Http 2.0 Apache



  1. Github Apache 2.0 License
  2. Http 2.0 Apache Download
  3. Apache License Version 2.0 Explained
  4. Pick A License Apache 2.0
  5. Apache Http 2.0 Exploit

I have enabled http 2.0 with SSL in a spring boot 2.1.2 REST application with embedded tomcat using configuration 'server.http2.enabled=true' and other SSL configurations in application.properties file. It is working fine. When a http2 client post https request, my server is processing and responding properly (java 9 http client is being used). The Apache License 2.0 (Apache-2.0) summarized/explained in plain English. Implement HTTP/2 in Apache HTTP. HTTP/2 can be deployed in Apache HTTP 2.4.17 or later version with the help of modhttp2 module. So if you have 2.2 or lower version then first you got to upgrade to the compatible version. Let’s compile Apache HTTP with the modhttp2, modssl module. Download the latest version (I’ll do 2.4.25 on Linux). Official Apache OpenOffice download page. Join the OpenOffice revolution, the free office productivity suite with over 310 million trusted downloads.

Apache Guacamole 1.2.0 is an archived release, and was originally released on 2020-06-28. The latest release of Apache Guacamole is 1.3.0.

Release documentation

Apache Guacamole is split into two subprojects: 'guacamole-client', theHTML5 web application which serves the Guacamole client to users, and'guacamole-server', the remote desktop proxy which the web applicationcommunicates with. The source code for each of these may be downloadedbelow.

You mustverify the integrity of any downloaded files using the OpenPGP signatureswe provide with each release. The signatures should be verified against theKEYSfile, which contains the OpenPGP keys of Apache Guacamole's Release Managers.Checksums of each released file are also provided.

guacamole-client-1.2.0.tar.gz[ PGP ][ SHA-256 ]
guacamole-server-1.2.0.tar.gz[ PGP ][ SHA-256 ]

If you do not wish to build Apache Guacamole entirely from source, pre-builtversions of the web application (.war) and all extensions are provided here inbinary form for convenience. Please note that guacamole-server muststill be built and installed from source.

guacamole-1.2.0.war[ PGP ][ SHA-256 ]
guacamole-auth-cas-1.2.0.tar.gz[ PGP ][ SHA-256 ]
guacamole-auth-duo-1.2.0.tar.gz[ PGP ][ SHA-256 ]
guacamole-auth-header-1.2.0.tar.gz[ PGP ][ SHA-256 ]
guacamole-auth-jdbc-1.2.0.tar.gz[ PGP ][ SHA-256 ]
guacamole-auth-ldap-1.2.0.tar.gz[ PGP ][ SHA-256 ]
guacamole-auth-openid-1.2.0.tar.gz[ PGP ][ SHA-256 ]
guacamole-auth-quickconnect-1.2.0.tar.gz[ PGP ][ SHA-256 ]
guacamole-auth-saml-1.2.0.tar.gz[ PGP ][ SHA-256 ]
guacamole-auth-totp-1.2.0.tar.gz[ PGP ][ SHA-256 ]

The 1.2.0 release features support for SAML 2.0, Wake-on-LAN, and a newinterface for easily switching between multiple active connections. The generalbehavior of the login interface has also been improved, as has the flexibilityof the TOTP support, which may now be used even with user accounts that do notyet exist in the database.

The 1.2.0 release is compatible with older 1.x components. You shouldupgrade older components to 1.2.0 when possible, however things should continueto work correctly in the interim:

  • Extensions written for older 1.x releases can be used by 1.2.0.
  • Components written for the version of the Guacamole protocol used by older1.x releases can be used with components of the 1.2.0 release.

New features and improvements

Single sign-on with SAML 2.0

Similar to existing support for CAS and OpenID Connect, Guacamole now providessupport for SAML 2.0, allowing any identity provider implementing this standardto function as a source of identity.

Note that this new extension only deals with determining the identity of usersthat have authenticated via SAML (and redirecting unauthenticated users to theconfigured identity provider so that they may authenticate). The details of theconnections available to each user must be provided via another extension, suchas the database authentication.

  • GUACAMOLE-103 - SAML 2.0 support for user authentication

Wake-on-LAN

Automatically activating machines using Wake-on-LAN is now supported for VNC,RDP, SSH, and telnet connections. Additional connection parameters areavailable which define how the Wake-on-LAN “Magic Packet” should be broadcast.If enabled on a connection, the “Magic Packet” will be sent before attemptingto connect, signaling the desired machine to power up.

  • GUACAMOLE-513 - Wake on LAN integration

Easy switching between multiple connections

Users with access to multiple connections may now select from those connectionswithin the Guacamole menu while already using another connection. Theconnection name that is displayed at the top of the Guacamole menu functions asa drop-down menu from which any accessible connection may be selected.

Once multiple connections are running, connections that are running in thebackground appear as thumbnails in a collapsible panel on the lower-rightcorner of the screen. These thumbnails update in real-time, and clicking on athumbnail will switch to that connection without disconnecting.

  • GUACAMOLE-723 - Support display of multiple connections within same tab

Improved login behavior

Github Apache 2.0 License

When the Guacamole login dialog is displayed, the first blank login field willnow automatically be focused, allowing failed logins to be more easily retried.

Http 2.0 Apache Download

In deployments where the login process may be lengthy, such as when dependenton a response from a relatively slow database or LDAP server, the login formwill now disable itself and fade out to indicate that the form has beensubmitted and the login attempt is being processed.

  • GUACAMOLE-302 - Refocus relevant in-progress login fields after auth failure
  • GUACAMOLE-742 - Display feedback while waiting for login

Using TOTP with non-database user accounts

Guacamole’s TOTP support can now be used alongside extensions like LDAP, solong as a database is also configured. The former caveat that TOTP users musthave “Change own password” permission within the database no longer applies,and Guacamole’s various supported databases can now be configured toautomatically create user accounts for users that have successfullyauthenticated.

  • GUACAMOLE-708 - Allow database storage of arbitrary attributes for non-database users

VNC support for usernames

Guacamole now supports username/password authentication for VNC in addition tothe standard password-only authentication. VNC servers that require a usernamein addition to a password should now be accessible using Guacamole.

  • GUACAMOLE-514 - Implement additional authentication methods for VNC

Granular control of clipboard and file transfer

Apache

Copy and paste can now be individually disabled by the administrator on aper-connection basis, allowing data transfer through the clipboard to betightly restricted.

File transfer has always been disabled unless explicitly enabled, however thissupport can now be enabled while also disabling download or upload, allowingfile transfer to be restricted to a single direction.

  • GUACAMOLE-381 - Allow clipboard access to be disabled
  • GUACAMOLE-474 - Allow file upload and download to be enabled separately

Improved control of LDAP group object structure

Guacamole’s LDAP support now allows configuration of the type of groups used todictate access. While Guacamole previously assumed use of the groupOfNamesobject class and its member attribute, other object classes like posixGroupmay now be used, and their corresponding member attributes may be defined.

  • GUACAMOLE-300 - Support posixGroup in LDAP Authentication and Group-based Session Admission

guacenc support for MPEG-4 containers

The optional guacenc utility that is part of guacamole-server will nowproduce video within MPEG-4 container files, not just raw, containerless MPEG-4video streams.

  • GUACAMOLE-465 - Guacenc should support libavformat

Support for SSL/TLS database connections

For MySQL and PostgreSQL servers that require SSL/TLS connections, Guacamolenow provides options to configure this. Additional properties withinguacamole.properties may be specified to allow/require use of SSL, as well asto configure the level of certificate validation.

  • GUACAMOLE-728 - Docker image unable to connect to MySQL8 docker: Public Key Retrieval Not Allowed

Support for the MariaDB JDBC driver

While MySQL and MariaDB share a common origin and are generally compatible,their corresponding JDBC drivers have diverged, and Guacamole’s MySQL/MariaDBsupport previously assumed that the MySQL driver would be used.

Guacamole now supports the MariaDB version of “Connector/J” in addition to theMySQL version.

  • GUACAMOLE-852 - Support MariaDB JDBC Driver

Apache License Version 2.0 Explained

Support for SQL Server instance names

SQL Server supports deploying multiple instances on the same server, with eachadditional instance identified by its own unique name. If using SQL Server, andyour deployment uses named instances, the name of the instance containing theGuacamole database can now be specified using the sqlserver-instanceproperty.

  • GUACAMOLE-583 - SQL Instance Strings

Internationalization

Czech and Japanese translations of the web interface

The web interface of Guacamole has been translated into Czech and Japanese.These languages will now be automatically selected if accessing Guacamolefrom a browser where either is set as the preferred language, and can bemanually selected withinGuacamole’s preferences.

  • GUACAMOLE-821 - Add Japanese translation
  • GUACAMOLE-781 - Add Czech translation

Belgian French, Hungarian, and Latin American keymaps for RDP

Keymaps have been added to better support RDP servers which use theBelgian French, Hungarian, or Latin American keyboard layouts. As always, bearin mind that the client side of Guacamole is independent of keyboardlayout. Additional keyboardlayouts for RDP are mainly of benefit if:

  1. Your RDP server does not support Unicode events.
  2. Your RDP server is set to a keyboard layout which is not the default (US English).

If your RDP server is set to US English and supports Unicode events, it shouldnot be necessary to select a specific layout. The user’s local keyboard shouldsimply work, regardless of whether it matches the layout of the RDP server.

  • GUACAMOLE-625 - Add Spanish Latam keyboard support
  • GUACAMOLE-837 - Add RDP keymap for Hungarian keyboard layout
  • GUACAMOLE-901 - Keyboard layout for Belgian French

Updates to the French translation of the web interface

The existing French translation has been updated to take into account recentchanges to the web interface, adding French translations for portions of textwhich previously would have been displayed in English as a fallback.

  • GUACAMOLE-759 - update translation fr.json for guacamole-client

Bug fixes

Regressions due to FreeRDP 2.0.0 migration

Several regressions were identified following the Apache Guacamole 1.1.0release which were due to the massive migration from FreeRDP 1.x to FreeRDP2.0.0 and primarily affected use ofRemoteApp, Hyper-V, and VirtualBox. These regressions have now been fixed, andRDP connections involving these technologies should work as expected.

  • GUACAMOLE-947 - Clipboard error message when connected to the RDP server
  • GUACAMOLE-952 - Preconnection PDU support no longer works following migration to FreeRDP 2.0.0
  • GUACAMOLE-962 - Cannot connect to VirtualBox RDP following migration to FreeRDP 2.0.0
  • GUACAMOLE-978 - RemoteApp session to Windows Server 2016 closes after roughly 2-3 minutes
  • GUACAMOLE-979 - RDP settings strings may be double-freed
  • GUACAMOLE-1053 - guacd segfaults when user actively presses keys at RDP disconnect time
  • GUACAMOLE-1076 - Another copy of RemoteApp is launched in case of session reconnect

Audio input behavior

Following changes to the JavaScript API exposed by browsers for accessing audioinput streams, support for audio input within Guacamole ceased to functioncorrectly. This was due to:

  • A change in the return type of the navigator.mediaDevices.getUserMedia() function
  • Changes in Chrome’s autoplay policy

Both causes have been addressed, and audio input should now function correctly.

  • GUACAMOLE-732 - navigator.mediaDevices.getUserMedia() returns a promises
  • GUACAMOLE-905 - Audio input broken on Chrome

iPad and iOS 13 support

Users of iOS and iPadOS mobile devices reported erratic behavior of theGuacamole interface following a system update, ultimately resulting ininability to interact with remote desktops using touch mouse emulation. Theseissues were determined to be due to changes in iOS Safari’s handling of thebrowser viewport, and have been corrected by updating Guacamole’s interface tobe independent of the aspects that changed.

  • GUACAMOLE-810 - Ipad screen jumps upwards while user focuses on Text Input.
  • GUACAMOLE-883 - Touch mouse emulation no longer works as of iOS 13
Http 2.0 Apache

Login screen behavior on Firefox

When logging into Guacamole using Firefox, the “Enter” key could becomeeffectively stuck if used to submit the login form. This was due to the lack ofa corresponding keyup event for the key used to submit the form. This issuehas been corrected such that any tracked keyboard state will not be maintainedwhen Guacamole navigates between any of its pages.

  • GUACAMOLE-817 - “Enter” key may repeat following login with Firefox

RDP keyboard behavior

Guacamole’s RDP support relies on dynamic keymap translation to ensure thatkeyboard behavior is always dictated by the user’s own keyboard layout, not thekeyboard layout of the RDP server. This translation did not function correctlywhen Shift and Caps Lock were combined, as the remote state of Caps Lock wasnot properly tracked.

This has been corrected, and Guacamole will now automatically take Caps Lockinto account when determining whether additional modifiers need to be pressed(and whether any pressed modifiers need to be released).

The German keymap has also been corrected to include a definition for thenon-dead tilde key.

  • GUACAMOLE-518 - Shift incorrectly sent for uppercase letters while Caps Lock is active
  • GUACAMOLE-859 - Incorrect Caps Lock keysym sent to Windows via RDP
  • GUACAMOLE-917 - Key mapping for German keyboards: ~ does not work

Pick A License Apache 2.0

VNC support for TLS

While Guacamole will automatically use TLS for VNC servers that require it, theproper locking callbacks required for multithreaded use of TLS were not set,resulting in unstable behavior. These callbacks are now correctly specified,and connections to VNC servers requiring TLS should function correctly.

Beware that these callbacks are only supported in newer versions oflibvncclient. If the version of libvncclient installed lacks support for thesecallbacks, a warning will be displayed when building guacamole-server notingthat TLS may not work correctly:

Apache Http 2.0 Exploit

  • GUACAMOLE-414 - Certain VNC servers result in disconnection due to TLS errors

Rendering of balancing groups

Http

Guacamole is intended to render empty balancing groups as if they wereconnections, keeping the balancing nature of those groups opaque tonon-administrative users. A regression in the 0.9.10-incubating release brokethis behavior, causing empty balancing groups to render as any emptynon-balancing group would. This has been corrected, and empty balancing groupsshould now appear identical to normal connections.

  • GUACAMOLE-823 - Empty balancing group does not render as connection

SQL Server connection history query

A bug in the query used by Guacamole’s SQL Server support caused searchesagainst the connection history to fail, instead producing the following errorin the logs:

The error in the relevant SQL query has been corrected, and searches againstthe connection history should now work as expected.

  • GUACAMOLE-870 - Connection history query fails against SQL Server

OpenID redirection loop

In certain cases, Guacamole’s OpenID support would redirect the user back totheir IDP in a loop, despite the OpenID support being correctly configured andthe IDP behaving correctly. This was due to incorrect handling of theid_token parameter within the URL, causing Guacamole to behave as if theid_token were not present at all. This handling has been corrected, and usersshould not encounter a redirect loop if OpenID is correctly configured.

  • GUACAMOLE-805 - OpenID authentication may redirect to IDP in a loop

RADIUS challenge rendering

A bug in Guacamole’s RADIUS support resulted in the Reply-Message = portionof the RADIUS challenge being presented to the user as if it were part of theactual challenge message. This has been fixed. Only the challenge messageitself should now be displayed.

  • GUACAMOLE-769 - Parse RADIUS Challenge Message Correctly

RADIUS support for MS-CHAPv1 and MS-CHAPv2

Guacamole’s RADIUS support was intended to support for MS-CHAPv1 and MS-CHAPv2authentication protocols, however this would fail if the JVM in use lackedsupport for the MD4 digest algorithm:

An implementation of MD4 is now bundled with the RADIUS support, and bothMS-CHAPv1 and MS-CHAPv2 should work as expected.

  • GUACAMOLE-774 - RADIUS support for MS-CHAPv1 and MS-CHAPv2 fails

Miscellaneous fixes/improvements

  • GUACAMOLE-678 - And new UriGuacamoleProperty
  • GUACAMOLE-684 - Insufficient Credentials Should Take Precedence over Invalid Credentials
  • GUACAMOLE-734 - Update logback-classic version
  • GUACAMOLE-736 - guacamole-auth-cas build fails against JDK 11
  • GUACAMOLE-740 - Spanish translation contains hard-coded version number
  • GUACAMOLE-741 - Spanish translation duplicates “APP.NAME” string
  • GUACAMOLE-749 - Filter affects only the first level of the connection permission editor tree
  • GUACAMOLE-764 - RDPDR file read/write may be truncated to 32 bits
  • GUACAMOLE-772 - Reducing image Docker size for Guacd
  • GUACAMOLE-783 - REST API responses are cached in IE 11
  • GUACAMOLE-784 - Tolerate port number within X-Forwarded-For header
  • GUACAMOLE-818 - Missing some files in the sftp file system
  • GUACAMOLE-820 - Filters containing IP addresses do not match connection properties/parameters
  • GUACAMOLE-846 - tunnel.uuid not initialized if tunnel becomes UNSTABLE
  • GUACAMOLE-861 - Drive Redirection: WINDOWS_TIME wrong calculation
  • GUACAMOLE-871 - Support cursor visiblity flag (DECTECM) in the terminal emulator
  • GUACAMOLE-884 - Avoid Image where possible without performance penalty
  • GUACAMOLE-889 - Mismatching attribute names in the LDAP schema
  • GUACAMOLE-897 - Docker support for restricting authentication to database users only
  • GUACAMOLE-955 - Untranslated error strings from extensions must not be interpreted as HTML
  • GUACAMOLE-958 - Race in guacd client termination
  • GUACAMOLE-1059 - Tolerate RDP protocol violations where possible




Comments are closed.