[winswitch] [ANNOUNCE] Xpra 1.0.9 LTS : critical fixes

Antoine Martin antoine at nagafix.co.uk
Thu Oct 26 07:15:22 BST 2017


Hi,

This update fixes some critical issues, in particular weaknesses in the
initial authentication exchange. Updating immediately is very strongly
recommended unless you are absolutely certain that your network
connections cannot be snooped upon, or if you already use an encryption
layer (AES or preferably SSL connections)

If, for whatever reason, you are unable to update immediately:
* the server update is more important, it contains some mitigation code
* enable SSL or AES

There are no MacOS builds for the LTS branch at present, please switch
to a newer version instead.


Release notes:
*  fix authentication weaknesses in client salt handling
*  fix window icons going back to default on window re-initialization
*  fix stop command on MS Windows servers via named-pipe connections
*  fix sound subprocess exit warnings on MS Windows
*  fix spurious key events for numlock on Mac OS
*  fix mDNS and IPv6 platform bugs (MS Windows and Mac OS)
*  fix unicode warnings on MS Windows
*  fix typo hiding pretty debug logging
*  fix Mac OS shadow servers
*  fix application name shown in notifications (X11)
*  fix webcam library issues causing client to fail to start
*  fix handling of client connection failures
*  fix paint issues with padded windows (ie: desktop servers maximized)
*  fix out-of-bounds array access in RandR cython glue
*  fix RPM building python3 modules twice (and with wrong arguments)
*  fix X11 crashes with the OpenGL client and some buggy drivers
*  fix parsing order of configuration files
*  fix compatibility with ffmpeg 3.4
*  fix timer warning race condition on window cleanup
*  more reliable scaling value rounding
*  don't show start command dialog if the server does not support it
*  validate window dimensions early to prevent DoS
*  support newer versions of brotli
*  support CUDA 9, prefer newer SDK versions
*  support Ubuntu Artful
*  choose the strongest digest first
*  add mesa-dri-drivers dependency to RPM packages for OpenGL support
*  add support for Volta GPUs with NVENC
*  make it easier to disable firewall scripts in RPM builds


Source:
https://xpra.org/trac/wiki/Source
Downloads:
https://xpra.org/trac/wiki/Download

Cheers
Antoine




More information about the shifter-users mailing list