Softpedia >Windows >Network Tools >Misc. Networking Tools >ThinLinc >  Changelog

ThinLinc Changelog

What's new in ThinLinc 4.15.0

Aug 25, 2023
  • General:
  • The appearance and layout of all parts of ThinLinc have been refreshed with a new graphical design. (4889, 7902, 7904, 7905, 7906, 7907, 7908, 7909, 7926, 7960, 7976, 7997, 8179, 8180)
  • Server:
  • The ThinLinc server now consists of a single RPM or deb package instead of several smaller packages. (4885)
  • It is now permitted to distribute the ThinLinc server, provided all terms of the EULA are followed. (8155)
  • Fixed an issue where unauthenticated connections could result in incorrect notifications about shadowers being disconnected. This could happen even if no shadower was connected to begin with. These notifications would appear as popups in user sessions (7830).
  • Patched multiple security vulnerabilities where a malicious application could cause the X server to crash or execute arbitrary code. [CVE-2021-4008, CVE-2021-4009, CVE-2021-4010, CVE-2021-4011, CVE-2022-2319, CVE-2022-2320, CVE-2022-3550, CVE-2022-3551, CVE-2022-4283, CVE-2022-46340, CVE-2022-46341, CVE-2022-46343, CVE-2022-46344, CVE-2023-0494, CVE-2023-1393] (7971, 8085, 8138, 8160)
  • The ThinLinc session will now allow access to all applications running as the user who started the session, not just applications that have access to the Xauthority file. This makes ThinLinc behave more like most major distributions and solves compatibility issues with restricted environments such as snap applications. (7788)
  • All license files must now be issued for the same version to avoid the system calculating an incorrect number of valid licenses. The license files and the ThinLinc software can still have different versions, as long as the software doesn't have a higher version than the license files. (4937)
  • Administration commands are more easily accessible by automatically adding /opt/thinlinc/sbin to PATH for all users. As a side effect, regular users will see ThinLinc commands that require superuser privileges when using tab completion. (7672)
  • Fixed an issue where ThinLinc Setup would crash when upgrading from ThinLinc 4.9.0 or older (7865)
  • The vsmagent service will no longer crash if the content of /etc/ssh/sshd_config is in an unexpected encoding. (7847)
  • Fixed an issue where sessions could fail to start if another X server was using a display number within the range configured for ThinLinc. (7930)
  • Setting a background image during session startup no longer requires the tool "xsri" and will now work correctly on most distributions. This image can be set through the parameter /sessionstart/background_image. The scaling of the image has also changed to better match how background images are scaled by desktop environments. (3054, 7906, 7949, 7952)
  • Fixed an issue where the session would continue starting even if the user clicked "Quit" in the profile chooser. (7917)
  • Native Client:
  • SHA-1 is no longer supported for SSH host keys or SSH public key authentication. This means that the ThinLinc server must be running OpenSSH 7.2 or later, or other key types than RSA must be used (7535, 7961)
  • The Linux 32-bit x86 ThinLinc client is no longer available. Users are advised to switch to the 64-bit client. (7962)
  • The ThinLinc client can now connect to Red Hat Enterprise Linux 9 servers without reconfiguring the SSH server to avoid a bug in the server's RSA host key handling. (7933)
  • The IGEL and ThinStation packages are now 64-bit for improved compatibility and performance. (6185, 7363)
  • Fixed an issue where the ThinLinc client would only show a black screen when entering full-screen mode on macOS 13. (8046)
  • Fixed an issue where the ThinLinc client would lose keyboard focus when leaving full-screen mode on macOS 13. (8049)
  • ThinLinc Web Access:
  • Fixed various issues where Web Access could be tricked into showing a page controlled by an attacker by having a user click on a link controlled by the attacker. (7986, 7851)
  • Smart Card Support:
  • Fixed a regression in ThinLinc 4.14.0 where some smart card applications would not work correctly under ThinLinc because of the missing symbol "pcsc_stringify_error". (7946)
  • Administration:
  • The ThinLinc server now comes with a new command-line tool for administration, "tlctl". It can list sessions, terminate sessions, and display load balancing information. (3707, 425, 7833, 7834)
  • When upgrading the ThinLinc server packages, the ThinLinc services are now automatically stopped for the full duration of the upgrade. This means that users cannot create new sessions or reconnect to running sessions during this period. The services are started again once ThinLinc Setup finishes. (7163)
  • ThinLinc's Web Administration has an overhauled interface where configuration details are now displayed in popups, instead of directly inside the tables. (8075)
  • The agent load information and the list of sessions in ThinLinc's Web Administration have been revamped to present the information more clearly. (8077, 8083)
  • Fixed an issue where tl-config didn't print the folder names when used without the recursive flag. (7780)
  • Fixed an issue where ThinLinc Web Administration could crash if the lpstat command was not available. (8063)
  • Documentation:
  • The ThinLinc Administrator's Guide is now installed with the ThinLinc server to make sure the correct documentation is always available. Once the server is installed, it can be found under the path /opt/thinlinc/share/doc/thinlinc-server/html. (1161)
  • man pages are now installed for all ThinLinc server commands. (7049)
  • Fixed an issue where it was not possible to search for some words in the ThinLinc Administrator's Guide. (7853)

New in ThinLinc 4.14.0 (Feb 7, 2022)

  • Server:
  • Upgrades of xorg-server to 1.20.13 and libX11 to 1.7.2 fixes multiple vulnerabilities where a malicious application could cause the X server to crash or execute arbitrary code. [CVE-2019-17624, CVE-2020-14344, CVE-2020-14345, CVE-2020-14346, CVE-2020-14347, CVE-2020-14360, CVE-2020-14361, CVE-2020-14362, CVE-2020-14363, CVE-2020-25712, CVE-2021-3472] (7773)
  • The ThinLinc server now requires a 64-bit x86 system. 32-bit x86 systems are no longer supported. Note that 32-bit applications on a 64-bit system are still fully supported. (5308)
  • The ThinLinc server can now be used with up to 10 concurrent users per organization for organizations that do not have any user licenses. Previously this was limited to 5 concurrent users. As before, the full product functionality is provided for these users. (7808)
  • Fixed an issue where the session-side DPI would diverge from the intended DPI over a number of session resizes. (7267)
  • Native Client:
  • The ThinLinc client is now able to use an arbitrary set of monitors in full-screen mode. E.g. two out of three connected monitors. (7006)
  • The default behavior is now to start in windowed mode instead of full-screen mode. This does not apply to clients packaged for thin terminals. (7805)
  • The display settings have been changed to be more clear and to avoid confusing and possibly conflicting settings. (7793)
  • The setting tabs have been reorganized to make the most commonly used settings easier to find. As a part of this, the the tab previously called "Screen" has been renamed to "Display", and the tab previously named "Options" has been renamed to "Advanced". (7522, 7793)
  • The options window when connected will now show the same settings as before logging in. (7522)
  • SSH host key fingerprints now use SHA256 and are shown along with their corresponding host key types in a manner similar to OpenSSH. (7639, 7756)
  • OpenSSH has been upgraded to version 8.7p1. This changes the first preference signature algorithm from ECDSA to ED25519. Note that this is the last release with the ssh-rsa signature scheme enabled. (7764)
  • Fixed an issue where the ThinLinc client could not log in to the SSH server with password. This happened when the SSH server was configured with 'ChallengeResponseAuthentication yes' and 'UsePAM no'. (4062)
  • Improved error messages for the user when providing incorrect key file for public key authentication. (7313)
  • The ThinLinc client will now present an error message if the connection is unexpectedly terminated. (7479)
  • Fixed an issue where the ThinLinc client application name was not translated on current versions of macOS. (7269)
  • Fixed an issue where the ThinLinc client interface was not translated on macOS once you were logged in. (7270)
  • Authentication using Aventra MyEID smart cards with 4096 bit keys is now supported. (7600)
  • The native client is no longer available for eLux RP 5. (7774)
  • Fixed an issue on macOS where all monitors but one would become unusable when going from full screen on all monitors to full screen on one monitor. (7795)
  • The ThinLinc client now respects changes to the system's monitor configuration while connected. (7007)
  • The Linux and macOS client no longer fails to start if opened with an empty or badly formatted log file. (7798)
  • Fixed an issue where the '-x' (XDM mode) and '--force fullscreen' command line arguments would not always result in full-screen mode over all monitors. (7803)
  • ThinLinc Web Access:
  • Internet Explorer is no longer a supported browser for Web Access, a more modern web browser is required. (7550)
  • Documentation:
  • The ThinLinc Administrator's Guide's appearance has been improved, has gotten better cross references for configuration variables, and now has an integrated search function. (4951)
  • Configuration Changes:
  • New:
  • New client settings FULL_SCREEN_MONITOR_MODE and FULL_SCREEN_SELECTED_MONITORS to control which monitors that are used when in full-screen mode.
  • Modified:
  • The client setting FULL_SCREEN_MODE now defaults to 0.
  • Removed:
  • The client settings REMOTE_RESIZE has been removed and the corresponding feature is now always enabled.
  • The client settings SCREEN_SIZE_SELECTION, SCREEN_X_SIZE and SCREEN_Y_SIZE have been removed and are now determined by the full-screen configuration.
  • Corrected Issues:
  • ThinLinc has also been enhanced in many other ways.

New in ThinLinc 4.13.0 (Aug 30, 2021)

  • Changes in This Release:
  • In the list below, the bug number is given in parentheses. For more information, visit https://www.cendio.com/bugzilla/.
  • Server:
  • The ThinLinc server now requires Python 3.4 or newer instead of Python 2.6. (4586)
  • The ThinLinc server now requires PyGObject and GTK+ 3.20 or newer instead of PyGTK 2.16.0. (7508)
  • Fixed an issue in ThinLinc 4.12.0 and later where other local users could cause a user's session to freeze by sending invalid data on the session's VNC port. (7706)
  • Fixed an issue in ThinLinc 4.12.0 and later where trying to paste the clipboard to replace selected text would sometimes fail. (7712)
  • Fixed an issue where the master or agent could crash and shut down if the system was under excessive load. (7689)
  • The command tl-passwd is no longer included with ThinLinc. (7696)
  • Fixed an issue where it was not possible to install ThinLinc or to run ThinLinc Setup on an apt system where python-apt wasn't available, such as on Ubuntu 20.10. (7671)
  • Fixed an issue where ThinLinc Setup could log many lines with "Unknown transaction item" when used on a system with DNF. (7714)
  • Fixed an issue where ThinLinc Setup would incorrectly detect support for NFS even when it was not supported by the system. (7718)
  • ThinLinc Setup on apt systems will now install the default MTA. Previously it would install a random package out of the ones providing /usr/sbin/sendmail. (7716)
  • Fixed an issue where the ThinLinc Setup firewall configuration would fail on systems using the lokkit firewall configuration tool. (7722)
  • Fixed an issue where the tl-collect-licensestats cron job would complain about python-thinlinc being missing if ThinLinc Setup had not been run. (5379)
  • Require ThinLinc's configuration files to always use UTF-8. This fixes a bug where ThinLinc allowed configuration files in all types of encodings, despite only being able to handle UTF-8 properly. This is a hard requirement, meaning that if any of the configuration files are not in UTF-8, ThinLinc will not work. (7557)
  • Native Client:
  • Diffie-hellman-group14-sha1 is no longer supported in ssh key exchange. (7524)
  • Fixed an issue in ThinLinc 4.12.1 and later where Kerberos authentication on Windows could fail with "Couldn't setup secure tunnel to Thinlinc server". (7650)
  • Fixed an issue in the ThinLinc client where sessions connected from Windows using Kerberos authentication could get disconnected after a while of use. (7650)
  • The client will now automatically recognize the server SSH host keys on a non-standard port, if the server's SSH host keys are already known to the client for the standard port 22. (7618)
  • Fixed an issue where SSH host certificates were not properly handled and the client would ask the user to verify the host key on every connection. (7643)
  • Logging of simultaneously run clients is now supported, up to a maximum of nine clients. (7640)
  • Printing Support:
  • Fixed an issue where the Printer Access Control feature didn't work on SELinux systems. (7581)
  • The Printer Access Control feature will no longer incorrectly add non existant or removed printers. (5930)
  • Administration:
  • Fixed an issue where text would in some cases be displayed incorrectly in ThinLinc web administration interface. (7567)
  • The status of the ThinLinc Web Access service is now visible in the System Health page of the Web Administration interface. (5125)
  • The tool tl-config now notifies the user if setting a parameter causes that parameter to be created. (2522)

New in ThinLinc 3.1.0 Build 2568 (May 6, 2010)

  • Server:
  • ThinLinc works on most modern Linux distributions and Sun Solaris (R). This release has been extensively tested on the following platforms:
  • Red Hat (R) Enterprise Linux 5.4 (64-bit)
  • SUSE Linux Enterprise Desktop 11 (R) (32-bit)
  • Ubuntu (R) 9.10 (32-bit)
  • Sun Solaris (R) 10
  • Note: The 64-bit version of SUSE Linux Enterprise Desktop is currently not recommended, since it does not provide a full 32-bit environment.
  • The performance of the X server has been increased. For example, the "gtkperf" performance test typically indicates a performance increase of 50%. (3449)
  • ThinLinc can now be installed in a non-global Solaris Zone. (3286)
  • The "homecreatefilter" now works with modern versions of Firefox. (3340)
  • The "lsof" command is no longer required on agent servers. "netstat" is required instead. (2975)
  • The default session DPI has been changed from 100 to 96, which is more common. (3351)
  • When reconnecting using a different session size, the DPI value was incorrectly changed. (3144)
  • A stability problem related to malformed vsmserver requests has been corrected. (3106)
  • A keyboard problem which could cause modifiers such as "shift" to stick has been corrected. (3143)
  • A keyboard problem affecting dead keys and the Windows client has been fixed. (3156)
  • On rare occasions, some portions of the screen were not updated. This has been corrected. (3108)
  • General:
  • The base system requirements for both the server and client have been raised. For Linux, glibc 2.3.4 or newer is required. (2910)
  • This release has not been translated to Brazilian Portugese. (3437)
  • Client:
  • Windows 7 and Windows 2008 R2 have been added to the list of supported client platforms. (3063)
  • The visual appearance of the client has been updated, including support for font anti-aliasing. (2405,3027)
  • The Solaris client now requires Solaris 10. (3422)
  • If the previous version of the client was configured to automatically select "encoding" (this is the default), it did not always select the fastest one. This could result in poor graphics performance. This problem has been fixed. (3416)
  • The RPM package now includes correct library dependencies, which makes it easier to install on 64-bit systems. (3024)
  • A problem related to copy/paste from a ThinLinc session to a local Linux system has been fixed. (3120)
  • Client packages for terminals from Neoware, VXL, and HP are no longer provided. If you need to run the 3.1.0 client on such terminals, we recommend a migration to the eLux platform. See http://myelux.com/ for more information. (3133)
  • The previous version of the client did not support smart cards on recent versions of eLux (version 2.6.0 and newer). (3480)
  • The 3.0.0 Windows client was not focused after connect. This has been corrected. (3136)
  • A compatibility problem with ThinLinc 2.1.0 servers running on Solaris has been fixed. (3363)
  • Exporting a "My Documents" directory containing international characters did not work; this has been corrected. (3212)
  • When the client starts, it will now move any existing log file to tlclient.old.log, preserving its content. This makes it easier to diagnose problems on terminals where the client is configured to automatically restart. (3305)
  • Smart Card Support:
  • When the client is configured to automatically connect when a smart card is inserted, the certificate to use can be selected based on the certificate issuer. (3272)
  • The client now supports unlocking PIN codes, provided that the user enters a valid PUK code. (2598)
  • The previous client did not show all certificates on certain smart cards. This has been corrected. (3275)
  • Smart card certificates with very long "subject names" are now correctly handled. (3294)
  • The Windows client can now handle smart cards with multiple private keys. (3405)
  • Smart card redirection now works on Linux systems with SELinux activated. (3414)
  • Many smart card error conditions are handled better. (3296)
  • Virtual Desktop Infrastructure (VDI):
  • Pools of common machines are now supported, in addition to dedicated personal machines. (3036, 3072)
  • Smart dynamic allocation/deallocation of common machines for authenticated users, including power operations, is now supported. (3232)
  • Support for VMware vSphere (R) has been added. (3173)
  • Support for linked clones has been added (requires vSphere/ESX 4.0). (3174)
  • Support for cloning machines from snapshots has been added (requires vSphere/ESX 4.0). (3396)
  • A new web-based VDI administration module has been added. (3229)
  • Desktop Customizer:
  • Desktop entries (.desktop files) handled by the Desktop Customizer are now marked as executable files, for compatibility with modern Linux desktop environments. (3165)
  • Common menus and application groups are included by default. (3200)
  • Novell Integration:
  • When previous versions of tl-nds-posixuser failed to find a free uid, a uid of -1 was incorrectly used. (3344)
  • Windows (R) Integration:
  • Please note that Windows Server 2008 is a supported server platform, but Windows Server 2008 R2 is not. (3301)
  • The software package for Windows Terminal Servers ("WTS Tools") now supports 64-bit systems. This means that features such as SeamlessRDP now works correctly on Windows x64 editions. It is also possible to mix 32- and 64-bit applications on such systems. (2764, 2986, 3428)
  • The RDP client (rdesktop) automatically resizes the Windows desktop when the size of the ThinLinc session changes. This makes it easier to reconnect to Windows desktop sessions from a terminal with a different screen resolution. (3043)
  • The RDP microphone driver (tlsnd) works on Windows XP now, even when reconnecting to existing sessions. (3219)
  • TLCOS:
  • TLCOS is configured for smart card usage. (3178)

New in ThinLinc 1.6 (Aug 3, 2007)

  • Server:
  • ThinLinc works on most modern Linux distributions and Sun Solaris (R). This release has been extensively tested on the following platforms:
  • Red Hat (R) Enterprise Linux 5 (Release Candidate)
  • SUSE Linux Enterprise Desktop 10 (R), in 64-bit mode
  • Ubuntu (R) 6.10
  • Sun Solaris (R) 10
  • ThinLinc can now be used for free for 1 concurrent user, even for commercial purposes. (2026)
  • CrossOver can be configured to automatically assign Windows drive letters for all "personal" mounts, such as ThinLinc local drives. This is done by enabling the tl-crossover-drives script. (1635)
  • Dead keys now works correctly with CrossOver, even when using the Windows client. (1983)
  • When licenses are about to expire, warning messages are sent to the administrator. (1989)
  • The tool tl-memberof-group can determine if a user is a member of the specified group. This makes custom scripting easier. (1992)
  • The tool tl-nds-memberof-container can determine if a user is located in a specified Organizational Unit, when LDAP authentication is used. (2320)
  • Desktop Customizer:
  • An external shell command can be used to determine if an application group should be activated for an user. (1515)
  • The Desktop Customizer now uses case-insensitive sorting. (1895)
  • Defining command lines containing quote characters is now possible. (2205)
  • Client:
  • The Windows client now features Local Drive Redirection. This makes it possible to access local hard disks, CD-ROMs, DVDs, USB-drives etc from the server. (316)
  • The performance of the local drive redirection has been greatly improved, especially when writing data. (1941)
  • The Local Drive Redirection now supports paths containing whitespace. (2339)
  • The Windows client supports machine-wide configuration, which provides default settings for the user configuration. (348)
  • A native client for Mac OS X is provided, with basic functionality. (410)
  • Windows Vista is now a supported client platform. (2046)
  • Windows XP Embedded is now a supported client platform. (1822)
  • Windows NT 4.0 is no longer a supported client platform. (2264)
  • Client packages for all Wyse Linux terminals, such as S50 and V50, are provided. (1874)
  • Antivirus verification is disabled by default. (2170)
  • Client packages for eLux containers UC_INTEL_P3 and UC_PC are now provided. (1823)
  • General:
  • All ISO images includes a cover image, which can be used for creating labels on CD-ROMs using LightScribe (http://www.lightscribe.com) or other methods. (2104)
  • The UTF-8 encoding of Unicode is used in almost all areas. This includes configuration files, web pages, documentation, and file names. Usernames and passwords in the ThinLinc client are still limited to ASCII, though. (2067)
  • ThinLinc has been updated to reflect the name change of the highly successful PolypAudio project, which is now called PulseAudio (http://pulseaudio.org/). (2073)
  • Novell Integration:
  • The Linux kernel ncpfs file system has suffered from a problem (http://bugzilla.kernel.org/show_bug.cgi?id=3328) which causes NCP mounts to stop working under certain conditions. Although this is a problem with Linux rather than ThinLinc, Cendio have donated a correction for this problem to the community. (1664)
  • ThinLinc now includes software for integrating with the Novell Client for Linux (http://www.novell.com/products/clients/linux/overview.html). The two tools tl-nwlogin and tl-nwlogout features login using the single sign-on mechanism, as well fetching the tree and context from eDirectory automatically. (2310)
  • tl-nds-posixuser can optionally create and maintain an alias container, which is required by the Novell Windows Client when using single sign-on over RDP, connecting to a Windows Terminal Server. This means that it is no longer necessary to use the Centralis Lyncx utility. (2135)
  • The login shell of users created by tl-nds-posixuser is configurable: it is no longer fixed to /bin/bash. (2151)
  • tl-nds-posixuser supports executing a "hook script" before adding posixAccount attributes. (2291)
  • tl-mount-ncp mounts with permission 0700 by default, which grants access to the user only. (1901)
  • Windows (R) Integration:
  • Microphones and other input devices are now supported with Windows Terminal Servers. The ThinLinc WTS Tools package includes a new sound driver called "tlsnd", which can replace the standard RDP sound driver. (924)
  • Sound redirection from Windows Terminal Servers to ThinLinc clients can now be done using the PulseAudio protocol. This provides better responsiveness, for example when stopping playback. (2032)
  • SeamlessRDP is now supported on Windows 2000, in addition to Windows 2003. (2012)
  • The Linux cifsfs file system is supported, in addition to the earlier smbfs file system. (356)
  • The share corresponding to the users home directory can retrieved from Active Directory. This means that no configuration is required to mount the users CIFS home directory using the tl-mount-cifs tool. (1985)
  • Authentication against Microsoft Active Directory is now done using Sambas "ADS" security mode, which means that Kerberos is used. (1314)
  • When Winbind is used in a cluster, the LDAP idmap backend provides synchronization, replacing the earlier ypserv_nss solution. (1123)
  • A single sign-on mechanism for the Citrix ICA Client is now available. (2095, 2115)
  • tl-mount-cifs mounts with permission 0700 by default, which grants access to the user only. (1900)
  • TLCOS
  • It is now possible to configure TLCOS to send Ctrl-Alt-Fn keypresses to the server, rather than changing local console. (2325)
  • A problem related to changing USB Mass Storage devices has been corrected. (2271)
  • On computers with ACPI support, the power button can be used to shut down the terminal. (1870)
  • Documentation:
  • The Client Customizer is documented. (1500)