This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
doc:release-notes-mswin:x2goclient-4.0.2.0 [2014/04/24 00:50] mikedep333 Clarify builds |
doc:release-notes-mswin:x2goclient-4.0.2.0 [2014/06/08 01:26] mikedep333 There were 6 vulns fixed in openssl 1.0.1h, not 7 (CVE-2014-0224 apparently had 2 commits to it. That's must be why openssl said there "seven security fixes") |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Windows-Specific Release notes for X2Go Client 4.0.2.0 ====== | ====== Windows-Specific Release notes for X2Go Client 4.0.2.0 ====== | ||
+ | |||
+ | ===== Security Update: 4.0.2.0+build3 ===== | ||
+ | |||
+ | On 2014-06-08, 4.0.2.0+build3 was released with the following changes: | ||
+ | |||
+ | *Win32 OpenSSL was updated from 1.0.1g to 1.0.1h. This fixes the 6 security vulnerabilities in the OpenSSL Security Advisory [05 Jun 2014]: CVE-2014-0224, | ||
+ | |||
+ | All users of 4.0.2.0 are strongly encouraged to update to 4.0.2.0+build3. This includes users of the " | ||
+ | |||
+ | ===== Security Update: 4.0.2.0+build2 ===== | ||
+ | |||
+ | On 2014-05-27, 4.0.2.0+build2 was released with the following changes: | ||
+ | |||
+ | * VcXsrv was updated from 1.4.3.1 to 1.4.3.2. The difference is that VcXsrv 1.14.3.2 has backported fixes for X.Org vulnerabilities CVE-2014-0209, | ||
+ | |||
+ | All users of 4.0.2.0 are strongly encouraged to update to 4.0.2.0+build2. This includes users of the " | ||
+ | |||
===== Major Windows-specific changes since 4.0.1.3+build2 ===== | ===== Major Windows-specific changes since 4.0.1.3+build2 ===== | ||
Line 7: | Line 24: | ||
However, recent versions of VcXsrv have dropped compatibility with Windows XP. | However, recent versions of VcXsrv have dropped compatibility with Windows XP. | ||
- | In order to maintain XP compatibility, | + | In order to maintain XP compatibility, |
For the time being, the source code to this version of VcXsrv is available here: | For the time being, the source code to this version of VcXsrv is available here: | ||
Line 30: | Line 47: | ||
===== Available Builds ===== | ===== Available Builds ===== | ||
+ | |||
+ | All builds with version " | ||
+ | |||
+ | ==== Current Builds ==== | ||
+ | |||
The regular build is available here: | The regular build is available here: | ||
- | * http:// | + | * http:// |
< | < | ||
Line 39: | Line 61: | ||
The " | The " | ||
+ | * http:// | ||
+ | |||
+ | The " | ||
+ | * http:// | ||
+ | |||
+ | A debug build is available here. If you experience a bug and would like to assist with debugging it, this build is for you. It does not include any of the fonts. | ||
+ | * http:// | ||
+ | |||
+ | ==== Previous Builds ==== | ||
+ | The regular build is available here: | ||
+ | * http:// | ||
+ | * http:// | ||
+ | |||
+ | <note tip> | ||
+ | |||
+ | The " | ||
+ | * http:// | ||
* http:// | * http:// | ||
The " | The " | ||
+ | * http:// | ||
* http:// | * http:// | ||
A debug build is available here. If you experience a bug and would like to assist with debugging it, this build is for you. It does not include any of the fonts. | A debug build is available here. If you experience a bug and would like to assist with debugging it, this build is for you. It does not include any of the fonts. | ||
+ | * http:// | ||
* http:// | * http:// | ||
Line 80: | Line 121: | ||
The following bugfixes are not mentioned in the regular release notes. (They are not mentioned in the regular release notes because they do not consist of fixes to X2GoClient' | The following bugfixes are not mentioned in the regular release notes. (They are not mentioned in the regular release notes because they do not consist of fixes to X2GoClient' | ||
- | *CVE-2014-0160 " | + | *CVE-2014-0160 " |
*Compared to 4.0.1.3, bug #229 (support for https broker connections) was fixed. However, it was also fixed in 4.0.1.3+build2. This bugfix is being mentioned here because some users may not be aware of 4.0.1.3+build2. (Ironically, | *Compared to 4.0.1.3, bug #229 (support for https broker connections) was fixed. However, it was also fixed in 4.0.1.3+build2. This bugfix is being mentioned here because some users may not be aware of 4.0.1.3+build2. (Ironically, | ||
*The following security vulnerabilities in VcXsrv: CVE-2013-4396 (Oct. 8, 2013), CVE-2013-6462 (Jan. 7, 2014) (Note that we have not determined whether or not X2Go could actually trigger them. They are however now fixed in the VcXsrv code.) | *The following security vulnerabilities in VcXsrv: CVE-2013-4396 (Oct. 8, 2013), CVE-2013-6462 (Jan. 7, 2014) (Note that we have not determined whether or not X2Go could actually trigger them. They are however now fixed in the VcXsrv code.) |