IGEL Universal Desktop OS 3 / IGEL UD Pocket ============================================ Version 10.02.210 Release date 2017-06-12 Last update of this document 2017-07-05 ============================================================================= Security Fixes: ============================================================================= - Fixed kernel security issue CVE-2017-1000364. - Security fix for Secure Shadowing: do not accept weak SSL ciphers anymore. As the RC4 cipher is not accepted anymore, this change fixes Bar Mitzvah attacks (CVE-2015-2808). - Added possibility to configure minimal allowed ssh cipher security. New registry keys: * network.ssh_client.disable_weak_encryption (defaults to true) * network.ssh_client.minimal_encryption_level (defaults to 128bit) possible range 128bit, 192bit or 256bit * network.ssh_server.disable_weak_encryption (defaults to true) * network.ssh_server.minimal_encryption_level (defaults to 128bit) possible range 128bit, 192bit or 256bit ============================================================================= Versions: ============================================================================= Clients: - Citrix HDX Realtime Media Engine 2.2.100-949 - Citrix Receiver 13.3.2.366713 - Citrix Receiver 13.4.2.10146724 - Citrix Receiver 13.5.0.10185126 - Ericom PowerTerm 12.0.1.0.20170219.2-_dev_-34574 - Evidian AuthMgr 1.4.6132 - FabulaTech USB for Remote Desktop 5.1.3 - Firefox 45.8.0 - IBM iAccess Client Solutions 1.1.5.0 - IGEL RDP Client 2.2 - Leostream Java Connect 3.3.7.0 - NX Client 5.2.11 - Oracle JRE 1.8.0_121 - Parallels Client (32 bit) 15.5.2.16129 - Remote Viewer 5.0 for RedHat Enterprise Virtualization Desktops - Systancia AppliDis 4.0.0.17 - Thinlinc Client 4.7.0-5280 - ThinPrint Client 7.0.78 - Totem Media Player 2.30.2 - VMware Horizon client 4.5.0-5650368 Dictation: - Driver for Grundig Business Systems dictation devices - Philips Speech Driver 12.4.15 Signature: - signotec VCOM Daemon 2.0.0 - StepOver TCP Client 1.0.4 Smartcard: - PKCS#11 Library A.E.T. SafeSign 3.0.101 - PKCS#11 Library Athena IDProtect 623.07 - PKCS#11 Library cryptovision sc/interface 6.6.3.502 - PKCS#11 Library Gemalto IDPrime 1.2.3 - PKCS#11 Library SecMaker NetID 6.6.0.30 - Reader Driver ACS CCID 1.1.3 - Reader Driver Gemalto eToken 9.0.43 - Reader Driver HID Global Omnikey 4.2.4 - Reader Driver Identiv CCID 5.0.35 - Reader Driver Identiv eHealth200 1.0.5 - Reader Driver MUSCLE CCID 1.4.25 - Reader Driver REINER SCT cyberJack 3.99.5final.sp09 - Resource Manager PC/SC Lite 1.8.20 System Components: - Graphics Driver INTEL 2.99.917+git20160706-1ubuntu1 - Graphics Driver ATI/RADEON 7.7.1-1 - Graphics Driver ATI/AMDGPU 1.1.2-1 - Graphics Driver Nouveau (Nvidia Legacy) 1.0.12-1build2 - Graphics Driver Nvidia 367.57-0ubuntu3 - Graphics Driver Vboxvideo 5.1.18-dfsg-1 - Graphics Driver VMware 13.1.0-2ubuntu3 - Graphics Driver FBDEV 0.4.4-1build5 - Graphics Driver VESA 2.3.4-1build2 - Input Driver Evdev 2.10.1-1ubuntu2 - Input Driver Elographics 1.4.1-1build5 - Input Driver eGalax 2.5.5814 - Input Driver Synaptics 1.8.2-1ubuntu3 - Input Driver Vmmouse 13.1.0-1ubuntu2 - Input Driver Wacom 0.32.0-0ubuntu3 - Kernel 4.4.49 #67.88-udos-r1828 ============================================================================= Information: ============================================================================= The following clients and features are not supported anymore: ============================================================================= - Citrix Receiver 12.1 and 13.1 - Citrix Access Gateway Standard Plug-in - Dell vWorkspace Connector for Linux - Ericom PowerTerm Emulation 9 and 11 - Ericom Webconnect - IGEL Legacy RDP Client (rdesktop) - Virtual Bridges VERDE Client - PPTP VPN Support - IGEL Upgrade License Tool with IGEL Smartcard Token - Remote Management by setup.ini file transfer (TFTP) - XC Font Service - Remote Access via RSH - Legacy Philips Speech Driver - Digital Persona Support - Sane Scanner Support - Softpro/Kofax Citrix Virtual Channel - t-Systems TCOS Smartcard Support - DUS Series touch screens - Elo serial touch screens - Hampshire TSHARC touch screens - IGEL Smartcard without locking desktop - VIA Graphics Support - Storage Hotplug devices are not automatically removed anymore, instead they must be always ejected manually: - by panel tray icon - by an icon in the "In-Session Control Bar" ("In-Session Control Bar" configurable at IGEL Setup -> User Interface -> Desktop) - by a "Safely Remove Hardware" session (configurable at IGEL Setup -> Accessories) ============================================================================= The following clients and features are not available in 10.02.210: ============================================================================= - Imprivata Appliance - Voip Client Ekiga - X session (Xorg Xephyr) - XDMCP - Olympus dictation devices - Nuance Audio Extensions for dictation - Diktamen - Cherry eGK Channel - Open VPN Smartcard Support - NCP Secure Client - LTE / Mobile Broadband Support - TCP/IP Printing - Asian Input Methods - Composite Manager ============================================================================= Supported Hardware: ============================================================================= http://edocs.igel.com/PDF/Supported_UDC3_devices.pdf ============================================================================= ============================================================================= Known Issues: ============================================================================= [Citrix] - Flash redirection is not working. [RDP/IGEL RDP Client 2] - EVOR video redirection does not work in 10.02.210: Workaround the issue by disabling: Sessions -> RDP -> RDP Sessions -> [session name] -> Multimedia -> Enable Video Redirection or by disabling: Sessions -> RDP -> RDP Global -> Multimedia -> Enable Video Redirection [Smartcard] - Active Directory Logon with Smartcard: Smartcard Removal Action "Lock Thin Client" does not work. [VMware Horizon] - Blast: On Intel Baytrail based chipsets, H.264 rendering breaks after 20min. Workaround: Change switch to modify the Blast GL-Rendering Engine: key vmware.view.glrenderer from "automatic" to "off" - The USB on-insertion feature is only working if the client drive mapping is switched off. In the IGEL Setup Client drive mapping can be found in: Sessions -> RDP -> RDP Global -> Mapping -> Drive mapping -> Enable Drive Mapping - External drives mounted already before connection do not appear in the remote desktop. Workaround: map the directory /media as a drive in your desktop. Then the external devices will show up inside the media drive. ============================================================================= IGEL Universal Desktop OS 3 10.02.210 (stable build based on 10.02.190) ============================================================================= ============================================================================= New features: ============================================================================= [WiFi] - Added the possibility to initially configure a wifi connection in the Setup Assistant if a suitable device was detected. [Smartcard] - New SecMaker Net iD version 6.6.0.30. [VMware Horizon] - Updated VMware Horizon Client to version 4.5.0-5650368. Added keys in the IGEL registry to modify the USB-redirection behavior: vmware.view.usb-autoconnect-at-start-up: if set to true USB devices are redirected at start-up (i.e. when then Client connects to the desktop), if set to false USB devices are not redirected, but only listed as available in the vmware menubar; vmware.view.usb-autoconnect-on-insert: if set to true USB devices are redirected on insertion of the device, if set to false USB devices are only listed as available in the vmware menubar. - Added switch to modify the Blast GL-Rendering Engine: vmware.view.glrenderer ============================================================================= Resolved issues: ============================================================================= [RD Web Access] - Fixed resize Excel 2013 columns in RD WebAccess. [Network] - Added a new configuration to disable reverse dns lookup of the terminal name: registry key network.dns.hostname_dnslookup, default: enabled - Fixed bug: Hostname was not adopted from DHCP lease. [Base system] - Fixed automatic suspend after a defined time period of inactivity. - Fixed kernel security issue CVE-2017-1000364. - Reworked custom partition mechanism. - Apply custom parameters in the custom partition immediately after changing in setup. - Improved error handling of update of the custom partition's content. [VMware Horizon] - Fixed client drive mapping. [Audio] - Fixed saving state of Pulseaudio sound system. ============================================================================= IGEL Universal Desktop OS 3 10.02.190 (stable build based on 10.02.160) ============================================================================= ============================================================================= Resolved issues: ============================================================================= [Audio] - Fixed input and output recognizing for Sennheiser USB headsets. ============================================================================= New features: ============================================================================= [Base System] - Added support for serial attached device via inputattach daemon. This will allow to attach a serial line to an input-layer device. The following registry keys have been added: * devices.serial.inputattach.com.enabled Enable the inputattach daemon for port com. * devices.serial.inputattach.com.baud (default: handle by mode) Specify the baud rate to use. This is only necessary if the default mode rate is incorrect. * devices.serial.inputattach.com.nocarriagereturn (default: disabled) Remove carriage return on every input signal strings received. * devices.serial.inputattach.com.port (default: /dev/ttyS) Specify the device to use. * devices.serial.inputattach.com.mode (default: bs) Specify the serial attached device initialization mode. - Added support for Bluetooth Serial Port Profile via RFCOMM protocol. This will allow to pair a bluetooth device like barcode scanners in SPP mode. The following registry keys have been added: * devices.serial.inputattach.hci.enabled Enable the inputattach daemon for port hci. * devices.serial.inputattach.hci.baud (default: 9600) Specify the baud rate to use. This is only necessary if the default baud rate is incorrect. * devices.serial.inputattach.hci.nocarriagereturn (default: disabled) Remove carriage return on every input signal strings received. * devices.serial.inputattach.hci.port (default: /dev/rfcomm) Specify the device to use. * devices.serial.inputattach.hci.macaddr Specify the remote bluetooth device mac address (BD ADDR). * devices.serial.inputattach.hci.reconnect (default: true) Automatically reconnect to the remote device if disconnected or out of range every 10 seconds. [Touchscreen] - Added support for TSharc USB touchscreen monitors. ============================================================================= IGEL Universal Desktop OS 3 10.02.160 (stable build based on 10.02.150) ============================================================================= ============================================================================= New features: ============================================================================= [Base system] - Added possibility to configure minimal allowed ssh cipher security. New registry keys: * network.ssh_client.disable_weak_encryption (defaults to true) * network.ssh_client.minimal_encryption_level (defaults to 128bit) possible range 128bit, 192bit or 256bit * network.ssh_server.disable_weak_encryption (defaults to true) * network.ssh_server.minimal_encryption_level (defaults to 128bit) possible range 128bit, 192bit or 256bit [Hardware] - Make Video outputs of Dell Advanced E-PORT II DOCK available in UDC3 (not visible as connector in setup -> use automatic) ============================================================================= Resolved issues: ============================================================================= [Smartcard] - Added new parameter scard.pcscd.on_demand (default: true). When true, the smart card service PC/SC-Lite starts when it is accessed the first time and terminates after 60 seconds of inactivity. When false, the service is started immediately at boot and stays running. Setting it to false can help to avoid smart card errors which e.g. only occur once after boot. [Base system] - Security fix for Secure Shadowing: do not accept weak SSL ciphers anymore. As the RC4 cipher is not accepted anymore, this change fixes Bar Mitzvah attacks (CVE-2015-2808). Due to the higher security demands Secure Shadowing with Java 6 based UMS version 4.07.100 and 4.08.100 is not supported anymore. Secure Shadowing is supported with UMS 5 and UMS 4.09.100. - Fixed initializing of the custom partition during boot: Do not invoke initialize action twice. - Fixed free size calculation during firmware update on storage device bigger than 4Gb. - Fixed Bluetooth Tray icon. Now the "paired devices" section show the correct device list. - Fixed a issue with failsafe boot which could lead to a non bootable system. - Reworked custom partition mechanism. [X11 system] - Fixed not shown desktop on Dell P2217 monitor (now also for DELL P2217H model). Added registry key x.xserver0.force_reconfig (defaults to false) to force a X reconfiguration. - Fixed non working touchscreen calibration. Fixed not saved touchscreen calibration over reboot. - Fixed black screen issue after boot. [Window manager] - Fixed memleak if taskbar background is a image. [Shared Workplace] - Fixed passthrough authentication with Shared Workplace. Now e.g. Shared Workplace and Citrix Single Sign On is working again. [Audio] - Fixed input and output recognizing for Sennheiser USB headsets. [Hardware] - Fixed touchpad parameters for newer touchpad devices. [Remote Management] - Fixed fingerprint check in ICG Setup for verified certificates. ============================================================================= IGEL Universal Desktop OS 3 10.02.150 (stable build based on 10.02.120) ============================================================================= ============================================================================= Resolved issues: ============================================================================= [VMware Horizon] - Fixed handling of stalled VMware/RDP sessions: * In case the session uses an https tunnel to reach the remote desktop, Horizon View Client resets the tunnel one minute after the network congestion is ovserved. Upon this reset, now, the RDP client terminates and does not try to reconnect because the https tunnel given to it by the Horizon Client is already closed at this point. * In case of direct connection to the remote desktop, the reconnect dialog of the RDP client terminates the client immediately now when the cancel button is pressed. [Caradigm] - Fixed Caradigm VMware/RDP sessions using network level authentication ============================================================================= IGEL Universal Desktop OS 3 10.02.120 (stable build based on 10.02.100) ============================================================================= ============================================================================= New features: ============================================================================= [Applidis] - Enhanced option handling ============================================================================= Resolved issues: ============================================================================= [Base system] - Fixed problem with bootorder setting (EFI only) on mmc block based devices. - Fixed device not booting if no network connection is available and no settings have been made yet (i.e. after first boot or reset to factory defaults). [X11 system] - Fixed non working touchscreen calibration. - Fixed not saved touchscreen calibration over reboot. [Remote Management] - Added download of custom wallpaper and bootsplash in ICG agent. ============================================================================= IGEL Universal Desktop OS 3 10.02.100 ============================================================================= ============================================================================= New features: ============================================================================= [Citrix] - Updated Citrix HDX RTME (Skype for Business Optimization) to 2.2.100-949. - Added basic support for CID (Certificate Identity Declaration) with SecMaker smartcards. For this feature Citrix Receiver 13.4 or newer is required. To enable the feature activate the following parameter in the registry: parameter name: ica.authman.cid default value: false - Added SecMaker Net iD browser plugin. Activate in IGEL Registry, parameter: browser_plugin.secmaker.netid default value: false [Citrix Receiver 13] - Support for lossless features in hardware accelerated Citrix deep compression codec: "Text tracking" and "small frames" - Integrated Citrix Receiver 13.4.2 - Integrated Citrix Receiver 13.5.0 [RDP/IGEL RDP Client 2] - Added the Desktop Scale Factor option to change the RDP session scale: * "Sessions -> RDP -> RDP Global -> Window -> Desktop Scale Factor" * "Sessions -> RDP -> RDP Sessions -> (session) -> Window -> Desktop Scale Factor" [NX client] - NoMachine NX Client updated to version 5.2.11 [UD Pocket] - Added handling of new UD Pocket VFAT data partition. New registry key: devices.ud_pocket_data_mount.policy (defaults to nomount) Possible values: * nomount -> do not mount UD pocket data partition and lock storage hotplug * mount_ro -> mount UD pocket data partition read only to /ud_pocket_data and lock storage hotplug * mount_rw -> mount UD pocket data partition read/write to /ud_pocket_data and lock storage hotplug * hotplug_handled -> let storage hotplug handle the UD pocket data partition - Added UD Pocket Demo activation. The activation will take place in the IGEL Setup Assistant. If it fails on this attempt, the activation will get restarted automatically after every reboot, as long as no valid license is installed. [VMware Horizon] - Updated Horizon Client to version 4.3.0 - Added possibility to prevent the user from editing the (predefined) user name in the local login window for Horizon. Parameter: vmware.login.username_editable default: true [Parallels Client] - Updated Parallels 2X Client to version 15.5.2 * Added new setup parameter "Adaptive RemoteFX (RDP 8.1)" at "Setup -> Sessions -> Parallels Client Sessions -> [session name] -> Experience". Registry key: sessions.twox.experience.remotefx_adaptive (bool, default: true) This parameter enables the RemoteFX Progressive and H.264 (RDP 8.1) Parallel 2X options to enhance end-user experience. * Added new registry parameter "Use all monitors for Desktop session (if applicable)" Registry key: sessions.twox.advanced.all_monitor_for_desktop (bool, default:false) This parameter enable the extend to all monitor feature when connection to remote desktops. [Power Term] - New Ericom PowerTerm version 12.0.1.0.20170219.2-_dev_-34574. [IBM_5250] - Added IBM iAccess Client Solutions 5250 emulation version 1.1.5.0. Configuration can be done in IGEL Setup under "Sessions->IBM iAccess Client". For further information, please refer to the edocs section or the documentation provided in the client at "Help -> Information Center". [Leostream Java Connect] - Integrated Leostream Connect Client version 3.3.7.0. [Firefox] - Updated Firefox to version 45.8.0 ESR. - Updated Adobe Flash Player to version 25.0.0.148. - Added restart-after-idle configuration for browser sessions: configurable at "Setup -> Sessions -> Browser -> Browser Sessions -> [session name] -> Settings -> Restart". It's possible to configure the idle timeout in minutes or seconds. Registry keys: * sessions.browser.app.restart_timeout_enabled * sessions.browser.app.restart_timeout * sessions.browser.app.restart_timeout_unit [Network] - Added registry keys to influence EAP authentication attributes. These settings are for experts only. * network.interfaces.wirelesslan.device0.wpa.phase1_direct * network.interfaces.wirelesslan.device0.wpa.phase2_direct * network.interfaces.wirelesslan.device0.alt_ssid%.wpa.phase1_direct * network.interfaces.wirelesslan.device0.alt_ssid%.wpa.phase2_direct * network.interfaces.ethernet.device%.ieee8021x.phase1_direct * network.interfaces.ethernet.device%.ieee8021x.phase2_direct These are all of type string and their default value is empty. The values directly affect the phase1/phase2 settings for wpa_supplicant. Documentation can be found here: https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf Radius server vendors should be able to advise users about what they might try. In some customer environments wpa_supplicant 2.1 has worked but later versions 2.5 and 2.6 have not. The main goal of these keys is to enable the customer to make the new wpa_supplicant behave like the 2.1 version. One major difference is usage of TLS 1.2 in authentication involving PEAP. In order to enforce a different version of TLS, phase1-direct can e.g. be set to "tls_disable_tlsv1_2=1" - SCEP: OpenSSL's default behaviour regarding encoding of CSRs has changed. Therefore a new registry key has been added to explicitly specify the string_mask option for CSR creation: network.scepclient.cert%.string_mask Type: string Default: "default" (This currently results in the traditional behaviour.) See OpenSSL documentation concerning CSR creation for possible alternative settings. [WiFi] - New registry keys: * network.interfaces.wirelesslan.device0.wpa.passphrase_crypt_password * network.interfaces.wirelesslan.device0.alt_ssid%.wpa.passphrase_crypt_password These are used for storing encrypted WPA Personal passphrases. The keys without _crypt_password suffix, that have stored cleartext passphrases, still exist to preserve compatibility with old UMS versions. New software will use the new keys and delete values of the old keys, when changes are made. Usage of UMS 5.06.100 or higher is needed. - Added driver support for TPLink ArcherT4U. - Added driver ath10k. This supports various QCA98xx devices (not tested). [AppliDis] - Intergated Systancia AppliDis client version 4.0.0.17. [Smartcard] - The feature "IGEL Smartcard without locking desktop" will not be supported in Linux 10 any more. - Added IGEL Smartcard personalization tool. - Added driver for smartcard reader Elatec TWN4 CCID (USB 0x09D8:0x0425) - Added domain white list for certificates on smartcard. This list is used to filter certificates for login with smartcard to Legacy ICA sessions when the local login window is active. Parameter (in Registry): scard.pkcs11.domain_whitelist default value: (empty) The value is a comma separated list of domains. If the first character of the domain is '*', then all domains which end with the given name match, e.g. example.com, *.example2.com - Updated SecMaker Net iD to version 6.5.2.37. This version supports Citrix CID (Certificate Identity Declaration). - Updated PC/SC Lite to version 1.8.20. [CUPS Printing] - Added support for cups lpd. [Application Launcher] - The Application Launcher now shows the username of the logged-in user. This new feature is enabled by default if 'Local Logon' is configured and can be disabled by switching off the parameter 'auth.login.show_username'. - Added capability to copy values from the about page by performing a right mouse click. - Updated the Application Launcher's 'About' page. This includes several UI changes and improved functionality. It is now possible to lookup the network status on this page. [Base system] - Added IGEL Setup Assistant for configuring the device initially. This tool allows to set the UI language, keyboard layout, timezone, date and time, establish an ICG connection and in case that the underlying device is an UD pocket demo stick, to retrieve an evaluation license. The agent only shows up if the device hasn't been configured so far, e.g. neither has the local IGEL Setup been used so far nor has a connection to the UMS been established. - Updated kernel to Ubuntu version 4.4.0-67.88. - Added notification after a successful bootcode update. - Reworked custom bootsplash: It is now possible to define the style of the custom bootsplash. If it is set to "Original", the custom bootsplash image is display in the center of the primary display with its original resolution. The other options behave similar to the desktop wallpaper style. Moreover, the former hidden registry keys for the background color and progress indicator size have been added to the corresponding setup section. - Custom wallpaper and/or custom bootsplash are restored automatically in case of absence, e.g. after a system recovery. - Added EFI 32 bit support. - Removed "UDC automatic license deployment server" feature. - Changed session network notification from dialogue to pop-up notification. - Added option to completely disable the session related network notification. Configurable at Setup -> Sessions -> Global Session Options -> Network notification on session start. Registry key: userinterface.sessions.network-notification-enabled - Bluetooth Tray enhanced with new icon states: * bluetooth device paired * bluetooth scan for devices - Added support for special UDC2/UDC3 upgrade license. Please note, that any device equipped with this license can't be downgraded below firmware version 10.02.100. - New registry key: "custom_partition.%source.crypt_password" This is used for storing encrypted password. The key without crypt_ prefix, that have stored cleartext password, still exist to preserve compatibility with old UMS versions. New software will use the new key and delete value of the old key, when changes are made. Usage of UMS 5.06.100 or higher is needed. - Added setup option to delay session start until new UMS settings have been applied. This behavior can be configured at Setup -> Sessions -> Global Session Options or Setup -> System -> Remote management -> Options: * Parameter "Delay session start at boot time to apply new UMS settings", registry key: userinterface.sessions.wait-for-ums-config (default: disabled) * Timeout parameter, registry key: userinterface.sessions.wait-for-ums-config-timeout (default: 10s, only relevant if option above is enabled) - Removed AVAHI daemon. - Removed vWorkspace post session command selection, this client is not supported anymore in Linux 10. - Instead of IBM iSeriesAccess client the new iAccess client is now supported in post session command configuration. [Driver] - Added Citrix and RDP Virtual Channels for DriveLock USB Device Control. Enable for Citrix in IGEL Setup page Sessions->Citrix XenDesktop/XenApp->HDX/ICA Global->Mapping->Device Support, parameter DriveLock Channel. Enable for RDP in IGEL Setup page Sessions->RDP->RDP Global->Mapping->Device Support, parameter DriveLock Channel. - Added Philips Dictation Driver 12.4.15. Enable Philips Speech Channel for Dictation in IGEL Setup page "Sessions -> Citrix XenDesktop/XenApp -> HDX/ICA Global -> Mapping -> Device Support (Citrix)" or "Sessions -> RDP -> RDP Global -> Mapping -> Device Support (RDP)". Also supports SpeechMike Premium Touch and SpeechAir. [X11 system] - Active notifications get now arranged after a notification has been closed. - Updated Mesa to current xenial version 12.0.6. - Added registry key x.drivers.intel.use_tear_free (default false) which can be activated to avoid tearing artefacts. [Window manager] - The IGEL start menu now shows the username of the logged-in user. This new feature is enabled by default if 'Local Logon' is configured and can be disabled by switching off the parameter 'windowmanager.wm0.variables.startmenu.show_username'. - Active section in start menu is now colored dynamically based on the configured theme. If the theme is optimized for dark color, the active section is highlighted slightly lighter and vice versa in case of a light theme. [VirtualBox] - Integrated VirtualBox Guest Additions 5.1.18. [Multimedia] - Updated Fluendo multimedia codecs. [Hardware] - Added hardware support for DLog DLT-V6210. - Added hardware support for INTEL Compute Stick STK2m3W64CC. - Added support for HDMI Audio for ATOM based Intel Compute Stick. - Updated AMDGPU Pro kernel module to version 16.60. - Improved support to configure the brightness of internal panels. Added possibility to preserve brightness over reboots New registry key: x.xserver0.preserve_brightness_over_reboot (default true) - Added support for the usage of 2 x Nvidia NVS510 graphic cards (up to 8 screens) [Java] - Updated Oracle JRE to 1.8U121. [Remote Management] - Added setup option for configuring notifications regarding new UMS settings. If new settings from UMS are available during boot, the user was prompted if the settings shall be applied or not. This behavior is now configurable with the following registry keys: * userinterface.rmagent.enable_usermessage_on_boot (default: enabled) * userinterface.rmagent.message_timeout_on_boot (default: no timeout) * userinterface.rmagent.message_default_action (default: apply) These settings may also be modified on the setup page "Sessions -> Global Session Options" or alternatively "System -> Remote Management -> Options". - Implemented the new IGEL Cloud Gateway protocol version 2. The implementation isn't compatible with the old protocol and requires UMS 5.06.100 or higher. [IGEL Cloud Gateway] - Added support for IGEL Cloud Gateway. - Implemented the new IGEL Cloud Gateway protocol version 2. The implementation isn't compatible with the old protocol and requires UMS 5.06.100 or higher. ============================================================================= Resolved issues: ============================================================================= [Citrix] - Fixed changing citrix receiver in appliance mode - Hardware accelerated H.264 deep compression codec is working properly with Citrix Receiver 13.4.1. See http://edocs.igel.com/#10205128.htm how to enable hardware acceleration. - Fixed: The logoff dialog (which shows up when logging off while a session is still running) has three buttons (Cancel, Disconnect, Logoff). Instead of the expected behavior, clicking on the logoff button had no effect, i.e. the session just continued running. Now the parameter "ica.wfclient.logoffdesktopthrotwi" in setup's registry is set to true by default. This means that the logoff button will log the user off and end the running session, just as it should. To retain the old behavior, set the parameter back to false. This parameter has no effect on the disconnect button, which just continues to do what the name suggests. - Fixed an issue with audio bandwidth limit, new registry parameter ica.wfclient.audiobandwidthlimit - Fixed power button function while in the local login screen, the screen is locked and in XenDesktop Appliance Mode login screen. - Citrix StoreFront / Web Interface: Fixed application autostart. - Fixed logging of logoff events to UMS User Login History at shutdown or suspend. - Citrix session login window with smartcard authentication translated correctly to german. - Fixed password change over Netscaler. - Fixed local logon with disabled show domain. Local logon uses domain entries from ica session or Citrix global config correctly. - Fixed problem with user names containing '. They are now handled correctly in Citrix XenApp/StoreFront logon. - Fixed reading Gemalto IDPrime smartcards with IDGo800 User Tool inside Citrix ICA sessions. [Citrix Receiver 13] - Fixed StoreFront logon with smartcard - Fixed application startup failure with Citrix StoreFront / Web Interface: 20-30 minutes after logon application startup failed with error message "no server connection configured". [RDP/IGEL RDP Client 2] - RDP multi monitor sessions now also work, when the multiple screens are configured via the "Display Switch" dynamically. - Fixed printer mapping: a mapped printer is set as default printer inside the session, if and only if it is the default printer on the thin client. Before this fix the first mapped printer was set as default printer. - Fixed RDP multipoint server scan. - Fixed problem with graphical window fragments in RDP sessions to server 2012R2. - Fixed logon with smartcard or token. Before this fix reconnecting to a disconnected session could fail sporadically. - Fixed RDP drawing issues with non-RemoteFX remote app sessions. - Fixed RDP desktop scaling setting: The server side desktop scaling setting takes precedence, if the TC desktop scaling setting is set to 100%. [UD Pocket] - Fixed non working touchpad on MacBooks. [VMware Horizon] - Fixed Onscreen keyboard configuration in VMware Horizon appliance mode. - Fixed Thinprint printer redirection support. - Fixed crash when using Windows Media MMR. - Fixed issue where FIPS-mode was not properly enabled in Horizon Client. - Fixed Horizon logon with smartcard. [Power Term] - Fixed host name substitution when specifying %h in parameter 'Device Name' in IBM 5250 emulation and parameter 'LU Name' in IBM 3270 emulation. Before this fix the substituted value was "localhost" after boot. - Fixed input of Euro sign in IBM 5250 Display emulation with 'Host Code Page' supporting Euro, e.g. 1141. [Firefox] - Fixed the use of smartcards in Firefox browser. [Network] - Fixed ssh sessions not working after reboot. - Fixed not being able to specify the port for SSH sessions. [WiFi] - Improved support for D-Link "dwa171 rtl8821au" [genucard VPN] - Fixed incorrect network status on the client when using the genucard without having another physical connection. E.g. this happened when only the genucard was connected via USB, but no other ethernet cable was connected to the client. In this case, sessions that need network could not be started. [Smartcard] - Fixed a problem with Kerberos Logon with smartcard, where logon was failing with message "Invalid Logon". - Added missing parameter "scard.pcscd.omnikey_mhz_required". Configuration of this parameter is necessary e.g. for DATEV smartcards. - PC/SC Lite: Improved stability and fixed protocol errors. - Fixed detection of smartcard readers (e.g. Kobil mIdentity) to be useable with DATEV Sicherheitspaket V4.3 and DATEV Sicherheitspaket compact V3.2 within RDP sessions. [Application Launcher] - Fixed Application Launcher starting multiple times if the restart option was set. [Base system] - Fixed post session command configuration and handling. - Fixed start of screen lock in legacy start menu. - Fixed an issue where a previously configured custom bootsplash couldn't be deactivated while a custom wallpaper was set. - Fixed USB access control crashing systems which were booted from USB device, when new settings were applied. - Fixed a bug where active windows could be seen through the border of the lock screen. - Fixed delayed start of some applications in some situations, e.g. application launcher. - Fixed emergency boot. - Fixed In-Session Control Bar positioning for single screen sessions on second monitor of multi monitor setups. - Fixed In-Session Control Bar after display resolution or monitor placement changes. - Fixed the In-Session Control Bar not shown for some session types. - Fixed a bug where changes to the taskbar background haven't been applied instantly. - Fixed automatic update of custom partition at boot time. - Fixed detection of Onyx Venus 222 device. [Storage Devices] - Fixed memory hotplug devices only working for the first user of a local logon session. [Appliance Mode] - Ctrl+Alt+F2 now starts the IGEL setup also in the RDP Multipoint appliance mode. - Fixed toolbar not appearing in Citrix Self-Service appliance mode. - Fixed startup of various appliance mode sessions. [X11 system] - Fixed showing folder structure in the legacy start menu, when the first folder contains no application. - Fixed non working VGA screen for DELL WYSE D50D. - Fixed undecorated softkeyboard when it was switched off and on again. - Fixed login and lock screen focus issues when the screensaver + DPMS is activated. - Fixed wrong focus of Citrix fullscreen session when returning from screen lock. - Fixed the softkeyboard tray icon look. - Fixed desktop not being shwon on Dell P2217 monitor. [Window manager] - Fixed unfunctional panel with active screen lock. - Fixed issues with focus setting after booting. - Fixed IGEL start menu while a message or info dialog is shown. - Fixed start menu not opening on the first click after "Show Desktop" was used. - Fixed panel behavior when it is enabled in login and lock screen, but disabled on normal desktop - Fixed missing 'Safely remove USB hardware' icon in the IGEL Light theme. - Fixed layout of action buttons within popup notifications. - Fixed window focus issues which disabled the power button or any other keyboard shortcut to function as expected. - Fixed missing translations of some tooltips (e.g. 'About', 'Reboot', 'Shutdown') in the start menu. - Fixed workarea mode for Citrix sessions. - Removed top highlight border from maximized windows. [Shadowing/VNC] - Fixed start of VNC Server for shadowing, if remote management is disabled. [Caradigm] - Fixed Caradigm disconnect timeout handler for Horizon View and RDP sessions. [Evidian] - Fixed an issue where a VMware Horizon session via the RDP protocol automatically tried to reestablish the connection after terminating intendedly. - Fixed an issue where a VMware Horizon session always used 'Autoconnect' independent of the connection setting under the corresponding Horizon session. [Hardware] - Fixed poweroff problem with Wyse D50D. - Fixed non working touchpad of Asus E402S Laptop. - Fixed non working touchscreen on Terra Pad 1061. [Java] - Fixed Java (webstart) applications not being able to launch the local browser by using the desktops url-handler. [Remote Management] - Fixed CPU speed detection when CPU power management is active. - Fixed status reporting for downloaded files. [IGEL Cloud Gateway] - Improved check of the SSL certficate chain in ICG agent.