guacamole-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jmuehl...@apache.org
Subject [1/2] incubator-guacamole-website git commit: Add draft release notes for 0.9.11-incubating.
Date Mon, 23 Jan 2017 07:06:54 GMT
Repository: incubator-guacamole-website
Updated Branches:
  refs/heads/master bd10100b7 -> dfdae081e


Add draft release notes for 0.9.11-incubating.


Project: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-website/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-website/commit/32af0f4a
Tree: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-website/tree/32af0f4a
Diff: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-website/diff/32af0f4a

Branch: refs/heads/master
Commit: 32af0f4a4f72ccf7671ad404adefce4fa5f426c7
Parents: bd10100
Author: Michael Jumper <mjumper@apache.org>
Authored: Sun Jan 22 13:50:39 2017 -0800
Committer: Michael Jumper <mjumper@apache.org>
Committed: Sun Jan 22 23:00:11 2017 -0800

----------------------------------------------------------------------
 _releases/0.9.11-incubating.md | 145 ++++++++++++++++++++++++++++++++++++
 1 file changed, 145 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-guacamole-website/blob/32af0f4a/_releases/0.9.11-incubating.md
----------------------------------------------------------------------
diff --git a/_releases/0.9.11-incubating.md b/_releases/0.9.11-incubating.md
new file mode 100644
index 0000000..63b2aa3
--- /dev/null
+++ b/_releases/0.9.11-incubating.md
@@ -0,0 +1,145 @@
+---
+
+released: false
+title: 0.9.11-incubating
+date: 2017-01-22 23:00:00 -0800
+summary: >
+    Two-factor authentication, password policies, improvements to Docker and
+    LDAP.
+
+artifact-root: "https://dist.apache.org/repos/dist/dev/"
+checksum-root: "https://dist.apache.org/repos/dist/dev/"
+download-path: "incubator/guacamole/0.9.11-incubating-RC1/"
+
+source-dist:
+    - "source/guacamole-client-0.9.11-incubating.tar.gz"
+    - "source/guacamole-server-0.9.11-incubating.tar.gz"
+
+binary-dist:
+    - "binary/guacamole-0.9.11-incubating.war"
+    - "binary/guacamole-auth-jdbc-0.9.11-incubating.tar.gz"
+    - "binary/guacamole-auth-ldap-0.9.11-incubating.tar.gz"
+    - "binary/guacamole-auth-noauth-0.9.11-incubating.tar.gz"
+
+documentation:
+    "Manual"              : "/doc/0.9.11-incubating/gug"
+    "guacamole-common"    : "/doc/0.9.10-incubating/guacamole-common"
+    "guacamole-common-js" : "/doc/0.9.10-incubating/guacamole-common-js"
+    "guacamole-ext"       : "/doc/0.9.11-incubating/guacamole-ext"
+    "libguac"             : "/doc/0.9.11-incubating/libguac"
+
+---
+
+
+The 0.9.11-incubating release features support for two-factor authentication,
+password policies (complexity rules, preventing password reuse, etc.), and
+the ability to use the Docker images with arbitrary Guacamole extensions, not
+just MySQL, PostgreSQL, and LDAP. If using both a database and LDAP, new
+settings allow you to restrict access to only those users which exist in the
+database, rather than allowing any LDAP user access.
+
+**This release contains changes which break compatibility with past releases.**
+Please see the [deprecation / compatibility
+notes](#deprecation--compatibility-notes) section for more information.
+
+
+Two-factor authentication
+-------------------------
+
+Guacamole now provides support for two-factor authentication, and includes
+a new extension which integrates with Duo using their "Auth API". Users who use
+the Duo authentication service can add Guacamole to their list of applications.
+Once configured, Guacamole will then require confirmation from Duo before
+allowing an otherwise successful authentication attempt to proceed.
+
+With this first implementation of two-factor authentication completed, support
+for other two-factor authentication services is expected to follow.
+
+ * [GUACAMOLE-136](https://issues.apache.org/jira/browse/GUACAMOLE-136) - Add support for
TFA - initially Duo
+
+Password policies
+-----------------
+
+The database authentication extensions can now be configured to enforce
+password complexity rules, including requiring specific classes of characters,
+disallowing passwords containing the user's username, and preventing previous
+passwords from being reused. Users can also now be required to change their
+password regularly, or prevented from changing their password too frequently.
+
+ * [GUACAMOLE-36](https://issues.apache.org/jira/browse/GUACAMOLE-36) - Add support for password
policies
+
+Docker improvements
+-------------------
+
+The Guacamole Docker image previously only supported the official MySQL,
+PostgreSQL, and LDAP extensions, with configuration automatically generated
+based on environment variables. No support for deploying other extensions was
+provided. As of 0.9.11-incubating, arbitrary extensions and their configuration
+files can be deployed through providing a template `GUACAMOLE_HOME` directory.
+
+The requirement that the Guacamole Docker image be linked to the guacd Docker
+image has also been lifted. Though Guacamole still requires a connection to
+guacd, that connection can now be described using the `GUACD_HOSTNAME` and
+`GUACD_PORT` environment variables.
+
+ * [GUACAMOLE-99](https://issues.apache.org/jira/browse/GUACAMOLE-99) - Do not require Docker
link for guacd
+ * [GUACAMOLE-100](https://issues.apache.org/jira/browse/GUACAMOLE-100) - Support arbitrary
extensions within Guacamole Docker image
+
+LDAP improvements
+-----------------
+
+For the common case where Guacamole's LDAP support is used purely for
+authentication, with an MySQL or PostgreSQL database used to house connection
+data, it is now possible to configure the database authentication extensions
+to reject authentication attempts for users which are not defined in the
+database. For those whose LDAP directories contain many users that will never
+be granted access to Guacamole, these new settings mean that such users can
+be denied access immediately, rather than presenting them with an empty and
+useless Guacamole home screen.
+
+In addition, if your LDAP directory was so extensive that it exceeded the
+default query size limit of 1000 records, the query size limit can now be
+manually increased within `guacamole.properties`.
+
+ * [GUACAMOLE-70](https://issues.apache.org/jira/browse/GUACAMOLE-70) - Add option to restrict
access to users within database
+ * [GUACAMOLE-79](https://issues.apache.org/jira/browse/GUACAMOLE-79) - Add an option to
allow the default LDAP result size limit (1000) to be overridden
+
+Capacity regression from 0.9.10-incubating
+------------------------------------------
+
+The new screen sharing support added in 0.9.10-incubating lead to a regression
+which could cause connections to fail when the maximum number of file
+descriptors supported by `select()` was exceeded. This effectively limited the
+maximum number of connections a Guacamole server could support, regardless of
+how powerful the server might otherwise be. This has been fixed, and Guacamole
+has been refactored to use `poll()` instead of `select()`.
+
+ * [GUACAMOLE-118](https://issues.apache.org/jira/browse/GUACAMOLE-118) - Migrate from select()
to poll()
+
+Miscellaneous fixes / improvements
+----------------------------------
+
+This latest release of Guacamole also addresses potential resource leaks in the
+use of SSL/TLS by guacd, segfaults in the built-in terminal emulator and VNC
+client, and adds a Norwegian translation for the Guacamole interface.
+
+ * [GUACAMOLE-86](https://issues.apache.org/jira/browse/GUACAMOLE-86) - Connection closed
when printing large content in SSH
+ * [GUACAMOLE-117](https://issues.apache.org/jira/browse/GUACAMOLE-117) - File descriptor
leak if SSL/TLS negotiation fails
+ * [GUACAMOLE-130](https://issues.apache.org/jira/browse/GUACAMOLE-130) - Merge contributed
Norwegian translation
+ * [GUACAMOLE-157](https://issues.apache.org/jira/browse/GUACAMOLE-157) - Connecting to unavailable
VNC endpoint causes SIGSEGV in SSH SSL lock free
+
+
+Deprecation / Compatibility notes
+=================================
+
+As of 0.9.11-incubating, the following changes have been made which affect
+compatibility with past releases:
+
+
+Database schema changes
+-----------------------
+
+The MySQL and PostgreSQL schemas have changed to facilitate support for
+password policies. Users of the database authentication will need to run the
+`upgrade-pre-0.9.11.sql` script specific to their chosen database.
+


Mime
View raw message