Fixed curl security issues CVE-2021-22947, CVE-2021-22946, CVE-2021-22945, CVE-2021-22901, CVE-2021-22898 and CVE-2021-22897. * Fixed libxml2 security issues CVE-2021-3541, CVE-2021-3537, CVE-2021-3518, CVE-2021-3517 and CVE-2021-3516. * Fixed libslirp security issues CVE-2021-3595, CVE-2021-3594, CVE-2021-3593 and CVE-2021-3592. * Updated ca-certificates to version 20210119~20.04.2. * Fixed gst-plugins-good1.0 security issues CVE-2021-3498 and CVE-2021-3497. * Fixed krb5 security issues CVE-2021-37750, CVE-2021-36222 and CVE-2018-20217. * Fixed webkit2gtk security issue CVE-2021-30858. New Features -------------------------------------------------------------------------------- ### VMware Horizon * Added dynamically mounted shares are available in Horizon session as shared folders. ### WiFi * Updated wireless regdb to 2021-08-28 version. ### Imprivata * Removed registry key "imprivata.gain_permission". Since OneSign 6.3 is End-Of- Life by July 31 2021, permission is gained by default now. ### Base system * Added possibility to hide the mouse cursor. * Added new registry key: +------------+-----------------------------------------------------------------+ | Parameter | `Disable drawing of a mouse cursor.` | +------------+-----------------------------------------------------------------+ | Registry | `x.xserver%.nocursor` | +------------+-----------------------------------------------------------------+ | Type | bool | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ Resolved Issues -------------------------------------------------------------------------------- ### Citrix * With the CWA 2012 Citrix has revised the client drive mapping. Since then, the user can assign these rights in the session itself. This selection remains also over a reboot, the necessary file persistently on our system is stored. ### AVD * Fixed ezeep support for AVD. ### WiFi * Fixed issue with TP-Link AC600 not working on 5GHz (8821au driver). * Fixed support for WiFi devices using Realtek 8822bu driver. * Fixed Realtek 8852AE Wi-Fi/BT module support for HP t540/t640 (rtw89 driver). ### Base system * Updated libssh2 to 1.10 version to fix possible problems with windows SSH servers. * Fixed unwanted automount of inital settings partition on devices with MMC storage. * Fixed sporadic failures while custom partition initialisation. * Fixed issues with Renesas based USB devices. * Fixed sporadic settings loss while upgrading from IGEL OS 11.05 to 11.06. * Fixed issues with Device Encryption while resetting to Factory Defaults. ### IgelDesktop * Fixed single touch on desktop icon, configurable at IGEL Setup > User Interface > Desktop > "Single click mode". ### Window manager * Fixed taskbar was displayed incorrectly in some special configuration cases. ### Audio * Added Parameter for pulseaudio for switching headset microphone suspend mode on/off: +------------+-----------------------------------------------------------------+ | Parameter | `Disable pci/isa suspend on idle` | +------------+-----------------------------------------------------------------+ | Registry | `multimedia.pulseaudio.daemon.disable-pci-suspend` | +------------+-----------------------------------------------------------------+ | Range | [auto] [on] [off] | +------------+-----------------------------------------------------------------+ | Value | **auto** | +------------+-----------------------------------------------------------------+ ### Remote Management * Fixed opening communication ports in rmagent - now all network ports use IPv4 only. * Changed applying of remote settings received during boot - the settings are synced with the current local settings at the end of the boot process. If these changes require a system interaction to be applied (like restart of some services) then the user is asked about applying. The dialog is optional and quits after a timeout. This bugfix solves the problem, that the "Apply changes" dialog is shown on every boot. ### IGEL Cloud Gateway * Fixed exchange of the ICG certificate chain. --- Release Notes 11.06.100 -------------------------------------------------------------------------------- Security Fixes -------------------------------------------------------------------------------- ### Firefox * Updated Mozilla Firefox to 78.12.0esr * aka mfsa2021-29: CVE-2021-29970: Use-after-free in accessibility features of a document CVE-2021-30547: Out of bounds write in ANGLE CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 Details see: https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/ * aka mfsa2021-24: CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message CVE-2021-29967: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 Details see: https://www.mozilla.org/en-US/security/advisories/mfsa2021-24/ * aka mfsa2021-15: CVE-2021-29951: Mozilla Maintenance Service could have been started or stopped by domain users CVE-2021-23994: Out of bound write due to lazy initialization CVE-2021-23995: Use-after-free in Responsive Design Mode CVE-2021-23998: Secure Lock icon could have been spoofed CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage CVE-2021-23999: Blob URLs may have been granted additional privileges CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads CVE-2021-29946: Port blocking could be bypassed Details see: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/ ### Network * Sensitive SCEP settings cannot be accessed by the non-root user anymore. ### Base system * Fixed chromium-browser security issues CVE-2021-21157, CVE-2021-21156, CVE-2021-21155, CVE-2021-21154, CVE-2021-21153, CVE-2021-21152, CVE-2021-21151, CVE-2021-21150, CVE-2021-21149, CVE-2021-21190, CVE-2021-21189, CVE-2021-21188, CVE-2021-21187, CVE-2021-21186, CVE-2021-21185, CVE-2021-21184, CVE-2021-21183, CVE-2021-21182, CVE-2021-21181, CVE-2021-21180, CVE-2021-21179, CVE-2021-21178, CVE-2021-21177, CVE-2021-21176, CVE-2021-21175, CVE-2021-21174, CVE-2021-21173, CVE-2021-21172, CVE-2021-21171, CVE-2021-21170, CVE-2021-21169, CVE-2021-21168, CVE-2021-21167, CVE-2021-21166, CVE-2021-21165, CVE-2021-21164, CVE-2021-21163, CVE-2021-21162, CVE-2021-21161, CVE-2021-21160, CVE-2021-21159, CVE-2020-27844, CVE-2021-21193, CVE-2021-21192, CVE-2021-21191, CVE-2021-21199, CVE-2021-21198, CVE-2021-21197, CVE-2021-21196, CVE-2021-21195, CVE-2021-21194, CVE-2021-21220, CVE-2021-21206, CVE-2021-21221, CVE-2021-21219, CVE-2021-21218, CVE-2021-21217, CVE-2021-21216, CVE-2021-21215, CVE-2021-21214, CVE-2021-21213, CVE-2021-21212, CVE-2021-21211, CVE-2021-21210, CVE-2021-21209, CVE-2021-21208, CVE-2021-21207, CVE-2021-21205, CVE-2021-21204, CVE-2021-21203, CVE-2021-21202, CVE-2021-21201, CVE-2021-21226, CVE-2021-21225, CVE-2021-21224, CVE-2021-21223, CVE-2021-21222, CVE-2021-21233, CVE-2021-21232, CVE-2021-21231, CVE-2021-21230, CVE-2021-21229, CVE-2021-21228, CVE-2021-21227, CVE-2021-30520, CVE-2021-30519, CVE-2021-30518, CVE-2021-30517, CVE-2021-30516, CVE-2021-30515, CVE-2021-30514, CVE-2021-30513, CVE-2021-30512, CVE-2021-30511, CVE-2021-30510, CVE-2021-30509, CVE-2021-30508, CVE-2021-30507, CVE-2021-30506, CVE-2021-30521, CVE-2021-30522, CVE-2021-30523, CVE-2021-30524, CVE-2021-30525, CVE-2021-30526, CVE-2021-30527, CVE-2021-30528, CVE-2021-30529, CVE-2021-30530, CVE-2021-30531, CVE-2021-30532, CVE-2021-30533, CVE-2021-30534, CVE-2021-30535, CVE-2021-21212, CVE-2021-30536, CVE-2021-30537, CVE-2021-30538, CVE-2021-30539, CVE-2021-30540, CVE-2021-30544, CVE-2021-30545, CVE-2021-30546, CVE-2021-30547, CVE-2021-30548, CVE-2021-30549, CVE-2021-30550, CVE-2021-30551, CVE-2021-30552, CVE-2021-30553, CVE-2021-30554, CVE-2021-30555, CVE-2021-30556 and CVE-2021-30557. * Fixed mysql-5.7 security issues CVE-2021-2060, CVE-2021-2032, CVE-2021-2022, CVE-2021-2014, CVE-2021-2011, CVE-2021-2010, CVE-2021-2307, CVE-2021-2226, CVE-2021-2194, CVE-2021-2180, CVE-2021-2179, CVE-2021-2171, CVE-2021-2169, CVE-2021-2166, CVE-2021-2162, CVE-2021-2154, CVE-2021-2146, CVE-2021-2390, CVE-2021-2389, CVE-2021-2385, CVE-2021-2372 and CVE-2021-2342. * Fixed wpa security issue CVE-2021-0326. * Fixed openldap security issues CVE-2020-36230, CVE-2020-36229, CVE-2020-36228, CVE-2020-36227, CVE-2020-36226, CVE-2020-36225, CVE-2020-36224, CVE-2020-36223, CVE-2020-36222 and CVE-2020-36221. * Fixed qemu security issues CVE-2021-20221, CVE-2021-20181, CVE-2020-35517, CVE-2021-3416, CVE-2021-20263, CVE-2021-20257, CVE-2021-3409, CVE-2021-3392, CVE-2020-25085 and CVE-2020-17380. * Fixed zulu8 security issues CVE-2020-14779, CVE-2020-14781, CVE-2020-14782, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14798, CVE-2020-14803, CVE-2021-2161, CVE-2021-2163, CVE-2021-2388, CVE-2021-2369 and CVE-2021-2341. * Fixed bind9 security issues CVE-2020-8625, CVE-2021-25216, CVE-2021-25215 and CVE-2021-25214. * Fixed openssl1.0 security issues CVE-2021-23841 and CVE-2021-23840. * Fixed openssl security issues CVE-2021-23841, CVE-2021-23840 and CVE-2021-3449. * Fixed openldap security issue CVE-2021-27212. * Fixed xterm security issue CVE-2021-27135. * Fixed aspell security issue CVE-2019-25051. * Fixed nvidia-graphics-drivers-460 security issues CVE-2021-1052, CVE-2021-1053, CVE-2021-1076 and CVE-2021-1077. * Fixed python3.6 security issues CVE-2021-3177 and CVE-2020-27619. * Fixed tiff security issues CVE-2020-35524 and CVE-2020-35523. * Fixed grub2 security issues CVE-2020-14372, CVE-2020-27779, CVE-2020-25632, CVE-2020-25647, CVE-2021-20225, CVE-2021-20233 and CVE-2020-27749. * Fixed python2.7 security issue CVE-2021-3177. * Fixed glib2.0 security issues CVE-2021-27219, CVE-2021-27218, CVE-2021-2721 and CVE-2021-28153. * Fixed pillow security issues CVE-2021-27923, CVE-2021-27922, CVE-2021-27921, CVE-2021-2792, CVE-2021-25293, CVE-2021-25292, CVE-2021-25290, CVE-2021-28678, CVE-2021-28677, CVE-2021-28676, CVE-2021-28675, CVE-2021-25288 and CVE-2021-25287. * Fixed libjpeg-turbo security issue CVE-2021-0384. * Fixed spice security issue CVE-2021-20201. * Fixed openssh security issue CVE-2021-28041. * Fixed ldb security issues CVE-2021-20277 and CVE-2020-27840. * Fixed lxml security issue CVE-2021-28957. * Fixed openjpeg2 security issues CVE-2018-5727, CVE-2018-21010 and CVE-2018-20847. * Fixed unzip security issue CVE-2019-13232. * Fixed curl security issues CVE-2021-22890 and CVE-2021-22876. * Fixed xorg-server security issue CVE-2021-3472. * Fixed nettle security issues CVE-2021-20305, CVE-2021-3580 and CVE-2018-16869. * Fixed underscore security issue CVE-2021-23358. * Fixed network-manager security issue CVE-2021-20297. * Fixed libcaca security issue CVE-2021-3410. * Fixed gst-plugins-good1.0 security issues CVE-2021-3498 and CVE-2021-3497. * Fixed webkit2gtk security issues CVE-2021-1871, CVE-2021-1844, CVE-2021-1788, CVE-2021-30799, CVE-2021-30797, CVE-2021-30795, CVE-2021-30762, CVE-2021-30761, CVE-2021-30758, CVE-2021-30749, CVE-2021-30744, CVE-2021-30734, CVE-2021-30720, CVE-2021-30689, CVE-2021-30682, CVE-2021-30666, CVE-2021-30665, CVE-2021-30663, CVE-2021-30661, CVE-2021-21806, CVE-2021-21779, CVE-2021-21775, CVE-2021-1826, CVE-2021-1825, CVE-2021-1820 and CVE-2021-1817. * Fixed samba security issue CVE-2021-20254. * Fixed openvpn security issue CVE-2020-15078. * Fixed libxml2 security issues CVE-2021-3537, CVE-2021-3518, CVE-2021-3517 and CVE-2021-3516. * Fixed djvulibre security issues CVE-2021-3500, CVE-2021-32493, CVE-2021-32492, CVE-2021-32491, CVE-2021-32490 and CVE-2021-3630. * Fixed libx11 security issue CVE-2021-31535. * Fixed avahi security issue CVE-2021-3468. * Fixed qpdf security issues CVE-2021-36978 and CVE-2018-18020. * Fixed ffmpeg security issues CVE-2020-22033, CVE-2020-22021, CVE-2020-22019, CVE-2020-22015 and CVE-2020-21041. * Fixed systemd security issues CVE-2021-33910 and CVE-2020-13529. * Fixed openssl security issues CVE-2021-3712 and CVE-2021-3711. * Update of ntfs-3g to solve some security issues. ### Audio * Fixed libsndfile security issue CVE-2021-3246. ### Remote Management * Added timeout for Secure VNC and Secure Terminal connections, by default the timeout is 180 seconds. The timeout can be changed by the environment variable IGEL_TLS_TUNNEL_TIMEOUT (in seconds, 0 for infinite). * Fixed a possible privilege escalation while sending user logoff event to the UMS. ### VNC * Fixed a Secure Terminal and Secure VNC Shadowing remote code execution vulnerability. ### Java * Updated Zulu-8 JRE to version 8u292. New Features -------------------------------------------------------------------------------- ### Citrix * Added Citrix Workspace App 2106 Available Citrix Workspace Apps in this release: 2106 (default), 2104, and 2010 * New registry keys: * The battery status of the device (notebooks/mobile devices) is now shown within notification area of Citrix Windows Desktop session. +------------+-----------------------------------------------------------------+ |Parameter |`*Battery status indicator*` | +------------+-----------------------------------------------------------------+ |Registry |`ica.module.virtualdriver.mobilereceiver.enable` | +------------+-----------------------------------------------------------------+ |Type |bool | +------------+-----------------------------------------------------------------+ |Value |**enabled** (default)/ disabled | +------------+-----------------------------------------------------------------+ * Added registry key for enabling screen pinning or multi-monitor support with native Workspace app. +------------+-----------------------------------------------------------------+ |Parameter |`Enhanced experience for Multi-monitor scenario` | +------------+-----------------------------------------------------------------+ |Registry |`ica.authman.screenpinenabled` | +------------+-----------------------------------------------------------------+ |Value |**on** (default)/off | +------------+-----------------------------------------------------------------+ * Added registry key to enable DNS cache. +------------+-----------------------------------------------------------------+ |Parameter |`Enable DNS Cache` | +------------+-----------------------------------------------------------------+ |Registry |`ica.authman.dnscacheenabled` | +------------+-----------------------------------------------------------------+ |Value |**off** (default)/on | +------------+-----------------------------------------------------------------+ * Implemented "Synchronize Citrix password with screensaver" for SelfService. Parameter for StoreFront was (re-) used for that purpose * Updated Citrix HDX RTME 2.9.400 * Updated Grundig Dictation driver to version 20-09-16. * Added passthrough authentication for Citrix SelfService. Activate via parameter: +------------+-----------------------------------------------------------------+ |Setup |`Sessions>Citrix>Citrix Global>StoreFront Login` | +------------+-----------------------------------------------------------------+ |Parameter |`Use passthrough authentication` | +------------+-----------------------------------------------------------------+ |Registry |`sessions.pnlogin0.settings.passthrough` | +------------+-----------------------------------------------------------------+ |Value |**false** (default) / true | +------------+-----------------------------------------------------------------+ * Added: All parameters of the Citrix setlog program are now available in IGEL setup via ica.logging.setlog. Logging can be set permanent now. Optimized structure of parameters for showing the inheritance more clearly. * Added automatic configuration of the Citrix webcam redirection in ICA sessions. +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > Citrix > Citrix Global > HDX Multimedia | +------------+-----------------------------------------------------------------+ |Parameter |`Automatic HDX webcam configuration` | +------------+-----------------------------------------------------------------+ | Registry | `ica.igel_hdxwebcam.enabled` | +------------+-----------------------------------------------------------------+ | Value | disabled / **enabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |Parameter |`Resolution grade` | +------------+-----------------------------------------------------------------+ | Registry | `ica.igel_hdxwebcam.quality` | +------------+-----------------------------------------------------------------+ | Range | [Very low][Low][**Normal**(default)] [High][Very high][Best] | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |Parameter |`Minimal frame rate` | +------------+-----------------------------------------------------------------+ | Registry | `ica.igel_hdxwebcam.framerate` | +------------+-----------------------------------------------------------------+ | Value | 15 | +------------+-----------------------------------------------------------------+ * Added configuration for h.264 encoding in the Citrix webcam redirection +------------+-----------------------------------------------------------------+ |Parameter |`HDX Webcam H264 encoding` | +------------+-----------------------------------------------------------------+ | Registry | `ica.wfclient.hdxh264inputenabled` | +------------+-----------------------------------------------------------------+ | Value | **disabled** (default) / enabled | +------------+-----------------------------------------------------------------+ * Added configuration for native h.264 encoding provided by webcam, for usage via the Citrix webcam redirection. This parameter requires the ica.wfclient.hdxh264inputenabled set to true. +------------+-----------------------------------------------------------------+ |Parameter |`HDX Webcam H264 native` | +------------+-----------------------------------------------------------------+ | Registry | `ica.wfclient.hdxh264enablenative` | +------------+-----------------------------------------------------------------+ | Value | **disabled** (default) / enabled | +------------+-----------------------------------------------------------------+ ### OSC Installer * Enhanced OSC Installer for creation of 'Factory preload images (master images)' * Added possibility to add initial settings to OSC Installer ISO. * Added support for 'Reset after first boot' for OSC Factory Image function. Further information / details via https://kb.igel.com/igelos-11.05/en/installation-42011487.html ### RDP/IGEL RDP Client 2 *˙ Added multitouch support for RDP Sessions. +------------+-----------------------------------------------------------------+ | Registry | `sessions.winconnect%.option.enable-multitouch` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Added parameter to enable serverside audio for RDP sessions +------------+-----------------------------------------------------------------+ |Registry |`sessions.winconnect%.option.enable-serverside-audio` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled**˙(default) | +------------+-----------------------------------------------------------------+ * Added option to enable/disable automatic reconnect for RDP session. +------------+-----------------------------------------------------------------+ | Registry | `sessions.winconnect%.option.enable-reconnect` | +------------+-----------------------------------------------------------------+ | Type | bool | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ ### RD Web Access * Added option to enable/disable automatic reconnect for RD Web Access Apps. +------------+-----------------------------------------------------------------+ |Registry |`rdp.rd_web_access.enable-reconnect` | +------------+-----------------------------------------------------------------+ |Type |bool | +------------+-----------------------------------------------------------------+ |Value |**enabled** (default) / disabled\ | +------------+-----------------------------------------------------------------+ ### AVD / WVD * Renamed WVD (Windows Virtual Desktop) to AVD (Azure Virtual Desktop) * Added timezone redirection support. * Added AVD printer redirection support. +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > AVD > AVD Sessions > AVD Session > Printing > CUPS Printer Redirection | +------------+-----------------------------------------------------------------+ | Parameter |`CUPS printer redirection` | +------------+-----------------------------------------------------------------+ | Registry | `sessions.wvd%.printing.cups` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Devices > Printer > CUPS > Printers > Add Printer > Mapping in sessions | +------------+-----------------------------------------------------------------+ | Parameter |`Map printer in AVD sessions` | +------------+-----------------------------------------------------------------+ | Registry | `print.cups.printer%.map_wvd` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Devices > Printer > CUPS > Printers > Add Printer > Mapping in sessions | +------------+-----------------------------------------------------------------+ | Parameter |`Printer driver` | +------------+-----------------------------------------------------------------+ | Registry | `print.cups.printer%.wvd_printer_driver` | +------------+-----------------------------------------------------------------+ * The default windows driver name is "Microsoft PS Class Driver" which is installed by default and should work in general. For usage of a custom printer driver, the exact printer name must be set and corresponding driver must be installed on AVD (server-)side. ### RD Web Access * Added option to save username and domain for RD WebAccess login. In legacy mode, RD Web Access login uses the settings from Sessions -> RDP -> RDP Global -> Local Logon. +------------+-----------------------------------------------------------------+ |IGEL Setup |Sessions -> RDP -> Remote Desktop Web Access -> Authentication | +------------+-----------------------------------------------------------------+ |Parameter |`Save username and domain from last login` | +------------+-----------------------------------------------------------------+ |Registry |`rdp.rd_web_access.options.save_user_and_domain` | +------------+-----------------------------------------------------------------+ |Type |string | +------------+-----------------------------------------------------------------+ |Value | [Legacy]**(default)[Yes][No] | +------------+-----------------------------------------------------------------+ ### UD Pocket * Added official support for `Secured Kobra Stick´ from Digittrade. ### VMware Horizon * Allow wildcard symbol in Horizon client USB redirection rules: Product ID can contain asterisks (**) - * represents one hexadecimal digit. Product ID can be left empty which is equivalent to **** - for any Product ID. * Added param to enable MS Teams support. Changed default of html5 multimedia redirection to enabled. +------------+-----------------------------------------------------------------+ |IGEL Setup |Sessions > Horizon Client > Horizon Client Global > Unified Communications > VDI Solutions | +------------+-----------------------------------------------------------------+ | Parameter | `HTML5 multimedia redirection` | +------------+-----------------------------------------------------------------+ | Registry | `vmware.view.html5mmr` | +------------+-----------------------------------------------------------------+ | Type | bool | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Sessions > Horizon Client > Horizon Client Global > Unified Communications > VDI Solutions | +------------+-----------------------------------------------------------------+ | Parameter | `Microsoft Teams optimization` | +------------+-----------------------------------------------------------------+ | Registry | `vmware.view.vdwebrtc.enable` | +------------+-----------------------------------------------------------------+ | Type | bool | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ * Added entry in IGEL Setup regarding Unified Communication: In Sessions > Horizon Client > Horizon Client Global > Unified Communications > Cisco for enabling VDI support for Cisco Webex Meetings and in Sessions > Horizon Client > Horizon Client Global > Unified Communications > VDI Solutions for enabling Zoom VDI Media Plugin. ### Parallels Client * Updated Parallels client to version 18.1.0 ### IBM_5250 * Updated IBM iAccess Client Solutions to version 1.1.8.6. ### NX client * Updated NoMachine client to version 7.1.3 ### Amazon WorkSpaces Client * Updated AWSC to 3.1.9 ### Chromium * Updated Chromium browser to version 91.0.4472.164 * Added "Block third party cookies" as parameter in the registry. * Added h.264 and AAC A/V playback support. A/V playback support is only possible either in Chromium or in Firefox Browser depending on these conditions: 1. If Chromium feature is disabled, codecs are used in Firefox. 2. If Firefox feature is disabled, codecs are used in Chromium. 3. Number of sessions of each browser type are compared, codecs are used for browser with more sessions. 4. Usage of codecs as configured via set of "default" browser, by registry key 'system.default_apps.browser'. * Added "Default web browser" configuration +------------+-----------------------------------------------------------------+ |IGEL Setup |Sessions > Chromium Browser > Chromium Browser Global | |IGEL Setup |Sessions > Firefox Browser > Firefox Browser Global | +============+=================================================================+ |Parameter |`Default web browser` | +------------+-----------------------------------------------------------------+ |Registry |`system.default_apps.browser` | +------------+-----------------------------------------------------------------+ |Type |string | +------------+-----------------------------------------------------------------+ |Value |**Firefox Browser** (default) | +------------+-----------------------------------------------------------------+ * Added new configuration: +------------+-----------------------------------------------------------------+ |IGEL Setup |Sessions > Chromium Browser > Chromium Browser Global > Security | +============+=================================================================+ |Parameter |`Download allowlist` | +------------+-----------------------------------------------------------------+ |Registry |`chromiumglobal.app.mimetype_forced_download` | +------------+-----------------------------------------------------------------+ |Type |string | +------------+-----------------------------------------------------------------+ |Value |**application/x-ica; application/x-rdp; application/smil; application/nxs; application/x-java-jnlp-file; application/x-2xa; application/x-sapshortcut; application/x-virt-viewer; image/tiff** (default) | +------------+-----------------------------------------------------------------+ |IGEL Setup |Sessions > Chromium Browser > Chromium Browser Global > Security | +------------+-----------------------------------------------------------------+ |Parameter |`Open file types automatically after downloading` | +------------+-----------------------------------------------------------------+ |Registry |`chromiumglobal.app.mimetype_forced_open` | +------------+-----------------------------------------------------------------+ |Type |string | +------------+-----------------------------------------------------------------+ |Value |**ica; rpd; smi; smil; nxs; jnlp; vv; tif; tiff** (default) | +------------+-----------------------------------------------------------------+ |Parameter |`File Access` | +------------+-----------------------------------------------------------------+ |Registry |`chromiumglobal.app.file_access_enabled` | +------------+-----------------------------------------------------------------+ |Type |bool | +------------+-----------------------------------------------------------------+ |Value |**False** (default) | +------------+-----------------------------------------------------------------+ * Removed redundant "Incognito mode" as it has been repaced by "Allow incognito mode" * Renamed "Enable phishing and malware protection" to "Safe Browsing" +------------+-----------------------------------------------------------------+ |IGEL Setup |Sessions > Chromium Browser > Chromium Browser Global > Security | +============+=================================================================+ |Parameter |`Safe Browsing` | +------------+-----------------------------------------------------------------+ |Registry |`chromiumglobal.app.safebrowsing_enabled` | +------------+-----------------------------------------------------------------+ |Type |bool | +------------+-----------------------------------------------------------------+ |Value |**False** (default) | +------------+-----------------------------------------------------------------+ * Added the possibility to clean the profile partition when Chromium Browser is not used ### Firefox * Added "Default web browser" to "Firefox Browser Global" +------------+-----------------------------------------------------------------+ |IGEL Setup |Sessions > Firefox Browser > Firefox Browser Global | |IGEL Setup |Sessions > Chromium Browser > Chromium Browser Global | +============+=================================================================+ |Parameter |`Default web browser` | +------------+-----------------------------------------------------------------+ |Registry |`system.default_apps.browser` | +------------+-----------------------------------------------------------------+ |Type |string | +------------+-----------------------------------------------------------------+ |Value |**Firefox Browser** (default) | +------------+-----------------------------------------------------------------+ * Moved "Hide local file system" from "Window" to "Security" +------------+-----------------------------------------------------------------+ |IGEL Setup |Sessions > Firefox Browser > Firefox Browser Global > Security | +============+=================================================================+ |Parameter |`Hide local file system` | +------------+-----------------------------------------------------------------+ |Registry |`browserglobal.app.filepicker_dialog_hidden` | +------------+-----------------------------------------------------------------+ |Type |bool | +------------+-----------------------------------------------------------------+ |Value |**True** (default) | +------------+-----------------------------------------------------------------+ ### Network * Changed names of Ethernet and WiFi interfaces. Apart from some symbolic occurrences "eth0", "eth1", and "wlan0" have been replaced by so-called predictable network interface names. Improved reliability of associating configurations with interfaces. More than two Ethernet interfaces can be configured by creating further instances of network.interfaces.ethernet.device%. The following registry key may be used to explicitly assign a configuration instance to an interface: +------------+-----------------------------------------------------------------+ | Parameter | `Fixed interface` | +------------+-----------------------------------------------------------------+ | Registry | `network.interfaces.ethernet.device%.ifname` | +------------+-----------------------------------------------------------------+ | Type | string | +------------+-----------------------------------------------------------------+ | Value | empty **Default** | +------------+-----------------------------------------------------------------+ * Added r8152 thirdparty network driver * Added new registry key to enable use of r8152 thirdparty driver: +------------+-----------------------------------------------------------------+ | Parameter | `Use thirdparty r8152 kernel module.` | +------------+-----------------------------------------------------------------+ | Registry | `network.drivers.r8152.prefer_thirdparty` | +------------+-----------------------------------------------------------------+ | Range | [Auto][Yes][No] | +------------+-----------------------------------------------------------------+ | Value | **Auto** | +------------+-----------------------------------------------------------------+ * In the tcpdump configuration eth0, eth1, and wlan0 are treated as symbolic names. These remain functional even if the true interface names are different. * "urfkill" tool has been removed from firmware. * Following scripts provided by "urfkill" tool are not available anymore: * /usr/share/urfkill/scripts/block /usr/share/urfkill/scripts/flight-mode * In case of using above mentioned commands via custom scripts. For turn radio devices on/off, usage of 'rfkill' tool may be needed to enable custom script. rfkill \ \ rfkill \ all * Added registry key for specifying the anonymous identity in authentication methods. +------------+-----------------------------------------------------------------+ | Parameter | `Anonymous Identity` | +============+=================================================================+ | Registry | `network.interfaces.ethernet.device%.ieee8021x.anonymous_identity` | +------------+-----------------------------------------------------------------+ | Type | string | +------------+-----------------------------------------------------------------+ | Value | empty **Default** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter |`Anonymous Identity` | +============+=================================================================+ | Registry | `network.interfaces.wirelesslan.device0.wpa.anonymous_identity` | +------------+-----------------------------------------------------------------+ | Type | string | +------------+-----------------------------------------------------------------+ | Value | empty **Default** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Anonymous Identity` | +============+=================================================================+ | Registry | `network.interfaces.wirelesslan.device0.alt_ssid%.wpa.anonymous_identity` | +------------+-----------------------------------------------------------------+ | Type | string | +------------+-----------------------------------------------------------------+ | Value | empty **Default** | +------------+-----------------------------------------------------------------+ * Added support for EAP FAST with inner method MSCHAPV2. PAC files are stored persistently in /wfs/eap_fast_pacs/. File names can be determined with the script /bin/gen_pac_filename.sh. In internal tests with hostapd, it was necessary to disable TLS1.2 (registry key phase1_direct: tls_disable_tlsv1_2=1). The following registry keys have been added and "FAST" has been added to the range of the corresponding eap_type registry keys: +------------+-----------------------------------------------------------------+ | Parameter | `Automatic PAC Provisioning` | +============+=================================================================+ | Registry | `network.interfaces.ethernet.device%.ieee8021x.pac_provisioning` | +------------+-----------------------------------------------------------------+ | Range | [disabled][unauthenticated][authenticated][unrestricted] | +------------+-----------------------------------------------------------------+ | Value | **unrestricted** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Automatic PAC Provisioning` | +============+=================================================================+ | Registry | `network.interfaces.wirelesslan.device0.wpa.pac_provisioning` | +------------+-----------------------------------------------------------------+ | Range | [disabled][unauthenticated][authenticated][unrestricted] | +------------+-----------------------------------------------------------------+ | Value | **unrestricted** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Automatic PAC Provisioning` | +============+=================================================================+ | Registry | `network.interfaces.wirelesslan.device0.alt_ssid%.wpa.pac_provisioning` | +------------+-----------------------------------------------------------------+ | Range | [disabled][unauthenticated][authenticated][unrestricted] | +------------+-----------------------------------------------------------------+ | Value | **unrestricted** | +------------+-----------------------------------------------------------------+ * Added Realtek RTL8125 2.5Gigabit Ethernet driver. ### WiFi * Added new feature WiFi automatic switch on/off. The following registry key have been added: +------------+-----------------------------------------------------------------+ |Parameter |`Enable Wi-Fi automatic switch` | +============+=================================================================+ |Registry |`network.applet.wireless.enable_wifi_auto_switch` | +------------+-----------------------------------------------------------------+ |Type |bool | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Enabling this feature in combination with the following registry key will add a menu to WiFi manager applet which enables the user to switch WiFi on, off or select the automatic mode. +------------+-----------------------------------------------------------------+ |Parameter |`Enable Wi-Fi switch` | +============+=================================================================+ |Registry |`network.applet.wireless.enable_wifi_switch` | +------------+-----------------------------------------------------------------+ |Type |bool | +------------+-----------------------------------------------------------------+ |Value |**enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ * When automatic mode is selected, WiFi will automatically switch to off, if a LAN connection is available - or switch to on, if LAN connection get disconnected. * If "**Enable Wi-Fi switch**" is **disabled** and "**Enable Wi-Fi automatic switch**" is **enabled**, WiFi automatic switch functionality will work in background and user cannot see the menu entry in WiFi manager applet for changing the WiFi mode. * NOTE: Any workaround for switching WiFi on/off automatically using custom scripts should be eliminated. * Added support for Realtek RTW8852AE WiFi device. ### AppliDis * Integrated Systancia AppliDis 6.0.0-4 ### Imprivata * Added registry key to overcome the window overlap that complicates the use of the local Setup or hotkeyed applications like the display switch. +------------+-----------------------------------------------------------------+ | IGEL Setup | Registry | +============+=================================================================+ | Registry | `imprivata.avoid_focus_ownership` | +------------+-----------------------------------------------------------------+ | Type | bool | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Added parameter to ignore the VMware protocol selection done by the appliance, local selection. +------------+-----------------------------------------------------------------+ |Parameter |`Ignore the demanded VMWare protocol` | +------------+-----------------------------------------------------------------+ |Registry |`imprivata.ignore_horizon_protocol` | +------------+-----------------------------------------------------------------+ |Default Value|`false` | +------------+-----------------------------------------------------------------+ |Remark |`Registry Only` | +------------+-----------------------------------------------------------------+ ### Smartcard * Added support for certgate AirID Bluetooth smartcard reader. Enable with Registry parameter scard.pcscd.certgate.airid_enable. In addtion Bluetooth must be enabled, in Setup via Devices>Bluetooth. +------------+-----------------------------------------------------------------+ | Parameter | `certgate AirID driver for Bluetooth smart card readers` | +------------+-----------------------------------------------------------------+ | Registry | `scard.pcscd.certgate.airid_enable` | +------------+-----------------------------------------------------------------+ | Value | **disabled** (default) / enabled | +------------+-----------------------------------------------------------------+ * Added smartcard reader driver for 'Kobra stick' from Digittrade. ### Cisco Webex * Added version selection for Cisco Webex Meetings VDI plugins Available Cisco Webex Meetings VDI plugins in this release: 41.8.4.11 (default), 41.7.8.5 and 41.6.7.16 * Added a registry key for enabling the "active version" of Cisco Webex Meetings client. +------------+-----------------------------------------------------------------+ |IGEL Setup |Sessions > Unified Communications > Cisco WebEx Meetings VDI Selection | +------------+-----------------------------------------------------------------+ |Parameter |`Cisco webex Meetings client version` | +------------+-----------------------------------------------------------------+ |Registry |`multimedia.ciscomeetings.activeversion` | +------------+-----------------------------------------------------------------+ |Value |**41.8.4.11**˙(default), 41.7.8.5 and 41.6.7.16 | +------------+-----------------------------------------------------------------+ * Note: Webex meetings plugin and application version must match. Otherwise, it may fail to launch Webex VDI optimized meeting. With the integration of this selection, the necessary partition size was increased. * Updated Cisco Webex VDI to version 41.8.0.19732 ### Cisco JVDI Client * Updated Cisco JVDI to version 14.0.1 ### Base system * Updated IGEL EULA to version April 2021. * Removed permission to start mousepad editor for non-root users. * Added new registry key to toggle the executable rights via parameter: +------------+-----------------------------------------------------------------+ | Parameter | `Permission to start text editor` | +------------+-----------------------------------------------------------------+ | Registry | `system.security.texteditorpermission` | +------------+-----------------------------------------------------------------+ | Type | bool | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Updated kernel to version 5.12.x * Added compressed filesystem for Firefox and Chromium profile partitions. * Added IGEL Device Encryption Feature Following registry keys were be added: +------------+-----------------------------------------------------------------+ | Parameter | `Minimum password length` | +------------+-----------------------------------------------------------------+ | Registry | `system.deviceencryption.pwpolicy.minlen` | +------------+-----------------------------------------------------------------+ | Type | int | +------------+-----------------------------------------------------------------+ | Value | 8 **Default** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Minimum amount of upper case letters` | +------------+-----------------------------------------------------------------+ | Registry | `system.deviceencryption.pwpolicy.minupper` | +------------+-----------------------------------------------------------------+ | Type | int | +------------+-----------------------------------------------------------------+ | Value | 0 **Default** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Minimum amount of lower case letters` | +------------+-----------------------------------------------------------------+ | Registry | `system.deviceencryption.pwpolicy.minlower` | +------------+-----------------------------------------------------------------+ | Type | int | +------------+-----------------------------------------------------------------+ | Value | 1 **Default** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Minimum amount of special characters` | +------------+-----------------------------------------------------------------+ | Registry | `system.deviceencryption.pwpolicy.minspecial` | +------------+-----------------------------------------------------------------+ | Type | int | +------------+-----------------------------------------------------------------+ | Value | 0 **Default** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Minimum amount of numbers` | +------------+-----------------------------------------------------------------+ | Registry | `system.deviceencryption.pwpolicy.minnumbers` | +------------+-----------------------------------------------------------------+ | Type | int | +------------+-----------------------------------------------------------------+ | Value | 0 **Default** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Special characters allowed` | +------------+-----------------------------------------------------------------+ | Registry | `system.deviceencryption.pwpolicy.specialset` | +------------+-----------------------------------------------------------------+ | Type | string | +------------+-----------------------------------------------------------------+ | Value | !"$%&/()[]{}?+~-**" **Default** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Unwanted strings in password (comma separated)` | +------------+-----------------------------------------------------------------+ | Registry | `system.deviceencryption.pwpolicy.exclude` | +------------+-----------------------------------------------------------------+ | Type | string | +------------+-----------------------------------------------------------------+ | Value | empty **Default** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `The password must contain` | +------------+-----------------------------------------------------------------+ | Registry | `system.deviceencryption.pwpolicy.fulfill` | +------------+-----------------------------------------------------------------+ | Range | [all][2 of][3 of] | +------------+-----------------------------------------------------------------+ | Value | **all** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Deviceencryption state` | +------------+-----------------------------------------------------------------+ | Registry | `system.deviceencryption.state` | +------------+-----------------------------------------------------------------+ | Range | [0][1][2] | +------------+-----------------------------------------------------------------+ | Value | **0** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Password aggregation function` | +------------+-----------------------------------------------------------------+ | Registry | `system.deviceencryption.security_level` | +------------+-----------------------------------------------------------------+ | Range | [I: Argon2id, 8M/7 ops][II: Argon2id, 128M/3 ops] | | | [III: Argon2id, 256M/3 ops][IV: Argon2id, 512M/3 ops] | | | [V: Argon2id, 1024M/4 ops][VI: Argon2id, 128M/4 ops] | +------------+-----------------------------------------------------------------+ | Value | **II: Argon2id, 128M/3 ops** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Security level` | +------------+-----------------------------------------------------------------+ | Registry | `system.deviceencryption.security_mode` | +------------+-----------------------------------------------------------------+ | Range | [Auto, constant-time][Auto, at least level][Manual] | +------------+-----------------------------------------------------------------+ | Value | **Auto, constant-time** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Target time delay (ms)` | +------------+-----------------------------------------------------------------+ | Registry | `system.deviceencryption.security_delay_ms` | +------------+-----------------------------------------------------------------+ | Type | int | +------------+-----------------------------------------------------------------+ | Value | 700 **Default** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Device Encryption mode` | +------------+-----------------------------------------------------------------+ | Registry | `system.deviceencryption.mode` | +------------+-----------------------------------------------------------------+ | Range | [keep][activate][deactivate] | +------------+-----------------------------------------------------------------+ | Value | **keep** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Authentication type` | +------------+-----------------------------------------------------------------+ | Registry | `system.deviceencryption.auth_type` | +------------+-----------------------------------------------------------------+ | Range | [PW] | +------------+-----------------------------------------------------------------+ | Value | **PW** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Wipe config and user data upon activation` | +------------+-----------------------------------------------------------------+ | Registry | `system.deviceencryption.wipe_data` | +------------+-----------------------------------------------------------------+ | Type | bool | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Display password as plain text on logon screen is possible` | +------------+-----------------------------------------------------------------+ | Registry | `system.deviceencryption.option_display_ptpasswd` | +------------+-----------------------------------------------------------------+ | Type | bool | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Downgrade without warning of data loss` | +------------+-----------------------------------------------------------------+ | Registry | `system.deviceencryption.force_downgrade` | +------------+-----------------------------------------------------------------+ | Type | bool | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Added new registry to show verbose boot messages and disable the splash (for debugging purposes). +------------+-----------------------------------------------------------------+ | Parameter | `Disable splash and show verbose messages on bootup.` | +------------+-----------------------------------------------------------------+ | Registry | `system.kernel.bootparams.noquiet` | +------------+-----------------------------------------------------------------+ | Type | bool | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Added automatic proxy detection and pac file support for proxy authentication pass through with cntlm * Updated french˙translation * Added support for multiple batteries in taskbar. If enabled, taskbar shows a battery indicator for each device battery. +------------+-----------------------------------------------------------------+ |Parameter |`Display multi battery` | +------------+-----------------------------------------------------------------+ |Registry |`windowmanager.wm0.variables.battery_indicator.display_multi_battery` | +------------+-----------------------------------------------------------------+ |Type |bool | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Hide "Other user" label on login screen when not needed. * Add TLS options for rsyslog +------------+-----------------------------------------------------------------+ |Parameter |`TLS enabled` | +------------+-----------------------------------------------------------------+ |Registry |`system.syslog.output%.tls` | +------------+-----------------------------------------------------------------+ |Type |bool | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ |Parameter |`CA Certificate` | +------------+-----------------------------------------------------------------+ |Registry |`system.syslog.output%.cacertificate` | +------------+-----------------------------------------------------------------+ |Type |string | +------------+-----------------------------------------------------------------+ |Value |empty **Default** | +------------+-----------------------------------------------------------------+ * Added support to monitor multiple sessions and have a post-session command triggered if all sessions exited successfully. Configurable at setup page: System > Firmware Customization > Custom Commands > Post Session * Added configuration for EMP license notification: +------------+-----------------------------------------------------------------+ |Parameter |`*Enable Enterprise Management Pack license notification*` | +------------+-----------------------------------------------------------------+ |Registry |`userinterface.license_notification.enable_enterprise_management_notification` | +------------+-----------------------------------------------------------------+ |Type |bool | +------------+-----------------------------------------------------------------+ |Value |**enabled** (default)/ disabled | +------------+-----------------------------------------------------------------+ * Added further configuration of logon with local user password. In Setup on page Security>Logon>Local User and also within IGEL Setup Assistant. The used password parameter is the former screenlock password. +------------+-----------------------------------------------------------------+ |Setup |`Security>Logon>Local User` | +------------+-----------------------------------------------------------------+ |Parameter |`Login with local user password` | +------------+-----------------------------------------------------------------+ |Registry |`auth.login.xlock` | +------------+-----------------------------------------------------------------+ |Value |**false** (default) / true | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |Setup |`Security>Logon>Local User` | +------------+-----------------------------------------------------------------+ |Parameter |`Password` | +------------+-----------------------------------------------------------------+ |Registry |`sessions.xlock0.options.password` | +------------+-----------------------------------------------------------------+ |Value |**empty** (default) | +------------+-----------------------------------------------------------------+ * Added passthrough NTLM authentication for Firefox. If enabled, user name and password from local logon mask will be used for automatic NTLM authentication to web sites and proxies. +------------+-----------------------------------------------------------------+ |Parameter |`Passthrough for NTLM authentication` | +------------+-----------------------------------------------------------------+ |Registry |`auth.login.ntlm.passthrough` | +------------+-----------------------------------------------------------------+ |Value |**false** (default) / true | +------------+-----------------------------------------------------------------+ * Added Single Sign on NTLM authentication to Firefox after Kerberos smartcard authentication. If enabled, NTLM credentials are retreived at smartcard logon. These credentials are then used for automatic NTLM authentication to websites and proxies. For this functionality an appropriate Kerberos keytab has to be specified in parameter auth.krb5.keytab.crypt_password. +------------+-----------------------------------------------------------------+ |Parameter |`Store supplemental credentials` | +------------+-----------------------------------------------------------------+ |Registry |`auth.krb5.appdefaults.pam.store_nt_owf_pass` | +------------+-----------------------------------------------------------------+ |Value |**false** (default) / true | +------------+-----------------------------------------------------------------+ * Added client side NTLM authenticating proxy. If it is enabled, applications which use the system proxy settings will connect via this local proxy. It will transparently do NTLM authentication. +------------+-----------------------------------------------------------------+ |Parameter |`Enable client side NTLM authenticating proxy` | +------------+-----------------------------------------------------------------+ |Registry |`network.proxy.cntlm.enable` | +------------+-----------------------------------------------------------------+ |Value |**false** (default) / true | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |Parameter |`Listening Port` | +------------+-----------------------------------------------------------------+ |Registry |`network.proxy.cntlm.port` | +------------+-----------------------------------------------------------------+ |Value |**3128** (default) | +------------+-----------------------------------------------------------------+ * Added Kerberos login verification. If this is enabled, login will fail unless a service ticket sent from the KDC/domain controller can be verified. For this, the configuration of an appropriate Kerberos keytab is necessary. The keytab must be encoded in base64. +------------+-----------------------------------------------------------------+ |Parameter |`Verify credentials against a local key` | +------------+-----------------------------------------------------------------+ |Registry |`auth.krb5.libdefaults.verify_ap_req_nofail` | +------------+-----------------------------------------------------------------+ |Value |**false** (default) / true | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |Parameter |`Keytab (base64)` | +------------+-----------------------------------------------------------------+ |Registry |`auth.krb5.keytab.crypt_password` | +------------+-----------------------------------------------------------------+ |Value |**empty** (default) | +------------+-----------------------------------------------------------------+ * Set device hostname based on a remote asset service. +------------+-----------------------------------------------------------------+ |Parameter |`Enable remote asset service` | +------------+-----------------------------------------------------------------+ |Registry |`network.remote_asset.enable` | +------------+-----------------------------------------------------------------+ |Type |bool | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ |Parameter |`Url` | +------------+-----------------------------------------------------------------+ |Registry |`network.remote_asset.url` | +------------+-----------------------------------------------------------------+ |Type |string | +------------+-----------------------------------------------------------------+ |Value |empty **Default** | +------------+-----------------------------------------------------------------+ |Parameter |`Response type` | +------------+-----------------------------------------------------------------+ |Registry |`network.remote_asset.response_type` | +------------+-----------------------------------------------------------------+ |Range | [Xml][Json] | +------------+-----------------------------------------------------------------+ |Value |**Xml** | +------------+-----------------------------------------------------------------+ |Parameter |`Validation path` | +------------+-----------------------------------------------------------------+ |Registry |`network.remote_asset.validation_path` | +------------+-----------------------------------------------------------------+ |Type |string | +------------+-----------------------------------------------------------------+ |Value |empty **Default** | +------------+-----------------------------------------------------------------+ |Parameter |`Pre fallback identifier` | +------------+-----------------------------------------------------------------+ |Registry |`network.remote_asset.pre_fallback_identifier` | +------------+-----------------------------------------------------------------+ |Type |string | +------------+-----------------------------------------------------------------+ |Value |ITC **Default** | +------------+-----------------------------------------------------------------+ ### Lakeside SysTrack * Updated Lakeside SysTrack client plugin for Citrix, RDP and VMWare Horizon Client to version 9.0. New support for Microsoft AVD Client: +------------+-----------------------------------------------------------------+ |Parameter |`Lakeside SysTrack` | +------------+-----------------------------------------------------------------+ |Registry |`sessions.wvd.plugins.lakeside` | +------------+-----------------------------------------------------------------+ |Value |**false** (default) / true | +------------+-----------------------------------------------------------------+ ### Conky * Added support for Conky system monitor: +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories > Conky System Monitor > Options | +============+=================================================================+ |Parameter |`Use IGEL Setup for configuration` | +------------+-----------------------------------------------------------------+ |Registry |`userinterface.system_monitor.conky.igelsetupconfig` | +------------+-----------------------------------------------------------------+ |Type |bool | +------------+-----------------------------------------------------------------+ |Value |**enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories > Conky System Monitor > Options | +------------+-----------------------------------------------------------------+ |Parameter |`Monitor` | +------------+-----------------------------------------------------------------+ |Registry |`userinterface.system_monitor.conky.display` | +------------+-----------------------------------------------------------------+ |Range | [Automatic][1st monitor][2nd monitor][3rd monitor][4th monitor] | | | [5th monitor][6th monitor][7th monitor][8th monitor] | +------------+-----------------------------------------------------------------+ |Value |**1st monitor** (default) | +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories > Conky System Monitor > Options | +------------+-----------------------------------------------------------------+ |Parameter |`Window type` | +------------+-----------------------------------------------------------------+ |Registry |`userinterface.system_monitor.conky.window_type` | +------------+-----------------------------------------------------------------+ |Range | [Normal][Desktop][Dock][Panel][Override] | +------------+-----------------------------------------------------------------+ |Value |**Normal** (default) | +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories > Conky System Monitor > Options | +------------+-----------------------------------------------------------------+ |Parameter |`Alignment` | +------------+-----------------------------------------------------------------+ |Registry |`userinterface.system_monitor.conky.alignment` | +------------+-----------------------------------------------------------------+ |Range | [Top Left][Top Right][Top Middle][Bottom Left][Bottom Right] | | | [Bottom Middle][Middle Left][Middle Middle][Middle Right] | +------------+-----------------------------------------------------------------+ |Value |**Top Right** (default) | +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories > Conky System Monitor > Options | +------------+-----------------------------------------------------------------+ |Parameter |`Layer` | +------------+-----------------------------------------------------------------+ |Registry |`userinterface.system_monitor.conky.hint_layer` | +------------+-----------------------------------------------------------------+ |Range | [Below][Above][None] | +------------+-----------------------------------------------------------------+ |Value |**Below** (default) | +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories > Conky System Monitor > Options | +------------+-----------------------------------------------------------------+ |Parameter |`Decorations` | +------------+-----------------------------------------------------------------+ |Registry |`userinterface.system_monitor.conky.hint_decorations` | +------------+-----------------------------------------------------------------+ |Type |bool | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories > Conky System Monitor > Options | +------------+-----------------------------------------------------------------+ |Parameter |`Show in taskbar` | +------------+-----------------------------------------------------------------+ |Registry |`userinterface.system_monitor.conky.hint_taskbar` | +------------+-----------------------------------------------------------------+ |Type |bool | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories > Conky System Monitor > Options | +------------+-----------------------------------------------------------------+ |Parameter |`Default color` | +------------+-----------------------------------------------------------------+ |Registry |`userinterface.system_monitor.conky.default_color` | +------------+-----------------------------------------------------------------+ |Type |string | +------------+-----------------------------------------------------------------+ |Value |**#ff8000** (default) | +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories > Conky System Monitor > Options | +------------+-----------------------------------------------------------------+ |Parameter |`Font type` | +------------+-----------------------------------------------------------------+ |Registry |`userinterface.system_monitor.conky.font_type` | +------------+-----------------------------------------------------------------+ |Type |editable | +------------+-----------------------------------------------------------------+ |Value |**Monospace** (default) / Sans / | +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories > Conky System Monitor > Options | +------------+-----------------------------------------------------------------+ |Parameter |`Font size` | +------------+-----------------------------------------------------------------+ |Registry |`userinterface.system_monitor.conky.font_size` | +------------+-----------------------------------------------------------------+ |Type |integer | +------------+-----------------------------------------------------------------+ |Value |**8** (default) | +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories > Conky System Monitor > Options | +------------+-----------------------------------------------------------------+ |Parameter |`Opacity` | +------------+-----------------------------------------------------------------+ |Registry |`userinterface.system_monitor.conky.opacity` | +------------+-----------------------------------------------------------------+ |Type |integer | +------------+-----------------------------------------------------------------+ |Value |**255** (default) | +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories > Conky System Monitor > Options | +------------+-----------------------------------------------------------------+ |Parameter |`Borders` | +------------+-----------------------------------------------------------------+ |Registry |`userinterface.system_monitor.conky.draw_borders` | +------------+-----------------------------------------------------------------+ |Type |bool | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories > Conky System Monitor > Options | +------------+-----------------------------------------------------------------+ |Parameter |`Offset horizontal` | +------------+-----------------------------------------------------------------+ |Registry |`userinterface.system_monitor.conky.gap_x` | +------------+-----------------------------------------------------------------+ |Type |integer | +------------+-----------------------------------------------------------------+ |Value |**5** (default) | +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories > Conky System Monitor > Options | +------------+-----------------------------------------------------------------+ |Parameter |`Offset vertical` | +------------+-----------------------------------------------------------------+ |Registry |`userinterface.system_monitor.conky.gap_y` | +------------+-----------------------------------------------------------------+ |Type |integer | +------------+-----------------------------------------------------------------+ |Value |**60** (default) | +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories > Conky System Monitor > Custom Setup | +------------+-----------------------------------------------------------------+ |Parameter |`Config name` | +------------+-----------------------------------------------------------------+ |Registry |`userinterface.system_monitor.conky.custom_config%.config_name` | +------------+-----------------------------------------------------------------+ |Type |string | +------------+-----------------------------------------------------------------+ |Value |**empty** (default) | +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories > Conky System Monitor > Custom Setup | +------------+-----------------------------------------------------------------+ |Parameter |`Config value` | +------------+-----------------------------------------------------------------+ |Registry |`userinterface.system_monitor.conky.custom_config%.config_value` | +------------+-----------------------------------------------------------------+ |Type |string | +------------+-----------------------------------------------------------------+ |Value |**empty** (default) | +------------+-----------------------------------------------------------------+ |IGEL Setup |Accessories > Conky System Monitor > Custom Setup | +------------+-----------------------------------------------------------------+ |Parameter |`Text` | +------------+-----------------------------------------------------------------+ |Registry |`userinterface.system_monitor.conky.custom_text%.text_line` | +------------+-----------------------------------------------------------------+ |Type |string | +------------+-----------------------------------------------------------------+ |Value |**empty** (default) | +------------+-----------------------------------------------------------------+ ### Driver * Updated Grundig Dictation driver to version 20-09-16. This fixes termination of Citrix sessions when USB devices are plugged or unplugged with Citrix Workspace App newer than 2009. * Added basic HyperV DRM driver to support resolution changes during runtime in HyperV VM. ### Firmware update * Added support for IGEL's automatic update service; supposed to be used for devices during evaluation. +------------+-----------------------------------------------------------------+ | Parameter | `Enable automatic update service` | +------------+-----------------------------------------------------------------+ | Registry | `update.auto-service.enable` | +------------+-----------------------------------------------------------------+ | Range | [During evaluation only][Off] | +------------+-----------------------------------------------------------------+ | Value | **During evaluation only** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Check interval` | +------------+-----------------------------------------------------------------+ | Registry | `update.auto-service.interval` | +------------+-----------------------------------------------------------------+ | Type | integer | +------------+-----------------------------------------------------------------+ | Value | 0 **Default** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Randomized delay` | +------------+-----------------------------------------------------------------+ | Registry | `update.auto-service.randomized_delay` | +------------+-----------------------------------------------------------------+ | Type | integer | +------------+-----------------------------------------------------------------+ | Value | 0 **Default** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Count of maximal delays` | +------------+-----------------------------------------------------------------+ | Registry | `update.auto-service.max_delays` | +------------+-----------------------------------------------------------------+ | Type | integer | +------------+-----------------------------------------------------------------+ | Value | 0 **Default** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Timeout for user dialog` | +------------+-----------------------------------------------------------------+ | Registry | `update.auto-service.user_dialog_timeout` | +------------+-----------------------------------------------------------------+ | Type | integer | +------------+-----------------------------------------------------------------+ | Value | 0 **Default** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Target version` | +------------+-----------------------------------------------------------------+ | Registry | `update.auto-service.version` | +------------+-----------------------------------------------------------------+ | Type | string | +------------+-----------------------------------------------------------------+ | Value | empty **Default** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Server address` | +------------+-----------------------------------------------------------------+ | Registry | `update.auto-service.server` | +------------+-----------------------------------------------------------------+ | Type | string | +------------+-----------------------------------------------------------------+ | Value | empty **Default** | +------------+-----------------------------------------------------------------+ * Added: sftp protocol supports now the following key exchange methods: ecdh-sha2-nistp256 (BSI) ecdh-sha2-nistp384 (BSI) ecdh-sha2-nistp521 (BSI) curve25519-sha256 (BSI) curve25519-sha256@libssh.org (BSI) diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha1 diffie-hellman-group14-sha1 diffie-hellman-group1-sha1 * Added: Prevent firmware update if battery level has reached critical status (on battery powered devices). The following registry key have been introduced to configure this option: +------------+-----------------------------------------------------------------+ |Parameter |`Allow firmware update even when battery state is critical` | +============+=================================================================+ |Registry |`update.update_on_critical_battery_status` | +------------+-----------------------------------------------------------------+ |Type |bool | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ ### Driver * Updated deviceTRUST client plugin for Citrix, RDP and Amazon WorkSpaces Client to version 20.2.310. New support for Amazon WorkSpaces Client and Microsoft AVD Client, enabling via: +------------+-----------------------------------------------------------------+ |Parameter |`deviceTRUST` | +------------+-----------------------------------------------------------------+ |Registry |`awsc.plugins.devicetrust` | +------------+-----------------------------------------------------------------+ |Value |**false** (default) / true | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |Parameter |`deviceTRUST` | +------------+-----------------------------------------------------------------+ |Registry |`sessions.wvd.plugins.devicetrust` | +------------+-----------------------------------------------------------------+ |Value |**false** (default) / true | +------------+-----------------------------------------------------------------+ # X11 system * Added: Inhibit screensaver while a Zoom, Teams or Skype for Business meeting is active. Works for native clients and Citrix optimization plugins. * Added: Inhibit screensaver while a Cisco Webex Meetings session is active in Citrix Workspace App. +------------+-----------------------------------------------------------------+ | Registry | `debug.tools.igel-screensaver-monitor.enable` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ ### Window manager * Allow user to define rules which inhibit the screen saver. Audio and USB rules can be configured. Auido rules are applied if a matched audio stream is played back and USB rules are applied if a matched USB device is connected. +------------+-----------------------------------------------------------------+ | Parameter | `Regular expression to match audio stream name` | +------------+-----------------------------------------------------------------+ | Registry | `userinterface.screenlock.inhibit.audio%.name` | +------------+-----------------------------------------------------------------+ | Value | **.** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Regular expression to match audio stream application` | +------------+-----------------------------------------------------------------+ | Registry | `userinterface.screenlock.inhibit.audio%.application` | +------------+-----------------------------------------------------------------+ | Value | **.** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Regular expression to match USB serial` | +------------+-----------------------------------------------------------------+ | Registry | `userinterface.screenlock.inhibit.usb%.serial` | +------------+-----------------------------------------------------------------+ | Value | **.** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Regular expression to match USB product name` | +------------+-----------------------------------------------------------------+ | Registry | `userinterface.screenlock.inhibit.usb%.product` | +------------+-----------------------------------------------------------------+ | Value | **.** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Regular expression to match USB vendor name` | +------------+-----------------------------------------------------------------+ | Registry | `userinterface.screenlock.inhibit.usb%.vendor` | +------------+-----------------------------------------------------------------+ | Value | **.** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Regular expression to match USB product id` | +------------+-----------------------------------------------------------------+ | Registry | `userinterface.screenlock.inhibit.usb%.pid` | +------------+-----------------------------------------------------------------+ | Value | **.** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Regular expression to match USB vendor id` | +------------+-----------------------------------------------------------------+ | Registry | `userinterface.screenlock.inhibit.usb%.vid` | +------------+-----------------------------------------------------------------+ | Value | **.** | +------------+-----------------------------------------------------------------+ ### VNC Viewer * Added: Exit VNC client silently without prompting an error message +------------+-----------------------------------------------------------------+ |Parameter |`Alert on fatal error` | +------------+-----------------------------------------------------------------+ |Registry |`network.vncserver.promptuser` | +------------+-----------------------------------------------------------------+ |Value |**enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ ### Audio * Added possibility to disable webcam audio. +------------+-----------------------------------------------------------------+ | Registry | `multimedia.webcam.disable_audio` | +------------+-----------------------------------------------------------------+ | Value | true / **false** (default) | +------------+-----------------------------------------------------------------+ ### Zoom Media Plugin * Added selection for Zoom VDI Clients. Available Zoom Media Plugins in this release: 5.5.12716, 5.4.59458 and 5.5.8.20606(default) +------------+-----------------------------------------------------------------+ |IGEL Setup |Sessions > Unified Communications > Zoom Client Selection | +------------+-----------------------------------------------------------------+ |Parameter |`Zoom client version` | +------------+-----------------------------------------------------------------+ |Registry |`multimedia.zoomvdi.activeversion` | +------------+-----------------------------------------------------------------+ |Value |**5.5.8.20606** (default), 5.5.12716, 5.4.59458 | +------------+-----------------------------------------------------------------+ With the integration of this selection, the necessary partition size was increased. ### Evidian * Updated Evidians rsUserAuth to version 1.5.7789, with that the "Ignore Smartcard Removal" feature was fixed +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > Evidian AuthMgr Session > Options | +============+=================================================================+ | Parameter | `Ignore Smartcard Removal on this Reader` | +------------+-----------------------------------------------------------------+ | Type | string | +------------+-----------------------------------------------------------------+ ### HID * Added touchscreen support for Microsoft Surface Pro 4. ### Hardware * Added new registry keys for configuring new i915 parameter. New registry keys: +------------+-----------------------------------------------------------------+ | Parameter | `Disable the use of limited color range for DisplayPort 1.` | +------------+-----------------------------------------------------------------+ | Registry | `x.drivers.intel.dp1_no_limited_color_range` | +------------+-----------------------------------------------------------------+ | Range | [Default] [No] [Yes] | +------------+-----------------------------------------------------------------+ | Value | **Default** (only for M250C the use of limited color range for DP1 is disabled) | +------------+-----------------------------------------------------------------+ * Added hardware support for HP t540. * Updated DisplayLink driver to version 5.4. * Note: The IGEL device UD3-LX50 reached End of Maintenance. ### TC Setup (Java) * Updated TC Setup to version 6.8.8 ### Fabulatech * Updated FabulaTech USB for Remote Desktop to version 6.0.28 * Updated FabulaTech Scanner for Remote Desktop to version 2.5.0.7 * Fixed FabulaTech scanner redirection not working for Citrix ### Remote Management * Changed the default behaviour of the user dialog about applying remote settings received during boot. The dialog now has a timeout of 20 seconds by default. If the timeout is exceeded, the received settings will be automatically applied. The behaviour is configurable at setup page System > Remote management. Resolved Issues -------------------------------------------------------------------------------- ### Citrix * Improved startup of Citrix USB daemon. * Updated Grundig Dictation driver to version 20-09-16. This fixes termination of Citrix sessions when USB devices are plugged / unplugged with Citrix Workspace App newer than 20.09. * Fixed: The NSAP virtual channel is loaded correctly and works as expected. * Improved dialog for Citrix farm selection. * Changed the default value of the parameter 'HDX Adaptive Transport over EDT' to˙'TCP only'. With the previous default value 'UDP with fallback to TCP' performance problems occured. +------------+-----------------------------------------------------------------+ |IGEL Setup |Sessions > Citrix XenDesktop/XenApp > HDX/ICA Global > Options | +------------+-----------------------------------------------------------------+ |Parameter |`HDX Adaptive Transport over EDT` | +------------+-----------------------------------------------------------------+ |Registry |`ica.wfclient.hdxoverudp` | +------------+-----------------------------------------------------------------+ |Range | [UDP without fallback to TCP] | | | [ **TCP Only - UDP disabled(default)* ] | | | [UDP with fallback to TCP] | +------------+-----------------------------------------------------------------+ * Fixed problems with Citrix multimedia redirection * Fixed Browser Appliance mode a white screen is shown when the browser was not closed correctly but the process got terminated. * Fixed Citrix login with certain passwords and PINs. * Improved start of Citrix logging daemon ctxlogd with CWA 2104 * Fixed Citrix SelfService passthrough login in case the user interface is set to German. * Fixed post sessions commands for Citrix sessions, an exception for return code 2 and process wfica was added to the registry under pcom. * Updated HDX Realtime Optimization Pack to version 2.9.300 ### OSC Installer * OSC not deployable with IGEL Deployment Appliance: New version 11.3 is required for 11.06.100 deployment. * Enhanced the boot cmdline options for OSC ### AVD / WVD * Fixed access bearer token re-authentication (see also "sign-in frequency" setting in Azure). * Fixed issue with AVD workspace names that contain slashes. * Fixed timezone redirection for MS-Teams chat/calendar and for Edge browser. Note: Page reload or MS-Teams application restart might be needed when the timezone actually changes. * Fixed sporadic appearance of claims token dialog while in a running session. * Fixed claims token dialog being shown when session reconnects happen too fast (within 60s). * Added: Set the HttpAcceptLanguage property in browser instance to the currently selected language for showing the Azure login page in the correct language. ### VMware Horizon * Fixed the broken session handling when using Webex Teams where the Horizon session could only be started once. * Fixed 'Remember last user' functionality in Appliance Mode. * Fixed Horizon session bouncing back to login * Fixed setting regarding Blast HEVC decoding: **vmware.view.blast-hevc** * Fixed setting regarding synchronization of lock modifieres (num lock, shift lock and scroll lock): **vmware.view.enable-sync-numlock** ### Parallels Client * Fixed an issue where the post-session command got triggered too early ### IBM_5250 * Fixed error in iAccess configuration. ### Chromium * Fixed browser certificates were lost after reboot if UMS was not reachable * Fixed too small chromium profile partition. * Removed parameter "On startup->Continue where you left off" for Chromium sessions * Added "Autostart requires network" to Chromium Browser Session settings * Modified: 'Automatic browser restart on exit' no longer needs a reboot to be deactivated * Removed option On Startup->"Continue where you left off" for Chromium sessions, this feature only works globally * Fixed reboot was required to toggle the splash screen * Modified: 'Automatic browser restart on exit' does now restart every time the browser is closed * Fixed 'Language' and 'Chromium translation' was not working as expected * Changed: Replaced download location prompt by download confirmation popup * Added warning popup if downloads are blocked * Fixed: Auto-opened files will not be blocked (e.g. ica connection files) * Added: RDP now works with Chromium Browser ### Network * The currently used parameter tls-remote is deprecated and was removed in openVPN 2.4. It was be changed to verify-x509-name. * Certificate keys without passwords can be used. * Improved network device order for LG Electronics CL60. * Improved WWAN device connection activation. * Fixed handling 802.1X registry keys phase1_direct, phase2_direct * Improved network interface order for LG Electronics 27CN650W (dmi product_name CN65) ### WiFi * Added registry key for tweaking the WPA supplicant. In general the value is a comma-separated list of names. If it contains LATESUCCESS a late EAP-Success message will be ignored. When such a message arrives,it had been dropped. This might cause WPA Enterprise authentication to restart. +------------+-----------------------------------------------------------------+ | Parameter | `IGEL Tweaks` | +------------+-----------------------------------------------------------------+ | Registry | `network.interfaces.wirelesslan.device0.wpa.igel_tweaks` | +------------+-----------------------------------------------------------------+ | Type | string | +------------+-----------------------------------------------------------------+ | Value | empty **Default** | +------------+-----------------------------------------------------------------+ * Added registry key to activate usage of broadcom sta driver (needed for older broadcom WiFi devices) +------------+-----------------------------------------------------------------+ | Parameter | `Use broadcom sta driver instead of b43 for WLAN.` | +------------+-----------------------------------------------------------------+ | Registry | `network.drivers.broadcom.use_broadcom_sta` | +------------+-----------------------------------------------------------------+ | Type | bool | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Updated wireless regulatory database to version from July 2021. ### Open VPN * Added: Certificate keys without passwords can be used. * Added new config parameter in dropdown menue to use tls-crypt ### Imprivata * Fixed Horizon session bouncing back to login * Fixed missing vendor logo * Fixed: Horizon failed to launch * Removed outdated parameter: imprivata.xen_new_session ### Smartcard * Fixed problem with Nexus Personal smartcard in Gemalto IDBridge CT30 reader via Citrix and RDP * Fixed smartcard resource manager: if an eject of a card fails, perform a reset of card. ### Base system * Fixed: Options dialog keeps the settings which were previously set * Fixed boot problems due to 2 partitions are marked active (legacy boot with GPT partition table). * Fixed support for Datalogic barcode scanner. * Fixed keyboard layout switcher: show popup menu for selecting layouts also in screen lock and logon screen; show correct keyboard layout after switching from or to lock screen. * Fixed an issue where the post-session command was not triggering Media Player and Chromium Browser sessions. * Added: Windows-key can be used as modifier for all hotkeys. AltGR do not work as modifier. * Fixed a graphics distortion in IGEL Setup Assistant * Fixed an issue with VMware Horizon not triggering the post-session command. * Fixed an issue with RDP not triggering the post-session command on session disconnect. * Fixed ntlm_auth helper to terminate gracefully if no password is given. * Minimized periodic write access to flash drive. * Fixed: Bootcode update is done on each reboot on some EFI devices. * Added: Setup parameter are also checked after suspend. * Fixed an issue with powerplan switching via the systray icon on systems with specific Intel CPUs. * Fixed an issue where the post-session command was not triggered at sessions with long binary names, for example VMware Horizon. * Fixed system proxy handling for Chromium and Firefox * Added: An improved implementation of the post-session command mechanism has been integrated. * Fixed system messages where lines were cut off * Fixed usable space issues with self extracting factory preload images. ### X11 system * Fixed screen sorting order to be independent from screen startup time (GTK-3) * Fixed panel on wrong screen, when original one takes longer to start * Fixed start menu (whiskermenu) restart due to crash * Fixed taskbar hide/show delay has no effect * Fixed Turkish (Q) and Turkish (F) keyboard layout configuration. * Fixed panel keyboard layout indicator for French(Switzerland), Turkish (Q) and Turkish (F) keyboard layouts. * Fixed screen configuration done with monitor defaults on the 2nd graphic card. * Fixed touchscreen screen configuration when screen is connected on the 2nd graphic card. ### X server * Fixed issue with screen staying black if master monitor in a DisplayPort Daisy Chaining environment is turned off and on again. ### Window manager * Fixed an issue where disabling the local window manager caused a significant boot delay. * Desktop Icon Font Color will now be previewed correctly in the setup. ### VirtualBox * Fixed screen remains black after start in VirtualBox multi-monitor configurations. * Fixed second screen in VirtualBox environment only is configured with 1024x768. * Fixed issue with getting screen resolution from special VirtualBox version. ### Audio * Fixed non working audio on Intel Tiger Lake-based devices. * Added handling for microphone mute multimedia key. * Added possibility to disable pci audio, this includes internal speaker and HDMI/DP audio. +------------+-----------------------------------------------------------------+ | Registry | `multimedia.disable_audio.pci` | +------------+-----------------------------------------------------------------+ | Value | true / **false** (default) | +------------+-----------------------------------------------------------------+ * To be more consistent moved parameter multimedia.webcam.disable_audio to multimedia.disable_audio.webcam +------------+-----------------------------------------------------------------+ | Registry | `multimedia.disable_audio.webcam` | +------------+-----------------------------------------------------------------+ | Value | true / **false** (default) | +------------+-----------------------------------------------------------------+ * Improved playback function in the ALSA Pulse PCM involved by applications using ALSA API (Citrix ICA Receiver). * Fixed automatic start of output audio stream in ALSA Pulse PCM. The bug caused a complete freeze of a Parallels session while playback audio. * Fixed autostart of ALSA Pulse PCM. ### Multimedia * Fixed playback of Zoom recordings if hardware accelerated decoder is used. * Fixed hardware accelerated decoding of Zoom recordings on VA-API platforms. ### Hardware * Fixed issue with limited colors on the DisplayPort 1 of UD2 LX50. * Fixed touchpad issues for some Dynabook laptops (for devices with and without fingerprint reader within touchpad). * Added possibility to use Touchpad toggle FN key. * Added new registry keys to possible solve some touchpad issues +------------+-----------------------------------------------------------------+ | Parameter | `Blacklist i2c-i801 driver.` | +------------+-----------------------------------------------------------------+ | Registry | `system.module_params.i2c_i801.blacklist` | +------------+-----------------------------------------------------------------+ | Range | [Default][Yes][No] | +------------+-----------------------------------------------------------------+ | Value | **Default** (blacklist as there are some known problems) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Set this if touchpad is a synaptics intertouch device.` | +------------+-----------------------------------------------------------------+ | Registry | `system.module_params.psmouse.synaptics_intertouch` | +------------+-----------------------------------------------------------------+ | Type | bool | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Set this if touchpad needs the a4tech workaround.` | +------------+-----------------------------------------------------------------+ | Registry | `system.module_params.psmouse.a4tech_workaround` | +------------+-----------------------------------------------------------------+ | Type | bool | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Compat protocol to use can help with non working touchpads.` | +------------+-----------------------------------------------------------------+ | Registry | `system.module_params.psmouse.protocol` | +------------+-----------------------------------------------------------------+ | Range | [Default][PS/2][ImPS/2][ImExPS/2] | +------------+-----------------------------------------------------------------+ | Value | **Default** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Resolution in dpi (0 means use default).` | +------------+-----------------------------------------------------------------+ | Registry | `system.module_params.psmouse.resolution` | +------------+-----------------------------------------------------------------+ | Type | integer | +------------+-----------------------------------------------------------------+ | Value | 0 **Default** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Report rate in reports per second (0 means use default).` | +------------+-----------------------------------------------------------------+ | Registry | `system.module_params.psmouse.rate` | +------------+-----------------------------------------------------------------+ | Type | integer | +------------+-----------------------------------------------------------------+ | Value | 0 **Default** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Reset device after so many packages (0 means never).` | +------------+-----------------------------------------------------------------+ | Registry | `system.module_params.psmouse.resetafter` | +------------+-----------------------------------------------------------------+ | Type | integer | +------------+-----------------------------------------------------------------+ | Value | 0 **Default** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Mouse idle time before forcing resync in seconds (0 means never).` | +------------+-----------------------------------------------------------------+ | Registry | `system.module_params.psmouse.resync_time` | +------------+-----------------------------------------------------------------+ | Type | integer | +------------+-----------------------------------------------------------------+ | Value | 0 **Default** | +------------+-----------------------------------------------------------------+ ### Remote Management * Modified AssetInfo: Recurring ADD/REMOVE commands for the same device are suppressed within 30 seconds. * Fixed the indefinite time point of applying remote settings during boot. The received remote settings now are merged and applied at the same time (at end of the boot process). * Fixed handling of UMS scheduled jobs during boot process. * Fixed WOL proxy command. * Fixed execution of generic commands (Deploy Jabra Xpress package) when invoked as UMS scheduled job. * Fixed online check mechanism if client has more than one active network interface. * Fixed broken UMS Registering dialog. ### IGEL Cloud Gateway * Fixed unreliable ICG status shown by ICG tray icon. * Fixed security issue in remote managent - validate the UMS server certificate for incoming UMS requests if the endpoint has an established connection to ICG.