Repository: guacamole-website Updated Branches: refs/heads/master 572bafdfa -> 0e7f3de02
Add draft release notes for first RC of 1.0.0. Project: http://git-wip-us.apache.org/repos/asf/guacamole-website/repo Commit: http://git-wip-us.apache.org/repos/asf/guacamole-website/commit/04444fc7 Tree: http://git-wip-us.apache.org/repos/asf/guacamole-website/tree/04444fc7 Diff: http://git-wip-us.apache.org/repos/asf/guacamole-website/diff/04444fc7 Branch: refs/heads/master Commit: 04444fc74a5a7e661ca34caa88087eedb32e8717 Parents: 572bafd Author: Michael Jumper <[email protected]> Authored: Sun Dec 9 23:08:05 2018 -0800 Committer: Michael Jumper <[email protected]> Committed: Mon Dec 31 16:31:07 2018 -0800 ---------------------------------------------------------------------- _releases/1.0.0.md | 409 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 409 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/guacamole-website/blob/04444fc7/_releases/1.0.0.md ---------------------------------------------------------------------- diff --git a/_releases/1.0.0.md b/_releases/1.0.0.md new file mode 100644 index 0000000..f76da78 --- /dev/null +++ b/_releases/1.0.0.md @@ -0,0 +1,409 @@ +--- + +released: false +title: 1.0.0 +date: 2018-12-20 22:00:00 -0800 +summary: > + User groups, improved clipboard integration, TOTP (Google Authenticator), + RADIUS, dead keys. + +artifact-root: "https://dist.apache.org/repos/dist/dev/"; +checksum-root: "https://dist.apache.org/repos/dist/dev/"; +download-path: "guacamole/1.0.0-RC1/" + +source-dist: + - "source/guacamole-client-1.0.0.tar.gz" + - "source/guacamole-server-1.0.0.tar.gz" + +binary-dist: + - "binary/guacamole-1.0.0.war" + - "binary/guacamole-auth-cas-1.0.0.tar.gz" + - "binary/guacamole-auth-duo-1.0.0.tar.gz" + - "binary/guacamole-auth-header-1.0.0.tar.gz" + - "binary/guacamole-auth-jdbc-1.0.0.tar.gz" + - "binary/guacamole-auth-ldap-1.0.0.tar.gz" + - "binary/guacamole-auth-openid-1.0.0.tar.gz" + - "binary/guacamole-auth-quickconnect-1.0.0.tar.gz" + - "binary/guacamole-auth-totp-1.0.0.tar.gz" + +documentation: + "Manual" : "/doc/1.0.0/gug" + "guacamole-common" : "/doc/1.0.0/guacamole-common" + "guacamole-common-js" : "/doc/1.0.0/guacamole-common-js" + "guacamole-ext" : "/doc/1.0.0/guacamole-ext" + "libguac" : "/doc/1.0.0/libguac" + +--- + +The 1.0.0 release features support for user groups, improved clipboard +integration leveraging the Asynchronous Clipboard API, as well as support for +TOTP (Google Authenticator), RADIUS, and dead keys. + +**This release contains changes which break compatibility with past releases.** +Please see the [deprecation / compatibility +notes](#deprecation--compatibility-notes) section for more information. + + +New features and improvements +----------------------------- + +### Support for user groups + +Guacamole now supports granting permissions based on group membership. While +this has been supported to a degree for some time via LDAP and the `seeAlso` +attribute, groups can now be defined and used within a database, with LDAP and +a database combined, or within other extensions using Guacamole's extension +API. + + * [GUACAMOLE-220](https://issues.apache.org/jira/browse/GUACAMOLE-220) - Implement user groups + +### Clipboard integration with the Asynchronous Clipboard API + +For browsers which implement the [Asynchronous Clipboard +API](https://www.w3.org/TR/clipboard-apis/#async-clipboard-api), Guacamole will +now automatically synchronize the local and remote clipboards. Users will be +prompted to grant clipboard access upon opening Guacamole, and Guacamole will +synchronize the clipboard if access is granted. + +This API [has been implemented in Google Chrome since version +66](https://developers.google.com/web/updates/2018/03/clipboardapi), and other +browsers will likely follow suit. The legacy synchronous clipboard API will +continue to be used as a fallback for browsers that support clipboard access +but lack support for the newer API (Internet Explorer). + + * [GUACAMOLE-559](https://issues.apache.org/jira/browse/GUACAMOLE-559) - Add support for the new Asynchronous Clipboard API + +### Multi-factor authentication with Google Authenticator / TOTP + +Guacamole now has support for TOTP as an additional authentication factor. +TOTP ([Time-based One-Time Password](https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm)) +is a [standardized algorithm](https://tools.ietf.org/html/rfc6238) used for +multi-factor authentication. With this new support, Guacamole may be used with +any application or authentication device which supports the TOTP standard, +including the popular Google Authenticator. + + * [GUACAMOLE-96](https://issues.apache.org/jira/browse/GUACAMOLE-96) - Two factor authentication with Google Authenticator + +### Support for RADIUS authentication + +RADIUS support has been added, allowing Guacamole to delegate authentication to +a RADIUS service like FreeRADIUS for validating credentials, enforcing multiple +authentication factors, etc. + +Because the RADIUS library used by this support is licensed under the LGPL, a +convenience binary for this extension is not provided. If you wish to use the +RADIUS support, you will need to [build guacamole-client from +source](/doc/1.0.0/gug/installing-guacamole.html) and explicitly enable that +part of the build with `-P`: + + mvn package -Plgpl-extensions + +Instructions for building this support are [provided in the +manual](/doc/1.0.0/gug/radius-auth.html). + + * [GUACAMOLE-197](https://issues.apache.org/jira/browse/GUACAMOLE-197) - Implement Support for RADIUS Authentication + +### Support for creating ad-hoc connections + +An extension is now provided which allows users to create arbitrary, temporary +connections through entering a URL. This ability can be quite convenient, as +users need not create new connections through the administrative interface in +order to quickly access a particular machine. + +Be sure you understand the [security implications of providing this level of +access](/doc/1.0.0/gug/adhoc-connections.html). A Guacamole connection +implicitly has network and filesystem access to the Guacamole server, thus +providing this ability is equivalent to granting your users those privileges. + + * [GUACAMOLE-38](https://issues.apache.org/jira/browse/GUACAMOLE-38) - On-Demand connection + +### Improved keyboard handling / Support for dead keys + + * [GUACAMOLE-161](https://issues.apache.org/jira/browse/GUACAMOLE-161) - Handle CapsLock events properly on Mac OS + * [GUACAMOLE-232](https://issues.apache.org/jira/browse/GUACAMOLE-232) - Stuck keys iPad/Bluetooth keyboard (Return/Backspace/Space) + * [GUACAMOLE-352](https://issues.apache.org/jira/browse/GUACAMOLE-352) - Add support for dead keys + * [GUACAMOLE-447](https://issues.apache.org/jira/browse/GUACAMOLE-447) - Certain keys fail for external keyboards on iOS Safari + +### Automatic connection behavior + + * [GUACAMOLE-508](https://issues.apache.org/jira/browse/GUACAMOLE-508) - Automatically connect only if user lacks access to settings + +### Support for renaming RDP drive and printer + + * [GUACAMOLE-445](https://issues.apache.org/jira/browse/GUACAMOLE-445) - Allow RDP printer name to be configured + * [GUACAMOLE-446](https://issues.apache.org/jira/browse/GUACAMOLE-446) - Allow RDP drive name to be configured + * [GUACAMOLE-523](https://issues.apache.org/jira/browse/GUACAMOLE-523) - Use client_name for redirected devices + +### Configurable terminal color schemes + + * [GUACAMOLE-470](https://issues.apache.org/jira/browse/GUACAMOLE-470) - Make individual terminal colors configurable through "color-scheme" parameter + +### Optional recording of input events + + * [GUACAMOLE-313](https://issues.apache.org/jira/browse/GUACAMOLE-313) - Allow input events within session recording + +### SSH host key verification + + * [GUACAMOLE-527](https://issues.apache.org/jira/browse/GUACAMOLE-527) - Add parameter for specifying known SSH/SFTP server host key + +### Automatic detection of network issues + + * [GUACAMOLE-567](https://issues.apache.org/jira/browse/GUACAMOLE-567) - Network connection problem acknowledgement/feedback + +### Support for configuring Guacamole with environment variables + + * [GUACAMOLE-464](https://issues.apache.org/jira/browse/GUACAMOLE-464) - Extension configuration properties from the OS environment + +### Improvements to `guacamole/guacd` and `guacamole/guacamole` Docker images + + * [GUACAMOLE-42](https://issues.apache.org/jira/browse/GUACAMOLE-42) - Support setting guacd log level on Docker container + * [GUACAMOLE-407](https://issues.apache.org/jira/browse/GUACAMOLE-407) - Update guacd Docker image to build against more recent dependencies + * [GUACAMOLE-450](https://issues.apache.org/jira/browse/GUACAMOLE-450) - Change Tomcat Version in Dockerfile to major release + * [GUACAMOLE-553](https://issues.apache.org/jira/browse/GUACAMOLE-553) - Docker image need a new MySQL JDBC driver for MySQL 8.0 + +### General usability improvements + + * [GUACAMOLE-113](https://issues.apache.org/jira/browse/GUACAMOLE-113) - Add Ctrl+Alt+Del hotkey + * [GUACAMOLE-152](https://issues.apache.org/jira/browse/GUACAMOLE-152) - Difficult to reach specific zoom levels + * [GUACAMOLE-304](https://issues.apache.org/jira/browse/GUACAMOLE-304) - Clicking area to open connection + * [GUACAMOLE-351](https://issues.apache.org/jira/browse/GUACAMOLE-351) - Version parameter for guacd + +### General improvements to terminal behavior + + * [GUACAMOLE-269](https://issues.apache.org/jira/browse/GUACAMOLE-269) - Add support for alternative backspace/delete control codes + * [GUACAMOLE-564](https://issues.apache.org/jira/browse/GUACAMOLE-564) - Hide APC escape sequence for terminal + * [GUACAMOLE-565](https://issues.apache.org/jira/browse/GUACAMOLE-565) - Add terminal type parameter + +### Support for systemd + + * [GUACAMOLE-30](https://issues.apache.org/jira/browse/GUACAMOLE-30) - Add Systemd init script for guacd-server + +### Control of RDP bitmap and glyph caching + + * [GUACAMOLE-448](https://issues.apache.org/jira/browse/GUACAMOLE-448) - Add parameters for controlling RDP bitmap/glyph/off-screen caching + +Internationalization +-------------------- + +### Additional RDP keymaps + + * [GUACAMOLE-233](https://issues.apache.org/jira/browse/GUACAMOLE-233) - Add Spanish keymap for RDP + * [GUACAMOLE-273](https://issues.apache.org/jira/browse/GUACAMOLE-273) - Add Portuguese Brazilian keymap for RDP + * [GUACAMOLE-434](https://issues.apache.org/jira/browse/GUACAMOLE-434) - Add UK English keymap for RDP + * [GUACAMOLE-481](https://issues.apache.org/jira/browse/GUACAMOLE-481) - Add Turkish Q keymap for RDP + * [GUACAMOLE-517](https://issues.apache.org/jira/browse/GUACAMOLE-517) - Print screen key definition missing from RDP base keymap + +### Spanish translation of web interface + + * [GUACAMOLE-463](https://issues.apache.org/jira/browse/GUACAMOLE-463) - Spanish translation for Guacamole client + * [GUACAMOLE-530](https://issues.apache.org/jira/browse/GUACAMOLE-530) - Add Spanish on screen keyboard + +Bug fixes +--------- + +### Hostname / desktop name regression + + * [GUACAMOLE-502](https://issues.apache.org/jira/browse/GUACAMOLE-502) - Hostname / desktop name replaces connection name + +### General connection stability + + * [GUACAMOLE-324](https://issues.apache.org/jira/browse/GUACAMOLE-324) - Incorrect buffer used in socket write + * [GUACAMOLE-384](https://issues.apache.org/jira/browse/GUACAMOLE-384) - Terminal writes during disconnect may segfault + * [GUACAMOLE-424](https://issues.apache.org/jira/browse/GUACAMOLE-424) - VNC client segfaults if provided password is incorrect + * [GUACAMOLE-489](https://issues.apache.org/jira/browse/GUACAMOLE-489) - Secondary socket of "tee" socket is not threadsafe + * [GUACAMOLE-533](https://issues.apache.org/jira/browse/GUACAMOLE-533) - Automatically kill wayward guacd processes + +### Issues with database authentication behavior and SQL queries + + * [GUACAMOLE-505](https://issues.apache.org/jira/browse/GUACAMOLE-505) - Individual user query fails after two or more login history entries exist + * [GUACAMOLE-525](https://issues.apache.org/jira/browse/GUACAMOLE-525) - Creating user results in "Incorrect syntax near 'LIMIT'" + * [GUACAMOLE-529](https://issues.apache.org/jira/browse/GUACAMOLE-529) - Despite the fact user account is disabled, user account can access to a welcome blank screen + * [GUACAMOLE-540](https://issues.apache.org/jira/browse/GUACAMOLE-540) - Discrepancy with remote_host between tables + +### Incorrect status reported for sessions closed by RDP server + + * [GUACAMOLE-484](https://issues.apache.org/jira/browse/GUACAMOLE-484) - UPSTREAM_UNAVAILABLE incorrectly reported for sessions closed by RDP server + +### CAS authorization URI derived incorrectly + + * [GUACAMOLE-457](https://issues.apache.org/jira/browse/GUACAMOLE-457) - CAS authentication provider omits login URI + +### Build issues for guacamole-server + + * [GUACAMOLE-485](https://issues.apache.org/jira/browse/GUACAMOLE-485) - pango is required with pango support disabled + * [GUACAMOLE-500](https://issues.apache.org/jira/browse/GUACAMOLE-500) - Terminal build fails against GCC 7 + +### Fixes for guacenc behavior and protocol implementation + + * [GUACAMOLE-307](https://issues.apache.org/jira/browse/GUACAMOLE-307) - guacenc reports "Layer index out of bounds: -1" + * [GUACAMOLE-482](https://issues.apache.org/jira/browse/GUACAMOLE-482) - Return value of guacenc_video_flush_frame() not handled + * [GUACAMOLE-490](https://issues.apache.org/jira/browse/GUACAMOLE-490) - guacenc does not take channel mask into account for image streams + +### Issues specific to Internet Explorer + + * [GUACAMOLE-316](https://issues.apache.org/jira/browse/GUACAMOLE-316) - IE Compatibility mode doesn't work + * [GUACAMOLE-347](https://issues.apache.org/jira/browse/GUACAMOLE-347) - IE may lack window.location.origin + * [GUACAMOLE-348](https://issues.apache.org/jira/browse/GUACAMOLE-348) - Stream download iframe may not exist in DOM at time of removal + +### Use of deprecated `navigator.getUserMedia()` + + * [GUACAMOLE-237](https://issues.apache.org/jira/browse/GUACAMOLE-237) - navigator.getUserMedia() deprecated + +### Incorrect documentation for RDP `load-balance-info` parameter + + * [GUACAMOLE-427](https://issues.apache.org/jira/browse/GUACAMOLE-427) - RDP "load-balance-info" parameter incorrectly documented + +### Erroneous inclusion of "guaclog" binary in source tree + + * [GUACAMOLE-492](https://issues.apache.org/jira/browse/GUACAMOLE-492) - guaclog binary erroneously included in source tree + +Platform / API changes +---------------------- + +### **Java 8 or later is now required** + + * [GUACAMOLE-497](https://issues.apache.org/jira/browse/GUACAMOLE-497) - Ensure guacamole-client source is compatible with Java 9 + * [GUACAMOLE-635](https://issues.apache.org/jira/browse/GUACAMOLE-635) - Build against and require Java 1.8 + +### Guacamole no longer uses cookies + + * [GUACAMOLE-549](https://issues.apache.org/jira/browse/GUACAMOLE-549) - Store auth token within localStorage + +### Removal of NoAuth and other deprecated components + + * [GUACAMOLE-493](https://issues.apache.org/jira/browse/GUACAMOLE-493) - Remove the NoAuth extension entirely + * [GUACAMOLE-494](https://issues.apache.org/jira/browse/GUACAMOLE-494) - Remove support for old, deprecated properties + * [GUACAMOLE-495](https://issues.apache.org/jira/browse/GUACAMOLE-495) - Remove support for old, deprecated portions of API + +### Improvements to extension API + + * [GUACAMOLE-499](https://issues.apache.org/jira/browse/GUACAMOLE-499) - REST API Error Codes should come from GuacamoleStatus + * [GUACAMOLE-541](https://issues.apache.org/jira/browse/GUACAMOLE-541) - Webapp dependencies take precedence over bundled extension dependencies + * [GUACAMOLE-542](https://issues.apache.org/jira/browse/GUACAMOLE-542) - Provide base implementations of UserContext and AuthenticationProvider + * [GUACAMOLE-566](https://issues.apache.org/jira/browse/GUACAMOLE-566) - Add RESTExceptionWrapper support for extensions + +### Web application updated to AngularJS 1.6.9 + + * [GUACAMOLE-526](https://issues.apache.org/jira/browse/GUACAMOLE-526) - Update Guacamole-Client Webapp to Angular 1.6.9 + +### Improvements to Java / JavaScript tunnel API + + * [GUACAMOLE-431](https://issues.apache.org/jira/browse/GUACAMOLE-431) - Tunnel implementations handles close only once + * [GUACAMOLE-437](https://issues.apache.org/jira/browse/GUACAMOLE-437) - Allow to configure custom headers for Guacamole tunnels + +Deprecation / Compatibility notes +================================= + +As of 1.0.0, the following changes have been made which affect compatibility +with past releases: + + +**Java 8 or later is now required** +----------------------------------- + +TODO + +Database schema changes +----------------------- + +The MySQL, PostgreSQL, and SQL Server schemas have changed, ... + +Users of the database authentication will need to run the +`upgrade-pre-1.0.0.sql` script specific to their chosen database. + +Hostname logging within database +-------------------------------- + +The hostname/address of users logged by the database authentication backend is +now determined entirely by the servlet container. The database authentication +will not manually parse the `X-Forwarded-For` header, and will instead rely on +the servlet container to perform any such parsing. + +If proxying Guacamole, the configuration of your servlet container should be +updated to handle the headers set by your proxy. For Apache Tomcat, this is +accomplished with a [`RemoteIpValve`](https://tomcat.apache.org/tomcat-8.5-doc/api/org/apache/catalina/valves/RemoteIpValve.html) +in your `server.xml`. + +Logging of hostnames/addresses by Guacamole during the authentication process +(as would be parsed by tools like fail2ban) is unchanged, however you will need +to update the pattern if `RemoteIpValve` or similar are used, as the address of +interest will likely be the rightmost address. If the user is not behind any +additional, untrusted proxies, the address of interest will be the *only* +address. + +Removal of deprecated NoAuth extension +-------------------------------------- + +TODO + +Removal of deprecated properties +-------------------------------- + +* `basic-user-mapping` +* `mysql-disallow-simultaneous-connections` +* `mysql-disallow-duplicate-connections` +* `postgresql-disallow-simultaneous-connections` +* `postgresql-disallow-duplicate-connections` + +TODO + +Extension API changes +--------------------- + +### Support for user groups + +TODO + +### The new decoration API + +TODO + +### Removal of deprecated `GuacamoleHome` and `GuacamoleProperties` classes + +TODO + +### Deprecation of `SimpleUserDirectory`, `SimpleConnectionDirectory`, and `SimpleConnectionGroupDirectory` classes + +TODO (Replaced by `SimpleDirectory`) + +### Deprecation of `SimpleUser` convenience constructors + +TODO + +libguac API changes +------------------- + +### `guac_protocol_send_mouse()` now requires additional parameters + +TODO + +### `GUAC_INSTRUCTION_MAX_ELEMENTS` macro definition changed + +TODO (Affects size of `guac_parser` as well as any code referencing that macro) + +Java API (guacamole-common) changes +----------------------------------- + +### Removal of deprecated `GuacamoleSession` class + +TODO + +### Change in definition of `GuacamoleHTTPTunnelServler.sendError()` + +TODO + +JavaScript API changes +---------------------- + +### Removal of deprecated `GuacamoleClient.setClipboard()` function + +TODO + +### Addition of `Guacamole.Tunnel.State.UNSTABLE` state + +TODO (Implementations of `onstatechange` may need to take this into account if unknown statuses are not simply ignored) + +### Internal WebSocket tunnel implementation changes + +TODO (New use of internal tunnel opcode for connection stability "ping" will affect third-party reimplementations of Guacamole's WebSocket tunnel) +
