IGEL OS 11 ========== Firmware version 11.10.150 Release date 2024-07-10 Last update of this document 2024-07-11 Supported Devices ------------------------------------------------------------------------------- UD2-LX 52, UD2-LX 51 UD3-LX 60 UD7-LX 20 [> Supported IGEL OS 11 thirdparty devices](https://kb.igel.com/os11-supported-hardware) Release Notes 11.10.150 (Based On 11.10.100) -------------------------------------------------------------------------------- New Features -------------------------------------------------------------------------------- ### AVD * Updated IGEL AVD to version 1.2.0 * Based on the latest RdClientSDK from Microsoft * UI update for AVD sessions * Added UDP shortpath +------------+-----------------------------------------------------------------+ | Registry | `sessions.wvd%.options.udp-short-path` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ * Added smartcard support +------------+-----------------------------------------------------------------+ | Registry | `sessions.wvd%.options.enable-smartcard` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Added network status +------------+-----------------------------------------------------------------+ | Registry | `sessions.wvd%.options.network-status-in-toolbar` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Registry | `sessions.wvd%.options.network-status-on-startpage` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ * Added battery status (if battery exists) +------------+-----------------------------------------------------------------+ | Registry | `sessions.wvd%.options.battery-status-in-toolbar` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Registry | `sessions.wvd%.options.battery-status-on-startpage` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ * Added hidden login +------------+-----------------------------------------------------------------+ | Registry | `sessions.wvd%.options.hidden-login` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Registry | `sessions.wvd%.options.hidden-login-timeout` | +------------+-----------------------------------------------------------------+ | Value | **5000** (default) | +------------+-----------------------------------------------------------------+ * Added preliminary / experimental webcam redirection +------------+-----------------------------------------------------------------+ | Registry | `sessions.wvd%.options.enable-webcam-redirection` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Added FPS (frames per second) indicator +------------+-----------------------------------------------------------------+ | Registry | `sessions.wvd%.options.show-fps` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ ### VMware Horizon * Updated VMware Horizon Client to version 2312.1-8.12.1-23543969. ### IGEL Agent for Imprivata - Added teardown screensaver on badge event - Added showing computername in lockscreen's upper right corner - Added support for cookieinsert method for Citrix virtual server on NetScaler. +------------+-----------------------------------------------------------------+ | Parameter | `NetScaler˙COOKIEINSERT` | +------------+-----------------------------------------------------------------+ | Registry | `iia.cookieinsert` | +------------+-----------------------------------------------------------------+ | Type | string | +------------+-----------------------------------------------------------------+ | Value | ""(default) | +------------+-----------------------------------------------------------------+ - Fixed Device Control Button's visibility not in sync with Computer Policy ### Smartcard * Updated Pointsharp Net iD Client to version 1.1.4.38. Detailed release notes via https://docs.pointsharp.com/net-id-client/latest/nic-release- notes/nic-114-release-notes.html * Net iD user service now is configurable and disabled by default - set / enable via following registry parameter: +------------+-----------------------------------------------------------------+ | Parameter | Net iD Client user service | +------------+-----------------------------------------------------------------+ | Registry | scard.pkcs11.netid-client.userservice | +------------+-----------------------------------------------------------------+ | Value | false (default) / true | +------------+-----------------------------------------------------------------+ * Fixed AD/Kerberos login with username and password when login with Net iD Client smartcard is active. For this, Net iD SessionToken was disabled by default. It can be enabled via the following registry parameter: +------------+-----------------------------------------------------------------+ | Parameter | SessionToken | +------------+-----------------------------------------------------------------+ | Registry | scard.pkcs11.netid-client.sessiontoken | +------------+-----------------------------------------------------------------+ | Value | false (default) / true | +------------+-----------------------------------------------------------------+ ### Cisco Webex * Updated Cisco Webex VDI to version 44.4.0.29960 ### Base system * Added HP BIOS tools to update the BIOS version, BIOS settings and BIOS password on supported HP mobile devices HP Pro mt440 G3, HP Elite mt645 G7 and HP Elite mt645 G8. IGEL supports the BIOS update mechanism only - all BIOS updates are performed / executed at own risk! * Added option to set hardware clock. The default, Auto, will look for Windows partitions and, if present, assume that Windows is installed and the real time clock is set to local time. +------------+-----------------------------------------------------------------+ | Parameter | `HW clock timezone` | +------------+-----------------------------------------------------------------+ | Registry | `system.time.hwclock_timezone` | +------------+-----------------------------------------------------------------+ | Range | [Auto (default)] [UTC] [localtime] | +------------+-----------------------------------------------------------------+ ### X11 system * Added alternative Display Switcher implementation to solve issues with multiscreen setups on docking stations. This alternative implementation must be enabled by following parameter: +------------+-----------------------------------------------------------------+ | Parameter | `Use new user_display_xrandr` | +------------+-----------------------------------------------------------------+ | Registry | `x.new_user_display_xrandr` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * The alternative implementation is only used if "Smart display configuration" parameter is enabled: +------------+-----------------------------------------------------------------+ | IGEL Setup | `Accessories / Display Switch / Options` | +------------+-----------------------------------------------------------------+ | Parameter | `Smart display configuration` | +------------+-----------------------------------------------------------------+ | Registry | `x.auto_associate` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ * This implementation can not yet be used in multi GPU scenarios. ### IgelDesktop * Replaced IGEL company logo with new design in wallpaper and Setup Assistant. * Replaced IGEL company logo with new design in screensaver. ### Audio * Added parameter to enable or disable audio overamplification: +------------+-----------------------------------------------------------------+ | Parameter | `Output overamplification` | +------------+-----------------------------------------------------------------+ | Registry | `userinterface.sound.overamplification` | +------------+-----------------------------------------------------------------+ | Type | bool | +------------+-----------------------------------------------------------------+ | Value | _enabled_ (default) / disabled | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | `Input overamplification` | +------------+-----------------------------------------------------------------+ | Registry | `userinterface.sound.input_overamplification` | +------------+-----------------------------------------------------------------+ | Type | bool | +------------+-----------------------------------------------------------------+ | Value | _enabled_ (default) / disabled | +------------+-----------------------------------------------------------------+ ### Evidian * Updated Evidian's rsUserAuth to version 1.5.8825. - Added RFIDeas PC/SC Mixed-Mode. Set "RFIDMixMode=on" in rsUserAuth.ini configuration file and handle RFIDeas badges as PC/SC one. - Added support for Read-only protection on the domain field. Set "GreyOutDomainField=on" in rsUserAuth.ini configuration file to set Domain field uneditable. - Fixed welcome screen not properly displayed with different DPI Settings. Homogenization of the entire interface. ### Hardware * IGEL UD7 H850C (UD7-LX 10, UD7-LX 11): Removed hardware support. * Added support for Intel EC1000R network device. * Added hardware support for HP Elite mt645 G8 Mobile Thin Client. * Added hardware support for Lenovo Thinkpad L14 Intel Gen 5. * Updated fwupd to version 1.9.19 * Updated IGEL LVFS bios tools to allow controlling CapsuleOnDisk updates via the new parameter: fwtools.bios-tools.disable_capsule_on_disk (default: true) * Improved hardware detection of supported LG devices. * Added support for Quectel CAT16 WW SKU - EM160R-GL Gen2 and Quectel CAT 6 WW SKU - EM061K-GL on Lenovo ThinkPad L14 Intel Gen5 ### Fabulatech * Updated FabulaTech plugins to version 4.0.0.2 * Updated FabulaTech Scanner for Remote Desktop to version 3.6.1.3 * Updated FabulaTech USB for Remote Desktop to version 6.2.0.0 Security Fixes -------------------------------------------------------------------------------- ### Chromium * Fixed Chromium security issues CVE-2024-6103, CVE-2024-6102, CVE-2024-6101, CVE-2024-6100, CVE-2024-5847, CVE-2024-5846, CVE-2024-5845, CVE-2024-5844, CVE-2024-5843, CVE-2024-5842, CVE-2024-5841, CVE-2024-5840, CVE-2024-5839, CVE-2024-5838, CVE-2024-5837, CVE-2024-5836, CVE-2024-5835, CVE-2024-5834, CVE-2024-5833, CVE-2024-5832, CVE-2024-5831, CVE-2024-5830, CVE-2024-5499, CVE-2024-5498, CVE-2024-5497, CVE-2024-5496, CVE-2024-5495, CVE-2024-5494, CVE-2024-5493, CVE-2024-5274, CVE-2024-5160, CVE-2024-5159, CVE-2024-5158, CVE-2024-5157, CVE-2024-4950, CVE-2024-4949, CVE-2024-4948, CVE-2024-4947, CVE-2024-4761, CVE-2024-4671, CVE-2024-4559, CVE-2024-4558, CVE-2024-4368 and CVE-2024-4331. * Updated Chromium browser to version 126.0.6478.114. ### Firefox * Updated Mozilla Firefox to version 115.12 ESR * Fixes for mfsa2024-26, also known as: CVE-2024-5702, CVE-2024-5688, CVE-2024-5690, CVE-2024-5691, CVE-2024-5693, CVE-2024-5696, CVE-2024-5700. * Fixes for mfsa2024-22, also known as: CVE-2024-4367, CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4770, CVE-2024-4777. * Fixes for mfsa2024-19, also known as: CVE-2024-3852, CVE-2024-3854, CVE-2024-3857, CVE-2024-2609, CVE-2024-3859, CVE-2024-3861, CVE-2024-3302, CVE-2024-3864. ### Base system * Fixed glibc security issues CVE-2024-33602, CVE-2024-33601, CVE-2024-33600, CVE-2024-33599 and CVE-2024-2961. * Fixed gnutls28 security issues CVE-2024-28835 and CVE-2024-28834. * Fixed nghttp2 security issue CVE-2024-28182. * Fixed pillow security issue CVE-2024-28219. * Fixed less security issue CVE-2024-32487. * Fixed tpm2-tss security issue CVE-2024-29040. * Fixed libvirt security issues CVE-2024-4418 and CVE-2024-2494. * Fixed qemu security issues CVE-2024-3567, CVE-2024-3447, CVE-2024-3446, CVE-2024-26328 and CVE-2024-26327. * Fixed tpm2-tools security issues CVE-2024-29039 and CVE-2024-29038. * Fixed xorg-server security issues CVE-2024-31083, CVE-2024-31082, CVE-2024-31081 and CVE-2024-31080. * Fixed glib2.0 security issue CVE-2024-34397. * Fixed zulu17-ca security issues CVE-2024-21012, CVE-2023-41993, CVE-2024-21011, CVE-2024-21005, CVE-2024-21004, CVE-2024-21003, CVE-2024-21002, CVE-2024-21094 and CVE-2024-21068. * Fixed webkit2gtk security issues CVE-2024-27834, CVE-2024-23284, CVE-2024-23280, CVE-2024-23263, CVE-2024-23254, CVE-2024-23252, CVE-2023-42956, CVE-2023-42950 and CVE-2023-42843. * Fixed python-idna security issue CVE-2024-3651. * Fixed libxml2 security issue CVE-2024-34459. * Fixed postgresql-14 security issue CVE-2024-4317. * Fixed iperf3 security issue CVE-2024-26306. * Fixed libarchive security issue CVE-2024-26256. * Fixed aom security issue CVE-2024-5171. * Fixed gdk-pixbuf security issue CVE-2022-48622. * Fixed giflib security issues CVE-2022-28506 and CVE-2021-40633. * Fixed tiff security issue CVE-2023-3164. * Fixed cups security issue CVE-2024-35235. * Fixed mysql-8.0 security issues CVE-2024-21102, CVE-2024-21096, CVE-2024-21087, CVE-2024-21069, CVE-2024-21062, CVE-2024-21060, CVE-2024-21054, CVE-2024-21047, CVE-2024-21013, CVE-2024-21009, CVE-2024-21008, CVE-2024-21000, CVE-2024-20998 and CVE-2024-20994. * Fixed libndp security issue CVE-2024-5564. * Fixed ntfs-3g security issue CVE-2023-52890. * Fixed ffmpeg security issues CVE-2023-50010, CVE-2023-51793, CVE-2023-51794, CVE-2023-51795, CVE-2023-51798 and CVE-2024-31585. * Fixed ghostscript security issues CVE-2024-33871, CVE-2024-33870, CVE-2024-33869, CVE-2024-29510 and CVE-2023-52722. * Fixed privilege escalation in network management. * Fixed openssh security issue CVE-2024-6387. Resolved Issues -------------------------------------------------------------------------------- ### Citrix * Fixed not working HDX webcam redirection for Citrix 2203 and later. * Fixed Browser Content Redirection. ### AVD * Fixed AVD session when driven from IGEL Imprivata Agent ### RDP/IGEL RDP Client 2 * Fixed RDP Session dropping characters when input occurs too fast. ### RD Web Access * Fixed Passthrough and Kerberos Authentication for RD Web Access. * Added block for keyboard shortcuts containing windows key for RD Web Access apps. Can be disabled in IGEL Setup +------------+-----------------------------------------------------------------+ | Registry | `rdp.rd_web_access.suppress-windows-key-shortcuts` | +------------+-----------------------------------------------------------------+ | Value | **enabled** (default) / disabled | +------------+-----------------------------------------------------------------+ * Fixed RD Web Access failing with Error 400 by providing a new RD Web Tool. A switch back to the old tool is possible via IGEL Setup Registry: +------------+-----------------------------------------------------------------+ | Registry | `rdp.rd_web_access.options.legacy_rdweb` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ ### Chromium * Fixed still being able to download files if file access was disabled - occured in combination with empty download directory. ### Network * On devices that support mobile broadband and eSim an automatic switch to the physical sim slot is now performed if eSim has no profile assigned ### Base system * Fixed Post Session Command 'Shutdown'. * Fixed wrong assignment of socks proxy port ### Hardware * Fixed missing firmware file for Intel 9462NGW Wi-Fi. * Fixed LVFS BIOS update on Lenovo ThinkCentre M70q Gen3. * Fixed microphone mute function key on HP mt645 G8. ### Remote Management * Fixed resource leak in ICG reconnect mechanism. * Fixed: All connections / device connectors are used during OS 12 migration now. * Fixed ICG reconnecting - now it reliably invokes a reconnect whenever a device is not connected to configured ICG server. * Fixed UMS registering via UMS registration tool in IGEL OS - if device is registered to root directory in UMS. Component Versions ------------------------------------------------------------------------------- +-------------------------------------------+----------------------------------+ | Clients | | +===========================================+==================================+ | Amazon WorkSpaces Client | 4.1.0 | +-------------------------------------------+----------------------------------+ | Chromium | 126.0.6478.114-1igel1718788521 | +-------------------------------------------+----------------------------------+ | Cisco JVDI Client | 14.3.0 | +-------------------------------------------+----------------------------------+ | Cisco Webex VDI plugin | 44.4.0.29960 | +-------------------------------------------+----------------------------------+ | Cisco Webex Meetings VDI plugin | 42.10.8.14 | +-------------------------------------------+----------------------------------+ | Cisco Webex Meetings VDI plugin | 42.6.11.6 | +-------------------------------------------+----------------------------------+ | Cisco Webex Meetings VDI plugin | 43.6.8.4 | +-------------------------------------------+----------------------------------+ | Zoom Media Plugin | 5.16.10.24420 | +-------------------------------------------+----------------------------------+ | Zoom Media Plugin | 5.17.5.24630 | +-------------------------------------------+----------------------------------+ | Zoom Media Plugin | 5.17.6.24660 | +-------------------------------------------+----------------------------------+ | Citrix EPA Client | 23.10.3 | +-------------------------------------------+----------------------------------+ | Citrix HDX Realtime Media Engine | 2.9.600 | +-------------------------------------------+----------------------------------+ | Citrix Secure Access Client | 23.10.3 | +-------------------------------------------+----------------------------------+ | Citrix Workspace App | 20.10.0.6 | +-------------------------------------------+----------------------------------+ | Citrix Workspace App | 23.11.0.82 | +-------------------------------------------+----------------------------------+ | Citrix Workspace App | 24.02.0.65 | +-------------------------------------------+----------------------------------+ | deviceTRUST Citrix Channel | 23.1.200 | +-------------------------------------------+----------------------------------+ | Crossmatch DP Citrix Channel | 0125 | +-------------------------------------------+----------------------------------+ | Conky System Monitor | 1.12.2-1 | +-------------------------------------------+----------------------------------+ | ControlUp Agent | 8.1.5.500 | +-------------------------------------------+----------------------------------+ | deskMate Client | 2.1.3 | +-------------------------------------------+----------------------------------+ | DriveLock Agent | 22.2.2.42489 | +-------------------------------------------+----------------------------------+ | EPOS connect | 7.7.0.44352 | +-------------------------------------------+----------------------------------+ | Ericom PowerTerm | 14.0.3.71814 | +-------------------------------------------+----------------------------------+ | Evidian AuthMgr | 1.5.8825 | +-------------------------------------------+----------------------------------+ | Evince PDF Viewer | 42.3-0ubuntu3.1 | +-------------------------------------------+----------------------------------+ | FabulaTech Plugins | 4.0.0.2 | +-------------------------------------------+----------------------------------+ | FabulaTech USB for Remote Desktop | 6.2.0.0 | +-------------------------------------------+----------------------------------+ | FabulaTech Scanner for Remote Desktop | 3.6.1.3 | +-------------------------------------------+----------------------------------+ | FabulaTech Webcam for Remote Desktop | 2.8.11 | +-------------------------------------------+----------------------------------+ | Firefox | 115.12.0 | +-------------------------------------------+----------------------------------+ | IBM i Access Client Solutions | 1.1.9.2 | +-------------------------------------------+----------------------------------+ | IGEL RDP Client | 2.2igel1717589021 | +-------------------------------------------+----------------------------------+ | IGEL AVD Client | 1.2.0igel1718803791 | +-------------------------------------------+----------------------------------+ | deviceTRUST RDP Channel | 23.1.200 | +-------------------------------------------+----------------------------------+ | Imprivata OneSign ProveID Embedded | onesign-generic-bootstrap-loader_7.12.0.688624_amd64 | +-------------------------------------------+----------------------------------+ | IGEL Agent for Imprivata | 0.6.0igel1717406898 | +-------------------------------------------+----------------------------------+ | Lakeside SysTrack Channel | 9.0 | +-------------------------------------------+----------------------------------+ | Login VSI Enterprise | 4.8.6 | +-------------------------------------------+----------------------------------+ | NCP Secure Enterprise Client | 6.00_rev29368 | +-------------------------------------------+----------------------------------+ | NX Client | 7.8.2-4igel1685535669 | +-------------------------------------------+----------------------------------+ | Open VPN | 2.6.9-1+b1igel1709638175 | +-------------------------------------------+----------------------------------+ | Zulu JRE | 17.0.11-1 | +-------------------------------------------+----------------------------------+ | Parallels Client | 19.2.0.23906 | +-------------------------------------------+----------------------------------+ | Spice GTK (Red Hat Virtualization) | 0.42-2+b1igel1709635434 | +-------------------------------------------+----------------------------------+ | Remote Viewer (Red Hat Virtualization) | 11.0-3igel1704876668 | +-------------------------------------------+----------------------------------+ | Usbredir (Red Hat Virtualization) | 0.13.0-2.1igel1709635747 | +-------------------------------------------+----------------------------------+ | SpeechWrite | 1.0 | +-------------------------------------------+----------------------------------+ | Stratusphere UX Connector ID Key software | 6.6.2-3 | +-------------------------------------------+----------------------------------+ | Systancia AppliDis | 6.1.4-17 | +-------------------------------------------+----------------------------------+ | HP Anyware PCoIP Software Client | 23.08.1-22.04 | +-------------------------------------------+----------------------------------+ | ThinLinc Client | 4.16.0-3389 | +-------------------------------------------+----------------------------------+ | ThinPrint Client | 7-7.6.126 | +-------------------------------------------+----------------------------------+ | Parole Media Player | 4.16.0-3igel1686304269 | +-------------------------------------------+----------------------------------+ | VNC Viewer | 1.13.1+igel-1igel1697962544 | +-------------------------------------------+----------------------------------+ | VMware Horizon client | 2312.1-8.12.1-23543969 | +-------------------------------------------+----------------------------------+ | Voip Client Ekiga | 4.0.1-9build1igel1685429059 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | Dictation | | +===========================================+==================================+ | Diktamen driver for dictation | 2017/09/29 | +-------------------------------------------+----------------------------------+ | Grundig Business Systems dictation driver | 0.12/21-12-21 | +-------------------------------------------+----------------------------------+ | Nuance Audio Extensions for dictation | B308 | +-------------------------------------------+----------------------------------+ | Olympus driver for dictation | 4.0.4 | +-------------------------------------------+----------------------------------+ | Philips Speech driver | 13.2.3 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | Signature | | +===========================================+==================================+ | Kofax SPVC Citrix Channel | 3.1.41.0 | +-------------------------------------------+----------------------------------+ | signotec Citrix Channel | 8.0.10 | +-------------------------------------------+----------------------------------+ | signotec VCOM Daemon | 2.0.0 | +-------------------------------------------+----------------------------------+ | StepOver TCP Client | 2.4.2 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | Smartcard | | +===========================================+==================================+ | PKCS#11 Library A.E.T. SafeSign | 3.6.0.0-AET.000 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library Athena IDProtect | 7-20210902 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library cryptovision sc/interface | 8.0.13 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library Thales SafeNet | 10.8.1050 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library OpenSC | 0.25.0~rc1-1igel1709808441 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library Pointsharp NetID Enterprise | 6.9.1.17 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library Pointsharp NetID Client | 1.1.4.38 | +-------------------------------------------+----------------------------------+ | PKCS#11 Library 90meter | 3.0.0.45 | +-------------------------------------------+----------------------------------+ | Reader Driver ACS CCID | 1.1.11-1igel1715329126 | +-------------------------------------------+----------------------------------+ | Reader Driver HID Global Omnikey | 4.3.3 | +-------------------------------------------+----------------------------------+ | Reader Driver Identive CCID | 5.0.35 | +-------------------------------------------+----------------------------------+ | Reader Driver Identive eHealth200 | 1.0.5 | +-------------------------------------------+----------------------------------+ | Reader Driver Identive SCRKBC | 5.0.24 | +-------------------------------------------+----------------------------------+ | Reader Driver MUSCLE CCID | 1.5.5-1igel1704887471 | +-------------------------------------------+----------------------------------+ | Reader Driver REINER SCT cyberJack | 3.99.5final.sp14-2+b1igel1704984443 | +-------------------------------------------+----------------------------------+ | Resource Manager PC/SC Lite | 2.2.1-1igel1715329696 | +-------------------------------------------+----------------------------------+ | Cherry USB2LAN Proxy | 3.2.0.3 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | System Components | | +===========================================+==================================+ | OpenSSL | 1.0.2n-1ubuntu5.13igel1686114423 | +-------------------------------------------+----------------------------------+ | OpenSSL | 1.1.1f-1ubuntu2.22 | +-------------------------------------------+----------------------------------+ | OpenSSL | 3.0.2-0ubuntu1.15 | +-------------------------------------------+----------------------------------+ | OpenSSH Client | 9.7p1-7igel1719842129 | +-------------------------------------------+----------------------------------+ | OpenSSH Server | 9.7p1-7igel1719842129 | +-------------------------------------------+----------------------------------+ | Bluetooth Stack (bluez) | 5.73-1igel1713457475 | +-------------------------------------------+----------------------------------+ | MESA OpenGL Stack | 24.0.6-1+b1igel1715159987 | +-------------------------------------------+----------------------------------+ | VDPAU Library Version | 1.5-2igel1677954724 | +-------------------------------------------+----------------------------------+ | Graphics Driver INTEL | 2.99.917+git20210115-1igel1654609037 | +-------------------------------------------+----------------------------------+ | Graphics Driver ATI/RADEON | 22.0.0-1igel1704966675 | +-------------------------------------------+----------------------------------+ | Graphics Driver ATI/AMDGPU | 23.0.0-1igel1705669076 | +-------------------------------------------+----------------------------------+ | Graphics Driver Nouveau (Nvidia Legacy) | 1.0.17-2igel1654608979 | +-------------------------------------------+----------------------------------+ | Graphics Driver Nvidia | 525.147.05-0ubuntu0.22.04.1 | +-------------------------------------------+----------------------------------+ | Graphics Driver VMware | 13.3.0-3igel1654607153 | +-------------------------------------------+----------------------------------+ | Graphics Driver QXL (Spice) | 0.1.6-1igel1687782644 | +-------------------------------------------+----------------------------------+ | Graphics Driver FBDEV | 0.5.0-2igel1654609009 | +-------------------------------------------+----------------------------------+ | Graphics Driver VESA | 2.6.0-1igel1704966930 | +-------------------------------------------+----------------------------------+ | Input Driver Evdev | 2.10.6-2+b1igel1647004239 | +-------------------------------------------+----------------------------------+ | Input Driver Elographics | 1.4.3-1igel1678083379 | +-------------------------------------------+----------------------------------+ | Input Driver eGalax | 2.5.8825 | +-------------------------------------------+----------------------------------+ | Input Driver Synaptics | 1.9.2-1+b1igel1683803726 | +-------------------------------------------+----------------------------------+ | Input Driver VMMouse | 13.1.0-1ubuntu2igel1628499891 | +-------------------------------------------+----------------------------------+ | Input Driver Wacom | 1.2.0-3igel1709642706 | +-------------------------------------------+----------------------------------+ | Input Driver ELO Multitouch | 4.3.0.0 | +-------------------------------------------+----------------------------------+ | Input Driver ELO Singletouch | 5.2 | +-------------------------------------------+----------------------------------+ | Kernel | 6.6.22 #mainline-lxos-g1720435065 | +-------------------------------------------+----------------------------------+ | Xorg X11 Server | 21.1.12-1igel1720008240 | +-------------------------------------------+----------------------------------+ | Xorg Xephyr | 21.1.12-1igel1720008240 | +-------------------------------------------+----------------------------------+ | CUPS Printing Daemon | 2.4.7-2igel1718171599 | +-------------------------------------------+----------------------------------+ | PrinterLogic | 25.1.0.637 | +-------------------------------------------+----------------------------------+ | Lightdm Graphical Login Manager | 1.30.0-0ubuntu5igel1685475374 | +-------------------------------------------+----------------------------------+ | XFCE4 Window Manager | 4.14.5-1~18.04igel1643191202 | +-------------------------------------------+----------------------------------+ | ISC DHCP Client | 4.4.1-2.3ubuntu2.4 | +-------------------------------------------+----------------------------------+ | NetworkManager | 1.42.4-1igel1692869696 | +-------------------------------------------+----------------------------------+ | ModemManager | 1.22.0-3igel1705908135 | +-------------------------------------------+----------------------------------+ | GStreamer 1.x | 1.24.1-1igel1712123636 | +-------------------------------------------+----------------------------------+ | Gstreamer 1.0 Fluendo aacdec | 1.0.1 | +-------------------------------------------+----------------------------------+ | Gstreamer 1.0 Fluendo asfdemux | 1.0.1 | +-------------------------------------------+----------------------------------+ | Gstreamer 1.0 Fluendo h264dec | 1.0.4 | +-------------------------------------------+----------------------------------+ | Gstreamer 1.0 Fluendo mp3dec | 1.0.1 | +-------------------------------------------+----------------------------------+ | Gstreamer 1.0 Fluendo mpeg4videodec | 1.0.1 | +-------------------------------------------+----------------------------------+ | Gstreamer 1.0 Fluendo vadec | 1.0.2 | +-------------------------------------------+----------------------------------+ | Gstreamer 1.0 Fluendo wmadec | 1.0.1 | +-------------------------------------------+----------------------------------+ | Gstreamer 1.0 Fluendo wmvdec | 1.0.1 | +-------------------------------------------+----------------------------------+ | WebKit2Gtk | 2.44.2-1~deb12u1igel1716390763 | +-------------------------------------------+----------------------------------+ | WebKit2Gtk | 2.40.5-1igel1700725614 | +-------------------------------------------+----------------------------------+ | Python3 | 3.10.12 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | VM Guest Support Components | | +===========================================+==================================+ | Virtualbox Guest Utils | 7.0.14-dfsg-4igel1709105342 | +-------------------------------------------+----------------------------------+ | Virtualbox X11 Guest Utils | 7.0.14-dfsg-4igel1709105342 | +-------------------------------------------+----------------------------------+ | Open VM Tools | 12.3.5-3~ubuntu0.22.04.1 | +-------------------------------------------+----------------------------------+ | Open VM Desktop Tools | 12.3.5-3~ubuntu0.22.04.1 | +-------------------------------------------+----------------------------------+ | Xen Guest Utilities | 7.20.2-0ubuntu1~22.04.2 | +-------------------------------------------+----------------------------------+ | Spice Vdagent | 0.22.1-4+b1igel1704922460 | +-------------------------------------------+----------------------------------+ | Qemu Guest Agent | 8.2.3+ds-2igel1715153009 | +-------------------------------------------+----------------------------------+ +-------------------------------------------+----------------------------------+ | Features with Limited IGEL Support | | +===========================================+==================================+ | Mobile Device Access USB (MTP) | 1.1.21-3.1igel1709728407 | +-------------------------------------------+----------------------------------+ | Mobile Device Access USB (imobile) | 1.3.0-7.1igel1704836660 | +-------------------------------------------+----------------------------------+ | Mobile Device Access USB (gphoto) | 2.5.31-2.1igel1709726214 | +-------------------------------------------+----------------------------------+ | VPN OpenConnect | 9.12-1+b1igel1709637921 | +-------------------------------------------+----------------------------------+ | Scanner support | 1.1.1-5 | +-------------------------------------------+----------------------------------+ | VirtualBox VM within IGEL OS | 7.0.14-dfsg-4igel1709105342 | +-------------------------------------------+----------------------------------+ | Virtual Background for Webcam | | +-------------------------------------------+----------------------------------+ +---------------------------------------------+--------+------------------+ | Services | Size | Reduced Firmware | +=============================================+========+==================+ | Asian Language Support | 21.8M | Included | +---------------------------------------------+--------+------------------+ | Java SE Runtime Environment | 53.8M | Included | +---------------------------------------------+--------+------------------+ | Citrix Appliance | 813.0M | Included | | Citrix StoreFront | | | | Citrix Workspace app | | | +---------------------------------------------+--------+------------------+ | Ericom PowerTerm InterConnect | 10.0M | Included | +---------------------------------------------+--------+------------------+ | Media Player | 256.0K | Included | +---------------------------------------------+--------+------------------+ | Local Browser (Firefox) | 86.5M | Included | | Citrix Appliance | | | +---------------------------------------------+--------+------------------+ | VMware Horizon | 4.8M | Included | | RDP | | | +---------------------------------------------+--------+------------------+ | Cendio ThinLinc | 10.8M | Included | +---------------------------------------------+--------+------------------+ | Printing (Internet printing protocol CUPS) | 18.5M | Included | +---------------------------------------------+--------+------------------+ | NoMachine NX | 26.0M | Included | +---------------------------------------------+--------+------------------+ | VMware Horizon | 194.5M | Included | +---------------------------------------------+--------+------------------+ | Voice over IP (Ekiga) | 6.0M | Included | +---------------------------------------------+--------+------------------+ | Citrix Appliance | 768.0K | Included | +---------------------------------------------+--------+------------------+ | NCP Enterprise VPN Client | 11.5M | Not included | +---------------------------------------------+--------+------------------+ | Fluendo GStreamer Codec Plugins | 3.2M | Included | +---------------------------------------------+--------+------------------+ | IBM i Access Client Solutions | 134.8M | Not included | +---------------------------------------------+--------+------------------+ | Red Hat Enterprise Virtualization | 2.8M | Included | +---------------------------------------------+--------+------------------+ | Parallels Client | 5.8M | Included | +---------------------------------------------+--------+------------------+ | NVIDIA graphics driver | 372.5M | Not included | +---------------------------------------------+--------+------------------+ | Imprivata Appliance | 31.8M | Included | +---------------------------------------------+--------+------------------+ | AppliDis | 256.0K | Included | +---------------------------------------------+--------+------------------+ | Evidian AuthMgr | 2.8M | Included | +---------------------------------------------+--------+------------------+ | Hardware Video Acceleration | 14.8M | Included | +---------------------------------------------+--------+------------------+ | Extra Font Package | 1.0M | Included | +---------------------------------------------+--------+------------------+ | Fluendo GStreamer AAC Decoder | 768.0K | Included | +---------------------------------------------+--------+------------------+ | x32 Compatibility Support | 4.2M | Included | +---------------------------------------------+--------+------------------+ | Cisco JVDI client | 61.5M | Included | +---------------------------------------------+--------+------------------+ | PrinterLogic | 37.5M | Not included | +---------------------------------------------+--------+------------------+ | Biosec BS Login | 9.8M | Not included | +---------------------------------------------+--------+------------------+ | Login VSI Login Enterprise | 28.2M | Not included | +---------------------------------------------+--------+------------------+ | Stratusphere UX CID Key software | 5.2M | Not included | +---------------------------------------------+--------+------------------+ | Elastic Filebeat | 35.5M | Not included | +---------------------------------------------+--------+------------------+ | AVD | 39.8M | Included | +---------------------------------------------+--------+------------------+ | Local Browser (Chromium) | 109.5M | Not included | +---------------------------------------------+--------+------------------+ | Amazon WorkSpaces Client | 32.2M | Included | +---------------------------------------------+--------+------------------+ | deskMate Client | 5.5M | Included | +---------------------------------------------+--------+------------------+ | Cisco Webex VDI | 100.2M | Not included | +---------------------------------------------+--------+------------------+ | Cisco Webex Meetings VDI | 193.5M | Not included | +---------------------------------------------+--------+------------------+ | Zoom Media Plugin | 180.8M | Not included | +---------------------------------------------+--------+------------------+ | DriveLock | 12.5M | Included | +---------------------------------------------+--------+------------------+ | SpeechWrite Client | 256.0K | Included | +---------------------------------------------+--------+------------------+ | IGEL Agent for Imprivata | 512.0K | Included | +---------------------------------------------+--------+------------------+ | LRS Output Management | 256.0K | Included | +---------------------------------------------+--------+------------------+ | Fluendo Browser Codec Plugins | 10.2M | Included | +---------------------------------------------+--------+------------------+ | HP Factory deployment documentation | 88.0M | Included | +---------------------------------------------+--------+------------------+ | BIOS Tools | 2.0M | Included | +---------------------------------------------+--------+------------------+ | HP Anyware Client | 34.8M | Included | +---------------------------------------------+--------+------------------+ | 90meter Smart Card Support | 512.0K | Included | +---------------------------------------------+--------+------------------+ | Limited Support Features | 256.0K | Not included | | VPN OpenConnect (Limited support) | | | | Virtualbox (Limited support) | | | | Scanner support / SANE (Limited support) | | | | Virtual Background for Webcam (Limited IGEL | | | | Support) | | | | Mobile Device Access USB (Limited support) | | | +---------------------------------------------+--------+------------------+ | Mobile Device Access USB (Limited support) | 256.0K | Not included | +---------------------------------------------+--------+------------------+ | VPN OpenConnect (Limited support) | 1.0M | Not included | +---------------------------------------------+--------+------------------+ | Scanner support / SANE (Limited support) | 8.0M | Not included | +---------------------------------------------+--------+------------------+ | Virtualbox (Limited support) | 74.0M | Not included | +---------------------------------------------+--------+------------------+ | Virtual Background for Webcam (Limited IGEL | 45.8M | Included | | Support) | | | +---------------------------------------------+--------+------------------+ Known Issues -------------------------------------------------------------------------------- ### Citrix * Adding smartcard readers during running / active session does not work. The reader is visible, but cannot be used due to unknown reader status. Only relevant for CWA versions earlier than 2112. * Browser Content Redirection (BCR) does not work if DRI3 and hardware accelerated H.264 deep compression codec is enabled. * Citrix H.264 acceleration plugin does not work with **enabled** server policy "Optimize for 3D graphics workload" in combination with server policy "Use video codec compression" -> *"For the entire screen"**. * To launch multiple desktop sessions with Citrix HDX RTME and Citrix H.264 acceleration plugin, the following registry key needs to be enabled: +------------+-----------------------------------------------------------------+ |Parameter |`Activate workaround for dual RTME sessions and H264 acceleration` | +------------+-----------------------------------------------------------------+ |Registry |`ica.workaround-dual-rtme` | +------------+-----------------------------------------------------------------+ |Range |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * This workaround is not applicable when "Enable Secure ICA" is active for the specific delivery group. * Currently H.264 for Citrix sessions cannot be used in parallel with video input acceleration. * While starting Self-Service, it is possible that process ServiceRecord segfaults -> Self-Service cannot be started afterwards. A cache cleanup with reboot is needed. In addition, the following parameters should set to true. +------------+-----------------------------------------------------------------+ |Parameter |`Clean up UI cache after Self-Service termination` | +------------+-----------------------------------------------------------------+ |Registry |`ica.selfservice.cleanupwebui` | +------------+-----------------------------------------------------------------+ |Value |**false** (default)/true | +------------+-----------------------------------------------------------------+ |Parameter |`Clean up Store cache after Self-Service termination` | +------------+-----------------------------------------------------------------+ |Registry |`ica.selfservice.cleanupstore` | +------------+-----------------------------------------------------------------+ |Value |**false** (default)/true | +------------+-----------------------------------------------------------------+ * Browser Content Redirection (BCR) may not work with Chrome version 105.0.* or later. See https://support.citrix.com/article/CTX473065/hdx-browser-content- redirection-broken-with-google-chrome-browser-version-105-or-higher * White / green fragments may appear during desktop launch if JPEG graphical codec is used. * MS Teams calls may stop if blurred background is enabled. This affects Citrix Workspace App 2305 and later. * ZoomVDI version 5.16 or newer is no longer supported with Citrix Workspace app 20.10 * Browser Content Redirection (BCR) may not work with Citrix workspace app 23.11 and current Chrome versions. * If Self-Service is closed when the credential window is active, it may happen that the session cannot be restarted. A reboot is necessary. ### OSC Installer * OSC not deployable with IGEL Deployment Appliance: Version 11.3 or later is required for deploying IGEL OS 11.06. and following. ### AVD * When closing the AVD client while audio input (microphone redirection) is in use, the client might crash. This will be fixed in future versions. * Webcam redirection support is preliminary / experimental and may not work with all webcams yet. * H.264 hardware decoding for MS-Teams optimization is currently limited to non- AMD devices due to stability issues on AMD devices. ### VMware Horizon * After disconnect of an RDP-based session, the Horizon main window which contains the server or sessions overview, cannot be resized anymore. * Copying text from Horizon Blast sessions is not possible. * The on-screen keyboard in Horizon appliance mode does not work correctly with local logon. It is necessary to switch off local logon and enable the following two keys via IGEL registry: userinterface.softkeyboard.autoshow userinterface.softkeyboard.autohide * With usage of PCoIP protocol, the virtual channel provided by VMware used for serial port and scanner redirection could freeze on logout from remote session. * This happens only with enabled scanner or serial port redirection. The freeze does not occur if both redirection methods are enabled or none of them. The Blast Protocol is not affected by this bug. * The respective settings can be found in the IGEL Registry: vmware.view.enable-serial-port-redir vmware.view.enable-scanner-redir * Keyboard Input Source Language Synchronization works only with usage of local layout and deadkeys enabled. If a keyboard layout is used which has deadkeys disabled (which is the default on IGEL OS), Horizon client falls back to en-US layout. * PCoIP sessions may crash in some cases, switch to Blast Protocol is recommended then. H.264/HEVC encoding can be disabled when overall performance is too low. * Client drive mapping and USB redirection for storage devices can be enabled at the same time, but this could lead to sporadic problems. Horizon Client tracks the drives which are dynamically mounted and adds them to the remote session using client drive mapping, means USB redirection is not used for theses devices then. However, in case of devices like USB SD card readers, Horizon does not map them as client drives but forcefully uses USB-redirection which results in an unclean unmount. As a work-around, the IDs of these card readers can be added to IGEL USB access rules and denied. ### Parallels Client * Attached storage devices appear as network drives in the remote session * USB device redirection is considered as experimental for the Parallels client for Linux ### Chromium * Hardware accelerated video decoding is currently not supported. ### Firefox * With enabled Citrix Browser Content Redirection, Firefox has no H.264 and AAC multimedia codec support. Means, when codec support is needed in Firefox, BCR needs to be disabled. Citrix Browser Content Redirection is disabled by default. ### Network * Wakeup from system suspend fails on DELL Latitude 5510 ### Cisco JVDI Client * Citrix Workspace App 2010 may cause problems with Cisco JVDI. Newer ZoomVDI versions and App Protection are no longer supported with CWA 2010. ### Base system * After updating the BIOS on the HP mt645 G7 or HP mt645 G8, the device shuts down instead of rebooting. * Update from memory stick requires network online state (at least when multiple update stages are triggered / necessary) * It is not possible to perform an unattended OS12 migration to base system 12.2.0 as an additional / manual reboot is necessary. The recommended upgrade version for unattended migration is base system 12.2.1. * Due to suspend/resume issues of a Innodisk NVME we disabled the suspend support for systems where this NVME is present. The issue otherwise will lead to a complete loose of the storage device as the NVME will not work after resume. ### Conky * The right screen when using multiscreen environment may not be shown correctly. Workaround: The horizontal offset should be set to the width of the monitor (e.g. if the monitor has a width of 1920, the offset should be set to 1920) ### Firmware update * A firmware update started on 11.10.100 can sporadically block, so that the device must be rebooted manually. The update continues without problem after reboot. * On devices with 4 GB flash storage or smaller it could happen that there is not enough space for updating all features. In this case, a corresponding error message occurs. Please visit https://kb.igel.com/igelos-11.09/en/error- not-enough-space-on-local-drive-when-updating-to-igel-os-11-08-or- higher-101059051.html for a possible solution and additional information. ### Appliance Mode * When ending a Citrix session in browser appliance mode, the browser is restarted twice (instead of once). * Appliance mode RHEV/Spice: spice-xpi firefox plugin is no longer supported. The "Console Invocation" has to allow 'Native' client (auto is also possible) and should be started in fullscreen to prevent any opening windows. * Browser Appliance mode can fail when the Web URL contains special control characters like ampersand (& character). Workaround: Add quotes at the beginning and the end of an affected URL. E.g.: 'https://www.google.com/search?q=aSearchTerm&source=lnms&tbm=isch' ### Audio * Audio jack detection on Advantec POC-W243L does not work. Therefore, sound output goes through a possibly connected headset and also the internal speakers. * UD3-M340C: Sound preferences are showing Headphone & Microphone, although not connected. * IGEL UD2 (D220) fails to restore the volume level of the speaker when the device used firmware version 11.01.110 before. * Microphone (TRRS headset) is broken on LG 27CN650 ### Multimedia * Multimedia redirection with GStreamer could fail when using Nouveau GPU driver. ### Hardware * Audio- and mic mute function key led is not working on HP Elite mt645 G8. * Some newer Delock 62599 active DisplayPort to DVI (4k) adapters only work on INTEL-based devices. * Wake up from suspend via UMS does not work on HP mt645 devices. Workaround: Disable system suspend and use shutdown instead. * Built-in fingerprint sensor is not supported on HP mt440 and mt645. * MAC-Address Passthrough not supported on Lenovo USB-C Hybrid Docking Station. * Wake-on-Lan via docking stations is not supported. * In some rare cases it is possible that connecting or booting Lenovo USB-C Hybrid Docking station over USB-C results in non working / faulty display output. ** It may help to (re-)connect via USB-A. If this is the case, USB-C should be also functional then. * Display configuration of displays connected to HP G5 Docking Station may fail with HP t655. ### Remote Management * AIT feature with IGEL Starter License is only supported by UMS version 6.05.100 or newer. Release Notes 11.10.100 -------------------------------------------------------------------------------- New Features -------------------------------------------------------------------------------- ### Citrix * Updated Citrix Workspace App to version 2402. Available Citrix Workspace Apps in this release: 2402 (default), 2311 and 2010 * New features: * Synchronize multiple keyboards at session start. All available keyboards on client are synchronized with VDA after the session starts in full-screen mode. +------------+-----------------------------------------------------------------+ |Parameter |`Synchronize multiple keyboards at session start` | +------------+-----------------------------------------------------------------+ |Registry |`ica.wfclient.SyncKbdLayoutList` | +------------+-----------------------------------------------------------------+ |Value | false (default) / true | +------------+-----------------------------------------------------------------+ * Support for Audio volume synchronization. Synchronize audio volume between the VDA and connected audio devices. +------------+-----------------------------------------------------------------+ |Parameter |`Support for Audio volume synchronization` | +------------+-----------------------------------------------------------------+ |Registry |`ica.module.EnableVolumeSync` | +------------+-----------------------------------------------------------------+ |Value | true (default)/ false | +------------+-----------------------------------------------------------------+ * Default values of the following have been changed as per Citrix. * Enable Packet Loss Concealment to improve audio performance. "ica.module.PacketLossConcealmentEnabled = True" * Loss tolerant mode for audio. "ica.module.EdtUnreliableAllowed = True" * Use system Audio in MS Teams while screen sharing. +------------+-----------------------------------------------------------------+ |Parameter |`Use system Audio in MS Teams while screen sharing` | +------------+-----------------------------------------------------------------+ |Registry |`ica.module.EnableVolumeListener` | +------------+-----------------------------------------------------------------+ |Value | false (default)/ true | +------------+-----------------------------------------------------------------+ * Enhanced Desktop Viewer toolbar [Technical Preview] +------------+-----------------------------------------------------------------+ |Parameter |`Enhanced Desktop Viewer toolbar` | +------------+-----------------------------------------------------------------+ |Registry |`ica.wfclient.ToolbarVersion` | +------------+-----------------------------------------------------------------+ |Value | 0 (default)/ 1 | +------------+-----------------------------------------------------------------+ * Customize toolbar [Technical Preview]. From this version onwards, it is possible to activate or deactivate each button individually instead of the entire toolbar. +------------+-----------------------------------------------------------------+ |Parameter |`Show USB device button` | +------------+-----------------------------------------------------------------+ |Registry |`ica.module.DevicesButtonVisible` | +------------+-----------------------------------------------------------------+ |Value | true (default)/ false | +------------+-----------------------------------------------------------------+ * Note: Similarly, you can activate or deactivate the following buttons in the toolbar. They are all activated by default. ica.module.CloseButtonVisible ica.module.FullscreenButtonVisible ica.module.MinimizeButtonVisible ica.module.PinButtonVisible ica.module.PreferencesButtonVisible ica.module.ShortcutsButtonVisible ica.module.SwitchDesktopButtonVisible * Include system audio while screen sharing in MS Teams +------------+-----------------------------------------------------------------+ |Parameter |`Share system audio` | +------------+-----------------------------------------------------------------+ |Registry |`ica.teams.sharesystemaudio` | +------------+-----------------------------------------------------------------+ |Value | false (default)/ true | +------------+-----------------------------------------------------------------+ * Specify the minimum and maximum range of UDP ports for Microsoft Teams optimization. If the UDP Port cannot be allocated for any reason, the WebRTC falls back to TCP. Minimum range of UDP ports for Microsoft Teams optimization. +------------+-----------------------------------------------------------------+ |Parameter |`UDP Port range minimum` | +------------+-----------------------------------------------------------------+ |Registry |`ica.teams.PortRangeMin` | +------------+-----------------------------------------------------------------+ |Value | 3000 | +------------+-----------------------------------------------------------------+ * Maximum range of UDP ports for Microsoft Teams optimization. +------------+-----------------------------------------------------------------+ |Parameter |`UDP Port range max` | +------------+-----------------------------------------------------------------+ |Registry |`ica.teams.PortRangeMax` | +------------+-----------------------------------------------------------------+ |Value | 3100 | +------------+-----------------------------------------------------------------+ ### Firefox * Fixed lock of browser in kiosk mode, when URL or navigation bar are blocked: Firefox asks the user using a dialog to query for permissions of the current website for location access, microphone and camera use, notifications and auto-play of media streams. In recent Firefox versions this locks the browser in case the URL-input or even the whole navigation bar are not shown. * To prevent, following policies / parameters are added: * If permissions are needed, these must be granted for the specific websites in advance. Note that wild-cards in the URLs cannot be used. These websites, depending on the type of permission, must be added here: browserglobal.app.permissions.microphone.allowed%.origin browserglobal.app.permissions.webcam.allowed%.origin browserglobal.app.permissions.location.allowed%.origin browserglobal.app.permissions.notification.allowed%.origin browserglobal.app.permissions.autoplay.allowed%.origin +------------+-----------------------------------------------------------------+ | Parameter | {{Website with microphone access}} | +------------+-----------------------------------------------------------------+ | Registry | {{browserglobal.app.permissions.microphone.allowed%.origin}} | +------------+-----------------------------------------------------------------+ | Type | string | +------------+-----------------------------------------------------------------+ | Value | empty _Default_ | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | {{Website without microphone access}} | +------------+-----------------------------------------------------------------+ | Registry | {{browserglobal.app.permissions.microphone.blocked%.origin}} | +------------+-----------------------------------------------------------------+ | Type | string | +------------+-----------------------------------------------------------------+ | Value | empty _Default_ | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | {{Block new requests for microphone access}} | +------------+-----------------------------------------------------------------+ | Registry | {{browserglobal.app.permissions.microphone.blocknew}} | +------------+-----------------------------------------------------------------+ | Type | bool | +------------+-----------------------------------------------------------------+ | Value | enabled / _disabled_ (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | {{Microphone access settings locked}} | +------------+-----------------------------------------------------------------+ | Registry | {{browserglobal.app.permissions.microphone.locked}} | +------------+-----------------------------------------------------------------+ | Type | bool | +------------+-----------------------------------------------------------------+ | Value | enabled / _disabled_ (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | {{Website with webcam access}} | +------------+-----------------------------------------------------------------+ | Registry | {{browserglobal.app.permissions.camera.allowed%.origin}} | +------------+-----------------------------------------------------------------+ | Type | string | +------------+-----------------------------------------------------------------+ | Value | empty _Default_ | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | {{Website without webcam access}} | +------------+-----------------------------------------------------------------+ | Registry | {{browserglobal.app.permissions.camera.blocked%.origin}} | +------------+-----------------------------------------------------------------+ | Type | string | +------------+-----------------------------------------------------------------+ | Value | empty _Default_ | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | {{Block new requests for webcam access}} | +------------+-----------------------------------------------------------------+ | Registry | {{browserglobal.app.permissions.camera.blocknew}} | +------------+-----------------------------------------------------------------+ | Type | bool | +------------+-----------------------------------------------------------------+ | Value | enabled / _disabled_ (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | {{Webcam access settings locked}} | +------------+-----------------------------------------------------------------+ | Registry | {{browserglobal.app.permissions.camera.locked}} | +------------+-----------------------------------------------------------------+ | Type | bool | +------------+-----------------------------------------------------------------+ | Value | enabled / _disabled_ (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | {{Allow Website to send notifications}} | +------------+-----------------------------------------------------------------+ | Registry | {{browserglobal.app.permissions.notification.allowed%.origin}} | +------------+-----------------------------------------------------------------+ | Type | string | +------------+-----------------------------------------------------------------+ | Value | empty _Default_ | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | {{Deny Website to send notifications}} | +------------+-----------------------------------------------------------------+ | Registry | {{browserglobal.app.permissions.notification.blocked%.origin}} | +------------+-----------------------------------------------------------------+ | Type | string | +------------+-----------------------------------------------------------------+ | Value | empty _Default_ | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | {{Block new notification requests}} | +------------+-----------------------------------------------------------------+ | Registry | {{browserglobal.app.permissions.notification.blocknew}} | +------------+-----------------------------------------------------------------+ | Type | bool | +------------+-----------------------------------------------------------------+ | Value | enabled / _disabled_ (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | {{Notification settings locked}} | +------------+-----------------------------------------------------------------+ | Registry | {{browserglobal.app.permissions.notification.locked}} | +------------+-----------------------------------------------------------------+ | Type | bool | +------------+-----------------------------------------------------------------+ | Value | enabled / _disabled_ (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | {{Allow autoplay on Website}} | +------------+-----------------------------------------------------------------+ | Registry | {{browserglobal.app.permissions.autoplay.allowed%.origin}} | +------------+-----------------------------------------------------------------+ | Type | string | +------------+-----------------------------------------------------------------+ | Value | empty _Default_ | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | {{Block autoplay on Website}} | +------------+-----------------------------------------------------------------+ | Registry | {{browserglobal.app.permissions.autoplay.blocked%.origin}} | +------------+-----------------------------------------------------------------+ | Type | string | +------------+-----------------------------------------------------------------+ | Value | empty _Default_ | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | {{Autoplay Default}} | +------------+-----------------------------------------------------------------+ | Registry | {{browserglobal.app.permissions.autoplay.default}} | +------------+-----------------------------------------------------------------+ | Range | [Allow Audio and Video][Block Audio][Block Audio and Video] | +------------+-----------------------------------------------------------------+ | Value | _Block Audio_ | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | {{Autoplay settings locked}} | +------------+-----------------------------------------------------------------+ | Registry | {{browserglobal.app.permissions.autoplay.locked}} | +------------+-----------------------------------------------------------------+ | Type | bool | +------------+-----------------------------------------------------------------+ | Value | enabled / _disabled_ (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | {{Website with location access}} | +------------+-----------------------------------------------------------------+ | Registry | {{browserglobal.app.permissions.location.allowed%.origin}} | +------------+-----------------------------------------------------------------+ | Type | string | +------------+-----------------------------------------------------------------+ | Value | empty _Default_ | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | {{Website without location access}} | +------------+-----------------------------------------------------------------+ | Registry | {{browserglobal.app.permissions.location.blocked%.origin}} | +------------+-----------------------------------------------------------------+ | Type | string | +------------+-----------------------------------------------------------------+ | Value | empty _Default_ | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | {{Block new location requests }} | +------------+-----------------------------------------------------------------+ | Registry | {{browserglobal.app.permissions.location.blocknew}} | +------------+-----------------------------------------------------------------+ | Type | bool | +------------+-----------------------------------------------------------------+ | Value | enabled / _disabled_ (default) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | {{Location settings locked}} | +------------+-----------------------------------------------------------------+ | Registry | {{browserglobal.app.permissions.location.locked}} | +------------+-----------------------------------------------------------------+ | Type | bool | +------------+-----------------------------------------------------------------+ | Value | enabled / _disabled_ (default) | +------------+-----------------------------------------------------------------+ ### IGEL Agent for Imprivata * Updated IGEL Agent for Imprivata to version 1.0.0. * Added Features: * Changed FUS (Fast User Switching) to be a standalone IGEL Session. * Removed 'rfideas-only barrier' for virtual channel. * Changed running text to show only the username. * Improved logging. * Introduced new parameter to insert command to execute on FUS user switch or logout: +------------+-----------------------------------------------------------------+ | Registry | `iia.fus_user_change_cmd` | +------------+-----------------------------------------------------------------+ | Type | string | +------------+-----------------------------------------------------------------+ | Value | "" (default) | +------------+-----------------------------------------------------------------+ * Introduced new reg key to configure the LockScreen shortcut: +------------+-----------------------------------------------------------------+ | Registry | `iia.lockscreen_shortcut` | +------------+-----------------------------------------------------------------+ | Type | string | +------------+-----------------------------------------------------------------+ | Value | ""(default) | +------------+-----------------------------------------------------------------+ * Security Fixes -------------------------------------------------------------------------------- ### Chromium * Updated Chromium browser to version 124.0.6367.78. (ISN 2024-11) ### Base system * Fixed aom security issues CVE-2021-30475, CVE-2021-30474, CVE-2021-30473, CVE-2020-36135, CVE-2020-36133, CVE-2020-36131 and CVE-2020-36130. * Fixed openssl security issues CVE-2024-0727, CVE-2023-5678, CVE-2023-3817 and CVE-2023-3446. * Fixed zlib security issues CVE-2022-37434 and CVE-2018-25032. * Fixed pipewire security issue CVE-2022-4964. * Fixed libuv1 security issue CVE-2024-24806. * Fixed libwebp security issue CVE-2023-4863. * Fixed iwd security issue CVE-2024-28084. * Fixed qemu security issue CVE-2023-6683. * Fixed opensc security issues CVE-2024-1454 and CVE-2023-5992. * Fixed libde265 security issues CVE-2023-49468, CVE-2023-49467, CVE-2023-49465, CVE-2023-47471, CVE-2023-43887, CVE-2023-27103, CVE-2023-27102, CVE-2023-25221, CVE-2023-24758, CVE-2023-24757, CVE-2023-24756, CVE-2023-24755, CVE-2023-24754, CVE-2023-24752, CVE-2023-24751, CVE-2022-47665, CVE-2022-43250, CVE-2022-43249, CVE-2022-43245 and CVE-2022-43244. * Fixed postgresql-14 security issue CVE-2024-0985. * Fixed tiff security issues CVE-2023-6277, CVE-2023-6228 and CVE-2023-52356. * Fixed dnsmasq security issues CVE-2023-50868 and CVE-2023-50387. * Fixed python-cryptography security issue CVE-2023-50782. * Fixed less security issue CVE-2022-48624. * Fixed expat security issue CVE-2024-28757. * Fixed libxml2 security issue CVE-2024-25062. * Fixed texlive-bin security issues CVE-2024-25262 and CVE-2023-32668. * Fixed vim security issues CVE-2024-22667 and CVE-2023-2426. * Fixed unixodbc security issue CVE-2024-1013. * Fixed bash security issue CVE-2022-3715. * Fixed util-linux security issue CVE-2024-28085. * Fixed curl security issues CVE-2024-2398 and CVE-2024-2004. * Fixed libvirt security issue CVE-2024-1441. * Updated intel-microcode to version 20240312. * Removed custom command selection from application start dialog of file manager to prevent execution of arbitrary commands by user. (ISN 2024-09) * Fixed a privilege escalation issue in the starter license. Acknowledgements to Zack Didcott for responsible disclosure. (ISN-2014-12) Resolved Issues: * Fixed display of German Umlauts (non-ascii chars). * Fixed password change after 2nd factor is submitted. ### Base system * Changed initial default device name and hostname of UD Pockets to "UDP". Systems already in use will only be affected after reset to factory defaults. * Updated OpenVPN client to version 2.6.9. * Updated GStreamer to version 1.24.1. * Updated Virtualbox guest tools to version 7.0.14. * Updated MESA OpenGL Stack to version 24.0.4 * Updated ATI/RADEON Graphics Driver to version 22.0.0 * Updated NVIDIA Graphics Driver to version 525.147.05 * Updated VESA Graphics Driver to version 2.6.0 * Updated ModemManager to version 1.22.0. * Updated kernel to version 6.6.22. Resolved Issues -------------------------------------------------------------------------------- ### Citrix * Added registry key ica.chrome-double-download to control flock feature at wfica_wrapper. 'Enable flock' blocks double app starts (due to double downloads by Chromium browser). +------------+-----------------------------------------------------------------+ |Parameter |`Control download mechanic for Citrix applications for Chrome web access` | +------------+-----------------------------------------------------------------+ |Registry |`ica.chrome-double-download` | +------------+-----------------------------------------------------------------+ |Range | [Enable Lock][Disable Lock] | +------------+-----------------------------------------------------------------+ |Value |enable / **disable** (default) | +------------+-----------------------------------------------------------------+ * After connecting to Citrix VDA, support for multiple audio devices sometimes may not work. This problem has been fixed. * New parameter since CWAL-2402: Availability of Credential Insertion SDK for cloud stores (see: https://docs.citrix.com/en-us/citrix-workspace-app-for- linux/sdk-and-api.html) +------------+-----------------------------------------------------------------+ |Parameter |`CredentialInsertionEnabled` | +------------+-----------------------------------------------------------------+ |Registry |`ica.authman.CredentialInsertionEnabled` | +------------+-----------------------------------------------------------------+ |Value | false (default) / true | +------------+-----------------------------------------------------------------+ * Changed / corrected parameter name from KioskFUIEnhanced to KioskSFUIEnhanced +------------+-----------------------------------------------------------------+ |Parameter |`KioskSFUIEnhanced` | +------------+-----------------------------------------------------------------+ |Registry |`ica.authman.KioskSFUIEnhanced` | +------------+-----------------------------------------------------------------+ |Type |bool | +------------+-----------------------------------------------------------------+ |Value |enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ * Added parameter ica.authman.longLivedTokenSupport. Previously the value was set to constant "false", now it is possible to set / configure. "true" enables re-login with Selfservice. +------------+-----------------------------------------------------------------+ |Parameter |`longLivedTokenSupport` | +------------+-----------------------------------------------------------------+ |Registry |`ica.authman.longLivedTokenSupport` | +------------+-----------------------------------------------------------------+ |Value | false (default) / true | +------------+-----------------------------------------------------------------+ ### RD Web Access * Fixed RD Web Access failing with Error 400 by providing a new RD Web Tool. A switch back to the old tool is possible via IGEL Setup Registry: +------------+-----------------------------------------------------------------+ | Registry | `rdp.rd_web_access.options.legacy_rdweb` | +------------+-----------------------------------------------------------------+ | Value | enabled / **disabled** (default) | +------------+-----------------------------------------------------------------+ ### Chromium * Fixed blocking file access was not working if URLBlocklist was defined as custom policy. * Fixed RDP sessions did not properly start from Chromium Browser. ### Firefox * Fixed automatic restart of Firefox sessions. * Fixed microphone pop-up. ### Network * Added configuration for PKCS#7 encryption and signature algorithms (see sscep options -E and -S) +------------+-----------------------------------------------------------------+ | Parameter | {{PKCS#7 encryption algorithm}} | +------------+-----------------------------------------------------------------+ | Registry | {{network.scepclient.cert%.encalg}} | +------------+-----------------------------------------------------------------+ | Range | [automatic][des][3des][blowfish][aes128][aes192][aes256] | +------------+-----------------------------------------------------------------+ | Value | __ (automatic) | +------------+-----------------------------------------------------------------+ +------------+-----------------------------------------------------------------+ | Parameter | {{PKCS#7 signature algorithm}} | +------------+-----------------------------------------------------------------+ | Registry | {{network.scepclient.cert%.signalg}} | +------------+-----------------------------------------------------------------+ | Range | [automatic][md5][sha1][sha224][sha256][sha384][sha512] | +------------+-----------------------------------------------------------------+ | Value | __ (automatic) | +------------+-----------------------------------------------------------------+ * Fixed sporadic network connection problems on Lenovo L14/L15 Gen4 AMD if ethernet cable is un- and re-plugged. ### Open VPN * Added configuration to enable legacy cryptographic algorithms for openssl. +------------+-----------------------------------------------------------------+ | Parameter | `Enable legacy cryptographic algorithms` | +------------+-----------------------------------------------------------------+ | Registry | `system.openssl.legacy-cryptographic-algorithms` | +------------+-----------------------------------------------------------------+ | Type | bool | +------------+-----------------------------------------------------------------+ | Value | **disabled** (default) / enabled | +------------+-----------------------------------------------------------------+ ### OpenConnect VPN * Removed dependency on ipsec-tools ### HID * Fixed touchpad activation/deactivation via hotkey. ### CUPS Printing * Fixed PrinterLogic startup. ### Base system * Fixed OS12 migration issues. ### X11 system * Fixed crash with HP t655 and two monitors connected to G5 docking station. * Added registry key to change the connector order of intel GPUs. Newer kernels changed the order, this can be used to revert it to former state. +------------+-----------------------------------------------------------------+ | Parameter | {{Reverse the connector enumeration.}} | +------------+-----------------------------------------------------------------+ | Registry | {{x.drivers.intel.reverse_connector_enumeration}} | +------------+-----------------------------------------------------------------+ | Range | [Default][No][Yes] | +------------+-----------------------------------------------------------------+ | Value | _Default_ | +------------+-----------------------------------------------------------------+ ### Audio * Fixed audio on HP t240: Removed internal speaker and microphone devices as not supported. Fixed hotplug of external headsets. * Added new entry in registry to prevent automatic switching of bluetooth profile. +------------+-----------------------------------------------------------------+ | Parameter | {{Set pulseaudio auto switching headset to A2DP}} | +------------+-----------------------------------------------------------------+ | Registry | {{multimedia.pulseaudio.daemon.module-bluetooth-autoswitch-to-a2dp}} | +------------+-----------------------------------------------------------------+ | Type | bool | +------------+-----------------------------------------------------------------+ | Value | _enabled_ (default) / disabled | +------------+-----------------------------------------------------------------+ * Changed: On first boot (after installation) all devices are set to 50% volume. * Fixed headset at LG CK500 ### Licensing * Fixed IGEL license detection on hardware where network interface initialization takes more time. ### Hardware * Fixed missing firmware file for intel 9462ngw WiFi. * Added hardware recognition to include LG 24CN670IK6N for fixing related audio issues.