guacamole-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [1/2] incubator-guacamole-website git commit: Add draft release notes for 0.9.11-incubating.
Date Mon, 23 Jan 2017 07:06:54 GMT
Repository: incubator-guacamole-website
Updated Branches:
  refs/heads/master bd10100b7 -> dfdae081e

Add draft release notes for 0.9.11-incubating.


Branch: refs/heads/master
Commit: 32af0f4a4f72ccf7671ad404adefce4fa5f426c7
Parents: bd10100
Author: Michael Jumper <>
Authored: Sun Jan 22 13:50:39 2017 -0800
Committer: Michael Jumper <>
Committed: Sun Jan 22 23:00:11 2017 -0800

 _releases/ | 145 ++++++++++++++++++++++++++++++++++++
 1 file changed, 145 insertions(+)
diff --git a/_releases/ b/_releases/
new file mode 100644
index 0000000..63b2aa3
--- /dev/null
+++ b/_releases/
@@ -0,0 +1,145 @@
+released: false
+title: 0.9.11-incubating
+date: 2017-01-22 23:00:00 -0800
+summary: >
+    Two-factor authentication, password policies, improvements to Docker and
+    LDAP.
+artifact-root: ""
+checksum-root: ""
+download-path: "incubator/guacamole/0.9.11-incubating-RC1/"
+    - "source/guacamole-client-0.9.11-incubating.tar.gz"
+    - "source/guacamole-server-0.9.11-incubating.tar.gz"
+    - "binary/guacamole-0.9.11-incubating.war"
+    - "binary/guacamole-auth-jdbc-0.9.11-incubating.tar.gz"
+    - "binary/guacamole-auth-ldap-0.9.11-incubating.tar.gz"
+    - "binary/guacamole-auth-noauth-0.9.11-incubating.tar.gz"
+    "Manual"              : "/doc/0.9.11-incubating/gug"
+    "guacamole-common"    : "/doc/0.9.10-incubating/guacamole-common"
+    "guacamole-common-js" : "/doc/0.9.10-incubating/guacamole-common-js"
+    "guacamole-ext"       : "/doc/0.9.11-incubating/guacamole-ext"
+    "libguac"             : "/doc/0.9.11-incubating/libguac"
+The 0.9.11-incubating release features support for two-factor authentication,
+password policies (complexity rules, preventing password reuse, etc.), and
+the ability to use the Docker images with arbitrary Guacamole extensions, not
+just MySQL, PostgreSQL, and LDAP. If using both a database and LDAP, new
+settings allow you to restrict access to only those users which exist in the
+database, rather than allowing any LDAP user access.
+**This release contains changes which break compatibility with past releases.**
+Please see the [deprecation / compatibility
+notes](#deprecation--compatibility-notes) section for more information.
+Two-factor authentication
+Guacamole now provides support for two-factor authentication, and includes
+a new extension which integrates with Duo using their "Auth API". Users who use
+the Duo authentication service can add Guacamole to their list of applications.
+Once configured, Guacamole will then require confirmation from Duo before
+allowing an otherwise successful authentication attempt to proceed.
+With this first implementation of two-factor authentication completed, support
+for other two-factor authentication services is expected to follow.
+ * [GUACAMOLE-136]( - Add support for
TFA - initially Duo
+Password policies
+The database authentication extensions can now be configured to enforce
+password complexity rules, including requiring specific classes of characters,
+disallowing passwords containing the user's username, and preventing previous
+passwords from being reused. Users can also now be required to change their
+password regularly, or prevented from changing their password too frequently.
+ * [GUACAMOLE-36]( - Add support for password
+Docker improvements
+The Guacamole Docker image previously only supported the official MySQL,
+PostgreSQL, and LDAP extensions, with configuration automatically generated
+based on environment variables. No support for deploying other extensions was
+provided. As of 0.9.11-incubating, arbitrary extensions and their configuration
+files can be deployed through providing a template `GUACAMOLE_HOME` directory.
+The requirement that the Guacamole Docker image be linked to the guacd Docker
+image has also been lifted. Though Guacamole still requires a connection to
+guacd, that connection can now be described using the `GUACD_HOSTNAME` and
+`GUACD_PORT` environment variables.
+ * [GUACAMOLE-99]( - Do not require Docker
link for guacd
+ * [GUACAMOLE-100]( - Support arbitrary
extensions within Guacamole Docker image
+LDAP improvements
+For the common case where Guacamole's LDAP support is used purely for
+authentication, with an MySQL or PostgreSQL database used to house connection
+data, it is now possible to configure the database authentication extensions
+to reject authentication attempts for users which are not defined in the
+database. For those whose LDAP directories contain many users that will never
+be granted access to Guacamole, these new settings mean that such users can
+be denied access immediately, rather than presenting them with an empty and
+useless Guacamole home screen.
+In addition, if your LDAP directory was so extensive that it exceeded the
+default query size limit of 1000 records, the query size limit can now be
+manually increased within ``.
+ * [GUACAMOLE-70]( - Add option to restrict
access to users within database
+ * [GUACAMOLE-79]( - Add an option to
allow the default LDAP result size limit (1000) to be overridden
+Capacity regression from 0.9.10-incubating
+The new screen sharing support added in 0.9.10-incubating lead to a regression
+which could cause connections to fail when the maximum number of file
+descriptors supported by `select()` was exceeded. This effectively limited the
+maximum number of connections a Guacamole server could support, regardless of
+how powerful the server might otherwise be. This has been fixed, and Guacamole
+has been refactored to use `poll()` instead of `select()`.
+ * [GUACAMOLE-118]( - Migrate from select()
to poll()
+Miscellaneous fixes / improvements
+This latest release of Guacamole also addresses potential resource leaks in the
+use of SSL/TLS by guacd, segfaults in the built-in terminal emulator and VNC
+client, and adds a Norwegian translation for the Guacamole interface.
+ * [GUACAMOLE-86]( - Connection closed
when printing large content in SSH
+ * [GUACAMOLE-117]( - File descriptor
leak if SSL/TLS negotiation fails
+ * [GUACAMOLE-130]( - Merge contributed
Norwegian translation
+ * [GUACAMOLE-157]( - Connecting to unavailable
VNC endpoint causes SIGSEGV in SSH SSL lock free
+Deprecation / Compatibility notes
+As of 0.9.11-incubating, the following changes have been made which affect
+compatibility with past releases:
+Database schema changes
+The MySQL and PostgreSQL schemas have changed to facilitate support for
+password policies. Users of the database authentication will need to run the
+`upgrade-pre-0.9.11.sql` script specific to their chosen database.

View raw message