[winswitch] [ANNOUNCE] Xpra 6.3.3

Antoine Martin totaam at xpra.org
Sun Sep 7 08:09:35 BST 2025


Hi,

This update to the stable branch is unusual in a number of ways:
* a large number of fixes had accumulated, including some important ones
* the SSL issue changes the defaults to make the default connection 
settings more reliable, but also potentially less secure
* the return of MacOS builds, finally, thanks to our new sponsor

Amongst the many fixes in this release, the network issues could 
manifest themselves as connection failures, connection drops, etc
The focus breakage could take 25 days to trigger, and it was quite 
problematic once it did.
Most of the other issues are fairly esoteric and less problematic, but 
there are many of them.

As for the main SSL issue:
https://github.com/Xpra-org/xpra/issues/4660
This changes the default SSL protocol for xpra clients from `TLS_CLIENT` 
to `TLSv1_2`.
Version 1.2 is less secure than the v1.3 chosen implicitly by the 
`TLS_CLIENT` option.
If you are concerned about the security implications of this change, you 
have 2 main options:
* run your xpra clients with `--ssl-protocol=TLS_CLIENT`
* tune the ssl protocol options to disable problematic settings
The exact settings used on your installation will vary based on the 
runtime Python version, the OpenSSL library it was built against, and 
the OS you run on. Some initial pointers can be found here:
https://docs.python.org/3/library/ssl.html#ssl.SSLContext

The macOS builds are in much better shape in this release, at least for 
arm64. The Intel builds still have some more minor issues which should 
be ironed out in the near future.
MacOS is now fully supported as a tier-1 platform:
https://github.com/Xpra-org/xpra/wiki/Platforms

For more details, please see:
https://github.com/Xpra-org/xpra/releases/tag/v6.3.3

Most builds are already available, but as usual, the arm64 and risv64 
builds will take a little while longer.

Cheers,
Antoine


More information about the shifter-users mailing list