IGEL OS 11 ========== Firmware version 11.07.188 Release date 2022-07-22 Last update of this document 2022-07-22 Supported Devices ------------------------------------------------------------------------------- UD2-LX 51, UD2-LX 50, UD2-LX 40 UD3-LX 60, UD3-LX 51 UD6-LX 51 UD7-LX 20, UD7-LX 11, UD7-LX 10 UD9-LX Touch 41, UD9-LX 40 [> Supported IGEL OS 11 thirdparty devices](https://kb.igel.com/os11-supported-hardware) Release Notes 11.07.188 (Based On 11.07.170) -------------------------------------------------------------------------------- Resolved Issues -------------------------------------------------------------------------------- ### RDP/IGEL RDP Client 2 * Fixed RDP Timezone Redirection not setting timezones correctly. Component Versions ------------------------------------------------------------------------------- +-------------------------------------------+----------------------------------+ | Clients | | +===========================================+==================================+ | Amazon WorkSpaces Client | 3.1.9 | +-------------------------------------------+----------------------------------+ | Chromium | 102.0.5005.61-igel1653480432 | +-------------------------------------------+----------------------------------+ | Cisco JVDI Client | 14.1.1 | +-------------------------------------------+----------------------------------+ | Cisco Webex VDI plugin | 42.4.0.21893 | +-------------------------------------------+----------------------------------+ | Cisco Webex Meetings VDI plugin | 41.12.6.12 | +-------------------------------------------+----------------------------------+ | Cisco Webex Meetings VDI plugin | 42.3.1.12 | +-------------------------------------------+----------------------------------+ | Cisco Webex Meetings VDI plugin | 42.5.5.9 | +-------------------------------------------+----------------------------------+ | Zoom Media Plugin | 5.10.0.21068 | +-------------------------------------------+----------------------------------+ | Zoom Media Plugin | 5.4.59458 | +-------------------------------------------+----------------------------------+ | Zoom Media Plugin | 5.9.6.20931 | +-------------------------------------------+----------------------------------+ | Citrix HDX Realtime Media Engine | 2.9.400 | +-------------------------------------------+----------------------------------+ | Citrix Workspace App | 20.10.0.6 | +-------------------------------------------+----------------------------------+ | Citrix Workspace App | 22.03.0.24 | +-------------------------------------------+----------------------------------+ | Citrix Workspace App | 22.05.0.16 | +-------------------------------------------+----------------------------------+ | deviceTRUST Citrix Channel | 20.2.310.0 | +-------------------------------------------+----------------------------------+ | Crossmatch DP Citrix Channel | 0125 | +-------------------------------------------+----------------------------------+ | Conky System Monitor | 1.10.8-1 | +-------------------------------------------+----------------------------------+ | ControlUp Agent | 8.1.5.500 | +-------------------------------------------+----------------------------------+ | deskMate Client | 2.1.3 | +-------------------------------------------+----------------------------------+ | DriveLock Agent | 20.1.4.30482 | +-------------------------------------------+----------------------------------+ | Ericom PowerTerm | 14.0.1.62267 | +-------------------------------------------+----------------------------------+ | Evidian AuthMgr | 1.5.8134 | +-------------------------------------------+----------------------------------+ | Evince PDF Viewer | 3.28.4-0ubuntu1.2 | +-------------------------------------------+----------------------------------+ | FabulaTech Plugins | 3.8.0 | +-------------------------------------------+----------------------------------+ | FabulaTech USB for Remote Desktop | 6.0.35 | +-------------------------------------------+----------------------------------+ | FabulaTech Scanner for Remote Desktop | 2.7.0.1 | +-------------------------------------------+----------------------------------+ | FabulaTech Webcam for Remote Desktop | 2.8.10 | +-------------------------------------------+----------------------------------+ | Firefox | 91.9.1 | +-------------------------------------------+----------------------------------+ | IBM iAccess Client Solutions | 1.1.8.6 | +-------------------------------------------+----------------------------------+ | IGEL RDP Client | 2.2igel1658473449 | +-------------------------------------------+----------------------------------+ | IGEL AVD Client | 1.0.99.7igel1651063614 | +-------------------------------------------+----------------------------------+ | deviceTRUST RDP Channel | 20.2.310.0 | +-------------------------------------------+----------------------------------+ | Imprivata OneSign ProveID Embedded | onesign-bootstrap-loader_1.0.523630_amd64 | +-------------------------------------------+----------------------------------+ | Lakeside SysTrack Channel | 9.0 | +-------------------------------------------+----------------------------------+ | Login VSI Enterprise | 4.5.11 | +-------------------------------------------+----------------------------------+ | NCP Secure Enterprise Client | 5.10_rev40552 | +-------------------------------------------+----------------------------------+ | NX Client | 7.8.2-4igel1644853628 | +-------------------------------------------+----------------------------------+ | Open VPN | 2.5.6-1igel1647855849 | +-------------------------------------------+----------------------------------+ | Zulu JRE | 8.0.332-1 | +-------------------------------------------+----------------------------------+ | Parallels Client | 18.3.1 | +-------------------------------------------+----------------------------------+ | Spice GTK (Red Hat Virtualization) | 0.39-3igel1633543285 | +-------------------------------------------+----------------------------------+ | Remote Viewer (Red Hat Virtualization) | 8.0-2git20191213.e4bacb8igel83 | +-------------------------------------------+----------------------------------+ | Usbredir (Red Hat Virtualization) | 0.11.0-2igel1633506980 | +-------------------------------------------+----------------------------------+ | SpeechWrite | 1.0 | +-------------------------------------------+----------------------------------+ | Stratusphere UX Connector ID Key software | 6.6.0-3 | +-------------------------------------------+----------------------------------+ | Systancia AppliDis | 6.0.0-4 | +-------------------------------------------+----------------------------------+ | Teradici PCoIP Software Client | 22.04.0-18.04 | +-------------------------------------------+----------------------------------+ | ThinLinc Client | 4.14.0-2324 | +-------------------------------------------+----------------------------------+ | ThinPrint Client | 7-7.6.126 | +-------------------------------------------+----------------------------------+ | Totem Media Player | 2.30.2-0ubuntu1igel55 | +-------------------------------------------+----------------------------------+ | Parole Media Player | 4.16.0-1igel1611217037 | +-------------------------------------------+----------------------------------+ | VNC Viewer | 1.12.0+dfsg-3igel1644994551 | +-------------------------------------------+----------------------------------+ | VMware Horizon client | 2203-8.5.0-19586897 | +-------------------------------------------+----------------------------------+ | Voip Client Ekiga | 4.0.1-9build1igel6 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | Dictation | | +===========================================+==================================+ | Diktamen driver for dictation | 2017/09/29 | +-------------------------------------------+----------------------------------+ | Grundig Business Systems dictation driver | 0.12/21-12-21 | +-------------------------------------------+----------------------------------+ | Nuance Audio Extensions for dictation | B301 | +-------------------------------------------+----------------------------------+ | Olympus driver for dictation | 4.0.2 | +-------------------------------------------+----------------------------------+ | Philips Speech driver | 13.1.10 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | Signature | | +===========================================+==================================+ | Kofax SPVC Citrix Channel | 3.1.41.0 | +-------------------------------------------+----------------------------------+ | signotec Citrix Channel | 8.0.10 | +-------------------------------------------+----------------------------------+ | signotec VCOM Daemon | 2.0.0 | +-------------------------------------------+----------------------------------+ | StepOver TCP Client | 2.4.2 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | Smartcard | | +===========================================+==================================+ | PKCS#11 Library A.E.T. SafeSign | 3.6.0.0-AET.000 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library Athena IDProtect | 7-20210902 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library cryptovision sc/interface | 8.0.13 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library Thales SafeNet | 10.8.28 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library OpenSC | 0.22.0-2igel1643799581 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library SecMaker NetID Enterprise | 6.8.3.21 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library SecMaker NetID Client | 1.0.2.67 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library 90meter | 20190522 | +-------------------------------------------+----------------------------------+ | Reader Driver ACS CCID | 1.1.8-1igel1632136057 | +-------------------------------------------+----------------------------------+ | Reader Driver HID Global Omnikey | 4.3.3 | +-------------------------------------------+----------------------------------+ | Reader Driver Identive CCID | 5.0.35 | +-------------------------------------------+----------------------------------+ | Reader Driver Identive eHealth200 | 1.0.5 | +-------------------------------------------+----------------------------------+ | Reader Driver Identive SCRKBC | 5.0.24 | +-------------------------------------------+----------------------------------+ | Reader Driver MUSCLE CCID | 1.5.0-2igel1646035471 | +-------------------------------------------+----------------------------------+ | Reader Driver REINER SCT cyberJack | 3.99.5final.sp13igel15 | +-------------------------------------------+----------------------------------+ | Resource Manager PC/SC Lite | 1.9.5-3igel1646034250 | +-------------------------------------------+----------------------------------+ | Cherry USB2LAN Proxy | 3.2.0.3 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | System Components | | +===========================================+==================================+ | OpenSSL | 1.0.2n-1ubuntu5.9 | +-------------------------------------------+----------------------------------+ | OpenSSL | 1.1.1-1ubuntu2.1~18.04.17 | +-------------------------------------------+----------------------------------+ | OpenSSH Client | 8.9p1-3igel1646033299 | +-------------------------------------------+----------------------------------+ | OpenSSH Server | 8.9p1-3igel1646033299 | +-------------------------------------------+----------------------------------+ | Bluetooth Stack (bluez) | 5.64-0igel1647863644 | +-------------------------------------------+----------------------------------+ | MESA OpenGL Stack | 21.3.7-1igel1646288715 | +-------------------------------------------+----------------------------------+ | VAAPI ABI Version | 0.40 | +-------------------------------------------+----------------------------------+ | VDPAU Library Version | 1.4-3igel1099 | +-------------------------------------------+----------------------------------+ | Graphics Driver INTEL | 2.99.917+git20210115-1igel1647326046 | +-------------------------------------------+----------------------------------+ | Graphics Driver ATI/RADEON | 19.1.0-2igel1629135948 | +-------------------------------------------+----------------------------------+ | Graphics Driver ATI/AMDGPU | 22.0.0-1igel1645768768 | +-------------------------------------------+----------------------------------+ | Graphics Driver Nouveau (Nvidia Legacy) | 1.0.17-2igel1644486678 | +-------------------------------------------+----------------------------------+ | Graphics Driver Nvidia | 470.129.06-0ubuntu0.21.10.1 | +-------------------------------------------+----------------------------------+ | Graphics Driver VMware | 13.3.0-3igel1628859075 | +-------------------------------------------+----------------------------------+ | Graphics Driver QXL (Spice) | 0.1.5-2build1igel1634304534 | +-------------------------------------------+----------------------------------+ | Graphics Driver FBDEV | 0.5.0-2igel1644486279 | +-------------------------------------------+----------------------------------+ | Graphics Driver VESA | 2.5.0-1igel1628504011 | +-------------------------------------------+----------------------------------+ | Input Driver Evdev | 2.10.6-2igel1629196047 | +-------------------------------------------+----------------------------------+ | Input Driver Elographics | 1.4.2-1igel1629196349 | +-------------------------------------------+----------------------------------+ | Input Driver eGalax | 2.5.8825 | +-------------------------------------------+----------------------------------+ | Input Driver Synaptics | 1.9.1-2igel1646823146 | +-------------------------------------------+----------------------------------+ | Input Driver VMMouse | 13.1.0-1ubuntu2igel1628499891 | +-------------------------------------------+----------------------------------+ | Input Driver Wacom | 0.39.0-0ubuntu1igel1629136980 | +-------------------------------------------+----------------------------------+ | Input Driver ELO Multitouch | 3.0.0 | +-------------------------------------------+----------------------------------+ | Input Driver ELO Singletouch | 5.1.0 | +-------------------------------------------+----------------------------------+ | Kernel | 5.15.26 #mainline-lxos-g1652790891 | +-------------------------------------------+----------------------------------+ | Xorg X11 Server | 21.1.3igel1645782509 | +-------------------------------------------+----------------------------------+ | Xorg Xephyr | 21.1.3igel1645782509 | +-------------------------------------------+----------------------------------+ | CUPS Printing Daemon | 2.2.7-1ubuntu2.8igel32 | +-------------------------------------------+----------------------------------+ | PrinterLogic | 25.1.0.500 | +-------------------------------------------+----------------------------------+ | Lightdm Graphical Login Manager | 1.26.0-0ubuntu1igel14 | +-------------------------------------------+----------------------------------+ | XFCE4 Window Manager | 4.14.5-1~18.04igel1643191202 | +-------------------------------------------+----------------------------------+ | ISC DHCP Client | 4.3.5-3ubuntu7.3 | +-------------------------------------------+----------------------------------+ | NetworkManager | 1.32.12-0ubuntu1igel1641211455 | +-------------------------------------------+----------------------------------+ | ModemManager | 1.10.0-1~ubuntu18.04.2 | +-------------------------------------------+----------------------------------+ | GStreamer 0.10 | 0.10.36-2ubuntu0.1igel201 | +-------------------------------------------+----------------------------------+ | Gstreamer 0.10 Fluendo aacdec | 0.10.42 | +-------------------------------------------+----------------------------------+ | Gstreamer 0.10 Fluendo asfdemux | 0.10.92 | +-------------------------------------------+----------------------------------+ | Gstreamer 0.10 Fluendo h264dec | 0.10.59 | +-------------------------------------------+----------------------------------+ | Gstreamer 0.10 Fluendo mp3dec | 0.10.41 | +-------------------------------------------+----------------------------------+ | Gstreamer 0.10 Fluendo mpegdemux | 0.10.85 | +-------------------------------------------+----------------------------------+ | Gstreamer 0.10 Fluendo mpeg4videodec | 0.10.44 | +-------------------------------------------+----------------------------------+ | Gstreamer 0.10 Fluendo vadec | 0.10.229 | +-------------------------------------------+----------------------------------+ | Gstreamer 0.10 Fluendo wmadec | 0.10.70 | +-------------------------------------------+----------------------------------+ | Gstreamer 0.10 Fluendo wmvdec | 0.10.66 | +-------------------------------------------+----------------------------------+ | GStreamer 1.x | 1.18.5-1igel1633086114 | +-------------------------------------------+----------------------------------+ | Gstreamer 1.0 Fluendo aacdec | 0.10.42 | +-------------------------------------------+----------------------------------+ | Gstreamer 1.0 Fluendo asfdemux | 0.10.92 | +-------------------------------------------+----------------------------------+ | Gstreamer 1.0 Fluendo h264dec | 0.10.59 | +-------------------------------------------+----------------------------------+ | Gstreamer 1.0 Fluendo mp3dec | 0.10.41 | +-------------------------------------------+----------------------------------+ | Gstreamer 1.0 Fluendo mpeg4videodec | 0.10.44 | +-------------------------------------------+----------------------------------+ | Gstreamer 1.0 Fluendo vadec | 0.10.229 | +-------------------------------------------+----------------------------------+ | Gstreamer 1.0 Fluendo wmadec | 0.10.70 | +-------------------------------------------+----------------------------------+ | Gstreamer 1.0 Fluendo wmvdec | 0.10.66 | +-------------------------------------------+----------------------------------+ | WebKit2Gtk | 2.34.6-1igel1645163872 | +-------------------------------------------+----------------------------------+ | Python2 | 2.7.17 | +-------------------------------------------+----------------------------------+ | Python3 | 3.6.9 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | VM Guest Support Components | | +===========================================+==================================+ | Virtualbox Guest Utils | 6.1.32-dfsg-1igel1643178233 | +-------------------------------------------+----------------------------------+ | Virtualbox X11 Guest Utils | 6.1.32-dfsg-1igel1643178233 | +-------------------------------------------+----------------------------------+ | Open VM Tools | 11.0.5-4ubuntu0.18.04.1 | +-------------------------------------------+----------------------------------+ | Open VM Desktop Tools | 11.0.5-4ubuntu0.18.04.1 | +-------------------------------------------+----------------------------------+ | Xen Guest Utilities | 7.10.0-0ubuntu1 | +-------------------------------------------+----------------------------------+ | Spice Vdagent | 0.22.1-1igel1646032976 | +-------------------------------------------+----------------------------------+ | Qemu Guest Agent | 6.2+dfsg-3igel1646036781 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | Features with Limited IGEL Support | | +===========================================+==================================+ | Mobile Device Access USB (MTP) | 1.1.19-1igel1633453264 | +-------------------------------------------+----------------------------------+ | Mobile Device Access USB (imobile) | 1.3.0-6igel12 | +-------------------------------------------+----------------------------------+ | Mobile Device Access USB (gphoto) | 2.5.27-1igel8 | +-------------------------------------------+----------------------------------+ | VPN OpenConnect | 8.20-1igel1645458039 | +-------------------------------------------+----------------------------------+ | Scanner support | 1.0.27-1 | +-------------------------------------------+----------------------------------+ | VirtualBox VM within IGEL OS | 6.1.32-dfsg-1igel1643178233 | +-------------------------------------------+----------------------------------+ +--------------------------------------------+--------+------------------+ | Services | Size | Reduced Firmware | +============================================+========+==================+ | Asian Language Support | 22.5M | Included | +--------------------------------------------+--------+------------------+ | Java SE Runtime Environment | 36.5M | Included | +--------------------------------------------+--------+------------------+ | Citrix Appliance | 322.0M | Included | | Citrix StoreFront | | | | Citrix Workspace app | | | +--------------------------------------------+--------+------------------+ | Ericom PowerTerm InterConnect | 10.2M | Included | +--------------------------------------------+--------+------------------+ | Media Player | 512.0K | Included | +--------------------------------------------+--------+------------------+ | Local Browser (Firefox) | 81.5M | Included | | Citrix Appliance | | | +--------------------------------------------+--------+------------------+ | RDP | 5.5M | Included | | VMware Horizon | | | +--------------------------------------------+--------+------------------+ | Cendio ThinLinc | 11.0M | Included | +--------------------------------------------+--------+------------------+ | Printing (Internet printing protocol CUPS) | 22.2M | Included | +--------------------------------------------+--------+------------------+ | NoMachine NX | 27.2M | Included | +--------------------------------------------+--------+------------------+ | VMware Horizon | 243.0M | Included | +--------------------------------------------+--------+------------------+ | Voice over IP (Ekiga) | 6.5M | Included | +--------------------------------------------+--------+------------------+ | Citrix Appliance | 768.0K | Included | +--------------------------------------------+--------+------------------+ | NCP Enterprise VPN Client | 27.0M | Not included | +--------------------------------------------+--------+------------------+ | Fluendo GStreamer Codec Plugins | 6.5M | Included | +--------------------------------------------+--------+------------------+ | IBM i Access Client Solutions | 128.2M | Not included | +--------------------------------------------+--------+------------------+ | Red Hat Enterprise Virtualization | 2.8M | Included | +--------------------------------------------+--------+------------------+ | Parallels Client | 6.0M | Included | +--------------------------------------------+--------+------------------+ | NVIDIA graphics driver | 260.5M | Not included | +--------------------------------------------+--------+------------------+ | Imprivata Appliance | 14.2M | Included | +--------------------------------------------+--------+------------------+ | AppliDis | 256.0K | Included | +--------------------------------------------+--------+------------------+ | Evidian AuthMgr | 2.8M | Included | +--------------------------------------------+--------+------------------+ | Hardware Video Acceleration | 14.2M | Included | +--------------------------------------------+--------+------------------+ | Extra Font Package | 1.0M | Included | +--------------------------------------------+--------+------------------+ | Fluendo GStreamer AAC Decoder | 1.2M | Included | +--------------------------------------------+--------+------------------+ | x32 Compatibility Support | 3.8M | Included | +--------------------------------------------+--------+------------------+ | Cisco JVDI client | 66.8M | Included | +--------------------------------------------+--------+------------------+ | PrinterLogic | 47.8M | Not included | +--------------------------------------------+--------+------------------+ | Biosec BS Login | 10.0M | Not included | +--------------------------------------------+--------+------------------+ | Login VSI Login Enterprise | 28.8M | Not included | +--------------------------------------------+--------+------------------+ | Stratusphere UX CID Key software | 7.5M | Not included | +--------------------------------------------+--------+------------------+ | Elastic Filebeat | 22.2M | Not included | +--------------------------------------------+--------+------------------+ | AVD | 113.8M | Included | +--------------------------------------------+--------+------------------+ | Local Browser (Chromium) | 97.5M | Not included | +--------------------------------------------+--------+------------------+ | Amazon WorkSpaces Client | 32.2M | Included | +--------------------------------------------+--------+------------------+ | deskMate Client | 5.8M | Included | +--------------------------------------------+--------+------------------+ | Cisco WebEx VDI | 70.8M | Not included | +--------------------------------------------+--------+------------------+ | Cisco Webex Meetings VDI | 129.2M | Not included | +--------------------------------------------+--------+------------------+ | Zoom Media Plugin | 124.0M | Not included | +--------------------------------------------+--------+------------------+ | DriveLock | 13.2M | Included | +--------------------------------------------+--------+------------------+ | SpeechWrite Client | 256.0K | Included | +--------------------------------------------+--------+------------------+ | IGEL Imprivata Agent | 256.0K | Included | +--------------------------------------------+--------+------------------+ | Fluendo Browser Codec Plugins | 4.0M | Included | +--------------------------------------------+--------+------------------+ | HP Factory deployment documentation | 88.5M | Included | +--------------------------------------------+--------+------------------+ | Teradici PCoIP Client | 15.5M | Included | +--------------------------------------------+--------+------------------+ | 90meter Smart Card Support | 256.0K | Included | +--------------------------------------------+--------+------------------+ | Mobile Device Access USB (Limited support) | 256.0K | Not included | | VPN OpenConnect (Limited support) | | | | Virtualbox (Limited support) | | | | Scanner support / SANE (Limited support) | | | | Limited Support Features | | | +--------------------------------------------+--------+------------------+ | Mobile Device Access USB (Limited support) | 256.0K | Not included | +--------------------------------------------+--------+------------------+ | VPN OpenConnect (Limited support) | 1.2M | Not included | +--------------------------------------------+--------+------------------+ | Scanner support / SANE (Limited support) | 2.5M | Not included | +--------------------------------------------+--------+------------------+ | Virtualbox (Limited support) | 65.2M | Not included | +--------------------------------------------+--------+------------------+ Known Issues -------------------------------------------------------------------------------- ### Citrix * To launch multiple desktop sessions with Citrix HDX RTME and Citrix H.264 acceleration plugin, the following registry key needs to be enabled: +------------+-----------------------------------------------------------------+ |Parameter |`Activate workaround for dual RTME sessions and H264 acceleration` | +------------+-----------------------------------------------------------------+ |Registry |`ica.workaround-dual-rtme` | +------------+-----------------------------------------------------------------+ |Range |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * This workaround is not applicable when "Enable Secure ICA" is active for the specific delivery group. * Adding smartcard readers during running / active session does not work. The reader is visible, but cannot be used due to unknown reader status. Only relevant for CWA versions earlier than 2112. * There are known issues with GStreamer 1.0 in combination with Citrix. These occure with multimedia redirection of H.264, MPEG1 and MPEG2. (GStreamer 1.0 is used if browser content redirection is enabled active.) * Browser content redirection does not work when DRI3 and hardware accelerated H.264 deep compression codec is enabled. * Enabled DRI3 on an AMD GPU with enabled Citrix H.264 acceleration could lead to a freeze. Selective H.264 mode (API v2) is not affected from this issue. * Citrix H.264 acceleration plugin does not work with **enabled** server policy "Optimize for 3D graphics workload" in combination with server policy "Use video codec compression" -> *"For the entire screen"**. * Currently H.264 for Citrix sessions cannot be used in parallel with video input acceleration. * With start of Self-Service it is possible that the process ServiceRecord is segfaulted - Self-Service cannot be started afterwards. A cache cleanup with reboot should help, also the following parameters should be set to true. +------------+-----------------------------------------------------------------+ |Parameter |`Clean up UI cache after Self-Service termination` | +------------+-----------------------------------------------------------------+ |Registry |`ica.selfservice.cleanupwebui` | +------------+-----------------------------------------------------------------+ |Value |**false** (default)/true | +------------+-----------------------------------------------------------------+ |Parameter |`Clean up Store cache after Self-Service termination` | +------------+-----------------------------------------------------------------+ |Registry |`ica.selfservice.cleanupstore` | +------------+-----------------------------------------------------------------+ |Value |**false** (default)/true | +------------+-----------------------------------------------------------------+ ### OSC Installer * OSC not deployable with IGEL Deployment Appliance: New version 11.3 is required for deployment of IGEL OS 11.06. and later. ### AVD * AVD MS-Teams optimization can crash the AVD client if H264 software decoder is used (fluh264dec). AVD prefers the hardware decoders (fluvadec) but when there are no hardware decoders or when all hardware decoders are in use already, the software decoder is utilized which may randomly crash the AVD client. It is likely when it crashes in a certain MS-Teams call, it might crash quite soon again when rejoining the same call. A fix for that is in development. A workaround is to disable incoming video in such MS-Teams calls, which is an option in the "..." menu from the control bar during an active call. * H264 hardware decoding for MS-Teams optimization is currently limited to non- AMD devices due to stability issues on AMD devices. ### VMware Horizon * After disconnect of an RDP-based session, the Horizon main window which contains the server or sessions overview, cannot be resized anymore. * Copying text from Horizon Blast sessions is not possible. * The on-screen keyboard in Horizon appliance mode does not work correctly with local logon. It is necessary to switch off local logon and enable the following two keys via IGEL registry: userinterface.softkeyboard.autoshow userinterface.softkeyboard.autohide * Zoom VDI Media Plugin versions below 5.8.0 make Horizon Client crash upon connection to the remote desktop when TCSetup is running at the same time. * With usage of PCoIP protocol, the virtual channel provided by VMware used for serial port and scanner redirection could freeze on logout from remote session. This happens only with enabled scanner or serial port redirection. The freeze does not occur if both redirection methods are enabled or none of them. The Blast Protocol is not affected by this bug. The respective settings can be found in the IGEL Registry: vmware.view.enable-serial-port-redir vmware.view.enable-scanner-redir * Keyboard Input Source Language Synchronization works only with usage of local layout and deadkeys enabled. If a keyboard layout is used which has deadkeys disabled (which is the default on IGEL OS), Horizon client falls back to en-US layout. * PCoIP sessions may crash in some cases, switch to Blast Protocol is recommended then. H.264/HEVC encoding can be disabled when overall performance is too low. * Client drive mapping and USB redirection for storage devices can be enabled at the same time, but this could lead to sporadical problems. Horizon Client tracks the drives which are dynamically mounted and adds them to the remote session using client drive mapping, means USB redirection is not used for theses devices then. However, in case of devices like USB SD card readers, Horizon does not map them as client drives but forcefully uses USB-redirection which results in an unclean unmount. As a work-around, the IDs of these card readers can be added to IGEL USB access rules and denied. ### Parallels Client * Attached storage devices appear as network drives in the remote session * USB device redirection is considered as experimental for the Parallels client for Linux ### Firefox * With enabled Citrix Browser Content Redirection, Firefox has no H.264 and AAC multimedia codec support. Means, when codec support is needed in Firefox, BCR needs to be disabled. Citrix Browser Content Redirection is disabled by default. ### Network * Wakeup from system suspend fails on DELL Latitude 5510 * If applications are configured to start after established network connection and network mounts are configured, spurious "Failed to start application" notifications may be shown. The applications still start. ### WiFi * TP-Link Archer T2UH WiFi adapters does not work after system suspend/resume. Workaround: Disable system suspend at IGEL Setup > System > Power Options > Shutdown. ### Cisco JVDI Client * There may be a segfault shown in the logs (during logout of Citrix Desktop session). Occurs only when using Citrix Workspace App 2010 and Cisco JVDI. ### Base system * Hyper-V (Generation 2) needs a lot of memory (RAM). The machine needs a sufficient amount of memory allocated. * Update from memory stick requires network online state (at least when multiple update stages are triggered / necessary) * Glibc has a serious memcpy performance regression on AMD Zen-based systems. ### Conky * The right screen when using multiscreen environment may not be shown correctly. Workaround: The horizontal offset should be set to the width of the monitor (e.g. if the monitor has a width of 1920, the offset should be set to 1920) ### Firmware update * On devices with 2 GB of flash storage it could happen that there is not enough space for updating all features. In this case, a corresponding error message occurs. Please visit [https://kb.igel.com/igelos-11.04/en/error-not-enough- space-on-local-drive-when-updating-to-igel-os-11-04-or-higher-32870765.html] for a possible solution and additional information. ### Appliance Mode * When ending a Citrix session in browser appliance mode, the browser is restarted twice (instead of once). * Appliance mode RHEV/Spice: spice-xpi firefox plugin is no longer supported. The "Console Invocation" has to allow 'Native' client (auto is also possible) and should be started in fullscreen to prevent any opening windows. * Browser Appliance mode can fail when the Web URL contains special control characters like ampersand (& character). Workaround: Add quotes at the beginning and the end of an affected URL. E.g.: 'https://www.google.com/search?q=aSearchTerm&source=lnms&tbm=isch' ### Audio * IGEL UD2 (D220) fails to restore the volume level of the speaker when the device used firmware version 11.01.110 before. * Audio jack detection on Advantec POC-W243L does not work. Therefore, sound output goes through a possibly connected headset and also the internal speakers. * UD3-M340C: Sound preferences are showing Headphone & Microphone, although not connected. ### Multimedia * Multimedia redirection with GStreamer could fail when using Nouveau GPU driver. ### Hardware * Some newer Delock 62599 active DisplayPort to DVI (4k) adapters only work on Intel-based devices. ### Remote Management * AIT feature with IGEL Starter License is only supported by UMS version 6.05.100 or newer. Release Notes 11.07.170 (Based On 11.07.140) -------------------------------------------------------------------------------- New Features -------------------------------------------------------------------------------- ### Citrix * Integrated Citrix Workspace App 2205. Available Citrix Workspace apps in this release: 2205 (default), 2203 and 2010 * Added registry keys for Citrix Workspace app 2205: * Authentication enhancement for Storebrowse +------------+-----------------------------------------------------------------+ |Parameter |`Disable Authentication enhancement for Storebrowse` | +------------+-----------------------------------------------------------------+ |Registry |`ica.authman.StorebrowseIPCDisabled` | +------------+-----------------------------------------------------------------+ |Value |**true**(default)/false | +------------+-----------------------------------------------------------------+ * Authentication dialog is present inside Citrix Workspace app and the store details are displayed on the login screen.ÿThe authentication tokens are encrypted and stored so that it is not necessary to reenter credentials when system or session restarts. * Email-based auto-discovery of store +------------+-----------------------------------------------------------------+ |Parameter |`Email-based auto-discovery of store` | +------------+-----------------------------------------------------------------+ |Registry |`ica.authman.AppConfigEnabled` | +------------+-----------------------------------------------------------------+ |Value |true/**false**(default) | +------------+-----------------------------------------------------------------+ * Automatically discovers the store associated with email address * Feature Flag Management +------------+-----------------------------------------------------------------+ |Parameter |`Feature flag management` | +------------+-----------------------------------------------------------------+ |Registry |`ica.module.enablelaunchdarkly` | +------------+-----------------------------------------------------------------+ |Value |disable/**enable**(default) | +------------+-----------------------------------------------------------------+ * For the case an issue occurs with Citrix Workspace app in production, it is possible to disable an affected feature dynamically in Citrix Workspace app during runtime. For that feature flags and a third-party service called LaunchDarkly are used. ### Imprivata * Improved reconnect/disconnect times with Imprivata and Horizon * Added parameter for inserting Citrix NetScaler cookie: +------------+-----------------------------------------------------------------+ |Parameter |`NetScalerÿCOOKIEINSERT` | +------------+-----------------------------------------------------------------+ |Registry |`imprivata.cookieinsert` | +------------+-----------------------------------------------------------------+ |Type |string | +------------+-----------------------------------------------------------------+ ### Cisco JVDI Client * Integrated **Cisco JVDI client 14.1.1** ### Cisco Webex * Integrated Cisco WebEx Meetings VDI Plugin 42.5.5.9 Available Webex Meetings Plugins in this release:ÿ42.5.5.9 **(default)**,ÿ42.3.1.12 and 41.12.6.12 ### Base system * Updated glibc to version 2.31-0ubuntu9.9 with memcpy improvements. * Updated IGEL EULA to version of 1st July 2022. ### Evidian * Updated rsUserAuth to version 1.5.8134 ### Remote Management * Added new generic UMS job to update HP G5 USB-C docking stations. +------------+-----------------------------------------------------------------+ | Parameter | `The path to the firmware file on the device` | +------------+-----------------------------------------------------------------+ | Registry | `update.devices.hp_g5_dock.path` | +------------+-----------------------------------------------------------------+ | Value | **/wfs/hp_g5_dock_firmware.cab** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Whether the update should proceed even if the provided firmware is older than the current one on the Dock.` | +------------+-----------------------------------------------------------------+ | Registry | `update.devices.hp_g5_dock.allow_downgrade` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ Security Fixes -------------------------------------------------------------------------------- ### Firefox * Updated Firefox to version 91.9.1 Fixes critical CVEs as below: CVE-2022-1802: Prototype pollution in Top-Level Await implementation CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution ### Chromium * Fixed chromium-browser security issues CVE-2022-1876, CVE-2022-1875, CVE-2022-1874, CVE-2022-1873, CVE-2022-1872, CVE-2022-1871, CVE-2022-1870, CVE-2022-1869, CVE-2022-1868, CVE-2022-1867, CVE-2022-1866, CVE-2022-1865, CVE-2022-1864, CVE-2022-1863, CVE-2022-1862, CVE-2022-1861, CVE-2022-1860, CVE-2022-1859, CVE-2022-1858, CVE-2022-1857, CVE-2022-1856, CVE-2022-1855, CVE-2022-1854 and CVE-2022-1853. * Updated to chromium version 102.0.5005.61. Resolved Issues -------------------------------------------------------------------------------- ### RD Web Access * Fixed virtual channel plugins in RD Web Access sessions: PhilipsSpeech, deviceTRUST, Diktamen, Grundig, Lakeside and Olympus. ### Imprivata * Fixed Imprivata data partition not fully populated/created. * Fixed FUS password not being accepted ### CUPS Printing * Fixed support for usb-to-parallel adapters ### Base system * Fixed sporadic firmware downgrade issues from 11.07 to 11.05. ### Conky * Fixed special characters in custom_text. ### Storage Devices * Added parameter for Mobile Device Access USB to ignore exposed PTP interface: +------------+-----------------------------------------------------------------+ |Parameter |`Don't query the PTP interface` | +============+=================================================================+ |Registry |`sessions.mtp-devices0.omit_ptp` | +------------+-----------------------------------------------------------------+ |Type |bool | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ ### X11 system * Added new registry key to fix issues with DP MST handling: +------------+-----------------------------------------------------------------+ | Parameter | `Use new DP MST connector setup name handling.` | +------------+-----------------------------------------------------------------+ | Tooltip | `Use this if you have issues with not getting all displays configured.` | +------------+-----------------------------------------------------------------+ | Registry | `x.drm_daemon.use_new_dp_mst_handling` | +------------+-----------------------------------------------------------------+ | Type | bool | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ ### Window manager * Fixed random restart of the panel when dragging around taskbar items. Release Notes 11.07.140 (Based On 11.07.110) -------------------------------------------------------------------------------- New Features -------------------------------------------------------------------------------- ### ThinLinc * Updated ThinLinc client to version 4.14.0 ### Chromium * Changed Safe Browsing default value to "enabled". +------------+-----------------------------------------------------------------+ |IGEL Setup |Sessions > Chromium Browser > Chromium Browser Global > Security | +============+=================================================================+ |Parameter |`Safe Browsing` | +------------+-----------------------------------------------------------------+ |Registry |`chromiumglobal.app.safebrowsing_enabled` | +------------+-----------------------------------------------------------------+ |Type |bool | +------------+-----------------------------------------------------------------+ |Value |**enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ ### Smartcard * Added support for concurrent usage of multiple smartcard middleware libraries for authentication with smartcard to Active Directory / Kerberos and Citrix. In setup on page Security>Smartcard>Middleware multiple libraries can be activated. If none is activated, OpenSC is taken as fallback. ### Cisco Webex * Integrated Cisco WebEx VDI plugin 42.4.0.21893 ### zoomvdi * Integrated Zoom VDI plugin 5.10.0.21068 Available plugins in this release: 5.10.0.21068 (default), 5.9.6.20931, and 5.4.59458 ### TC Setup (Java) * Updated TC Setup to version 6.10.2 Security Fixes -------------------------------------------------------------------------------- ### VMware Horizon * Updated Horizon Client to version 2203 8.5.0-19586897 ### Teradici PCoIP Client * Updated Teradici PCoIP Ultra client to version 22.04. ### Chromium * Fixed Chromium browser security issues CVE-2022-1641, CVE-2022-1640, CVE-2022-1639, CVE-2022-1638, CVE-2022-1637, CVE-2022-1636, CVE-2022-1635, CVE-2022-1634, CVE-2022-1633, CVE-2022-1501, CVE-2022-1500, CVE-2022-1499, CVE-2022-1498, CVE-2022-1497, CVE-2022-1496, CVE-2022-1495, CVE-2022-1494, CVE-2022-1493, CVE-2022-1492, CVE-2022-1491, CVE-2022-1490, CVE-2022-1489, CVE-2022-1488, CVE-2022-1487, CVE-2022-1486, CVE-2022-1485, CVE-2022-1484, CVE-2022-1483, CVE-2022-1482, CVE-2022-1481, CVE-2022-1480, CVE-2022-1479, CVE-2022-1478, CVE-2022-1477, CVE-2022-1314, CVE-2022-1313, CVE-2022-1312, CVE-2022-1311, CVE-2022-1310, CVE-2022-1309, CVE-2022-1308, CVE-2022-1307, CVE-2022-1306, CVE-2022-1305 and CVE-2022-1364. * Updated Chromium browser to version 101.0.4951.64 ### Firefox * Updated Mozilla Firefox to version 91.9.0 ESR * Fixes for mfsa2022-17, also known as CVE-2022-29914, CVE-2022-29909, CVE-2022-29916, CVE-2022-29911, CVE-2022-29912, CVE-2022-29917. * Fixes for mfsa2022-14, also known as CVE-2022-1097, CVE-2022-28281, CVE-2022-1196, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-24713, CVE-2022-28289. * Fixes for mfsa2022-11, also known as CVE-2022-26383, CVE-2022-26384, CVE-2022-26387, CVE-2022-26381, CVE-2022-26386. ### Base system * Fixed curl security issues CVE-2022-2777, CVE-2022-30115, CVE-2022-27782, CVE-2022-27781, CVE-2022-27780, CVE-2022-27779, CVE-2022-27778, CVE-2022-27775, CVE-2022-27774, CVE-2022-22576. * Fixed ghostscript security issue CVE-2019-25059. * Fixed libsdl1.2 security issue CVE-2021-33657. * Fixed libsepol security issues CVE-2021-36087, CVE-2021-36086, CVE-2021-36085 and CVE-2021-36084. * Fixed bash security issue CVE-2019-18276. * Fixed zulu8-ca security issues CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496 and CVE-2018-25032. * Fixed rsyslog security issue CVE-2022-24903. * Fixed mysql-5.7 security issues CVE-2022-21460, CVE-2022-21454, CVE-2022-21451, CVE-2022-21444, CVE-2022-21427 and CVE-2022-21417. * Fixed sqlite3 security issue CVE-2021-36690. * Fixed openssl1.0 security issue CVE-2022-1292. * Fixed openssl security issue CVE-2022-1292. * Fixed dbus security issue CVE-2020-35512. * Fixed nss security issue CVE-2020-25648. * Fixed dnsmasq security issue CVE-2022-0934. * Fixed cifs-utils security issues CVE-2022-29869 and CVE-2022-27239. * Fixed libxml2 security issue CVE-2022-29824. * Fixed cifs-utils security issues CVE-2022-29869 and CVE-2022-27239. * Fixed openldap security issue CVE-2022-29155. * Fixed pcre3 security issues CVE-2020-14155 and CVE-2019-20838. * Fixed tiff security issues CVE-2022-0891, CVE-2022-0865, CVE-2022-0562, CVE-2022-0561 and CVE-2020-35522. * Updated Intel microcode to version 20220510. * Updated AMD microcode to version from 20220408 * Fixed security issue CVE-2022-21151. * Fixed sshd security issue CVE-2002-20001 (Denial of Service). * Added new registry key to prevent from D(HE)ater CVE-2002-20001 DoS attacks: +------------+-----------------------------------------------------------------+ |Parameter |`Disable Diffie Hellman key exchange algorithms` | +------------+-----------------------------------------------------------------+ |Registry |`network.ssh_server.disable_dhe_kexalgorithms` | +------------+-----------------------------------------------------------------+ |Type |bool | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Fixed Nvidia security issues CVE-2022-28181, CVE-2022-28182, CVE-2022-28183 and CVE-2022-28184. Resolved Issues -------------------------------------------------------------------------------- ### Citrix * Random disconnects, segfaults or session freezes should not occur any more in Citrix sessions with hardware accelerated H.264 decoding. * Added parameter for Citrix Workspace app 2203 Keyboard sync feature: * Parameter to configure new KeyboardSyncMode as following. Windows Server may require config as well, further information via [https://docs.citrix.com/en- us/citrix-workspace-app-for-linux/configure-xenapp.html#keyboard-layout- synchronization:] +------------+-----------------------------------------------------------------+ |Parameter |`Configure KeyboardSyncMode` | +------------+-----------------------------------------------------------------+ |Registry |`ica.wfclient.keyboardsyncmode` | +------------+-----------------------------------------------------------------+ |Value |**no**(default)/dynamic/once | +------------+-----------------------------------------------------------------+ **no** - indicates that the client uses the keyboard layout present on the server. **dynamic** - synchronizes the client keyboard layout to the server when client keyboard layout is changed. **once** - when session launches * to configure new KeyboardEventMode: +------------+-----------------------------------------------------------------+ |Parameter |`Configure KeyboardEventMode` | +------------+-----------------------------------------------------------------+ |Registry |`ica.wfclient.keyboardeventmode` | +------------+-----------------------------------------------------------------+ |Value |Unicode/**Scancode**(default) | +------------+-----------------------------------------------------------------+ * Citrix recommends "Scancode" for KeyboardSyncMode=no and "Unicode" for the other values. ### RDP/IGEL RDP Client 2 * Fixed RDP drive redirection redirecting the same drive twice if storage hotplug is set to static. ### RD Web Access * Fixed RD Web ignoring RD Gateway when starting apps from browser. ### Chromium * Fixed an issue with the startup URL containing a '&' character. ### Network * Fixed 802.1X authentication method PEAP-TLS - was broken since 11.07.100 due to incompatibility with Network Manager 1.32 ### Application Launcher * Fixed application launcher starting multiple times if auto-restart was enabled. ### Base system * Fixed non working DRM/KMS driver on Zebra ET51 tablet. * Fixed downgrading from 11.07. to 11.05. firmware versions * Fixed XServer startup for Device Encryption login screen on devices with Intel-powered graphics, such as H830. ### Driver * Added bluetooth driver for Realtek RTL8852BE device. ### X11 system * Add option to force special handling of Nvidia graphics cards. +------------+-----------------------------------------------------------------+ |Parameter |`Force X injected DRM data with nvidia driver` | +------------+-----------------------------------------------------------------+ |Registry |`x.drivers.nvidia.force_quack` | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ ### X server * Fixed detection of some Nvidia Quadro T400 graphic cards. ### Remote Management * Deallocate resources used for Websocket connection after closing the connection. * Added parameter to control ICG reconnecting: +------------+-----------------------------------------------------------------+ |Parameter |Reconnect Interval (seconds) | +------------+-----------------------------------------------------------------+ |Registry |`system.remotemanager.reconnect_interval` | +------------+-----------------------------------------------------------------+ |Value |20 (default) | +------------+-----------------------------------------------------------------+ Release Notes 11.07.110 (Based On 11.07.100) -------------------------------------------------------------------------------- New Features -------------------------------------------------------------------------------- ### Citrix * Integrated Citrix Workspace App 2203. Available Citrix Workspace apps in this release: 2203 (default), 2202 and 2010 * Added registry keys for Citrix Workspace App 2203: * for configuring the new KeyboardSyncMode. Windows Server may require config, see [https://docs.citrix.com/en-us/citrix-workspace-app-for-linux/configure- xenapp.html#keyboard-layout-synchronization:] +------------+-----------------------------------------------------------------+ |Parameter |`Configure KeyboardSyncMode` | +------------+-----------------------------------------------------------------+ |Registry |`ica.wfclient.keyboardsyncmode` | +------------+-----------------------------------------------------------------+ |Value |**no**(default)/dynamic/once | +------------+-----------------------------------------------------------------+ **no** - Indicates that the client uses the keyboard layout present on the server. **dynamic** - This option synchronizes the client keyboard layout to the server when you change the client keyboard layout. **once** - when session launches * for configuring new KeyboardEventMode: +------------+-----------------------------------------------------------------+ |Parameter |`Configure KeyboardEventMode` | +------------+-----------------------------------------------------------------+ |Registry |`ica.wfclient.keyboardeventmode` | +------------+-----------------------------------------------------------------+ |Value |Unicode/**Scancode**(default) | +------------+-----------------------------------------------------------------+ * Citrix recommends "Scancode" for KeyboardSyncMode=no and "Unicode" for the other values. * Fixed implementation for DNSCacheEnabled ### AVD * Updated AVD client to version 1.0.99.7 * Added and enabled MS-Teams optimization ### VMware Horizon * Added system wide handler to start links which use the vmware-view protocol. View session can now started by chromium or any other application which uses xdg-open. * Updated Horizon Client to version 2111.1-8.4.1-19480456 which fixes the typematic (key-repeat) issue ### WiFi * Added support for Realtek 8852be WiFi cards. ### Cisco JVDI Client * Updated Cisco JVDI to version 14.1.0 ### Base system * Added new field netmask to SystemInformationLog - only relevant for specific customer ### zoomvdi * Updated Zoom Media Plugin to version 5.9.6.20931 Available Zoom Media Plugins in this release: 5.4.59458, 5.8.4.21112, and 5.9.6.20931 Security Fixes -------------------------------------------------------------------------------- ### Chromium * Fixed security issue CVE-2022-1096. * Fixed security issues CVE-2022-1232, CVE-2022-1146, CVE-2022-1145, CVE-2022-1144, CVE-2022-1143, CVE-2022-1142, CVE-2022-1141, CVE-2022-1139, CVE-2022-1138, CVE-2022-1137, CVE-2022-1136, CVE-2022-1135, CVE-2022-1134, CVE-2022-1133, CVE-2022-1132, CVE-2022-1131, CVE-2022-1130, CVE-2022-1129, CVE-2022-1128, CVE-2022-1127 and CVE-2022-1125. * Updated Chromium browser to version 100.0.4896.75 ### Base system * Fixed kernel security issues CVE-2022-1015 and CVE-2022-1016. * Fixed python2.7 security issues CVE-2022-0391 and CVE-2021-4189. * Fixed python3.6 security issues CVE-2022-0391, CVE-2021-4189 and CVE-2021-3426. * Fixed zlib security issue CVE-2018-25032. * Fixed rsync security issue CVE-2018-25032. * Fixed paramiko security issue CVE-2022-24302. * Fixed xz-utils security issue CVE-2022-1271. * Fixed tcpdump security issues CVE-2020-8037 and CVE-2018-16301. * Fixed gzip security issue CVE-2022-1271. Resolved Issues -------------------------------------------------------------------------------- ### Citrix * Fix for Self-Service enumeration problem with consecutive users when Multi user is off. Introduced new parameters to enable cleanup after Self-Service termination: +------------+-----------------------------------------------------------------+ |Parameter |`Clean up UI cache after Self-Service termination` | +------------+-----------------------------------------------------------------+ |Registry |`ica.selfservice.cleanupwebui` | +------------+-----------------------------------------------------------------+ |Value |**false** (default)/true | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |Parameter |`Clean up Store cache after Self-Service termination` | +------------+-----------------------------------------------------------------+ |Registry |`ica.selfservice.cleanupstore` | +------------+-----------------------------------------------------------------+ |Value |**false** (default)/true | +------------+-----------------------------------------------------------------+ ### RD Web Access * FixedÿRD Web Access autostart error.ÿ ### Chromium * Fixed custom downloads not working when the path was invalid * Fixed 'custom location' for Chromium Browser downloads ### Imprivata * Fixed VMware disconnect delay ### HID * Fixed issues with non working touchpads, touchscreens and multimedia keys. ### CUPS Printing * Fixed printer selection by pattern where manufacturer or product pattern could be left empty. ### Base system * Fixed loose of settings on certain hardware devices after update from a 11.05.xxx or older firmware version. * Fixed reliability of power off in case UD Pocket stick is removed. * Fixed / stabilized factory reset with enabled device encryption. ### Driver * Fixed Olympus Dictation devices DS-5000, DS-7000 and DS-9500 buttons disturbing client side window handling. ### Hardware * Fixed non working bluetooth with Mediatek MT7961. * Fixed issue with suspend/resume on Lenovo K14 Gen1 with Mediatek WiFi card. ### Remote Management * Reduced UMS communication load for asset inventory tracker (AIT) feature. Release Notes 11.07.100 -------------------------------------------------------------------------------- New Features -------------------------------------------------------------------------------- ### Citrix * Changed: For Browser Content Redirection the Chromium Embedded Framework is used by default now - Parameter ica.allregions.usecefbrowser is set to true (as default). * Added **Citrix Workspace App 2112** Available Citrix Workspace Apps in this release: 2112 (default), 2111, and 2010 * New Features: * The cursor color inverts based on the background color of a text +------------+-----------------------------------------------------------------+ |Parameter |`Support for cursor color inverting` | +------------+-----------------------------------------------------------------+ |Registry |`ica.wfclient.invertcursorenabled` | +------------+-----------------------------------------------------------------+ |Value |**False** (default)/ True | +------------+-----------------------------------------------------------------+ * Enhancement on smartcard support. +------------+-----------------------------------------------------------------+ |Parameter |`SmartCard driver` | +------------+-----------------------------------------------------------------+ |Registry |`ica.module.VirtualDriver.SmartCard.drivername` | +------------+-----------------------------------------------------------------+ |Value |**VDSCARD.DLL** (default)/ VDSCARDV2.DLL | +------------+-----------------------------------------------------------------+ * Note: VDSCARDV2.DLL supports the Plug and Play functionality for smartcard reader * The PulseAudio library is used instead of ALSA to access multiple audio devices within a session (Experimental). +------------+-----------------------------------------------------------------+ |Parameter |`Multiple Audio Device support` | +------------+-----------------------------------------------------------------+ |Registry |`ica.module.audioredirectionv4` | +------------+-----------------------------------------------------------------+ |Value |**False** (default)/ True | +------------+-----------------------------------------------------------------+ * Note: The VdcamVersion4Support is renamed to AudioRedirectionV4, so registry key "ica.module.vdcamversion4support" is removed. * UDP audio through Citrix Gateway (Experimental). +------------+-----------------------------------------------------------------+ |Parameter |`UDP audio through Citrix Gateway` | +------------+-----------------------------------------------------------------+ |Registry |`ica.module.enableudpthroughgateway` | +------------+-----------------------------------------------------------------+ |Value |**False** (default)/ True | +------------+-----------------------------------------------------------------+ * Webcam redirection for 64-bit apps (Technical Preview) For 64bit webcam redirection the following parameters must be enabled. ica.wfclient.allowaudioinput = True (default) ica.wfclient.hdxh264inputenabled = True * Added a registry key to enable hardware acceleration for webcam redirection with 64bit applications. Effect is based on prerequisites as following: ica.wfclient.allowaudioinput=true(default), ica.wfclient.hdxh264inputenabled=true, ica.wfclient.hdxwebcamenabled=true and available acceleration hardware plus license. +------------+-----------------------------------------------------------------+ |Parameter |`Enable gstreamer input hardware encoder` | +------------+-----------------------------------------------------------------+ |Registry |`ica.wfclient.gstread_encoder` | +------------+-----------------------------------------------------------------+ |Value |false/**true** (default) | +------------+-----------------------------------------------------------------+ * Known issue: Currently H.264 for Citrix sessions in parallel with above video acceleration will fail, only either or is possible. * Updated signotec Virtual Channel Driver to version 8.0.10 ### AVD * Added global proxy setting via Automatic Proxy Configuration (pac file). * The following parameters needs to be set accordingly: +------------+-----------------------------------------------------------------+ |IGEL Setup |Network > Proxy | +============+=================================================================+ |Parameter |`Automatic proxy configuration` | +------------+-----------------------------------------------------------------+ |IGEL Setup |ÿSessions > AVD > AVD Sessions > AVD Session > Proxy | +------------+-----------------------------------------------------------------+ |Parameter |`Global Proxy Setting` | +------------+-----------------------------------------------------------------+ * Added version notification when new IGEL AVD client versions are available. To disable the notification, the following parameter has been added: +------------+-----------------------------------------------------------------+ |Registry |`sessions.wvd%.options.version-check` | +------------+-----------------------------------------------------------------+ |Value |**enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ ### Parallels Client * Updated Parallels client to version 18.3.1 ### NX client * Updated NX client to version 7.8.2 ### Chromium * Removed support for TLS 1.0 and 1.1. * Updated Chromium Browser to version 99.0.4844.74. ### Firefox * Updated Mozilla Firefox to version 91.6.1 ESR. ### Network * Updated Network Manager to version 1.32. ### WiFi * Updated Network Manager to version 1.32. * Added ath11k WiFi driver. * Updated wpa_supplicant to version 2.10. ### Smartcard * Updated cryptovision sc/interface to version 8.0.13. Changes are: - Support for CardOS 5.4 / 5.5 - Support for DTRUST 4.x - Support for Bayern-PKI Legacy-Karte - Support for ePasslet-Suite-3.5 on NXP JCOP4 - Integration of CardOS based "PKIBw-Karte 7.1" (tPKI). * Added new Smartcard Middleware SecMaker Net iD Client. The existing Middleware SecMaker Net iD remains in the firmware and is renamed to SecMaker Net iD Enterprise (no need for configuration changes). +------------+-----------------------------------------------------------------+ |IGEL Setup |Security > Smartcard > Middleware | +------------+-----------------------------------------------------------------+ |Parameter |`Secmaker Net iD Client` | +------------+-----------------------------------------------------------------+ |Registry |`scard.pkcs11.use_netid-client` | +------------+-----------------------------------------------------------------+ |Value |**false** (default)/true | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Sessions > Horizon Client > Horizon Client Global > Smartcard | +------------+-----------------------------------------------------------------+ |Parameter |`Horizon logon with SecMaker Net iD Client smartcards` | +------------+-----------------------------------------------------------------+ |Registry |`vmware.view.pkcs11.use_netid-client` | +------------+-----------------------------------------------------------------+ |Value |**false** (default)/true | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Sessions > Firefox Browser > Firefox Browser Global > Smartcard Middleware | +------------+-----------------------------------------------------------------+ |Parameter |`SecMaker Net iD Client Security Device` | +------------+-----------------------------------------------------------------+ |Registry |`browserglobal.security_device.use_netid-client` | +------------+-----------------------------------------------------------------+ |Value |**false** (default)/true | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |IGEL Setup |Sessions > Chromium Browser > Chromium Browser Global > Smartcard Middleware | +------------+-----------------------------------------------------------------+ |Parameter |`SecMaker Net iD Client Security Device` | +------------+-----------------------------------------------------------------+ |Registry |`chromiumglobal.security_device.use_netid-client` | +------------+-----------------------------------------------------------------+ |Value |**false** (default)/true | +------------+-----------------------------------------------------------------+ * Updated Athena IDProtect smartcard library to version 7-20210902. This fixes smartcard logon using Horizon client and CRYPTAS TicTok v2 cards. * Added configuration parameters for options of PC/SC lite smartcard daemon which are needed in some cases: +------------+-----------------------------------------------------------------+ |Parameter |`Maximum number of threads` | +------------+-----------------------------------------------------------------+ |Registry |`scard.pcscd.max_thread` | +------------+-----------------------------------------------------------------+ |Value |**200** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |Parameter |`Maximum number of card handles per thread` | +------------+-----------------------------------------------------------------+ |Registry |`scard.pcscd.max_card_handle_per_thread` | +------------+-----------------------------------------------------------------+ |Value |**200** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |Parameter |`Maximum number of card handles per reader` | +------------+-----------------------------------------------------------------+ |Registry |`scard.pcscd.max_card_handle_per_reader` | +------------+-----------------------------------------------------------------+ |Value |**200** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |Parameter |`Keep card always powered on` | +------------+-----------------------------------------------------------------+ |Registry |`scard.pcscd.power_on` | +------------+-----------------------------------------------------------------+ |Value |**false** (default) | +------------+-----------------------------------------------------------------+ ### Cisco Webex * Updated Cisco WebEx VDI plugin to version 42.2 * Updated Cisco WebEx Meeting VDI plugins. Available plugins in this release: 42.3.1.12 (default), 42.2.4.12, and 41.10.11.5 ### Base system * Added support for Thai keyboard layout and localization. * Updated kernel to version 5.15.26 * Fixed security issue CVE-2022-0185. * Updated intel-microcode to version 20220207 to fix security issues CVE-2021-0127 and CVE-2021-0146. * Updated mesa to version 21.3.7. * Switched to Ubuntu Focal version of glibc. * Switched to Ubuntu Focal version of libstdc++6 * Updated HP documentation for devices deployed directly by HP. * Added new registry key to include systemd information in the support files. +------------+-----------------------------------------------------------------+ |Parameter |`Collect systemd information for support files` | +------------+-----------------------------------------------------------------+ |Registry |`debug.collect_sysd_info_for_support` | +------------+-----------------------------------------------------------------+ |Value |**disabled** (default) / enabled | +------------+-----------------------------------------------------------------+ * Added new registry key to include systemd-analyze plot in the support files. +------------+-----------------------------------------------------------------+ |Parameter |`Include systemd-analyze plot svg-image in support files` | +------------+-----------------------------------------------------------------+ |Registry |`debug.create_sysd_plot_for_support` | +------------+-----------------------------------------------------------------+ |Value |**disabled** (default) / enabled | +------------+-----------------------------------------------------------------+ * Teradici PCoIP Client does not require an Add-On license anymore, this is now part of the Workspace Edition license. * Added new registry key to switch between the default (igel) and the unchanged asound2 pulse plugin type: +------------+-----------------------------------------------------------------+ | Parameter | `Asound2 plugins type` | +------------+-----------------------------------------------------------------+ | Registry | `multimedia.alsa.asound2_plugin_type` | +------------+-----------------------------------------------------------------+ | Range | [default][igel][vanilla] | +------------+-----------------------------------------------------------------+ | Value | **default** | +------------+-----------------------------------------------------------------+ ### CID Key Agent * Updated Stratusphere UX Agent to version 6.6.0-3 ### Driver * Updated Philips Speech dictation drivers to version 13.1.10. Changes are amongst others: - Increased rebustness in session switching/roaming use cases - Support of Philips SmartMike Duo USB devices - RDP plugins now use native freerdp instead of elusiva interface ### X server * Updated Xorg server to version 21.1 ### Window manager * Added: Location of the notification pop-up window is now configurable. +------------+-----------------------------------------------------------------+ |Parameter |`Location of notifications` | +------------+-----------------------------------------------------------------+ |Registry |`windowmanager.wm%.variables.notifications.location` | +------------+-----------------------------------------------------------------+ |Range | [Top left][Bottom left][Top right][Bottom right][Center] | +------------+-----------------------------------------------------------------+ |Value |**Bottom right** | +------------+-----------------------------------------------------------------+ ### Audio * Added audio support for LG AiO with Realtek ALC256 chipset. * Updated EPOS Connect to version 7.0.0.19714. ### Multimedia * Added a parameter to control the webcam powerline frequency. The "Auto" option uses the camera's default settings. +------------+-----------------------------------------------------------------+ | IGEL Setup | Registry > multimedia > webcam | +============+=================================================================+ | Parameter |`powerline_frequency` | +------------+-----------------------------------------------------------------+ | Registry |`multimedia.webcam.powerline_frequency` | +------------+-----------------------------------------------------------------+ |Range | [ **Auto** ][50 HZ][60 HZ] | +------------+-----------------------------------------------------------------+ ### zoomvdi * Updated Zoom VDI plugin to version 5.9.0.20720 Available plugins in this release: 5.9.0.20720 (default), 5.8.4.21112, and 5.4.59458 ### Misc * Added representation of all systemd-units installed in the firmware is now included in the support_information, which can be created within in the UMS. ### Hardware * Added HP mt46 Mobile Thin Client into supported hardware list. * Updated NVIDIA driver to version 470.86. * Added gddccontrol to control monitor parameters like brightness, contrast and so on. ### TC Setup (Java) * Updated TC Setup to version 6.10.1. ### Remote Management * Added: Transfer details (MAC addresses etc.) of all available network adapters. * Added support for device specific attributes defined by the UMS. The list of device attributes is received from the UMS during boot. To access the data the new rmagent commands are available: /sbin/rmagent-devattrs-enum Enumerate the list in the form: ATTR_NAME:ATTR_TYPE:ATTR_VALUE. The enumeration is ordered according to the attribute's order id. /sbin/rmagent-devattrs-enum-range \ Enumerate entries of the given range. The enumeration is ordered according to the range item's order id. /sbin/rmagent-devattrs-get-type \ Print type of the given attribute. Known types are string, number, data or range. /sbin/rmagent-devattrs-get \ Print value of the given attribute. /sbin/rmagent-devattrs-set \ \ Set the given attribute to the specified value. The command doesn't check value type but permission rule defined for the attribute. /sbin/rmagent-devattrs-reset \ Reset the given attribute, the attribute doesn't have then an empty value. /sbin/rmagent-devattrs-sync Calculate current checksum and send the attribute list to the UMS if the checksum is differ than the sum received from the UMS. /sbin/rmagent-write-device-attributes Send the attribute list to the UMS. As attribute name, the UMS internal name of the attribute must be used. ### Fabulatech * Updated Fabulatech USB Redirection Client Plugins to 3.8.0 * Updated FabulaTech USB for Remote Desktop to version 6.0.35. * Added: FabulaTech device redirection now works with Horizon Blast Security Fixes -------------------------------------------------------------------------------- ### Chromium * Fixed chromium-browser security issues CVE-2021-37973, CVE-2021-37972, CVE-2021-37971, CVE-2021-37970, CVE-2021-37969, CVE-2021-37968, CVE-2021-37967, CVE-2021-37966, CVE-2021-37965, CVE-2021-37964, CVE-2021-37963, CVE-2021-37962, CVE-2021-37961, CVE-2021-37960, CVE-2021-37959, CVE-2021-37958, CVE-2021-37957, CVE-2021-37956, CVE-2021-30633, CVE-2021-30632, CVE-2021-30631, CVE-2021-30630, CVE-2021-30629, CVE-2021-30628, CVE-2021-30627, CVE-2021-30626, CVE-2021-30625, CVE-2021-30624, CVE-2021-30623, CVE-2021-30622, CVE-2021-30621, CVE-2021-30620, CVE-2021-30619, CVE-2021-30618, CVE-2021-30617, CVE-2021-30616, CVE-2021-30615, CVE-2021-30614, CVE-2021-30613, CVE-2021-30612, CVE-2021-30611, CVE-2021-30610, CVE-2021-30609, CVE-2021-30608, CVE-2021-30607, CVE-2021-30606, CVE-2021-30604, CVE-2021-30603, CVE-2021-30602, CVE-2021-30601, CVE-2021-30600, CVE-2021-30599, CVE-2021-30598, CVE-2021-30597, CVE-2021-30596, CVE-2021-30594, CVE-2021-30593, CVE-2021-30592, CVE-2021-30591, CVE-2021-30590, CVE-2021-30589, CVE-2021-30588, CVE-2021-30587, CVE-2021-30586, CVE-2021-30585, CVE-2021-30584, CVE-2021-30583, CVE-2021-30582, CVE-2021-30581, CVE-2021-30580, CVE-2021-30579, CVE-2021-30578, CVE-2021-30577, CVE-2021-30576, CVE-2021-30575, CVE-2021-30574, CVE-2021-30573, CVE-2021-30572, CVE-2021-30571, CVE-2021-30569, CVE-2021-30568, CVE-2021-30567, CVE-2021-30566, CVE-2021-30565, CVE-2021-37976, CVE-2021-37975, CVE-2021-37974, CVE-2021-37977, CVE-2021-37979, CVE-2021-37980, CVE-2021-37981, CVE-2021-37982, CVE-2021-37983, CVE-2021-37984, CVE-2021-37985, CVE-2021-37986, CVE-2021-37987, CVE-2021-37988, CVE-2021-37989, CVE-2021-37990, CVE-2021-37991, CVE-2021-37992, CVE-2021-37993, CVE-2021-37996, CVE-2021-37994, CVE-2021-37995, CVE-2021-38003, CVE-2021-38002, CVE-2021-38001, CVE-2021-38000, CVE-2021-37999, CVE-2021-37998 and CVE-2021-37997. ### Base system * Fixed binutils security issues CVE-2021-3487 and CVE-2020-16592. * Fixed bind9 security issue CVE-2021-25219. * Fixed libcaca security issues CVE-2021-30499 and CVE-2021-30498. * Fixed icu security issue CVE-2020-21913. * Fixed mysql-5.7 security issues CVE-2021-35624, CVE-2021-35604, CVE-2022-21367, CVE-2022-21344, CVE-2022-21304, CVE-2022-21303, CVE-2022-21270 and CVE-2022-21245. * Fixed postgresql-10 security issues CVE-2021-23222 and CVE-2021-23214. * Fixed nfs-utils security issue CVE-2019-3689. * Fixed openssh security issue CVE-2021-41617. * Fixed qemu security issues CVE-2021-3748, CVE-2021-3713, CVE-2021-3682, CVE-2021-3638, CVE-2021-3608, CVE-2021-3607, CVE-2021-3582, CVE-2021-3546, CVE-2021-3545, CVE-2021-3544, CVE-2021-3527, CVE-2021-3416, CVE-2021-3409, CVE-2021-3392, CVE-2021-20263, CVE-2021-20257, CVE-2021-20221, CVE-2021-20181, CVE-2020-35517, CVE-2020-35506, CVE-2020-35505, CVE-2020-35504, CVE-2020-29443, CVE-2020-25085, CVE-2020-17380, CVE-2021-20203, CVE-2021-20196, CVE-2021-20255 and CVE-2021-4158. * Fixed tpm2-tools security issue CVE-2021-3565. * Fixed chromium-browser security issues CVE-2021-38022, CVE-2021-38021, CVE-2021-38020, CVE-2021-38019, CVE-2021-38018, CVE-2021-38017, CVE-2021-38016, CVE-2021-38015, CVE-2021-38014, CVE-2021-38013, CVE-2021-38012, CVE-2021-38011, CVE-2021-38010, CVE-2021-38009, CVE-2021-38008, CVE-2021-38007, CVE-2021-38006, CVE-2021-38005, CVE-2021-4102, CVE-2021-4101, CVE-2021-4100, CVE-2021-4099, CVE-2021-4098, CVE-2021-4078, CVE-2021-4068, CVE-2021-4066, CVE-2021-4065, CVE-2021-4064, CVE-2021-4063, CVE-2021-4062, CVE-2021-4059, CVE-2021-4058, CVE-2021-4057, CVE-2021-4056, CVE-2021-4055, CVE-2021-4054, CVE-2021-4053, CVE-2021-4052, CVE-2022-0120, CVE-2022-0118, CVE-2022-0117, CVE-2022-0116, CVE-2022-0115, CVE-2022-0114, CVE-2022-0113, CVE-2022-0112, CVE-2022-0111, CVE-2022-0110, CVE-2022-0109, CVE-2022-0108, CVE-2022-0107, CVE-2022-0106, CVE-2022-0105, CVE-2022-0104, CVE-2022-0103, CVE-2022-0102, CVE-2022-0101, CVE-2022-0100, CVE-2022-0099, CVE-2022-0098, CVE-2022-0097, CVE-2022-0096, CVE-2022-0311, CVE-2022-0310, CVE-2022-0309, CVE-2022-0308, CVE-2022-0307, CVE-2022-0306, CVE-2022-0305, CVE-2022-0304, CVE-2022-0302, CVE-2022-0301, CVE-2022-0300, CVE-2022-0298, CVE-2022-0297, CVE-2022-0296, CVE-2022-0295, CVE-2022-0294, CVE-2022-0293, CVE-2022-0292, CVE-2022-0291, CVE-2022-0290, CVE-2022-0289, CVE-2022-0980, CVE-2022-0979, CVE-2022-0978, CVE-2022-0977, CVE-2022-0976, CVE-2022-0975, CVE-2022-0974, CVE-2022-0973, CVE-2022-0972 and CVE-2022-0971. * Fixed vim security issues CVE-2021-3928, CVE-2021-3927, CVE-2021-3903, CVE-2021-4069, CVE-2021-4019 and CVE-2021-3984. * Fixed hivex security issue CVE-2021-3504. * Fixed heimdal security issue CVE-2021-3671. * Fixed nss security issue CVE-2021-43527. * Fixed glib2.0 security issue CVE-2021-3800. * Fixed python3.6 security issues CVE-2021-3737 and CVE-2021-3733. * Fixed samba security issues CVE-2021-3671, CVE-2020-25722, CVE-2020-25717, CVE-2016-2124 and CVE-2021-44142. * Fixed xorg-server security issues CVE-2021-4011, CVE-2021-4010, CVE-2021-4009 and CVE-2021-4008. * Fixed webkit2gtk security issues CVE-2021-30809, CVE-2021-30836, CVE-2021-30818, CVE-2021-30823, CVE-2021-30884, CVE-2021-30888, CVE-2021-30889, CVE-2021-30897, CVE-2021-30887, CVE-2021-30890, CVE-2021-45482, CVE-2021-45481, CVE-2021-45483, CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, CVE-2021-30984, CVE-2022-22592, CVE-2022-22590, CVE-2022-22589 and CVE-2022-22620. * Fixed policykit-1 security issue CVE-2021-4034. * Fixed bluez security issues CVE-2021-43400 and CVE-2021-41229. * Fixed ghostscript security issues CVE-2021-45949 and CVE-2021-45944. * Fixed lxml security issue CVE-2021-43818. * Fixed pillow security issues CVE-2022-22817, CVE-2022-22816, CVE-2022-22815, CVE-2021-34552 and CVE-2021-23437. * Fixed systemd security issue CVE-2021-3997. * Fixed bubblewrap security issue CVE-2020-5291. * Fixed libgcrypt20 security issues CVE-2021-40528, CVE-2021-33560 and CVE-2019-13627. * Fixed ntfs-3g security issues CVE-2021-39263, CVE-2021-39262, CVE-2021-39261, CVE-2021-39260, CVE-2021-39259, CVE-2021-39258, CVE-2021-39257, CVE-2021-39256, CVE-2021-39255, CVE-2021-39254, CVE-2021-39253, CVE-2021-39252, CVE-2021-39251, CVE-2021-35269, CVE-2021-35268, CVE-2021-35267, CVE-2021-35266, CVE-2021-33289, CVE-2021-33287, CVE-2021-33286 and CVE-2021-33285. * Fixed cifs-utils security issues CVE-2021-20208 and CVE-2020-14342. * Fixed qtsvg-opensource-src security issues CVE-2021-45930, CVE-2021-3481 and CVE-2018-19869. * Fixed webkit2gtk security issues CVE-2021-30809, CVE-2021-30836, CVE-2021-30818, CVE-2021-30823, CVE-2021-30884, CVE-2021-30888, CVE-2021-30889, CVE-2021-30897, CVE-2021-30887, CVE-2021-30890, CVE-2021-45482, CVE-2021-45481, CVE-2021-45483, CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954 and CVE-2021-30984. * Fixed shadow security issue CVE-2018-7169. * Fixed ldns security issues CVE-2020-19861 and CVE-2020-19860. * Fixed expat security issues CVE-2022-23990, CVE-2022-23852, CVE-2022-22827, CVE-2022-22826, CVE-2022-22825, CVE-2022-22824, CVE-2022-22823, CVE-2022-22822, CVE-2021-46143, CVE-2021-45960, CVE-2019-15903, CVE-2018-20843, CVE-2013-0340, CVE-2022-25315, CVE-2022-25314, CVE-2022-25313, CVE-2022-25236 and CVE-2022-25235. * Fixed libvirt security issues CVE-2021-4147 and CVE-2021-3667. * Fixed libproxy security issues CVE-2020-26154 and CVE-2020-25219. * Fixed libssh security issues CVE-2020-1730, CVE-2019-14889, CVE-2018-10933, CVE-2021-3634 and CVE-2020-16135. * Fixed speex security issue CVE-2020-23903. * Fixed libxml2 security issue CVE-2022-23308. * Fixed cyrus-sasl2 security issue CVE-2022-24407. * Fixed glibc security issues CVE-2022-23219, CVE-2022-23218, CVE-2021-3999, CVE-2021-35942, CVE-2021-3326, CVE-2021-27645, CVE-2020-6096, CVE-2020-29562, CVE-2020-27618, CVE-2019-25013 and CVE-2016-10228. * Fixed openssl1.0 security issue CVE-2022-0778. * Fixed openssl security issue CVE-2022-0778. * Fixed tar security issue CVE-2021-20193. * Fixed bind9 security issue CVE-2021-25220. * Fixed openvpn security issue CVE-2022-0547. * Fixed duplicated User IDs. * Fixed kernel security issue CVE-2022-0847, also known as Dirty Pipe. * Fixed security issues CVE-2021-0127 and CVE-2021-0146 via updated intel- microcode to version 20220207 Resolved Issues -------------------------------------------------------------------------------- ### Citrix * With CWA 2012 Citrix has revised the client drive mapping, with which we can no longer preset the right of the drives. Since then, the user can assign these rights in the session itself. So that this selection remains also over a reboot, we store the necessary file persistently on our system. * Updated window manager so that the proxy Authentication window comes to the foreground and is focused when the Citrix Brower content redirection with Cef is used. * Fixed window settings for Citrix Desktop sessions * Added parameter for Browser Content Redirection with CEF to enable global proxy support. +------------+-----------------------------------------------------------------+ |Parameter |`Browser content redirection with CEF via proxy` | +------------+-----------------------------------------------------------------+ |Registry |`ica.module.virtualdriver.webpageredirection.cef_proxy_env` | +------------+-----------------------------------------------------------------+ |Value |**true** (default) / false | +------------+-----------------------------------------------------------------+ * Fixed multimedia support for Citrix when used HWA in Firefox. * Fixed high CPU load in MS Teams and Citrix Workspace App 2112. ### OSC Installer * Fixed OSC Recovery with enabled "Migrate Old Settings" * Fixed OSC issue with bogus character in license type field and not shown addon licenses. * Fixed returning to installer after closing Factory ID window. ### AVD * Added several performance optimizations. ### RDP/IGEL RDP Client 2 * Fixed wrong error message when RDP session was closed by idle timeout. ### RD Web Access * Fixed RD Web Access windows moving out of the screen. * Fixed downloading published applications. ### Parallels Client * Fixed multi-monitor issues. ### X session (Xephyr) * Fixed segfault with xdmcp sessions to an OpenVMS environment. * Fixed fullscreen and workarea x sessions that are expanded over 2 or more monitors: The session window opens properly and the single monitors are detected inside the x session. * Fixed host chooser button events in x sessions with connection type "indirect via localhost". ### Firefox * Fixed usage of Athena IDProtect smartcards. * Fixed usage of IGEL extensions when private browsing is enabled. These are important to set restricted kiosk mode settings. * Fixed installed translations for user interface. * Fixed download prevention with restricted / hidden file system access. Without the fix, the current browser implicitly put the file into the standard Downloads folder - without the possibility to interfere. * Fixed crash which always occurred during the internal probing of 3D support for WebGL. So WebGL is now available again for the supported display drivers. * Fixed client certificate management via IGEL TC Setup. Firefox's standard certificate dialog is used now. ### Chromium * Fixed comma-separated strings in custom policies broke some Chromium Browser policies. * Fixed emojis have not been loaded in Chromium (also affects Chromium Embedded Framework). * Removed "What's new" tab showing on the first start and after Chromium updates. ### Network * Fixed could not mount issue with some NFS 4.1 and 4.2 servers (QNAP). * Fixed global no-proxy list getting effective via gconf2. This e.g. can help Citrix Workspace App using the right proxy configuration. * Removed now unsupported samba security modes (NTLM, NTLMi and LanMan) as these would cause mount failures. This removes also support for very old SMB v1 servers. Changed following registry key to: +------------+-----------------------------------------------------------------+ |Parameter |`Security Mode` | +------------+-----------------------------------------------------------------+ |Registry |`network.smbmount%.security_mode` | +------------+-----------------------------------------------------------------+ |Range | [default][ntlmv2][NTLMSSP][ntlmv2i][NTLMSSPi] | +------------+-----------------------------------------------------------------+ |Value |**default** | +------------+-----------------------------------------------------------------+ ### WiFi * Added setup registry key to select between wpa_supplicant/iwd as Wireless back-end. * AVM Fritz!WLAN N v2 USB Stick, only works with iNet Wireless Daemon (iwd) as Wi-Fi back-end. +------------+-----------------------------------------------------------------+ |Parameter |`Wi-Fi backend` | +------------+-----------------------------------------------------------------+ |Registry |`network.interfaces.wirelesslan.wireless_backend` | +------------+-----------------------------------------------------------------+ |Range | [iNet Wireless Daemon (iwd)] | +------------+-----------------------------------------------------------------+ |Value |**Wi-Fi Protected Access client and IEEE 802.1X supplicant (wpa_supplicant)** | +------------+-----------------------------------------------------------------+ * Fixed issue with TP-Link AC600 not working on 5GHz (8821au driver). * Improved reconfiguring regulatory domain settings at runtime ### Open VPN **Added config parameter for extending arguments of VPN command: +------------+-----------------------------------------------------------------+ |Registry |`sessions.openvpn%.vpnopts.extend_opts` | +------------+-----------------------------------------------------------------+ |Value |extend parameter as string | +------------+-----------------------------------------------------------------+ * Enter parameter starting with `--`. Example: `--ping 10 --ping-restart 120` * Parameters that are already set in the GUI must not be used. ### Imprivata * Fixed Imprivata data partition: remove outdated artefacts, keep latest version of the configuration-editor ### Smartcard * Added option to unlock screen lock in case of Kerberos smartcard login by only checking the PIN of the smart card. +------------+-----------------------------------------------------------------+ |Parameter |`Only check smartcard PIN on unlock` | +------------+-----------------------------------------------------------------+ |Registry |`auth.login.pkcs11_screenlock_unlock` | +------------+-----------------------------------------------------------------+ |Value |**false** (default)/true | +------------+-----------------------------------------------------------------+ * Fixed: Maximum number of simultaneous smartcard contexts were raised in smartcard resource manager PC/SC lite. ### HID * Changed default of userinterface.touchpad.tapping.TapButton1 registry key to 1 so tapping is active as default again (if set to 0 tapping is disabled) ### CUPS Printing * Fixed handling of more than one printer and printer selection by USB IDs. - Fixed classification of some HP printers as scanners only which made printing impossible because of missing access rights. * Fixed TCP/IP print server functionality with USB printers. Printing was not possible in some cases, e.g. when certain other USB devices were connected. ### Base system * Added driver for several Intel SOC NVME controller. Required for e.g. HP G8 250. * Added new parameter for custom font path configuration. Add a new instance for each custom font path: +------------+-----------------------------------------------------------------+ |Parameter |`Enable Custom Font Path` | +------------+-----------------------------------------------------------------+ |Registry |`x.fontpaths.custom.enabled` | +------------+-----------------------------------------------------------------+ |Value |enabled/**disabled** (default) | +------------+-----------------------------------------------------------------+ |Parameter |`Custom Font Path` | +------------+-----------------------------------------------------------------+ |Registry |`x.fontpaths.custom.path` | +------------+-----------------------------------------------------------------+ |Parameter |`Font Path Position` | +------------+-----------------------------------------------------------------+ |Registry |`x.fontpaths.custom.position` | +------------+-----------------------------------------------------------------+ |Value |99 (default) | +------------+-----------------------------------------------------------------+ * Fixed display configuration problems caused by wrong access permissions of /wfs/user/graphic folder. * Fixed battery indicator. * Fixed Setup Assistant - After acceptance of EULA, Demo License flow was not available * Fixed wrongly shown Starter license info in Product ID on fully licensed devices. * Fixed product id for IGEL UD6. * Fixed issues with global proxy configuration. * Fixed sporadic failures while custom partition initialisation. * Fixed Finish button label in Setup Assistant. * Fixed missing generation number in Product ID (About and UMS). * Fixed applications from custom partition get killed when network is up. * Fixed IGEL system uses far too much RAM inside a VM. * Added registry key to allow old weak public key algorithms for older SSH servers. +------------+-----------------------------------------------------------------+ |Parameter |`Disable weak Pubkey algorithms` | +------------+-----------------------------------------------------------------+ |Registry |`network.ssh_client.disable_weak_pubkey_algos` | +------------+-----------------------------------------------------------------+ |Type |bool | +------------+-----------------------------------------------------------------+ |Value |**enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ * Added registry key to switch between the default (igel) and the unchanged asound2 pulse plugin type: +------------+-----------------------------------------------------------------+ |Parameter |`Asound2 plugins type` | +------------+-----------------------------------------------------------------+ |Registry |`multimedia.alsa.asound2_plugin_type` | +------------+-----------------------------------------------------------------+ |Range | [default][igel][vanilla] | +------------+-----------------------------------------------------------------+ |Value |**default** | +------------+-----------------------------------------------------------------+ ### Driver * Fixed Citrix terminate with Olympus RM4010P connected and hardware button pressed. * Fixed Olympus FootSwitch being detected as mouse buttons. * Added driver forÿMediaTek MT7921. * Fixed several problems of MediaTek MT7921 driver. ### X11 system * Added new registry keys which can be useful to fix issues with monitors not waking up after DPMS off events. +------------+-----------------------------------------------------------------+ |Parameter |`Quirk for DPMS Off to On event.` | +------------+-----------------------------------------------------------------+ |Registry |`x.dpms_quirks.off_on.quirk` | +------------+-----------------------------------------------------------------+ |Range | [none][refresh-change] | +------------+-----------------------------------------------------------------+ |Value |**none** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ |Parameter |`Wait time in seconds before executing quirk after DPMS event.` | +------------+-----------------------------------------------------------------+ |Registry |`x.dpms_quirks.off_on.wait_before` | +------------+-----------------------------------------------------------------+ |Type |string | +------------+-----------------------------------------------------------------+ |Value |1 **Default** | +------------+-----------------------------------------------------------------+ |Parameter |`Wait time in seconds between two quirk states.` | +------------+-----------------------------------------------------------------+ |Registry |`x.dpms_quirks.off_on.wait_between` | +------------+-----------------------------------------------------------------+ |Type |string | +------------+-----------------------------------------------------------------+ |Value |3 **Default** | +------------+-----------------------------------------------------------------+ |Parameter |`Wait time in seconds after execution of quirk.` | +------------+-----------------------------------------------------------------+ |Registry |`x.dpms_quirks.off_on.wait_after` | +------------+-----------------------------------------------------------------+ |Type |string | +------------+-----------------------------------------------------------------+ |Value |1 **Default** | +------------+-----------------------------------------------------------------+ |Parameter |`Xrandr connector names where quirk should apply (empty means all)` | +------------+-----------------------------------------------------------------+ |Registry |`x.dpms_quirks.off_on.connectors_to_quirk` | +------------+-----------------------------------------------------------------+ |Type |string | +------------+-----------------------------------------------------------------+ |Value |empty **Default** | +------------+-----------------------------------------------------------------+ ### X server * Fixed monitor configuration when modesetting graphics driver is enabled. * Added new registry keys for xorg modesetting options: +------------+-----------------------------------------------------------------+ | Parameter | `Use linear framebuffer instead of tiling one.` | +------------+-----------------------------------------------------------------+ | Registry | `x.drivers.modesetting.use_linear_framebuffer` | +------------+-----------------------------------------------------------------+ | Range | [Default][True][False] | +------------+-----------------------------------------------------------------+ | Value | **Default** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Use variable refresh rate.` | +------------+-----------------------------------------------------------------+ | Registry | `x.drivers.modesetting.use_variable_refresh` | +------------+-----------------------------------------------------------------+ | Range | [Default][True][False] | +------------+-----------------------------------------------------------------+ | Value | **Default** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Use async flips for secondary video outputs on multi-display setups.` | +------------+-----------------------------------------------------------------+ | Registry | `x.drivers.modesetting.use_async_flip_secondaries` | +------------+-----------------------------------------------------------------+ | Range | [Default][True][False] | +------------+-----------------------------------------------------------------+ | Value | **Default** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Use DRI3 page flipping.).` | +------------+-----------------------------------------------------------------+ | Registry | `x.drivers.modesetting.use_page_flip` | +------------+-----------------------------------------------------------------+ | Range | [Default][True][False] | +------------+-----------------------------------------------------------------+ | Value | **Default** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Use shadow framebuffer layer (default on).` | +------------+-----------------------------------------------------------------+ | Registry | `x.drivers.modesetting.use_shadow_fb` | +------------+-----------------------------------------------------------------+ | Range | [Default][True][False] | +------------+-----------------------------------------------------------------+ | Value | **Default** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Use double buffer for shadow updates (default depends on hardware).` | +------------+-----------------------------------------------------------------+ | Registry | `x.drivers.modesetting.use_double_shadow` | +------------+-----------------------------------------------------------------+ | Range | [Default][True][False] | +------------+-----------------------------------------------------------------+ | Value | **Default** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Use software cursor (default off).` | +------------+-----------------------------------------------------------------+ | Registry | `x.drivers.modesetting.use_sw_cursor` | +------------+-----------------------------------------------------------------+ | Range | [Default][True][False] | +------------+-----------------------------------------------------------------+ | Value | **Default** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Use gamma look up table (warning some devices have problems with this).` | +------------+-----------------------------------------------------------------+ | Registry | `x.drivers.modesetting.use_gamma_lut` | +------------+-----------------------------------------------------------------+ | Range | [Default][True][False] | +------------+-----------------------------------------------------------------+ | Value | **Default** | +------------+-----------------------------------------------------------------+ ### Window manager * Fixed taskbar clock is displaying seconds (again) if enabled in system registry. * Fixed taskbar was displayed incorrectly in some special configuration cases. ### VirtualBox * Added new registry key to disable initial boot framebuffer +------------+-----------------------------------------------------------------+ | Parameter | `Disable use of initial boot framebuffer.` | +------------+-----------------------------------------------------------------+ | Registry | `system.kernel.bootparams.vga_off` | +------------+-----------------------------------------------------------------+ | Type | bool | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ ### Audio * Fixed multimedia.disable_audio.pci registry key setting. * Fixed switch of Speaker / Headsets ### Multimedia * Added new registry key to prefer i965 VAAPI driver over iHD (if usage of iHD cause trouble) +------------+-----------------------------------------------------------------+ | Parameter | `Prefer i965 over iHD VAAPI driver` | +------------+-----------------------------------------------------------------+ | Registry | `multimedia.vaapi.prefer_i965` | +------------+-----------------------------------------------------------------+ | Range | [Default][Prefer][Force] | +------------+-----------------------------------------------------------------+ | Value | **Default** | +------------+-----------------------------------------------------------------+ ### Remote Management * Fixed opening communication ports in rmagent - now all network ports use IPv4 only. * Fixed keepalive mechanism in rmagent. The mechanism must prevent premature closing connection by the UMS if a remote command takes a time period over 30 seconds. * Fixed removing files in the file transfer mechanism. Files are properly removed from the file system, when files are not assigned anymore to a device in the UMS. * Fixed UMS file transfer of trusted certificates which have spaces in file names. * Fixed IP address retrieving of an WLAN interface. * Fixed losing ICG connection on switching from LAN to WLAN - now a new ICG connection is established. * Fixed spurious creation of empty directories /wfs/ca-certs?* and /wfs/user?* when using certificates with spaces in filenames for file transfer. * Changed applying of remote settings received during boot - the settings are synced with the current local settings at the end of the boot process. If these changes require a system interaction to be applied (like restart of some services) then the user is asked about applying. The dialog is optional and quits after a timeout. This bugfix solves the problem, that the "Apply changes" dialog is shown on every boot. * Fixed evaluation of the exit status of a UMS generic job if the corresponding generic command is implemented as a systemd service. ### IGEL Cloud Gateway * Fixed exchange of the ICG certificate chain. ### VNC * Fixed keyboard mapping in shadowing sessions, especially with backslash, euro and at keys in French keyboard layout.