IGEL Universal Desktop OS 3 =========================== Firmware version 10.04.100 Release date 2018-04-12 Last update of this document 2018-04-10 [> IGEL eDOCS Release Notes](http://edocs.igel.com/releasenotes) Supported Devices ------------------------------------------------------------------------------- [> Supported UDC3 devices](http://edocs.igel.com/supported_udc3_devices) Component Versions ------------------------------------------------------------------------------- +-------------------------------------------+----------------------------------+ | Clients | | +===========================================+==================================+ | Citrix HDX Realtime Media Engine | 2.4.0-1233 | +-------------------------------------------+----------------------------------+ | Citrix Receiver | 13.3.2.366713 | +-------------------------------------------+----------------------------------+ | Citrix Receiver | 13.4.2.10146724 | +-------------------------------------------+----------------------------------+ | Citrix Receiver | 13.7.0.10276927 | +-------------------------------------------+----------------------------------+ | Citrix Receiver | 13.8.0.10299729 | +-------------------------------------------+----------------------------------+ | deviceTRUST Citrix Channel | 17.2.100.0 | +-------------------------------------------+----------------------------------+ | Ericom PowerTerm | 12.0.1.0.20170219.2-_dev_-34574 | +-------------------------------------------+----------------------------------+ | Evidian AuthMgr | 1.5.6362 | +-------------------------------------------+----------------------------------+ | Evince PDF Viewer | 3.18.2-1ubuntu4.3 | +-------------------------------------------+----------------------------------+ | FabulaTech USB for Remote Desktop | 5.2.23 | +-------------------------------------------+----------------------------------+ | Firefox | 52.7.2 | +-------------------------------------------+----------------------------------+ | IBM iAccess Client Solutions | 1.1.5.0 | +-------------------------------------------+----------------------------------+ | IGEL RDP Client | 2.2 | +-------------------------------------------+----------------------------------+ | Imprivata OneSign ProveID Embedded | | +-------------------------------------------+----------------------------------+ | deviceTRUST RDP Channel | 17.2.100.0 | +-------------------------------------------+----------------------------------+ | Leostream Java Connect | 3.3.7.0 | +-------------------------------------------+----------------------------------+ | NX Client | 5.3.12 | +-------------------------------------------+----------------------------------+ | Open VPN | 2.3.10-1ubuntu2.1 | +-------------------------------------------+----------------------------------+ | Oracle JRE | 1.8.0_162 | +-------------------------------------------+----------------------------------+ | Parallels Client (64 bit) | 16.2.0.19039 | +-------------------------------------------+----------------------------------+ | Remote Viewer (Red Hat Virtualization) | 7.0 | +-------------------------------------------+----------------------------------+ | Systancia AppliDis | 4.0.0.17 | +-------------------------------------------+----------------------------------+ | Thinlinc Client | 4.8.0-5456 | +-------------------------------------------+----------------------------------+ | ThinPrint Client | 7.5.83 | +-------------------------------------------+----------------------------------+ | Totem Media Player | 2.30.2 | +-------------------------------------------+----------------------------------+ | VMware Horizon client | 4.7.0-7395152 | +-------------------------------------------+----------------------------------+ | Voip Client Ekiga | 4.0.1 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | Dictation | | +===========================================+==================================+ | Diktamen driver for dictation | | +-------------------------------------------+----------------------------------+ | Grundig Business Systems dictation driver | | +-------------------------------------------+----------------------------------+ | Nuance Audio Extensions for dictation | B048 | +-------------------------------------------+----------------------------------+ | Olympus driver for dictation | 20161103 | +-------------------------------------------+----------------------------------+ | Philips Speech driver | 12.5.4 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | Signature | | +===========================================+==================================+ | signotec Citrix Channel | 8.0.6 | +-------------------------------------------+----------------------------------+ | signotec VCOM Daemon | 2.0.0 | +-------------------------------------------+----------------------------------+ | StepOver TCP Client | 2.1.0 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | Smartcard | | +===========================================+==================================+ | PKCS#11 Library A.E.T. SafeSign | 3.0.101 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library Athena IDProtect | 623.07 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library cryptovision sc/interface | 7.0.5.592 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library Gemalto SafeNet | 10.0.37-0 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library SecMaker NetID | 6.6.0.30 | +-------------------------------------------+----------------------------------+ | Reader Driver ACS CCID | 1.1.5 | +-------------------------------------------+----------------------------------+ | Reader Driver Gemalto eToken | 10.0.37-0 | +-------------------------------------------+----------------------------------+ | Reader Driver HID Global Omnikey | 4.2.4 | +-------------------------------------------+----------------------------------+ | Reader Driver Identive CCID | 5.0.35 | +-------------------------------------------+----------------------------------+ | Reader Driver Identive eHealth200 | 1.0.5 | +-------------------------------------------+----------------------------------+ | Reader Driver Identive SCRKBC | 5.0.24 | +-------------------------------------------+----------------------------------+ | Reader Driver MUSCLE CCID | 1.4.28 | +-------------------------------------------+----------------------------------+ | Reader Driver REINER SCT cyberJack | 3.99.5final.sp11 | +-------------------------------------------+----------------------------------+ | Resource Manager PC/SC Lite | 1.8.22 | +-------------------------------------------+----------------------------------+ | Cherry USB2LAN Proxy | 3.0.0.4 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | System Components | | +===========================================+==================================+ | Bluetooth stack (bluez) | 5.46-0ubuntu3 | +-------------------------------------------+----------------------------------+ | MESA OpenGL stack | 17.2.8-0igel3 | +-------------------------------------------+----------------------------------+ | VAAPI ABI Version | 0.40 | +-------------------------------------------+----------------------------------+ | VDPAU Library version | 1.1.1-3ubuntu1 | +-------------------------------------------+----------------------------------+ | Graphics Driver INTEL | 2.99.917+git20180214-igel1 | +-------------------------------------------+----------------------------------+ | Graphics Driver ATI/RADEON | 7.10.0-2igel3 | +-------------------------------------------+----------------------------------+ | Graphics Driver ATI/AMDGPU | 1.4.0-2igel3 | +-------------------------------------------+----------------------------------+ | Graphics Driver Nouveau (Nvidia Legacy) | 1.0.15-2 | +-------------------------------------------+----------------------------------+ | Graphics Driver Nvidia | 384.111-0ubuntu0.16.04.1 | +-------------------------------------------+----------------------------------+ | Graphics Driver Vboxvideo | 5.2.6-dfsg-2 | +-------------------------------------------+----------------------------------+ | Graphics Driver VMware | 13.2.1-1build1 | +-------------------------------------------+----------------------------------+ | Graphics Driver QXL (Spice) | 0.1.5-2build1 | +-------------------------------------------+----------------------------------+ | Graphics Driver FBDEV | 0.4.4-1build5 | +-------------------------------------------+----------------------------------+ | Graphics Driver VESA | 2.3.4-1build2 | +-------------------------------------------+----------------------------------+ | Input Driver Evdev | 2.10.5-1ubuntu1 | +-------------------------------------------+----------------------------------+ | Input Driver Elographics | 1.4.1-1build5 | +-------------------------------------------+----------------------------------+ | Input Driver eGalax | 2.5.5814 | +-------------------------------------------+----------------------------------+ | Input Driver Synaptics | 1.9.0-1ubuntu1 | +-------------------------------------------+----------------------------------+ | Input Driver Vmmouse | 13.1.0-1ubuntu2 | +-------------------------------------------+----------------------------------+ | Input Driver Wacom | 0.34.0-0ubuntu2 | +-------------------------------------------+----------------------------------+ | Kernel | 4.15.15 #mainline-udos-r2141 | +-------------------------------------------+----------------------------------+ | Xorg X11 Server | 1.19.6-2igel1 | +-------------------------------------------+----------------------------------+ | CUPS printing daemon | 2.1.3-4ubuntu0.4 | +-------------------------------------------+----------------------------------+ | Lightdm graphical login manager | 1.18.3-0ubuntu1.1 | +-------------------------------------------+----------------------------------+ | XFCE4 Windowmanager | 4.12.3-1ubuntu2 | +-------------------------------------------+----------------------------------+ | ISC DHCP Client | 4.3.3-5ubuntu12.7 | +-------------------------------------------+----------------------------------+ | NetworkManager | 1.2.2-0ubuntu0.16.04.4 | +-------------------------------------------+----------------------------------+ | ModemManager | 1.6.4-1 | +-------------------------------------------+----------------------------------+ | GStreamer 0.10 | 0.10.36-2ubuntu0.1 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | Features with Limited IGEL Support | | +===========================================+==================================+ | Mobile Device Access USB | | +-------------------------------------------+----------------------------------+ | VPN OpenConnect | | +-------------------------------------------+----------------------------------+ General Information ------------------------------------------------------------------------------- ### The following clients and features are not supported anymore * Citrix Receiver 12.1 and 13.1 * Citrix Access Gateway Standard Plug-in * Dell vWorkspace Connector for Linux * Ericom PowerTerm Emulation 9 and 11 * Ericom Webconnect * IGEL Legacy RDP Client (rdesktop) * Virtual Bridges VERDE Client * PPTP VPN Support * IGEL Upgrade License Tool with IGEL Smartcard Token * Remote Management by setup.ini file transfer (TFTP) * Remote Access via RSH * Legacy Philips Speech Driver * Digital Persona Support * Sane Scanner Support * t-Systems TCOS Smartcard Support * DUS Series touch screens * Elo serial touch screens * IGEL Smartcard without locking desktop * VIA Graphics Support * Storage Hotplug devices are not automatically removed anymore, instead they must be always ejected manually: - by panel tray icon - by an icon in the 'In-Session Control Bar' (configurable at `IGEL Setup > User Interface > Desktop`) - by a 'Safely Remove Hardware' session (configurable at `IGEL Setup > Accessories`) ### The following clients and features are not available in this release * X session (Xorg Xephyr) * Cherry eGK Channel * Softpro/Kofax Citrix Virtual Channel * Open VPN Smartcard Support * NCP Secure Client * Asian Input Methods * Composite Manager Security Fixes -------------------------------------------------------------------------------- ### Firefox * Fixes for mfsa2018-08, also known as CVE-2018-5146, CVE-2018-5147. * Fixes for mfsa2018-07, also known as CVE-2018-5127, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131, CVE-2018-5144, CVE-2018-5125, CVE-2018-5145. ### Base system * Added support for UEFI Secure Boot. When booted with Secure Boot the downgrade to a firmware version older than 10.04.100 is locked. * Fixed evince security issue CVE-2017-1000159. * Fixed bind9 security issue CVE-2017-3145. * Fixed glibc security issues CVE-2018-1000001, CVE-2017-16997, CVE-2017-15804, CVE-2017-15670, CVE-2017-1000409 and CVE-2017-1000408. * Fixed gdk-pixbuf security issues CVE-2017-6314, CVE-2017-6313, CVE-2017-6312 and CVE-2017-1000422. * Fixed webkit2gtk security issues CVE-2017-7156, CVE-2017-5753, CVE-2017-5715, CVE-2017-13870, CVE-2017-13866, CVE-2017-13856, CVE-2018-4096, CVE-2018-4088, CVE-2017-7165, CVE-2017-7161, CVE-2017-7160, CVE-2017-7153, CVE-2017-13885 and CVE-2017-13884. * Fixed poppler security issues CVE-2017-14976 and CVE-2017-1000456. * Fixed openssl security issues CVE-2017-3738 and CVE-2017-3737. * Fixed libxml2 security issues CVE-2017-16932 and CVE-2017-15412. * Fixed nvidia-graphics-drivers-384 security issue CVE-2017-5753. * Fixed openssh security issues CVE-2017-15906, CVE-2016-10012, CVE-2016-10011, CVE-2016-10010 and CVE-2016-10009. * Fixed libtasn1-6 security issues CVE-2018-6003 and CVE-2017-10790. * Fixed curl security issues CVE-2018-1000005 and CVE-2018-1000007. * Fixed libvorbis security issues CVE-2017-14633 and CVE-2017-14632. * Fixed wavpack security issue CVE-2016-10169. * Fixed cups security issue CVE-2017-18190. * Fixed sensible-utils security issue CVE-2017-17512. * Removed terminal start function from task manager menu bar. * Updated kernel to version 4.15.15 - Fixed Meltdown (CVE-2017-5754) by PTI (page table isolation) - Fixed Spectre Variant 1 (CVE-2017-5753) by __user pointer sanitization - Fixed Spectre Variant 2 (CVE-2017-5715) by full generic retpoline * Fixed beep security issue CVE-2018-0492. * Added Intel Processor Microcode Package version 20180312 to provide IBRS/IBPB/STIBP microcode support for Spectre Variant 2 (CVE-2017-5715) mitigation +-------------------------+--------+-------------+--------------------+ | CPU Product Name | CPU ID | Platform ID | Microcode Revision | +=========================+========+=============+====================+ | Sandy Bridge | 206A7 | 12 | 0x2D | | / Xeon E3 | | | | +-------------------------+--------+-------------+--------------------+ | Sandy Bridge | 206D6 | 6D | 0x61C | | Server EN/EP/EP4S | | | | +-------------------------+--------+-------------+--------------------+ | Sandy Bridge | 206D7 | 6D | 0x713 | | Server EN/EP/EP4S | | | | +-------------------------+--------+-------------+--------------------+ | Ivy Bridge / Xeon E3, | 306A9 | 12 | 0x1F | | Gladden | | | | +-------------------------+--------+-------------+--------------------+ | Haswell (H, S) | 306C3 | 32 | 0x24 | | / Xeon E3 | | | | +-------------------------+--------+-------------+--------------------+ | Broadwell U/Y | 306D4 | C0 | 0x2A | +-------------------------+--------+-------------+--------------------+ | Ivy Bridge Server | 306E4 | ED | 0x42C | | E, EN, EP, EP4S | | | | +-------------------------+--------+-------------+--------------------+ | Ivy Bridge Server EX | 306E7 | ED | 0x713 | +-------------------------+--------+-------------+--------------------+ | Haswell Server | 306F2 | 6F | 0x3C | | E, EP, EP4S | | | | +-------------------------+--------+-------------+--------------------+ | Haswell Server EX | 306F4 | 80 | 0x11 | +-------------------------+--------+-------------+--------------------+ | Haswell ULT | 40651 | 72 | 0x23 | +-------------------------+--------+-------------+--------------------+ | Haswell Perf Halo | 40661 | 32 | 0x19 | +-------------------------+--------+-------------+--------------------+ | Broadwell H 43e | 40671 | 22 | 0x1D | | / Xeon E3 | | | | +-------------------------+--------+-------------+--------------------+ | Skylake U/Y, | 406E3 | C0 | 0xC2 | | Skylake U23e | | | | +-------------------------+--------+-------------+--------------------+ | Skylake D Bakerville, | 50654 | B7 | 0x2000043 | | Skylake Server, | | | | | Skylake W, | | | | | Skylake X Basin Falls | | | | +-------------------------+--------+-------------+--------------------+ | Broadwell DE V1 | 50662 | 10 | 0x15 | +-------------------------+--------+-------------+--------------------+ | Broadwell DE V2,V3 | 50663 | 10 | 0x7000012 | +-------------------------+--------+-------------+--------------------+ | Broadwell DE Y0 | 50664 | 10 | 0xF000011 | +-------------------------+--------+-------------+--------------------+ | Skylake H/S / Xeon E3 | 506E3 | 36 | 0xC2 | +-------------------------+--------+-------------+--------------------+ | Kaby Lake U/Y, U23e | 806E9 | C0 | 0x84 | +-------------------------+--------+-------------+--------------------+ | Kaby Lake Refresh U 4+2 | 806EA | C0 | 0x84 | +-------------------------+--------+-------------+--------------------+ | Kaby Lake H/S/X/G | 906E9 | 2A | 0x84 | | / Xeon E3 | | | | +-------------------------+--------+-------------+--------------------+ | Coffee Lake H (6+2), | 906EA | 22 | 0x84 | | Coffee Lake S (6+2) | | | | | / Xeon E | | | | +-------------------------+--------+-------------+--------------------+ | Coffee Lake S (4+2) | 906EB | 02 | 0x84 | +-------------------------+--------+-------------+--------------------+ | Valleyview Bay Trail | 30678 | 0C | 0x836 | | M/D (C0 step), | | | | | T (C0 step) | | | | +-------------------------+--------+-------------+--------------------+ | Valleyview Bay Trail | 30679 | 0F | 0x90A | | I (D0, D1 step), | | | | | M/D (D1 step) | | | | +-------------------------+--------+-------------+--------------------+ | Cherry View (Cherry | 406C4 | 01 | 0x410 | | Trail, Braswell) | | | | +-------------------------+--------+-------------+--------------------+ [> Public CPU Names](https://newsroom.intel.com/wp-content/uploads/sites/11/2018/03/microcode-update-guidance.pdf) ### Network * Disabled weak message authentication codes for SSH server and client as default. If problems occur following default setting could be changed. +------------+-----------------------------------------------------------------+ | Parameter | `Disable weak message authentication codes` | +------------+-----------------------------------------------------------------+ | Registry | `network.ssh_client.disable_weak_macs` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Disable weak message authentication codes` | +------------+-----------------------------------------------------------------+ | Registry | `network.ssh_server.disable_weak_macs` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ * Disabled weak key exchange algortihms for SSH server and client as default. If problems occur following default setting could be changed. +------------+-----------------------------------------------------------------+ | Parameter | `Disable weak key exchange algorithms` | +------------+-----------------------------------------------------------------+ | Registry | `network.ssh_client.disable_weak_kexalgorithms` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Disable weak key exchange algorithms` | +------------+-----------------------------------------------------------------+ | Registry | `network.ssh_server.disable_weak_kexalgorithms` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ * Disabled weak hostkeys (server) and hostkey algortihms (client) for SSH server and client as default. If problems occur following default setting could be changed. +------------+-----------------------------------------------------------------+ | Parameter | `Disable weak Hostkey algorithms` | +------------+-----------------------------------------------------------------+ | Registry | `network.ssh_client.disable_weak_hostkey_algos` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Disable weak Hostkeys` | +------------+-----------------------------------------------------------------+ | Registry | `network.ssh_server.disable_weak_hostkeys` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ * Changed SMB protocol version default v1.0 to v2.0 for mounting windows shares to improve security. * Added the possibility to change the SMB protocol version for windows shares. The windows shares are configurable at `IGEL Setup > Network > Network Drives > Windows Drive` +------------+-----------------------------------------------------------------+ | Parameter | `SMB protocol version` | +------------+-----------------------------------------------------------------+ | Registry | `network.smbmount.smb_version` | +------------+-----------------------------------------------------------------+ | Range | [1.0][2.0][2.1][3.0] | +------------+-----------------------------------------------------------------+ | Value | **2.0** (default) | +------------+-----------------------------------------------------------------+ > When using a very old Windows file server, the change to > version back to 1.0 is necessary. ### RDP/IGEL RDP Client 2 * Fixed RDP: CVE-2018-0886. ### Java * Fixed in Oracle JRE 1.8U162 : CVE-2018-2638, CVE-2018-2639, CVE-2018-2633, CVE-2018-2627, CVE-2018-2637, CVE-2018-2634, CVE-2018-2582, CVE-2018-2641, CVE-2018-2618, CVE-2018-2629, CVE-2018-2603, CVE-2018-2657, CVE-2018-2599, CVE-2018-2581, CVE-2018-2602, CVE-2018-2677, CVE-2018-2678, CVE-2018-2588, CVE-2018-2663, CVE-2018-2675, CVE-2018-2579 Known Issues -------------------------------------------------------------------------------- ### Citrix Receiver 13 * On devices with AMD/Radeon graphics chipsets and activated DRI3 X driver option the hardware accelerated Citrix H.264 decoder plugin can hang. To solve this issue deactivation of DRI3 option is necessary (default setting). +------------+-----------------------------------------------------------------+ | Parameter | `Use DRI3` | +------------+-----------------------------------------------------------------+ | Registry | `x.drivers.use_dri3` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Force usage of DRI3` | +------------+-----------------------------------------------------------------+ | Registry | `x.drivers.amdgpu.force_dri3` | +------------+-----------------------------------------------------------------+ | | `x.drivers.ati.force_dri3` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Citrix StoreFront login with Gemalto smart card middleware does not detect smart card correctly when the card is inserted after start of login. As a workaround, insert the smart card before starting StoreFront login. * No smooth playback over Nuance channel if dictation device isn't attached. ### VMware Horizon * External drives mounted already before connection do not appear in the remote desktop. Workaround: mapping the directory /media as a drive on desktop. Then the external devices will show up within the media drive. * Client drive mapping and USB redirection for storage devices should not be enabled both at the same time. - On the one hand, when using USB redirection for storage devices: The USB on-insertion feature is only working when the client drive mapping is switched off. In the IGEL Setup client drive mapping can be found in: `Sessions > Horizon Client > Horizon Client Global > Drive Mapping > Enable Drive Mapping`. It is also recommended to disable local Storage Hotplug: On page `Devices > Storage Devices > Storage Hotplug`, put number of storage hotplug devices to 0. - On the other hand, when using drive mapping instead, it is recommended to either switch off USB redirection entirely or at least deny storage devices by adding a filter to the USB class rules. Furthermore Horizon Client relies on the OS to mount the storage devices itself. Change on following setup page is required: `Devices > Storage Devices > Storage Hotplug` Activate "Enable dynamic drive mapping" and set "Number of storage hotplug devices" to at least 1. ### Firefox * Because the support for the gstreamer framework was dropped by recent Firefox versions, support for H264 decoding in the browser is not possible anymore due to licensing restrictions. ### OpenConnect VPN * VPNs which need the OpenConnect client cannot be used for firmware updates. ### Evidian * Active Directory users with a password containing special characters may have problems to authenticate with the configured session. Known special characters which results in errors are: ` (grave accent, ASCII code 96) ´ (acute accent, ASCII code 239) New Features -------------------------------------------------------------------------------- ### Citrix Receiver 13 * Integrated **Citrix Receiver 13.8.0**. - Support for Azure Active Directory (Azure AD) authentication - Support for Workspace configuration from Citrix Cloud +------------+-----------------------------------------------------------------+ | Parameter | `Use Citrix Cloud with receiver 13.8 or newer` | +------------+-----------------------------------------------------------------+ | Registry | `ica.cloudconnect` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Integrated **Citrix Receiver 13.4.2**. Citrix Receiver version 13.5.0 was removed. Available Citrix Receiver versions: 13.3.2, 13.4.2, 13.7.0, 13.8.0 (default) * Updated Citrix HDX RTME used for optimization of Skype for Business to 2.4.0. ### RDP/IGEL RDP Client 2 * Added possibility to use RDP local logon for smartcard login. This can be activated in the setup. +------------+-----------------------------------------------------------------+ | Parameter |`Enable smartcard support for local logon` | +------------+-----------------------------------------------------------------+ | Registry |`rdp.login.smartcard-local-logon` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ > By enabling this parameter local logon can be used for smartcard > authentication. If Username is left empty, the connection to the RDP server > will be made without sending credentials. Smartcard as > login method can be chosen in the microsoft login window . However this will > not work with **NLA**. * Added support for CredSSP up to version 6. ### VMware Horizon * Updated VMware Horizon Client to version 4.7.0-7395152 * Added key to enable seamless window mode in each application session: +------------+-----------------------------------------------------------------+ | Parameter | `Seamless Application Windows` | +------------+-----------------------------------------------------------------+ | Registry | `sessions.vdm_client.options.enable_seamless_window` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Added possibility to use Fabulatech USB Redirection in a Horizon Client PCoIP session +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > Horizon Client > Horizon Client Global > Fabulatech USB Redirection | +------------+-----------------------------------------------------------------+ | Parameter | `Enable Fabulatech USB Redirection` | +------------+-----------------------------------------------------------------+ | Registry | `vmware.view.usb.enable-fabulatech-usb` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ ### Parallels Client * Integrated Parallels Client version 16.2.0 (19039) * Added support for USB Redirection, configurable at new IGEL Setup page `Sessions > Parallels Client > Parallels Client Global > USB Redirection`. +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > Parallels Client > Parallels Client Global > USB Redirection | +------------+-----------------------------------------------------------------+ | Parameter | `Enable USB Redirection` | +------------+-----------------------------------------------------------------+ | Registry | `twox.usb_redirection.usb_enable` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Product ID` | +------------+-----------------------------------------------------------------+ | Registry | `twox.usb_redirection.devicepolicy.product_rule.product` | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Vendor ID` | +------------+-----------------------------------------------------------------+ | Registry | `twox.usb_redirection.devicepolicy.product_rule.vendor` | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Rule` | +------------+-----------------------------------------------------------------+ | Registry | `twox.usb_redirection.devicepolicy.product_rule.rule` | +------------+-----------------------------------------------------------------+ | Range | [Deny][Allow] | +------------+-----------------------------------------------------------------+ | Value | **Deny** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Name` | +------------+-----------------------------------------------------------------+ | Registry | `twox.usb_redirection.devicepolicy.product_rule.name` | +------------+-----------------------------------------------------------------+ | Value | **Policy Rule** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Automatically redirect all USB devices` | +------------+-----------------------------------------------------------------+ | Registry | `twox.usb_redirection.devicepolicy.redirect_all` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Added support for PTP/MTP Redirection. +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > Parallels Client > Parallels Client Global > USB Redirection | +------------+-----------------------------------------------------------------+ | Parameter | `Enable PTP/MTP Redirection` | +------------+-----------------------------------------------------------------+ | Registry | `twox.mtp_redirection.mtp_enable` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Product ID` | +------------+-----------------------------------------------------------------+ | Registry | `twox.mtp_redirection.devicepolicy.product_rule.product` | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Vendor ID` | +------------+-----------------------------------------------------------------+ | Registry | `twox.mtp_redirection.devicepolicy.product_rule.vendor` | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Rule` | +------------+-----------------------------------------------------------------+ | Registry | `twox.mtp_redirection.devicepolicy.product_rule.rule` | +------------+-----------------------------------------------------------------+ | Range | [Deny][Allow] | +------------+-----------------------------------------------------------------+ | Value | **Deny** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Name` | +------------+-----------------------------------------------------------------+ | Registry | `twox.mtp_redirection.devicepolicy.product_rule.name` | +------------+-----------------------------------------------------------------+ | Value | **Policy Rule** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Automatically redirect all PTP/MTP devices` | +------------+-----------------------------------------------------------------+ | Registry | `twox.mtp_redirection.devicepolicy.redirect_all` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Added support for Clipboard Redirection. +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > Parallels Client > Parallels Client Sessions > Parallels Client Session > Local Resources | +------------+-----------------------------------------------------------------+ | Parameter | `Connect clipboard` | +------------+-----------------------------------------------------------------+ | Registry | `sessions.twox.local_resources.connect_clipboard` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ ### VoIP * Added VoIP client Ekiga 4.0.1. ### Firefox * Updated Firefox to version 52.7.2 ESR. * Updated Adobe Flash Player download URL to version 29.0.0.113. ### Network * Added TTLS/PAP and TTLS/MSCHAPv2 to possible 802.1x authentication methods. * Improved support for Sierra EM7305 LTE device (e.g. in Toshiba Port‚g‚ and Fujitsu LIFEBOOK E Series). Attention: The EM7305 comes in various variants, e.g. one with ProductId 9041 and another one with ProductId 9063. The latter comes at least with one or with two USB configuration options. A device with only one configuration option has been observed on a Toshiba Tecra Z-50-D-115 notebook. It only works in MBIM mode and with IGEL firmware, when the device has successfully connected before with the same settings (particularly APN), e.g. under Microsoft Windows 10. * Added suport for Sierra EM7455 WWAN module. * Added suport for running the Huawei E3531i WWAN device in modem mode (in addition to HiLink mode). * Added possibility to adopt the hostname from a DHCP lease as **permanent** terminal name. The purpose is to use the name received as part of a DHCP lease in future interactions with the DHCP server. +------------+-----------------------------------------------------------------+ | Parameter | `Adopt permanent Terminal Name from DHCP lease` | +------------+-----------------------------------------------------------------+ | Registry | `network.dns.hostname_adopt_from_dhcp` | +------------+-----------------------------------------------------------------+ | Value | **disabled** (default) / enabled | +------------+-----------------------------------------------------------------+ * NetworkManager updated to version 1.2.2 * ModemManager updated to version 1.6.4 * usb_modeswitch updated to version 2.5.1 ### Open VPN * Added Huawei HiLink Mobile Broadband USB device as possible uplink to OpenVPN sessions. ### OpenConnect VPN * Added OpenConnect client version 7.08 to connect to Cisco AnyConnect and Juniper VPN. The feature must be enabled at: +------------+-----------------------------------------------------------------+ | IGEL Setup | System > Firmware Customization > Features | +------------+-----------------------------------------------------------------+ | Parameter | `VPN OpenConnect (Limited support - functionality "as is", see | | | product documentation for details)` | +------------+-----------------------------------------------------------------+ | Registry | `services.unsupported02.enabled` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * The OpenConnect VPN configuration is available at IGEL Setup page `Network > VPN > OpenConnect VPN`: +------------+-----------------------------------------------------------------+ | IGEL Setup | Network > VPN > OpenConnect VPN > VPN OpenConnect > Session | +------------+-----------------------------------------------------------------+ | Parameter | `Gateway` | +------------+-----------------------------------------------------------------+ | Registry | `sessions.openconnect.vpnopts.gateway` | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Enable Name/Password Authentication` | +------------+-----------------------------------------------------------------+ | Registry | `sessions.openconnect.vpnopts.enable-name-pwd` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `User name` | +------------+-----------------------------------------------------------------+ | Registry | `sessions.openconnect.vpnopts.username` | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Password` | +------------+-----------------------------------------------------------------+ | Registry | `sessions.openconnect.vpnopts.crypt_password` | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `CA Certificate` | +------------+-----------------------------------------------------------------+ | Registry | `sessions.openconnect.vpnopts.ca-cert` | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `User Certificate` | +------------+-----------------------------------------------------------------+ | Registry | `sessions.openconnect.vpnopts.user-cert` | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Private Key` | +------------+-----------------------------------------------------------------+ | Registry | `sessions.openconnect.vpnopts.priv-key` | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Private Key password` | +------------+-----------------------------------------------------------------+ | Registry | `sessions.openconnect.vpnopts.priv-key-pwd.crypt_password` | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Connect to Juniper Networks VPN` | +------------+-----------------------------------------------------------------+ | Registry | `sessions.openconnect%.vpnopts.is-juniper` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ > Tray icon is placed in the panel to disconnect from a running > OpenConnect VPN connection ### Smartcard * Added CoolKey PKCS#11 library for access to Common Access Card (CAC) smartcards. +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > Browser > Browser Global > Encryption | +------------+-----------------------------------------------------------------+ | Parameter | `Coolkey Security Device` | +------------+-----------------------------------------------------------------+ | Registry | `browserglobal.security_device.coolkey` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > Horizon Client > Horizon Client Global > Smartcard | +------------+-----------------------------------------------------------------+ | Parameter | `Horizon logon with smartcards supported by Coolkey library` | +------------+-----------------------------------------------------------------+ | Registry | `vmware.view.pkcs11.use_coolkey` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Security -> Smartcard -> Middleware | +------------+-----------------------------------------------------------------+ | Parameter | `Coolkey` | +------------+-----------------------------------------------------------------+ | Registry | `scard.pkcs11.use_coolkey` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Updated Gemalto SafeNet PKCS#11 library to version 10.0.37-0. This package replaces **Gemalto/SafeNet eToken** and **Gemalto IDPrime** libraries. **Gemalto SafeNet** (formerly **Gemalto/SafeNet eToken**) now handles Gemalto cards and tokens including eToken and IDPrime. **Gemalto IDPrime** now handles IDPrime cards and tokens, preferred Common Creteria (CC) cards and tokens in Unlinked Mode. * Added full integration of OpenSC PKCS#11 library for access to smartcards. +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > Browser > Browser Global > Encryption | +------------+-----------------------------------------------------------------+ | Parameter | `OpenSC Security Device` | +------------+-----------------------------------------------------------------+ | Registry | `browserglobal.security_device.opensc` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > Horizon Client > Horizon Client Global > Smartcard | +------------+-----------------------------------------------------------------+ | Parameter | `Horizon logon with smartcards supported by OpenSC library` | +------------+-----------------------------------------------------------------+ | Registry | `vmware.view.pkcs11.use_opensc` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Security > Smartcard > Middleware | +------------+-----------------------------------------------------------------+ | Parameter | `OpenSC` | +------------+-----------------------------------------------------------------+ | Registry | `scard.pkcs11.use_opensc` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Updated MUSCLE CCID smartcard reader driver to version 1.4.28. * Updated ACS CCID smartcard reader driver to version 1.1.5. * Updated REINER SCT cyberJack smartcard reader driver to version 3.99.5final.sp11. * Added parameter to disable Identive CCID smartcard reader driver. If this driver is disabled, some of the readers are handled by the MUSCLE CCID driver. This can help when problems with Identive reader driver occur. +------------+-----------------------------------------------------------------+ | Parameter | `Identive driver for smartcard readers` | +------------+-----------------------------------------------------------------+ | Registry | `scard.pcscd.identiv_enable` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ * Updated cryptovision sc/interface PKCS#11 library to version 7.0.5.592. * New smartcard reader driver for Fujitsu KB SCR eSIG version 5.0.24. ### HID * Added layout toggle feature to on-screen keyboard. +------------+-----------------------------------------------------------------+ | IGEL Setup | Accessories > On-Screen Keyboard > Appearance | +------------+-----------------------------------------------------------------+ | Parameter | `Enable switching to alternative layout` | +------------+-----------------------------------------------------------------+ | Registry | `userinterface.softkeyboard.enable_alternative_layout` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled**(default) | +------------+-----------------------------------------------------------------+ > If this is enabled there is a key on the on-screen keyboard for toggling > between the normal layout and a reduced layout, that saves space on the > screen and has more or less the same features as the number block of an > ordinary keyboard with some extensions. ### Base system * Added support for UEFI Secure Boot. When booted with Secure Boot the downgrade to a firmware version older than 10.04.100 is locked. * Updated kernel to version 4.15.15 * Boot time optimization (up to 25% faster) * Switch power off on USB ports on shutdown and reboot. The feature can be enabled in IGEL Setup. At the moment only IGEL H830C is supported. +------------+-----------------------------------------------------------------+ | IGEL Setup | Registry | +------------+-----------------------------------------------------------------+ | Registry | 'devices.usb.poweroff_shutdown' | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Added Unit ID in Application Launcher About > Hardware section. ### Storage Devices * Added support for Mobile Device Access feature in Appliance Mode. The Mobile Device Access tool can be opened via a new icon in the `In-session control bar`. The Mobile Device Access tool can also be started automatically: +------------+-----------------------------------------------------------------+ | Parameter | `Autostart` | +------------+-----------------------------------------------------------------+ | Registry | `sessions.mtp-devices0.autostart` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ > Mobile Device Access must be enabled at > `IGEL Setup > System > Firmware Customization > Features`. > Appliance Mode must be enabled at > `IGEL Setup > Sessions > Appliance Mode`. * The Mobile Device Access tool is now configurable at `IGEL Setup > Accessories > Mobile Device Access`. * The Mobile Device Access tray icon respects the current theme now. ### X11 system * Added support for **XDMCP Appliance Mode**. The XDMCP connection is configurable: +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > Appliance Mode | +------------+-----------------------------------------------------------------+ | Parameter | `XDMCP for this Display` | +------------+-----------------------------------------------------------------+ | Registry | `x.xdmcp0.enabled` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > Appliance Mode | +------------+-----------------------------------------------------------------+ | Parameter | `Connection type` | +------------+-----------------------------------------------------------------+ | Registry | `x.xdmcp0.server.connectiontype` | +------------+-----------------------------------------------------------------+ | Range | [indirect via localhost][indirect][direct][broadcast] | +------------+-----------------------------------------------------------------+ | Value | **indirect via localhost** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > Appliance Mode | +------------+-----------------------------------------------------------------+ | Parameter | `Name or IP of server` | +------------+-----------------------------------------------------------------+ | Registry | `x.xdmcp0.server.servername` | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > Appliance Mode | +------------+-----------------------------------------------------------------+ | Parameter | `Enable hotkeys for XDMCP Display` | +------------+-----------------------------------------------------------------+ | Registry | `x.xdmcp0.hotkeys.enabled` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ > The default hotkey to open IGEL Setup is: CTRL + ALT + F2. > The setup page `User Interface > Display > XDMCP` was removed. * Added **XC Font Service** support. Configurable at: +------------+-----------------------------------------------------------------+ | IGEL Setup | User Interface > Font Services > XC Font Service | +------------+-----------------------------------------------------------------+ | Parameter | `Enable XC Font Service` | +------------+-----------------------------------------------------------------+ | Registry | `x.xc_fontservice.enabled` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | User Interface > Font Services > XC Font Service | +------------+-----------------------------------------------------------------+ | Parameter | `XC Font Server` | +------------+-----------------------------------------------------------------+ | Registry | `x.xc_fontservice.fontserver` | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | User Interface > Font Services > XC Font Service | +------------+-----------------------------------------------------------------+ | Parameter | `Port Number` | +------------+-----------------------------------------------------------------+ | Registry | `x.xc_fontservice.port` | +------------+-----------------------------------------------------------------+ | Value | **7100** | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | User Interface > Font Services > XC Font Service | +------------+-----------------------------------------------------------------+ | Parameter | `Prefer Local Fonts` | +------------+-----------------------------------------------------------------+ | Registry | `x.xc_fontservice.prefer_localfonts` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Added auto detection of monitor refresh rate. This can be controlled with new parameters. +------------+-----------------------------------------------------------------+ | IGEL Setup | User Interface > Display > Advanced | +------------+-----------------------------------------------------------------+ | Parameter | `Detect refresh rate automatically` | +------------+-----------------------------------------------------------------+ | Registry | `x.xserver0.auto_frequency` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | IGEL Setup | User Interface > Display > Advanced | +------------+-----------------------------------------------------------------+ | Parameter | `Detect refresh rate automatically` | +------------+-----------------------------------------------------------------+ | Registry | `x.xserver0.screen.auto_frequency` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ * Added xorg debug script **/etc/igel/igel_debug_tools/xorg-debug.sh** to make collecting Xorg debug data easier (a /tmp/xorg-debug.log file is generated). ### Window manager * Added possibility to a) change the preferred placement mode and b) modify the threshold value up to which window size this placement mode should be chosen (otherwise window placement defaults to so called smart mode which tries to minimize overlapping) +------------+-----------------------------------------------------------------+ | Parameter | `Preferred Placement` | +------------+-----------------------------------------------------------------+ | Registry | `windowmanager.wm0.variables.placement_mode` | +------------+-----------------------------------------------------------------+ | Value | At mouse position / **Centered** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Maximum window size for which the preferred placement should apply` | +------------+-----------------------------------------------------------------+ | Registry | `windowmanager.wm0.variables.placement_ratio` | +------------+-----------------------------------------------------------------+ | Value | 0% / 10% / **20%* (default) / 30% / 40% / 50% / 60% / 70% / 80% / 90% / 100% | +------------+-----------------------------------------------------------------+ ### Audio * Volume of audio output and input can now be configured up to 150% at IGEL Setup page `Accessories > Sound Preferences > Options`. * Added a parameter for log level configuration of Pulseaudio service: +------------+-----------------------------------------------------------------+ | Parameter | `Log level` | +------------+-----------------------------------------------------------------+ | Registry | `multimedia.pulseaudio.daemon.log-level` | +------------+-----------------------------------------------------------------+ | Range | [debug][info][notice][warning][error] | +------------+-----------------------------------------------------------------+ | Value | **notice** | +------------+-----------------------------------------------------------------+ ### Misc * An EULA must be accepted now in IGEL setup assistant before finalizing it and using the IGEL OS. ### Java * Updated Oracle JRE to 1.8U162. ### Remote Management * Added new log file transfer mechanism for UMS feature "Save TC files for support" (UMS 5.08.110 or higher required). By default it collects all log files visible in system log viewer, system configuration files group.ini, setup.ini and dhclient lease files. More files can be specified at `IGEL Setup > Accessories > System Log Viewer > Options`. The resulting zip file has now a folder structure. ### IGEL Cloud Gateway * Added UMS structure tag handling for usage with ICG agent. ### VirtualBox * Updated VirtualBox Guest Additions to version 5.2.6. Resolved Issues -------------------------------------------------------------------------------- ### Citrix * Fixed sporadic crashes of the Citrix USB Daemon. ### RDP/IGEL RDP Client 2 * Fixed passing Ctrl+Alt+C keyboard shortcut to RDP session. * Fixed smartcard redirection: after session reconnection readers and cards were not connected anymore in some cases. * Fixed the rdpdebugger to work again (was broken in the previous release). * Fixed misleading RDP error message `Authentication failed` on wakeup from suspend mode. * Fixed TCP timeout value to get more stable RDP connections under certain circumstances. ### VMware Horizon * Fixed bug which prevented microphone redirection in Horizon Client RDP sessions. The corresponding parameter can be found at: +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > RDP > RDP Global > Mapping > Audio | +------------+-----------------------------------------------------------------+ | Parameter | `Audio recording` | +------------+-----------------------------------------------------------------+ | Registry | `rdp.winconnect.rdpeai.enable` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled**(default) | +------------+-----------------------------------------------------------------+ ### RedHat Enterprise Virtualization client * Fixed display corruption with Windows connections. ### Firefox * Fixed possibility to download files in the browser if needed. The parameter to enable/disable file download is available here: +------------+-----------------------------------------------------------------+ | IGEL Setup | Sessions > Browser > Browser Sessions > Window | +------------+-----------------------------------------------------------------+ | Parameter | `Hide local filesystem` | +------------+-----------------------------------------------------------------+ | Registry | `sessions.browser.app.filepicker_dialog_hidden` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled**(default) | +------------+-----------------------------------------------------------------+ > If enabled, the user is not allowed to download or use any save-as > functionality from menu, context or keyboard shortcut. * Fixed bug which prevented the download using the file dialog (when opening a link to a file of unknown type). * Fixed unmounting of the Firefox profile partition during shutdown - now it is unmounted in a determinate manner after Custom Partition. ### Network * Fixed bug: Network tray icons sometimes didn't reappear after network restart. * Fixed bug: tcpdump debug tool terminated immediately during boot * Fixed issue with naming of USB ethernet devices. * Fixed wrong LinkMode (10baseT/Half) with autonegotiation and some USB ethernet devices. ### AppliDis * Changed default value of 'PasswordMode' from 'cmdline' to 'prompt' as suggested by Systancia. ### Smartcard * Fixed driver for Elatec RFID readers. Before this fix the readers sometimes were not available after boot. * Fixed VMware Horizon logon with OpenSC smart cards. ### CUPS Printing * Fixed bug where the user for printjobs were not set to the domain user. ### Base system * Fixed Kerberos password change to work also with transport protocol TCP. To force protocol TCP, prepend Domain Controllers with prefix "tcp/", e.g. "tcp/dc.example.com". * Fixed occasional desktop hang in the local login or the network login mask after successful authentication. * Fixed password expiry notification showing negative expiry period. * Fixed update to connect to SFTP servers with very restrictive key exchange settings. * Fixed input of the reset key in reset to defaults boot, if the administrator password is not available anymore. If more than 255 characters were entered in the 1st try, it was not possible to enter the reset key for a 2nd or 3rd time. * Fixed Active Directory logon with smartcard: If the smartcard contains logon certificates for multiple users, it is possible to switch between these certificates and log on with the chosen certificate now. * Fixed missing names for some partitions in update notification when having other user interface language than English. * Fixed problems with never ending bootcode update with some EFI BIOS variants. * Fixed ssh server port configuration. * Fixed signotec signature pad channel for Citrix. * Increased stability of signotec VCOM Daemon. * Remove residual information belonging to a removed content from a custom partition. * Fixed crash of xfce4-power-manager after adding or removing input devices. * Fixed occasional appearance of green window at first boot of UD Pocket. ### Custom Partition * Fixed automatic update of custom partition - if download source isn't accessible then the content of the custom partition got lost. ### Appliance Mode * Fixed post session command "Logoff" in Appliance Mode. * Showing number of CPU cores in Application Launcher About > Hardware section now. ### X11 system * Fixed Elo-USB Touchscreen functionality after reboot. * Fixed wrong automatic resolution detection if monitor does not have a preferred mode. * Fixed sporadic display corruptions after monitors leaving the power saving mode. ### Shadowing/VNC * Fixed sporadic VNC server crash. ### Audio * Fixed volume control of internal speaker in HP T610. * Fixed automatic switch to output over analog headphones. * Not existing S/PDIF inputs and outputs in Plantronics and Jabra USB headsets are now ignored by audio subsystem (Pulseaudio). * Added workaround in the kernel USB audio driver for volume control on Sennheiser USB headsets. ### Remote Management * Fixed calculation of Unit ID for UMS management. In some cases it could happen that the MAC address of wrong network interface was chosen. * Fixed IGEL Setup Assistant to get stopped when settings were received from UMS.