User Tools

Site Tools


doc:release-notes-mswin:x2goclient-4.0.3.2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
doc:release-notes-mswin:x2goclient-4.0.3.2 [2015/02/25 12:12]
mikedep333 Remove draft warning
doc:release-notes-mswin:x2goclient-4.0.3.2 [2015/05/09 02:25] (current)
mikedep333 4.0.3.2-20150508
Line 1: Line 1:
 ====== Windows-Specific Release notes for X2Go Client 4.0.3.2 ====== ====== Windows-Specific Release notes for X2Go Client 4.0.3.2 ======
  
 +===== Security Update: 4.0.3.2-20150508 =====
 +
 +On 2015-05-08, 4.0.3.2-20150508 was released with the following changes:
 +<​code>​
 +    - Windows: Update bundled VcXsrv from 1.15.2.5 (X2Go/​Arctica
 +      Build) to 1.15.2.6 (X2Go/​Arctica Build)
 +      The differences relevant to X2Go are:
 +        + CVE-2015-3418 was fixed in VcXsrv itself
 +        + Font files no longer differ in each build due to timestamp
 +          differences
 +    - Windows: Update libssh from 0.6.4 to 0.6.5 (while maintaining
 +      Pageant support). This fixes CVE-2015-3146.
 +</​code>​
 +As with most vulnerabilities in 3rd party software, the X2Go project has not done an analysis of whether X2Go Client was actually affected by these vulnerabilities. However, as a precaution, we strongly encourage all users to update.
 +===== Security Update: 4.0.3.2-20150329 =====
 +
 +On 2015-03-29, 4.0.3.2-20150329 was released with the following changes:
 +<​code>​
 +    - Windows: Update bundled VcXsrv from 1.15.2.4-xp+vc2013+x2go1 to
 +      1.15.2.5 (X2Go/​Arctica Build)
 +      The differences relevant to X2Go are:
 +        + VcXsrv'​s bundled version of openssl was updated from 1.0.1k
 +          to 1.0.1m (fixes the multiple CVEs announced on 2015-03-19)
 +        + VcXsrv'​s bundled version of libXfont was updated from 1.4.8
 +          to 1.4.9 (Fixes CVE-2015-1802 through CVE-2015-1804)
 +    - Windows: Update bundled Win32 OpenSSL from 1.0.1L to 1.0.1m,
 +      which fixes the multiple CVEs announced on 2015-03-19.
 +    - Windows: Update bundled PuTTY from 0.63 to 0.64.
 +      In addition to other changes, CVE-2015-2157 has been fixed.
 +    - Windows: Update bundled Cygwin openssl from 1.0.1k-1 to 1.0.2a-1.
 +      This update fixes the multiple CVEs announced on 2015-03-19
 +</​code>​
 +As with most vulnerabilities in 3rd party software, the X2Go project has not done an analysis of whether X2Go Client was actually affected by these vulnerabilities. However, as a precaution, we strongly encourage all users to update.
 +===== Security Update: 4.0.3.2-20150301 =====
 +
 +On 2015-03-01, 4.0.3.2-20150301 was released with the following changes:
 +
 +    - Windows: Update bundled VcXsrv from 1.15.2.3-xp+vc2013+x2go1 to 1.15.2.4-xp+vc2013+x2go1. The difference is that VcXsrv'​s bundled version of freetype was updated from 2.5.3 to 2.5.5. This freetype update fixes CVE-2014-9656 through CVE-2014-9675.
 +
 +As with most vulnerabilities in 3rd party software, the X2Go project has not done an analysis of whether X2Go Client was actually affected by these vulnerabilities. However, as a precaution, we strongly encourage all users to update.
 +===== Security Update: 4.0.3.2-20150224 =====
 +
 +On 2015-02-25, 4.0.3.2-20150224 was released with the following changes:
 +
 +    - Windows: Bundle new version of VcXsrv: 1.15.2.3-xp+vc2013+x2go1. The difference from 1.15.2.2-xp+vc2013+x2go1 is that CVE-2015-0255 has been fixed.
 +    - Windows: Update bundled nxproxy (nx-libs-lite) from 3.5.0.27 to 3.5.0.28.
 +    - Windows: Update bundled Cygwin libjpeg-turbo from 1.3.1-1 to 1.3.1-3. The difference is that CVE-2014-9092 has been fixed.
 +    - Windows: Update bundled Cygwin libpng from 1.5.18-1 to 1.5.21-2. In addition to other changes, CVE-2013-6954 has been fixed.
 +    - Windows: Copy the exact version of each cygwin DLL from the cygwin binary tarballs rather than copying the "​rebased"​ version from an X2Go developer'​s cygwin installation. What effect this will have on users is TBD. However, it does mean that we are distributing the exact DLLs that the Cygwin project provides, which is desirable for security.
 +
 +As with most vulnerabilities in 3rd party software, the X2Go project has not done an analysis of whether X2Go Client was actually affected by these vulnerabilities. However, as a precaution, we strongly encourage all users to update.
 ===== Major Windows-specific changes since 4.0.3.1-20150119 ===== ===== Major Windows-specific changes since 4.0.3.1-20150119 =====
  
Line 7: Line 58:
 ===== Available Builds ===== ===== Available Builds =====
  
-All builds with version "​4.0.3.2-20150219" in their filename are current.+All builds with version "​4.0.3.2-20150508" in their filename are current.
  
 ==== Current Builds ==== ==== Current Builds ====
  
-The regular build, x2goclient-4.0.3.2-20150219-setup.exe, is available under this folder: +The regular build, x2goclient-4.0.3.2-20150508-setup.exe, is available under this folder: 
-  * http://​code.x2go.org/​releases/​binary-win32/​x2goclient/​releases/​4.0.3.2-20150219/+  * http://​code.x2go.org/​releases/​binary-win32/​x2goclient/​releases/​4.0.3.2-20150508/
  
-A debug build, x2goclient-4.0.3.2-20150219-debug-setup.exe,​ is also available under the folder listed below. If you experience a bug and would like to assist with debugging it, this build is for you.+A debug build, x2goclient-4.0.3.2-20150508-debug-setup.exe,​ is also available under the folder listed below. If you experience a bug and would like to assist with debugging it, this build is for you.
  
-  * http://​code.x2go.org/​releases/​binary-win32/​x2goclient/​releases/​4.0.3.2-20150219/​non-default-builds/​+  * http://​code.x2go.org/​releases/​binary-win32/​x2goclient/​releases/​4.0.3.2-20150508/​non-default-builds/​
  
 +==== Previous Builds ====
 +
 +The regular builds, x2goclient-4.0.3.2-20150219-setup.exe through x2goclient-4.0.3.2-20150329-setup.exe,​ are available under these folders:
 +  * http://​code.x2go.org/​releases/​binary-win32/​x2goclient/​releases/​4.0.3.2-20150329/​
 +  * http://​code.x2go.org/​releases/​binary-win32/​x2goclient/​releases/​4.0.3.2-20150301/​
 +  * http://​code.x2go.org/​releases/​binary-win32/​x2goclient/​releases/​4.0.3.2-20150224/​
 +  * http://​code.x2go.org/​releases/​binary-win32/​x2goclient/​releases/​4.0.3.2-20150219/​
 +
 +The debug builds, x2goclient-4.0.3.2-20150219-debug-setup.exe through x2goclient-4.0.3.2-20150329-setup.exe,​ are also available under these folders. If you experience a bug and would like to assist with debugging it, these builds are for you.
 +  * http://​code.x2go.org/​releases/​binary-win32/​x2goclient/​releases/​4.0.3.2-20150329/​non-default-builds/​
 +  * http://​code.x2go.org/​releases/​binary-win32/​x2goclient/​releases/​4.0.3.2-20150301/​non-default-builds/​
 +  * http://​code.x2go.org/​releases/​binary-win32/​x2goclient/​releases/​4.0.3.2-20150224/​non-default-builds/​
 +  * http://​code.x2go.org/​releases/​binary-win32/​x2goclient/​releases/​4.0.3.2-20150219/​non-default-builds/​
 ===== Supported Windows Versions ===== ===== Supported Windows Versions =====
 X2Go Client is currently only released as a 32-bit x86 build. Both 32-bit x86 and 64-bit x86 versions of Windows are supported via this build. X2Go Client is currently only released as a 32-bit x86 build. Both 32-bit x86 and 64-bit x86 versions of Windows are supported via this build.
Line 27: Line 91:
   * Windows 8    * Windows 8 
   * Windows 8.1 (with or without "​Update 1")   * Windows 8.1 (with or without "​Update 1")
-  * Windows 10 Technical Preview (Build 9926)+  * Windows 10 Technical Preview (Build 9926 through 10074)
  
 These versions of Windows without the latest (specified) service pack may be compatible, but are rarely (if ever) tested. They are not officially supported. These versions of Windows without the latest (specified) service pack may be compatible, but are rarely (if ever) tested. They are not officially supported.
Line 38: Line 102:
   * Windows Server 2012   * Windows Server 2012
   * Windows Server 2012 R2 (with or without "​Update 1")   * Windows Server 2012 R2 (with or without "​Update 1")
-  * Windows Server Technical Preview (Build 9926)+  * Windows Server Technical Preview (Build 9926 through 10074)
  
 Any incompatibility or bug with a specific version of Windows should be reported via our bug-tracker. Any incompatibility or bug with a specific version of Windows should be reported via our bug-tracker.
doc/release-notes-mswin/x2goclient-4.0.3.2.1424866350.txt.gz · Last modified: 2015/02/25 12:12 by mikedep333