- Github Apache 2.0 License
- Http 2.0 Apache Download
- Apache License Version 2.0 Explained
- Pick A License Apache 2.0
- Apache Http 2.0 Exploit
I have enabled http 2.0 with SSL in a spring boot 2.1.2 REST application with embedded tomcat using configuration 'server.http2.enabled=true' and other SSL configurations in application.properties file. It is working fine. When a http2 client post https request, my server is processing and responding properly (java 9 http client is being used). The Apache License 2.0 (Apache-2.0) summarized/explained in plain English. Implement HTTP/2 in Apache HTTP. HTTP/2 can be deployed in Apache HTTP 2.4.17 or later version with the help of modhttp2 module. So if you have 2.2 or lower version then first you got to upgrade to the compatible version. Let’s compile Apache HTTP with the modhttp2, modssl module. Download the latest version (I’ll do 2.4.25 on Linux). Official Apache OpenOffice download page. Join the OpenOffice revolution, the free office productivity suite with over 310 million trusted downloads.
Apache Guacamole 1.2.0 is an archived release, and was originally released on 2020-06-28. The latest release of Apache Guacamole is 1.3.0.
Release documentation
Apache Guacamole is split into two subprojects: 'guacamole-client', theHTML5 web application which serves the Guacamole client to users, and'guacamole-server', the remote desktop proxy which the web applicationcommunicates with. The source code for each of these may be downloadedbelow.
You mustverify the integrity of any downloaded files using the OpenPGP signatureswe provide with each release. The signatures should be verified against theKEYSfile, which contains the OpenPGP keys of Apache Guacamole's Release Managers.Checksums of each released file are also provided.
guacamole-client-1.2.0.tar.gz | [ PGP ] | [ SHA-256 ] |
guacamole-server-1.2.0.tar.gz | [ PGP ] | [ SHA-256 ] |
If you do not wish to build Apache Guacamole entirely from source, pre-builtversions of the web application (.war) and all extensions are provided here inbinary form for convenience. Please note that guacamole-server muststill be built and installed from source.
guacamole-1.2.0.war | [ PGP ] | [ SHA-256 ] |
guacamole-auth-cas-1.2.0.tar.gz | [ PGP ] | [ SHA-256 ] |
guacamole-auth-duo-1.2.0.tar.gz | [ PGP ] | [ SHA-256 ] |
guacamole-auth-header-1.2.0.tar.gz | [ PGP ] | [ SHA-256 ] |
guacamole-auth-jdbc-1.2.0.tar.gz | [ PGP ] | [ SHA-256 ] |
guacamole-auth-ldap-1.2.0.tar.gz | [ PGP ] | [ SHA-256 ] |
guacamole-auth-openid-1.2.0.tar.gz | [ PGP ] | [ SHA-256 ] |
guacamole-auth-quickconnect-1.2.0.tar.gz | [ PGP ] | [ SHA-256 ] |
guacamole-auth-saml-1.2.0.tar.gz | [ PGP ] | [ SHA-256 ] |
guacamole-auth-totp-1.2.0.tar.gz | [ PGP ] | [ SHA-256 ] |
The 1.2.0 release features support for SAML 2.0, Wake-on-LAN, and a newinterface for easily switching between multiple active connections. The generalbehavior of the login interface has also been improved, as has the flexibilityof the TOTP support, which may now be used even with user accounts that do notyet exist in the database.
The 1.2.0 release is compatible with older 1.x components. You shouldupgrade older components to 1.2.0 when possible, however things should continueto work correctly in the interim:
- Extensions written for older 1.x releases can be used by 1.2.0.
- Components written for the version of the Guacamole protocol used by older1.x releases can be used with components of the 1.2.0 release.
New features and improvements
Single sign-on with SAML 2.0
Similar to existing support for CAS and OpenID Connect, Guacamole now providessupport for SAML 2.0, allowing any identity provider implementing this standardto function as a source of identity.
Note that this new extension only deals with determining the identity of usersthat have authenticated via SAML (and redirecting unauthenticated users to theconfigured identity provider so that they may authenticate). The details of theconnections available to each user must be provided via another extension, suchas the database authentication.
- GUACAMOLE-103 - SAML 2.0 support for user authentication
Wake-on-LAN
Automatically activating machines using Wake-on-LAN is now supported for VNC,RDP, SSH, and telnet connections. Additional connection parameters areavailable which define how the Wake-on-LAN “Magic Packet” should be broadcast.If enabled on a connection, the “Magic Packet” will be sent before attemptingto connect, signaling the desired machine to power up.
- GUACAMOLE-513 - Wake on LAN integration
Easy switching between multiple connections
Users with access to multiple connections may now select from those connectionswithin the Guacamole menu while already using another connection. Theconnection name that is displayed at the top of the Guacamole menu functions asa drop-down menu from which any accessible connection may be selected.
Once multiple connections are running, connections that are running in thebackground appear as thumbnails in a collapsible panel on the lower-rightcorner of the screen. These thumbnails update in real-time, and clicking on athumbnail will switch to that connection without disconnecting.
- GUACAMOLE-723 - Support display of multiple connections within same tab
Improved login behavior
Github Apache 2.0 License
When the Guacamole login dialog is displayed, the first blank login field willnow automatically be focused, allowing failed logins to be more easily retried.
Http 2.0 Apache Download
In deployments where the login process may be lengthy, such as when dependenton a response from a relatively slow database or LDAP server, the login formwill now disable itself and fade out to indicate that the form has beensubmitted and the login attempt is being processed.
- GUACAMOLE-302 - Refocus relevant in-progress login fields after auth failure
- GUACAMOLE-742 - Display feedback while waiting for login
Using TOTP with non-database user accounts
Guacamole’s TOTP support can now be used alongside extensions like LDAP, solong as a database is also configured. The former caveat that TOTP users musthave “Change own password” permission within the database no longer applies,and Guacamole’s various supported databases can now be configured toautomatically create user accounts for users that have successfullyauthenticated.
- GUACAMOLE-708 - Allow database storage of arbitrary attributes for non-database users
VNC support for usernames
Guacamole now supports username/password authentication for VNC in addition tothe standard password-only authentication. VNC servers that require a usernamein addition to a password should now be accessible using Guacamole.
- GUACAMOLE-514 - Implement additional authentication methods for VNC
Granular control of clipboard and file transfer
Copy and paste can now be individually disabled by the administrator on aper-connection basis, allowing data transfer through the clipboard to betightly restricted.
File transfer has always been disabled unless explicitly enabled, however thissupport can now be enabled while also disabling download or upload, allowingfile transfer to be restricted to a single direction.
- GUACAMOLE-381 - Allow clipboard access to be disabled
- GUACAMOLE-474 - Allow file upload and download to be enabled separately
Improved control of LDAP group object structure
Guacamole’s LDAP support now allows configuration of the type of groups used todictate access. While Guacamole previously assumed use of the groupOfNames
object class and its member
attribute, other object classes like posixGroup
may now be used, and their corresponding member attributes may be defined.
- GUACAMOLE-300 - Support posixGroup in LDAP Authentication and Group-based Session Admission
guacenc
support for MPEG-4 containers
The optional guacenc
utility that is part of guacamole-server will nowproduce video within MPEG-4 container files, not just raw, containerless MPEG-4video streams.
- GUACAMOLE-465 - Guacenc should support libavformat
Support for SSL/TLS database connections
For MySQL and PostgreSQL servers that require SSL/TLS connections, Guacamolenow provides options to configure this. Additional properties withinguacamole.properties
may be specified to allow/require use of SSL, as well asto configure the level of certificate validation.
- GUACAMOLE-728 - Docker image unable to connect to MySQL8 docker: Public Key Retrieval Not Allowed
Support for the MariaDB JDBC driver
While MySQL and MariaDB share a common origin and are generally compatible,their corresponding JDBC drivers have diverged, and Guacamole’s MySQL/MariaDBsupport previously assumed that the MySQL driver would be used.
Guacamole now supports the MariaDB version of “Connector/J” in addition to theMySQL version.
- GUACAMOLE-852 - Support MariaDB JDBC Driver
Apache License Version 2.0 Explained
Support for SQL Server instance names
SQL Server supports deploying multiple instances on the same server, with eachadditional instance identified by its own unique name. If using SQL Server, andyour deployment uses named instances, the name of the instance containing theGuacamole database can now be specified using the sqlserver-instance
property.
- GUACAMOLE-583 - SQL Instance Strings
Internationalization
Czech and Japanese translations of the web interface
The web interface of Guacamole has been translated into Czech and Japanese.These languages will now be automatically selected if accessing Guacamolefrom a browser where either is set as the preferred language, and can bemanually selected withinGuacamole’s preferences.
- GUACAMOLE-821 - Add Japanese translation
- GUACAMOLE-781 - Add Czech translation
Belgian French, Hungarian, and Latin American keymaps for RDP
Keymaps have been added to better support RDP servers which use theBelgian French, Hungarian, or Latin American keyboard layouts. As always, bearin mind that the client side of Guacamole is independent of keyboardlayout. Additional keyboardlayouts for RDP are mainly of benefit if:
- Your RDP server does not support Unicode events.
- Your RDP server is set to a keyboard layout which is not the default (US English).
If your RDP server is set to US English and supports Unicode events, it shouldnot be necessary to select a specific layout. The user’s local keyboard shouldsimply work, regardless of whether it matches the layout of the RDP server.
- GUACAMOLE-625 - Add Spanish Latam keyboard support
- GUACAMOLE-837 - Add RDP keymap for Hungarian keyboard layout
- GUACAMOLE-901 - Keyboard layout for Belgian French
Updates to the French translation of the web interface
The existing French translation has been updated to take into account recentchanges to the web interface, adding French translations for portions of textwhich previously would have been displayed in English as a fallback.
- GUACAMOLE-759 - update translation fr.json for guacamole-client
Bug fixes
Regressions due to FreeRDP 2.0.0 migration
Several regressions were identified following the Apache Guacamole 1.1.0release which were due to the massive migration from FreeRDP 1.x to FreeRDP2.0.0 and primarily affected use ofRemoteApp, Hyper-V, and VirtualBox. These regressions have now been fixed, andRDP connections involving these technologies should work as expected.
- GUACAMOLE-947 - Clipboard error message when connected to the RDP server
- GUACAMOLE-952 - Preconnection PDU support no longer works following migration to FreeRDP 2.0.0
- GUACAMOLE-962 - Cannot connect to VirtualBox RDP following migration to FreeRDP 2.0.0
- GUACAMOLE-978 - RemoteApp session to Windows Server 2016 closes after roughly 2-3 minutes
- GUACAMOLE-979 - RDP settings strings may be double-freed
- GUACAMOLE-1053 - guacd segfaults when user actively presses keys at RDP disconnect time
- GUACAMOLE-1076 - Another copy of RemoteApp is launched in case of session reconnect
Audio input behavior
Following changes to the JavaScript API exposed by browsers for accessing audioinput streams, support for audio input within Guacamole ceased to functioncorrectly. This was due to:
- A change in the return type of the
navigator.mediaDevices.getUserMedia()
function - Changes in Chrome’s autoplay policy
Both causes have been addressed, and audio input should now function correctly.
- GUACAMOLE-732 - navigator.mediaDevices.getUserMedia() returns a promises
- GUACAMOLE-905 - Audio input broken on Chrome
iPad and iOS 13 support
Users of iOS and iPadOS mobile devices reported erratic behavior of theGuacamole interface following a system update, ultimately resulting ininability to interact with remote desktops using touch mouse emulation. Theseissues were determined to be due to changes in iOS Safari’s handling of thebrowser viewport, and have been corrected by updating Guacamole’s interface tobe independent of the aspects that changed.
- GUACAMOLE-810 - Ipad screen jumps upwards while user focuses on Text Input.
- GUACAMOLE-883 - Touch mouse emulation no longer works as of iOS 13
Login screen behavior on Firefox
When logging into Guacamole using Firefox, the “Enter” key could becomeeffectively stuck if used to submit the login form. This was due to the lack ofa corresponding keyup
event for the key used to submit the form. This issuehas been corrected such that any tracked keyboard state will not be maintainedwhen Guacamole navigates between any of its pages.
- GUACAMOLE-817 - “Enter” key may repeat following login with Firefox
RDP keyboard behavior
Guacamole’s RDP support relies on dynamic keymap translation to ensure thatkeyboard behavior is always dictated by the user’s own keyboard layout, not thekeyboard layout of the RDP server. This translation did not function correctlywhen Shift and Caps Lock were combined, as the remote state of Caps Lock wasnot properly tracked.
This has been corrected, and Guacamole will now automatically take Caps Lockinto account when determining whether additional modifiers need to be pressed(and whether any pressed modifiers need to be released).
The German keymap has also been corrected to include a definition for thenon-dead tilde key.
- GUACAMOLE-518 - Shift incorrectly sent for uppercase letters while Caps Lock is active
- GUACAMOLE-859 - Incorrect Caps Lock keysym sent to Windows via RDP
- GUACAMOLE-917 - Key mapping for German keyboards: ~ does not work
Pick A License Apache 2.0
VNC support for TLS
While Guacamole will automatically use TLS for VNC servers that require it, theproper locking callbacks required for multithreaded use of TLS were not set,resulting in unstable behavior. These callbacks are now correctly specified,and connections to VNC servers requiring TLS should function correctly.
Beware that these callbacks are only supported in newer versions oflibvncclient. If the version of libvncclient installed lacks support for thesecallbacks, a warning will be displayed when building guacamole-server notingthat TLS may not work correctly:
Apache Http 2.0 Exploit
- GUACAMOLE-414 - Certain VNC servers result in disconnection due to TLS errors
Rendering of balancing groups
Guacamole is intended to render empty balancing groups as if they wereconnections, keeping the balancing nature of those groups opaque tonon-administrative users. A regression in the 0.9.10-incubating release brokethis behavior, causing empty balancing groups to render as any emptynon-balancing group would. This has been corrected, and empty balancing groupsshould now appear identical to normal connections.
- GUACAMOLE-823 - Empty balancing group does not render as connection
SQL Server connection history query
A bug in the query used by Guacamole’s SQL Server support caused searchesagainst the connection history to fail, instead producing the following errorin the logs:
The error in the relevant SQL query has been corrected, and searches againstthe connection history should now work as expected.
- GUACAMOLE-870 - Connection history query fails against SQL Server
OpenID redirection loop
In certain cases, Guacamole’s OpenID support would redirect the user back totheir IDP in a loop, despite the OpenID support being correctly configured andthe IDP behaving correctly. This was due to incorrect handling of theid_token
parameter within the URL, causing Guacamole to behave as if theid_token
were not present at all. This handling has been corrected, and usersshould not encounter a redirect loop if OpenID is correctly configured.
- GUACAMOLE-805 - OpenID authentication may redirect to IDP in a loop
RADIUS challenge rendering
A bug in Guacamole’s RADIUS support resulted in the Reply-Message =
portionof the RADIUS challenge being presented to the user as if it were part of theactual challenge message. This has been fixed. Only the challenge messageitself should now be displayed.
- GUACAMOLE-769 - Parse RADIUS Challenge Message Correctly
RADIUS support for MS-CHAPv1 and MS-CHAPv2
Guacamole’s RADIUS support was intended to support for MS-CHAPv1 and MS-CHAPv2authentication protocols, however this would fail if the JVM in use lackedsupport for the MD4 digest algorithm:
An implementation of MD4 is now bundled with the RADIUS support, and bothMS-CHAPv1 and MS-CHAPv2 should work as expected.
- GUACAMOLE-774 - RADIUS support for MS-CHAPv1 and MS-CHAPv2 fails
Miscellaneous fixes/improvements
- GUACAMOLE-678 - And new UriGuacamoleProperty
- GUACAMOLE-684 - Insufficient Credentials Should Take Precedence over Invalid Credentials
- GUACAMOLE-734 - Update logback-classic version
- GUACAMOLE-736 - guacamole-auth-cas build fails against JDK 11
- GUACAMOLE-740 - Spanish translation contains hard-coded version number
- GUACAMOLE-741 - Spanish translation duplicates “APP.NAME” string
- GUACAMOLE-749 - Filter affects only the first level of the connection permission editor tree
- GUACAMOLE-764 - RDPDR file read/write may be truncated to 32 bits
- GUACAMOLE-772 - Reducing image Docker size for Guacd
- GUACAMOLE-783 - REST API responses are cached in IE 11
- GUACAMOLE-784 - Tolerate port number within X-Forwarded-For header
- GUACAMOLE-818 - Missing some files in the sftp file system
- GUACAMOLE-820 - Filters containing IP addresses do not match connection properties/parameters
- GUACAMOLE-846 - tunnel.uuid not initialized if tunnel becomes UNSTABLE
- GUACAMOLE-861 - Drive Redirection: WINDOWS_TIME wrong calculation
- GUACAMOLE-871 - Support cursor visiblity flag (DECTECM) in the terminal emulator
- GUACAMOLE-884 - Avoid Image where possible without performance penalty
- GUACAMOLE-889 - Mismatching attribute names in the LDAP schema
- GUACAMOLE-897 - Docker support for restricting authentication to database users only
- GUACAMOLE-955 - Untranslated error strings from extensions must not be interpreted as HTML
- GUACAMOLE-958 - Race in guacd client termination
- GUACAMOLE-1059 - Tolerate RDP protocol violations where possible