From totaam at xpra.org Sun Sep 7 08:09:35 2025 From: totaam at xpra.org (Antoine Martin) Date: Sun, 7 Sep 2025 14:09:35 +0700 Subject: [winswitch] [ANNOUNCE] Xpra 6.3.3 Message-ID: <3edfa5f5-b4ef-46a8-8137-d1929ea1a753@xpra.org> Hi, This update to the stable branch is unusual in a number of ways: * a large number of fixes had accumulated, including some important ones * the SSL issue changes the defaults to make the default connection settings more reliable, but also potentially less secure * the return of MacOS builds, finally, thanks to our new sponsor Amongst the many fixes in this release, the network issues could manifest themselves as connection failures, connection drops, etc The focus breakage could take 25 days to trigger, and it was quite problematic once it did. Most of the other issues are fairly esoteric and less problematic, but there are many of them. As for the main SSL issue: https://github.com/Xpra-org/xpra/issues/4660 This changes the default SSL protocol for xpra clients from `TLS_CLIENT` to `TLSv1_2`. Version 1.2 is less secure than the v1.3 chosen implicitly by the `TLS_CLIENT` option. If you are concerned about the security implications of this change, you have 2 main options: * run your xpra clients with `--ssl-protocol=TLS_CLIENT` * tune the ssl protocol options to disable problematic settings The exact settings used on your installation will vary based on the runtime Python version, the OpenSSL library it was built against, and the OS you run on. Some initial pointers can be found here: https://docs.python.org/3/library/ssl.html#ssl.SSLContext The macOS builds are in much better shape in this release, at least for arm64. The Intel builds still have some more minor issues which should be ironed out in the near future. MacOS is now fully supported as a tier-1 platform: https://github.com/Xpra-org/xpra/wiki/Platforms For more details, please see: https://github.com/Xpra-org/xpra/releases/tag/v6.3.3 Most builds are already available, but as usual, the arm64 and risv64 builds will take a little while longer. Cheers, Antoine From totaam at xpra.org Wed Sep 24 10:59:47 2025 From: totaam at xpra.org (Antoine Martin) Date: Wed, 24 Sep 2025 16:59:47 +0700 Subject: [winswitch] [ANNOUNCE] Xpra LTS 5.1.2 Message-ID: <2751c9a4-bad2-46e0-98ab-fb277f93bc48@xpra.org> Hi, This update to the LTS branch is a large one and it contains fixes for some important security issues which could be exploited to leak sensitive information. Anyone concerned about the remaining risks of the debug control channel may choose to run their servers with XPRA_CONTROL_DEBUG=0 to completely disable the feature. The MacOS builds are available again, which required a fair amount of tweaks. The network changes mostly revolve around SSL issues, the most important of these was a seemingly random disconnection bug. Upgrading is strongly recommended. For the full list of changes, see the v5.1.2 release notes: https://github.com/Xpra-org/xpra/releases/tag/v5.1.2 The download links and installation instructions can be found here: https://github.com/Xpra-org/xpra/wiki/Download Cheers, Antoine