[winswitch] [ANNOUNCE] Xpra 6.3.3
Antoine Martin
totaam at xpra.org
Sun Sep 7 08:09:35 BST 2025
Hi,
This update to the stable branch is unusual in a number of ways:
* a large number of fixes had accumulated, including some important ones
* the SSL issue changes the defaults to make the default connection
settings more reliable, but also potentially less secure
* the return of MacOS builds, finally, thanks to our new sponsor
Amongst the many fixes in this release, the network issues could
manifest themselves as connection failures, connection drops, etc
The focus breakage could take 25 days to trigger, and it was quite
problematic once it did.
Most of the other issues are fairly esoteric and less problematic, but
there are many of them.
As for the main SSL issue:
https://github.com/Xpra-org/xpra/issues/4660
This changes the default SSL protocol for xpra clients from `TLS_CLIENT`
to `TLSv1_2`.
Version 1.2 is less secure than the v1.3 chosen implicitly by the
`TLS_CLIENT` option.
If you are concerned about the security implications of this change, you
have 2 main options:
* run your xpra clients with `--ssl-protocol=TLS_CLIENT`
* tune the ssl protocol options to disable problematic settings
The exact settings used on your installation will vary based on the
runtime Python version, the OpenSSL library it was built against, and
the OS you run on. Some initial pointers can be found here:
https://docs.python.org/3/library/ssl.html#ssl.SSLContext
The macOS builds are in much better shape in this release, at least for
arm64. The Intel builds still have some more minor issues which should
be ironed out in the near future.
MacOS is now fully supported as a tier-1 platform:
https://github.com/Xpra-org/xpra/wiki/Platforms
For more details, please see:
https://github.com/Xpra-org/xpra/releases/tag/v6.3.3
Most builds are already available, but as usual, the arm64 and risv64
builds will take a little while longer.
Cheers,
Antoine
More information about the shifter-users
mailing list