User Tools

Site Tools


doc:release-notes-mswin:x2goclient-4.0.3.2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revision Both sides next revision
doc:release-notes-mswin:x2goclient-4.0.3.2 [2015/02/25 12:12]
mikedep333 Remove draft warning
doc:release-notes-mswin:x2goclient-4.0.3.2 [2015/03/29 21:32]
mikedep333 [Security Update: 4.0.3.2-20150301] typo fix
Line 1: Line 1:
 ====== Windows-Specific Release notes for X2Go Client 4.0.3.2 ====== ====== Windows-Specific Release notes for X2Go Client 4.0.3.2 ======
  
 +===== Security Update: 4.0.3.2-20150329 =====
 +
 +On 2015-03-29, 4.0.3.2-20150329 was released with the following changes:
 +<code>
 +    - Windows: Update bundled VcXsrv from 1.15.2.2-xp+vc2013+x2go1 to
 +      1.15.2.5 (X2Go/Arctica Build)
 +      The differences relevant to X2Go are:
 +        + CVE-2015-0255 was fixed in VcXsrv itself
 +        + VcXsrv's bundled version of openssl was updated from 1.0.1k
 +          to 1.0.1m (fixes the multiple CVEs announced on 2015-03-19)
 +        + VcXsrv's bundled version of libXfont was updated from 1.4.8
 +          to 1.4.9 (Fixes CVE-2015-1802 through CVE-2015-1804)
 +        + VcXsrv's bundled version of freetype was updated from 2.5.3
 +          to 2.5.5 (fixes CVE-2014-9656 through CVE-2014-9675)
 +    - Windows: Update bundled Win32 OpenSSL from 1.0.1L to 1.0.1m,
 +      which fixes the multiple CVEs announced on 2015-03-19.
 +    - Windows: Update bundled PuTTY from 0.63 to 0.64.
 +      In addition to other changes, CVE-2015-2157 has been fixed.
 +    - Windows: Update bundled Cygwin openssl from 1.0.1k-1 to 1.0.2a-1.
 +      This update fixes the multiple CVEs announced on 2015-03-19
 +</code>
 +As with most vulnerabilities in 3rd party software, the X2Go project has not done an analysis of whether X2Go Client was actually affected by these vulnerabilities. However, as a precaution, we strongly encourage all users to update.
 +===== Security Update: 4.0.3.2-20150301 =====
 +
 +On 2015-03-01, 4.0.3.2-20150301 was released with the following changes:
 +
 +    - Windows: Update bundled VcXsrv from 1.15.2.3-xp+vc2013+x2go1 to 1.15.2.4-xp+vc2013+x2go1. The difference is that VcXsrv's bundled version of freetype was updated from 2.5.3 to 2.5.5. This freetype update fixes CVE-2014-9656 through CVE-2014-9675.
 +
 +As with most vulnerabilities in 3rd party software, the X2Go project has not done an analysis of whether X2Go Client was actually affected by these vulnerabilities. However, as a precaution, we strongly encourage all users to update.
 +===== Security Update: 4.0.3.2-20150224 =====
 +
 +On 2015-02-25, 4.0.3.2-20150224 was released with the following changes:
 +
 +    - Windows: Bundle new version of VcXsrv: 1.15.2.3-xp+vc2013+x2go1. The difference from 1.15.2.2-xp+vc2013+x2go1 is that CVE-2015-0255 has been fixed.
 +    - Windows: Update bundled nxproxy (nx-libs-lite) from 3.5.0.27 to 3.5.0.28.
 +    - Windows: Update bundled Cygwin libjpeg-turbo from 1.3.1-1 to 1.3.1-3. The difference is that CVE-2014-9092 has been fixed.
 +    - Windows: Update bundled Cygwin libpng from 1.5.18-1 to 1.5.21-2. In addition to other changes, CVE-2013-6954 has been fixed.
 +    - Windows: Copy the exact version of each cygwin DLL from the cygwin binary tarballs rather than copying the "rebased" version from an X2Go developer's cygwin installation. What effect this will have on users is TBD. However, it does mean that we are distributing the exact DLLs that the Cygwin project provides, which is desirable for security.
 +
 +As with most vulnerabilities in 3rd party software, the X2Go project has not done an analysis of whether X2Go Client was actually affected by these vulnerabilities. However, as a precaution, we strongly encourage all users to update.
 ===== Major Windows-specific changes since 4.0.3.1-20150119 ===== ===== Major Windows-specific changes since 4.0.3.1-20150119 =====
  
Line 7: Line 47:
 ===== Available Builds ===== ===== Available Builds =====
  
-All builds with version "4.0.3.2-20150219" in their filename are current.+All builds with version "4.0.3.2-20150301" in their filename are current.
  
 ==== Current Builds ==== ==== Current Builds ====
  
-The regular build, x2goclient-4.0.3.2-20150219-setup.exe, is available under this folder: +The regular build, x2goclient-4.0.3.2-20150329-setup.exe, is available under this folder: 
-  * http://code.x2go.org/releases/binary-win32/x2goclient/releases/4.0.3.2-20150219/+  * http://code.x2go.org/releases/binary-win32/x2goclient/releases/4.0.3.2-20150329/
  
-A debug build, x2goclient-4.0.3.2-20150219-debug-setup.exe, is also available under the folder listed below. If you experience a bug and would like to assist with debugging it, this build is for you.+A debug build, x2goclient-4.0.3.2-20150329-debug-setup.exe, is also available under the folder listed below. If you experience a bug and would like to assist with debugging it, this build is for you.
  
-  * http://code.x2go.org/releases/binary-win32/x2goclient/releases/4.0.3.2-20150219/non-default-builds/+  * http://code.x2go.org/releases/binary-win32/x2goclient/releases/4.0.3.2-20150329/non-default-builds/
  
 +==== Previous Builds ====
 +
 +The regular builds, x2goclient-4.0.3.2-20150219-setup.exe through x2goclient-4.0.3.2-20150224-setup.exe, are available under these folders:
 +  * http://code.x2go.org/releases/binary-win32/x2goclient/releases/4.0.3.2-20150301/
 +  * http://code.x2go.org/releases/binary-win32/x2goclient/releases/4.0.3.2-20150224/
 +  * http://code.x2go.org/releases/binary-win32/x2goclient/releases/4.0.3.2-20150219/
 +
 +The debug builds, x2goclient-4.0.3.2-20150219-debug-setup.exe through x2goclient-4.0.3.2-20150301-setup.exe, are also available under these folders. If you experience a bug and would like to assist with debugging it, these builds are for you.
 +  * http://code.x2go.org/releases/binary-win32/x2goclient/releases/4.0.3.2-20150301/non-default-builds/
 +  * http://code.x2go.org/releases/binary-win32/x2goclient/releases/4.0.3.2-20150224/non-default-builds/
 +  * http://code.x2go.org/releases/binary-win32/x2goclient/releases/4.0.3.2-20150219/non-default-builds/
 ===== Supported Windows Versions ===== ===== Supported Windows Versions =====
 X2Go Client is currently only released as a 32-bit x86 build. Both 32-bit x86 and 64-bit x86 versions of Windows are supported via this build. X2Go Client is currently only released as a 32-bit x86 build. Both 32-bit x86 and 64-bit x86 versions of Windows are supported via this build.
doc/release-notes-mswin/x2goclient-4.0.3.2.txt · Last modified: 2015/05/09 02:25 by mikedep333