From totaam at xpra.org Sun Jul 7 07:05:12 2024 From: totaam at xpra.org (Antoine Martin) Date: Sun, 7 Jul 2024 13:05:12 +0700 Subject: [winswitch] [ANNOUNCE] xpra-html5 v14: security issues and WebTransport Message-ID: Hi, This major update to the HTML5 client fixes some security issues: * the XSS is mostly theoretical for most use cases: any attacker able to modify the desktop menu files could just as well edit the source of the html5 client directly * the "xor" digest issue is a much more serious one: the html5 client was failing to identify insecure connections and would send passwords unencrypted ("xor" hashed) if the authentication module requested it - which is the case for "sys" (aka "win32" and "pam") modules. This is not an issue if you are using https, AES or WebTransport modes. The WebTransport network connector is a major new feature which allows the html5 client to connect to the xpra server's QUIC UDP ports. (this requires the unreleased xpra server version 6.1 which you can find in the beta area) Updating is strongly recommended. For more details, please see: https://github.com/Xpra-org/xpra-html5/releases/tag/v14 Cheers, Antoine From totaam at xpra.org Mon Jul 8 19:01:52 2024 From: totaam at xpra.org (Antoine Martin) Date: Tue, 9 Jul 2024 01:01:52 +0700 Subject: [winswitch] [ANNOUNCE] Xpra 6.0.2 Message-ID: <8d21d02e-c7c5-47a7-a0a7-d3cdfca89c3f@xpra.org> Hi, This update to the v6.x branch contains a lot of fixes, but even the items recorded as "major" issues in the changelog are not all that scary. The OpenGL updates are mostly related to numpy or Python 3.13. Of all encoding fixes, only the `mmap` one is significant but it was quite hard to trigger anyway. There is no urgency to update if you were not affected by these issues. For more details, please see: https://github.com/Xpra-org/xpra/releases/tag/v6.0.2 Downloads: https://github.com/Xpra-org/xpra/wiki/Download Cheers, Antoine From totaam at xpra.org Thu Jul 18 14:55:25 2024 From: totaam at xpra.org (Antoine Martin) Date: Thu, 18 Jul 2024 20:55:25 +0700 Subject: [winswitch] [ANNOUNCE] Xpra 6.1.0 Message-ID: <75598437-4602-4556-adca-de222c939669@xpra.org> Hi, This new release from the v6.x series continues the major modernization work started in v6.0 The two major highlights of this new release are: * the WebTransport server support so the html5 client can take advantage of the UDP goodness * some significant improvements and fixes to client-side video painting, especially for the non-OpenGL accelerated case If you were seeing display artifacts with v6, with or without OpenGL, this version should work much better for you. As usual, the MS Windows and MacOS binaries include a large number of library updates. Updating is recommended, but apart from the aforementioned issues above there are no major bug fixes in this release. For more details, please see: https://github.com/Xpra-org/xpra/releases/tag/v6.1.0 Downloads: https://github.com/Xpra-org/xpra/wiki/Download Cheers, Antoine