released: true archived: true title: 1.5.0 date: 2023-02-18 09:23:07 -0800 summary: > In-app playback of recordings, key vaults, ECC keys, multiple LDAP/AD servers, shared connection join/leave notifications, bug fixes.
artifact-url: “https://archive.apache.org/dist/{}” checksum-url: “https://archive.apache.org/dist/{}” download-path: “guacamole/1.5.0/” checksum-suffixes: “PGP” : “.asc” “SHA-256” : “.sha256”
source-dist: - “source/guacamole-client-1.5.0.tar.gz” - “source/guacamole-server-1.5.0.tar.gz”
binary-dist: - “binary/guacamole-1.5.0.war” - “binary/guacamole-auth-duo-1.5.0.tar.gz” - “binary/guacamole-auth-header-1.5.0.tar.gz” - “binary/guacamole-auth-jdbc-1.5.0.tar.gz” - “binary/guacamole-auth-json-1.5.0.tar.gz” - “binary/guacamole-auth-ldap-1.5.0.tar.gz” - “binary/guacamole-auth-quickconnect-1.5.0.tar.gz” - “binary/guacamole-auth-sso-1.5.0.tar.gz” - “binary/guacamole-auth-totp-1.5.0.tar.gz” - “binary/guacamole-history-recording-storage-1.5.0.tar.gz” - “binary/guacamole-vault-1.5.0.tar.gz”
documentation: “Manual” : “/doc/1.5.0/gug” “guacamole-common” : “/doc/1.5.0/guacamole-common” “guacamole-common-js” : “/doc/1.5.0/guacamole-common-js” “guacamole-ext” : “/doc/1.5.0/guacamole-ext” “libguac” : “/doc/1.5.0/libguac” “libguac-terminal” : “/doc/1.5.0/libguac-terminal”
The 1.5.0 release features support for in-browser playback of session recordings, retrieving secrets from key vaults, SSH support for elliptic-curve cryptography (ECC) keys, and support for authenticating against multiple LDAP or Active Directory servers. Users also will now automatically receive notification of users joining a shared connection, including when administrators join an active connection via the “Active Sessions” screen.
For a full list of all changes in this release, please see the changelog.
The 1.5.0 release is compatible with older 1.x components. You should upgrade older components to 1.5.0 when possible, however things should continue to work correctly in the interim:
Regardless of inter-component compatibility, there are changes in 1.5.0 which may affect downstream users of Guacamole's APIs. Please see the deprecation / compatibility notes section for more information.
{:#recording-playback}
Guacamole now supports playback of session recordings directly within the web application. An extension is provided that, if installed, defines a standard location and naming convention for session recordings that allows those recordings to be associated with connection history entries:
Any user with sufficient permissions to see those history entries will then be able to directly open the recording in an in-browser player by clicking a link next to the history entry in the “History” screen of the administration interface:
{:#key-vaults}
Secrets for both connection parameters and properties within guacamole.properties
can now be retrieved from key vaults, with initial support for Keeper Secrets Manager (KSM){:rel=“nofollow”}. Leveraging parameter tokens, the administrator can configure connections to automatically pull secrets like passwords or private keys from the vault based on the connection's username, the hostname, or other criteria. Custom tokens can also be defined for arbitrary secrets in the vault.
{:#share-notification}
As of 1.5.0, users of a connection that is shared with other users will receive a notification when those users join the connection, and will see a counter of the number of other users currently present in the upper-right corner of the display:
This notification and counter displays both users that have joined due to a share link and administrators that have joined by clicking on the connection within the “Active Sessions” screen. Users can at any time hover the mouse over the counter to see which users are currently present:
{:#ecc-keys}
As long as libssh2 1.9.0 or later is installed, Guacamole supports using elliptic curve cryptography (ECC) private keys for SSH and SFTP connections, including keys in OpenSSH format. This support relies on libssh2's support for the same capability, so the libssh2 version must be at least 1.9.0. If your distribution does not provide a libssh2 package that is recent enough, you will need to either build libssh2 from source or use the guacamole/guacd
Docker image.
{:#multi-ldap}
Guacamole can now consider multiple LDAP or Active Directory servers for authentication, attempting to authenticate the user against each defined LDAP server until authentication is successful or no servers remain.
The specific LDAP server that applies can also be narrowed before trying any servers at all by using username patterns, if part of the username can reasonably be used to determine this. An example where this might be the case would be usernames of the form DOMAIN\user
or user@DOMAIN
.
Each 1.x release of Apache Guacamole should be compatible with components of older 1.x releases. This compatibility is intended at the Guacamole protocol level and at the extension level, but not necessarily at the API level. This means:
As of 1.5.0, the following changes have been made which affect compatibility with past releases:
name
added to guac_user_info
structureA new name
member has been added to guac_user_info
to allow implementations to retrieve the optional human-readable name received during the connection handshake, affecting the size of this structure.
Additionally, because guac_user_info
forms a part of guac_user
, this change also affects the memory offsets of members of the guac_user
structure which follow the info
member, such as data
and various instruction handlers.
Downstream usages of libguac which make use of guac_user
or guac_user_info
will need to be rebuilt to ensure that the structure sizes and memory offsets used are correct.