ThinLinc 4.11.0 Release Notes
Cendio are proud to present ThinLinc 4.11.0, with more than 60 enhancements and fixes. The most prominent changes are:
- ThinLinc Web Access has receieved an overhaul where a large number of minor issues have been fixed and compatibility with modern systems has been improved.
- Several related security issues have been found in ThinLinc by Kaspersky Lab. These affect the graphics components in ThinLinc and could allow an attacker to take control over the ThinLinc Client or a user's session. Note that an attacker would first need to authenticate, and would not gain any access that the affected user would not normally have. This is currently a theoretical issue where no working exploits have yet been demonstrated. Users are advised to upgrade when convenient. For very sensitive environments more urgency may be appropriate.
ThinLinc works on most modern Linux distributions and is supported on any platform that fulfills our documented requirements.
Changes in This Release
In the list below, the bug number is given in parentheses. For more information, visit https://www.cendio.com/bugzilla/.
- Fixed an issue where a session might not fully terminate when one of the session life time options were used (e.g. MaxIdleTime). (4753)
- A number of issues have been fixed where a malicious server could cause remote code execution in a client, or a malicious client could cause remote code execution in the server. However, the issues can only be exploited once a session is fully authenticated and established, meaning there is no risk of attacks from unrelated third parties. (7379)
- TLS 1.3 is now supported, but support for SSL 3.0 has been dropped, as well as support for the 3DES cipher. This affects ThinLinc Web Access and ThinLinc Web Administration. (5967)
- Fixed an issue where the Windows installer for the ThinLinc Client could be used by malicious code to gain administrator privileges via DLL hijacking. To exploit this an attacker would need to be able to put arbitrary files in the same directory as the installer and trick an administrator to run the installer from that directory. (7364)
- Username is now among the fields in the ThinLinc client that can be locked. To lock the username field you can now use "--lock user". (4233)
- Fixed an error where the client would incorrectly claim that the private key could not be read. (7377)
- A bug was fixed where a hint for the context menu hotkey was shown even if no hotkey was selected. (7411)
- Upgrading the ThinLinc Client will no longer cause global client configuration to be moved away and be replaced by the default values. (5773)
- The ThinLinc Client installer for Windows is no longer translated to Russian or Turkish because of incompatibilities with some systems. The ThinLinc Client is still fully translated once installed. (6113)
ThinLinc Web Access
- Support for session name changes while connected has been added. (5738)
- Fixed an issue where panning on touch devices resulted in an unwanted click. (7387)
- The helper script for generating self signed certificates can now generate certificates that are compatible with the new requirements in iOS 13 and macOS 15. (7401)
- The cursor is now more responsive in Internet Explorer, Microsoft Edge and also on all devices with touch support. (5779, 6349)
- Fixed an issue where the incorrect mouse cursor was shown in recent versions of Microsoft Edge. (7383)
- A bug was fixed where scroll bars were invisible in Web Access when used on desktops with touch. (7385)
- A Windows key has been added amongst the extra keys in the control bar. (7386)
- Fixed an issue where the scroll sensitivity was too high on precise trackpads. (5760)
- A hint is now displayed to indicate that the control bar can be moved to the other side of the screen. (7384)
- Fixed many issues where the keyboard would not work correctly. (5135, 6152, 7390, 7416, 7423, 7429)
- Fixed an issue where spacebar sometimes toggled control bar buttons when using Internet Explorer. (6055)
- Fixed a bug where changing focus from clipboard text area caused issues when using Internet Explorer and Microsoft Edge. (6054)
- Modified the Alt and Command keys on iOS and macOS to improve the compatibility between the client and server. This behavior is now the same as on the native client. See the documentation for more info. (7417)
- Fixed an issue where Internet Explorer could take a long time to load the login page. (7392)
- Fixed and issue where playback or recording did not work when using a USB headset or USB sound card on a Linux client. (7442)
- Package upgrades of the server packages will no longer cause your existing configuration to be moved away and replaced by the default values. ThinLinc Setup still has the ability to complete your configuration migration. (5773)
- Fixed an issue where Internet Explorer could take a long time to load the Web Administration. (7392)
- Fixed an issue where there could be a long delay loading the settings for locations and terminals on SELinux systems. (7445)
- An issue has been fixed where the Desktop Customizer could crash when encountering certain .menu files. (7381)
- The /tlwebadm/gnutls_priority and /webaccess/gnutls_priority parameters no longer contains the section "-VERS-SSL3.0" as SSL 3.0 is no longer supported and therefore no longer needs to be explicitly disabled.
A complete configuration reference can be found in the ThinLinc Administrators Guide.
ThinLinc has also been enhanced in many other ways. The complete list of corrected issues is:
4233, 4297, 4753, 5135, 5513, 5630, 5651, 5738, 5760, 5773, 5779, 5780, 5967, 6054, 6055, 6113, 6152, 6349, 7126, 7362, 7364, 7365, 7366, 7368, 7369, 7370, 7371, 7376, 7377, 7379, 7380, 7381, 7383, 7384, 7385, 7386, 7387, 7389, 7390, 7392, 7394, 7397, 7401, 7408, 7409, 7410, 7411, 7412, 7416, 7417, 7423, 7429, 7433, 7438, 7439, 7442, 7445, 7446, 7448, 7452, 7456