User Tools

Site Tools


doc:release-notes-mswin:x2goclient-4.0.3.2

Windows-Specific Release notes for X2Go Client 4.0.3.2

Security Update: 4.0.3.2-20150508

On 2015-05-08, 4.0.3.2-20150508 was released with the following changes:

    - Windows: Update bundled VcXsrv from 1.15.2.5 (X2Go/Arctica
      Build) to 1.15.2.6 (X2Go/Arctica Build)
      The differences relevant to X2Go are:
        + CVE-2015-3418 was fixed in VcXsrv itself
        + Font files no longer differ in each build due to timestamp
          differences
    - Windows: Update libssh from 0.6.4 to 0.6.5 (while maintaining
      Pageant support). This fixes CVE-2015-3146.

As with most vulnerabilities in 3rd party software, the X2Go project has not done an analysis of whether X2Go Client was actually affected by these vulnerabilities. However, as a precaution, we strongly encourage all users to update.

Security Update: 4.0.3.2-20150329

On 2015-03-29, 4.0.3.2-20150329 was released with the following changes:

    - Windows: Update bundled VcXsrv from 1.15.2.4-xp+vc2013+x2go1 to
      1.15.2.5 (X2Go/Arctica Build)
      The differences relevant to X2Go are:
        + VcXsrv's bundled version of openssl was updated from 1.0.1k
          to 1.0.1m (fixes the multiple CVEs announced on 2015-03-19)
        + VcXsrv's bundled version of libXfont was updated from 1.4.8
          to 1.4.9 (Fixes CVE-2015-1802 through CVE-2015-1804)
    - Windows: Update bundled Win32 OpenSSL from 1.0.1L to 1.0.1m,
      which fixes the multiple CVEs announced on 2015-03-19.
    - Windows: Update bundled PuTTY from 0.63 to 0.64.
      In addition to other changes, CVE-2015-2157 has been fixed.
    - Windows: Update bundled Cygwin openssl from 1.0.1k-1 to 1.0.2a-1.
      This update fixes the multiple CVEs announced on 2015-03-19

As with most vulnerabilities in 3rd party software, the X2Go project has not done an analysis of whether X2Go Client was actually affected by these vulnerabilities. However, as a precaution, we strongly encourage all users to update.

Security Update: 4.0.3.2-20150301

On 2015-03-01, 4.0.3.2-20150301 was released with the following changes:

  1. Windows: Update bundled VcXsrv from 1.15.2.3-xp+vc2013+x2go1 to 1.15.2.4-xp+vc2013+x2go1. The difference is that VcXsrv's bundled version of freetype was updated from 2.5.3 to 2.5.5. This freetype update fixes CVE-2014-9656 through CVE-2014-9675.

As with most vulnerabilities in 3rd party software, the X2Go project has not done an analysis of whether X2Go Client was actually affected by these vulnerabilities. However, as a precaution, we strongly encourage all users to update.

Security Update: 4.0.3.2-20150224

On 2015-02-25, 4.0.3.2-20150224 was released with the following changes:

  1. Windows: Bundle new version of VcXsrv: 1.15.2.3-xp+vc2013+x2go1. The difference from 1.15.2.2-xp+vc2013+x2go1 is that CVE-2015-0255 has been fixed.
  2. Windows: Update bundled nxproxy (nx-libs-lite) from 3.5.0.27 to 3.5.0.28.
  3. Windows: Update bundled Cygwin libjpeg-turbo from 1.3.1-1 to 1.3.1-3. The difference is that CVE-2014-9092 has been fixed.
  4. Windows: Update bundled Cygwin libpng from 1.5.18-1 to 1.5.21-2. In addition to other changes, CVE-2013-6954 has been fixed.
  5. Windows: Copy the exact version of each cygwin DLL from the cygwin binary tarballs rather than copying the “rebased” version from an X2Go developer's cygwin installation. What effect this will have on users is TBD. However, it does mean that we are distributing the exact DLLs that the Cygwin project provides, which is desirable for security.

As with most vulnerabilities in 3rd party software, the X2Go project has not done an analysis of whether X2Go Client was actually affected by these vulnerabilities. However, as a precaution, we strongly encourage all users to update.

Major Windows-specific changes since 4.0.3.1-20150119

None.

Available Builds

All builds with version “4.0.3.2-20150508” in their filename are current.

Current Builds

The regular build, x2goclient-4.0.3.2-20150508-setup.exe, is available under this folder:

A debug build, x2goclient-4.0.3.2-20150508-debug-setup.exe, is also available under the folder listed below. If you experience a bug and would like to assist with debugging it, this build is for you.

Previous Builds

Supported Windows Versions

X2Go Client is currently only released as a 32-bit x86 build. Both 32-bit x86 and 64-bit x86 versions of Windows are supported via this build.

  • Windows XP 32-bit SP3
  • Windows XP 64-bit SP2
  • Windows Vista SP2
  • Windows 7 SP1
  • Windows 8
  • Windows 8.1 (with or without “Update 1”)
  • Windows 10 Technical Preview (Build 9926 through 10074)

These versions of Windows without the latest (specified) service pack may be compatible, but are rarely (if ever) tested. They are not officially supported.

Corresponding server versions of Windows are also supported, but receive minimal testing:

  • Windows Server 2003 SP2
  • Windows Server 2003 R2 SP2
  • Windows Server 2008 SP2
  • Windows Server 2008 R2 SP1
  • Windows Server 2012
  • Windows Server 2012 R2 (with or without “Update 1”)
  • Windows Server Technical Preview (Build 9926 through 10074)

Any incompatibility or bug with a specific version of Windows should be reported via our bug-tracker.

Installation Instructions

Windows-Specific Bug Fixes

None

Noteworthy Windows-Specific Bugs

bug 611 The server cannot be added to the known_hosts file (and thus you cannot connect to the server) when both of these conditions are met: 1. Your Windows username has non-English characters. 2 Those characters are in a different language than the Windows “system locale”.

TODO: List more bugs

doc/release-notes-mswin/x2goclient-4.0.3.2.txt · Last modified: 2015/05/09 02:25 by mikedep333