Apache Guacamole Remote Gateway 1.3.0 veröffentlicht

Apache Guacamole

Apache Guacamole ist ein Remote Desktop Gateway, dass dank der Nutzung von HTML5, ohne jeglichen Client oder Plugin auskommt. Es kann Verbindungen zu VNC Servern, Servern die das Remotedesktop Protokoll RDP unterstützen, Telnet und SSH Verbindungen aufbauen. Dadurch können Remotedesktopverbindungen von überall aus aufgebaut werden. Es wird lediglich eine Netzwerkverbindung zum Ziel und ein Webbrowser benötigt. Das tolle an Apache Guacamole ist dass es Open-Source ist und unter der Apache Lizenz V2, steht. Wer Apache Guacamole im Businessumfeld einsetzen möchte, der kann auf eine der Supportfirmen für Enterprise Kunden, zurückgreifen.

Die neue Version wurde am 1.3.0 veröffentlicht. Die neue Version bringt Support für das automatische Abfragen der Logindaten von Benutzern für deren Remotedesktop, User Group Support für CAS und OpenID und behebt diverse Fehler.

Apache Guacamole 1.3.0 Release Notes

User interface / platform

  • Parameter prompting within client interface (GUACAMOLE-221)
  • Objects may appear duplicated if access is granted via multiple groups (GUACAMOLE-1021)
  • Support automatic conversion of usernames to lowercase/uppercase via parameter tokens (GUACAMOLE-1081)
  • Ctrl+Alt+End(Supr) keyboard shortcut only works once (GUACAMOLE-1125)
  • Connection group permissions do not correctly determine presence of save/delete buttons (GUACAMOLE-1150)

Docker images

  • Add support for TOTP to Guacamole Docker image (GUACAMOLE-753)
  • Add support for HTTP header authentication to Guacamole Docker image (GUACAMOLE-857)
  • Update base image of Guacamole Docker image (GUACAMOLE-980)
  • Add environment variables for ldap-user-attributes property to Guacamole Docker image (GUACAMOLE-987)
  • Add support for CAS to Guacamole Docker image (GUACAMOLE-1082)
  • Run web application as reduced-privilege user within Guacamole Docker image (GUACAMOLE-1110)
  • Add environment variables for ldap-dereference-aliases, ldap-follow-referrals, ldap-max-referral-hops, and ldap-operation-timeout properties to Guacamole Docker image (GUACAMOLE-1147)

Authentication, integration, and storage

  • Add support for retrieving user groups from CAS (GUACAMOLE-793)
  • Add support for retrieving user groups from OpenID (GUACAMOLE-1172)
  • PostgreSQL database connection may unexpectedly fail due to time out (GUACAMOLE-919)
  • Login using LDAP fails internally if TOTP is used without automatic user creation (GUACAMOLE-1149)
  • CAS module causes app.js download errors (GUACAMOLE-1120)
  • Allow server timezone info to be submitted to MySQL / MariaDB (GUACAMOLE-760)
  • MySQL SSL truststore path must be a valid URL (GUACAMOLE-1135)
  • MySQL SSL client certificate properties incorrectly return truststore property values (GUACAMOLE-1136)
  • Query may fail if all connections disconnect while listing active connections (GUACAMOLE-942)
  • RFC2865 requires NAS IP address to be submitted for RADIUS (GUACAMOLE-1001)
  • Standardize on filtered history query for user and connection management (GUACAMOLE-1123)
  • TOTP authentication fails when totp-period is set (GUACAMOLE-1146)
  • Enabling skip-if-unavailable breaks expired password change (GUACAMOLE-1152)

Protocol support / guacd

  • RDP log message incorrectly refers to “VNC” (GUACAMOLE-982)
  • SFTP upload directory ignored for RDP connections (GUACAMOLE-1031)
  • RDP disable-copy flag does not work (GUACAMOLE-1158)
  • Memory allocated for outbound SVC PDUs may not be freed (GUACAMOLE-1181)
  • Memory allocated for outbound RDP clipboard data is not properly freed (GUACAMOLE-1182)
  • Thread mutexes within Guacamole’s various supported protocols are not always cleanly destroyed (GUACAMOLE-1114)
  • RDP support may fail to build if SSH support is unavailable (GUACAMOLE-1122)



  • Documented Duo secret key length is incorrect (GUACAMOLE-819)
  • Guacamole Docker image documentation incorrectly states Docker links are supported for LDAP (GUACAMOLE-912)
  • allowed-languages property incorrectly documented as available-languages (GUACAMOLE-1107)

General housekeeping and cleanup

Deprecation / Compatibility notes

Each 1.x release of Apache Guacamole should be compatible with components of older 1.x releases. This compatibility is intended at the Guacamole protocol level and at the extension level, but not necessarily at the API level. This means:

  • Extensions from older 1.x releases should still work in binary form, but may need code changes before their source will build against a newer version of guacamole-ext.
  • Software which uses the Guacamole protocol of an older 1.x release should still work.
  • Software which uses libguac from an older 1.x release should still work by continuing to use the libguac from that release, as newer versions of libguac may not be API/ABI compatible. In the case of third-party protocol support plugins for guacd, this means that the guacd from that release must also be used. Compatibility with respect to libguac is represented by the soname.
  • You should update to newer versions where applicable and when possible.

As of 1.3.0, the following changes have been made which affect compatibility with past releases:

Java API (guacamole-common) changes

Implementations of GuacamoleSocket should now implement getProtocol()

The required and argv instructions both refer to connection parameters by name. As it is the underlying protocol of a connection that determines the semantics of connection parameters, client implementations will commonly need to expose this information in some way. The mainline web application provided by Apache Guacamole is one such implementation.

A new getProtocol() function has been added to GuacamoleSocket to facilitate this, and implementations of GuacamoleSocket should aim to provide implementations of this function with that in mind.

This will happen automatically for ConfiguredGuacamoleSocket.

Extension API (guacamole-ext) changes

Deprecation of getHistory() for User and Connection interfaces

The User and Connection interfaces have both continued to define a basic getHistory() function for retrieving a raw list of history records. Unlike the getUserHistory() and getConnectionHistory() functions exposed by the UserContext, the getHistory() functions do not support filtering or searching.

The old getHistory() functions have now been deprecated in favor of newer functions that do support filtering. Implementations that provide getHistory() will continue to work, but should migrate to the new functions when possible.

  • GUACAMOLE-1123 – Standardize on filtered history query for user and connection management

Guacamole protocol changes

The new required instruction

To allow the server to request that the client provide credentials (or any other parameters), a new required instruction has been added to the Guacamole protocol. This instruction informs the client that one or more connection parameters need to be specified for the connection to continue. If the client indicated support for the required instruction during the initial connection handshake, the client is then expected to supply values for each of these parameters using argv streams.

libguac API changes

protocol_version added to guac_user_info structure

A new protocol_version member has been added to guac_user_info to allow implementations to make decisions based on the Guacamole protocol version in use, affecting the size of this structure.

Additionally, because guac_user_info forms a part of guac_user, this change also affects the memory offsets of members of the guac_user structure which follow the info member, such as data and various instruction handlers.

Downstream usages of libguac which make use of guac_user or guac_user_info will need to be rebuilt to ensure that the structure sizes and memory offsets used are correct.

Quelle: https://guacamole.apache.org/releases/1.3.0/

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht.