Release Notes
Please get in touch at support@netcubed.io for any questions or feature requests.
Make sure you follow the Migrations Guide if you are upgrading from a version 1.5.0 or below.
2.9.4
- Restored support for VNC in this release.
2.9.3
- Updated Guacamole to version 1.5.5. Release notes can be found at https://guacamole.apache.org/releases/1.5.5/.
- This is a maintenance release and does not contain any new features.
- Updated the operating system to the latest Amazon Linux 2 version and refreshed base images for all containers.
2.9.2
- Updated Guacamole to version 1.5.3. Release notes can be found at https://guacamole.apache.org/releases/1.5.3/.
- This is a maintenance release and does not contain any new features.
- Switched default volume type to gp3 from gp2 which reduces cost and improves performance.
2.9.1
- Updated Guacamole to version 1.5.2. Release notes can be found at https://guacamole.apache.org/releases/1.5.2/.
- Fixed issue with connecting to an external MySQL database with SSL enabled
- Fixed issue with VNC support missing from the last release
- Stability and performance improvements
2.9.0
- Updated Guacamole to version 1.5.0. Release notes can be found at https://guacamole.apache.org/releases/1.5.0/. Highlights include
- In-application playback of recordings
- SSH support for ECC keys
2.8.4
- Prefer FIPS compliant ciphers and algorithms for SSH connections
- Resolved issue with the
guawsql
command tried to connect to the wrong host - Resolved issue with the cluster CloudFormation template where the database connection was not set correctly
2.8.3
- Resolved issue with Windows RDP connections where the remote desktop would not resize after the browser is resized.
- Resolved an issue with Safari where the connection would not be established.
- The log level defined in the
/home/ec2-user/guaws/.env
file now also applied to theguacd
service. - The configuration of the external database connection has been moved to
/home/ec2-user/guaws/database.env
. - The
guawsql
command now automatically picks up the database configuration fromdatabase.env
to establish the connection. - The Batch Import of Users script has been improved to support all attributes available in Guacamole, such as name, role, organization and access policies like
expired
which forces the user to reset their password after first log in.
2.8.2
This updated resolves issues with the SAML authentication provider provided in version 1.4.0 of Guacamole and provides important information for customers using the SAML authentication provider.
- Fixed a redirect loop when using SAML authentication with Azure Active Directory and other SAML providers.
- For security reasons,
saml-strict
mode is now enabled by default. That means that if you are usingsaml-idp-url
instead ofsaml-idp-metadata-url
, your authentication flow will no longer work.
On January 11, 2022, the following security vulnerability in the SAML authentication provider was published (https://www.cve.org/CVERecord?id=CVE-2021-43999): Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user.
If you have SAML authentication enabled and are using version 1.2.0 or 1.3.0 of the SAML provider, please upgrade as soon as possible to version 1.4.0. The SAML provider can be updated individually without the need to replace the instance. Please follow the instructions in the SAML guide.
Please contact support at support@netcubed.io if you need help with the update.
2.8.1
- Fixed an issue with the nginx generated error pages.
2.8.0
-
Updated Guacamole to version 1.4.0. Release notes can be found at https://guacamole.apache.org/releases/1.4.0/. Highlights include
-
Security: Tomcat error responses are replaced by a plain nginx error page.
2.7.0
- Added a default Content-Security-Policy header to the Guacamole web application.
- Added ability to customize the branding of the web application.
- The command line tools
guawsql
andguawsctl
are now available to all operating system users. - Added a default
guacamole.properties
that disables a limit on the maximum number of connections per user. - Fixed an issue where the
guacenc
utility was not installed properly.
2.6.2
- Added dedicated documentation for AWS SSO and SAML 2.0 integrations
- Update operating system
2.6.0
-
Updated Guacamole to version 1.3.0. Release notes can be found at https://guacamole.apache.org/releases/1.3.0/. Highlights include
- Windows connections will now prompt for a password if not configured in the connection settings (the security mode for the connection is set to NLA).
- User groups can now be retrived from the SAML identity provider.
-
Bugfix: Removed example directory from web server.
2.5.0
- Add ARM64 image for Graviton2 instances
2.4.0
- Updated Guacamole to version 1.2.0. Release notes can be found at https://guacamole.apache.org/releases/1.2.0/. Highlights include
- Single Sign-On with the SAML 2.0 authentication provider (instructions)
- Granular control of clipboard and file transfer
- Improvements to the RDP keyboard behavior
2.3.0
- Now ships with Let's Encrypt
certbot
to provide an easy way to request a certificate (see Security) - Hardened nginx configuration. The minimal supported TLS version is now 1.2, HSTS is now enabled.
- Changes to the
nginx.conf
file in/home/ec2-user/guaws/nginx
are now applied immediately with a restart of the nginx container (guawsctl restart nginx
) and don't require an image build - Added support for http2
2.2.0
- Upgraded Apache Guacamole to version 1.1.0. Release notes can be found at https://guacamole.apache.org/releases/1.1.0/. Highlights include
- Native support for connecting to Kubernetes pods
- Dynamic image quality adjustment based on performance measurements of the connected client
2.1.0
- Add support for Amazon Cognito as Single-Sign on authentication provider
- Fix problem with the auto-discovery agent failing if the
guacadmin
user was deleted
2.0.4
- Fix issue for clients using MacOS Catalina with respect to the self-signed certificate presented by the web server
2.0.3
- Fix issue where file uploads would fail randomly over high-latency connections
- Addressed issue in the GuAWS agent which caused it to stall and stop to pick up new instances
- Updated Linux Kernel to version 4.19 from 4.14 for improved network performance
2.0.0
New Features:
- Support for instance discovery across VPCs, regions and accounts via VPC Transit Gateways or VPC Peering Connections
- Updating Guacamole will no longer require replacing the instance
- Added a Command Line Interface
guawsctl
which will assist with common maintenance tasks - Added experimental support for VNC connections
Bug Fixes and Improvements:
- Removed limit for file uploads (previously 512mb)
- Stopped instances are no longer removed from the list of connections
- Connection history written to CloudWatch Logs now include AWS account ID, region and VPC ID of the instance
- Logs from all containers are now written to journald and are easily accessible via
guawsctl logs -f
- Simplified setting up file sharing with the browser by providing sensible defaults
v1.5.0
- Upgraded Apache Guacamole to version 1.0.0. Release notes can be found at https://guacamole.apache.org/releases/1.0.0/. Highlights are support for user groups, seamless clipboard integration in Chrome, multi-factor authentication with Google Authenticator (TOTP) and support for creating ad-hoc connections.
v1.4.0
- Guacamole has been updated to support modern ciphers for SSH connections (relevant for FIPS 140-2 and CIS benchmark compliance).
- Support for running Guacamole in a highly available cluster configuration using CloudFormation.
- Session recording is now much easier to setup. All recordings will be persisted to disk in a central location.
- The image now ships with the
guacenc
utility which can convert raw session recordings into video streams that can be played back. - Fixed an issue where audit log were not written to CloudWatch Logs when EC2 permissions were missing.
v1.3.0
- Upgraded to Apache Guacamole v0.9.14 (http://guacamole.apache.org/releases/0.9.14/)
- Documentation on how to enable two-factor authentication through Duo.com and Auth0.com.
- Expose the GUACAMOLE_HOME directory to the host EC2 instance. This makes changes to the
guacamole.properties
file possible. - Custom authentication extensions are now included by default.
v1.2.1
- Upgraded the base operating system to the brand-new Amazon Linux 2
- Startup time from a cold launch has been improved
- AMI can now be launched in a private subnet with no internet access
v1.2.0
- Increased file upload limit to 512mb
- Exposed MySQL port to localhost for programmatic access to users and connections
v1.1.2
- Upgraded to Apache Guacamole v0.9.13
- Upgraded to latest Amazon Linux AMI
v1.1.0
- Upgraded Apache Guacamole to v0.9.12
- Switched to Amazon Linux from Ubuntu
Migrations
From 1.5.0 or below to 2.0.0 or above
Please review your instance profile attached to the instance to match the instance profile described in the Setup Instructions. Additional permissions are required for cross-account discovery of instances and more reliable logging to CloudWatch Logs.
If you only rely on the automatic discovery feature and don't have custom connections, users or groups, you can simply spin up a new instance with the v2.0.4 AMI. It will discover any instances in your environment and you can retire the previous version.
Follow these steps if you want to restore all custom connections, users and groups:
- Log on to the existing Guacamole instance and execute the following command to create a database backup
mysqldump --protocol=TCP --skip-lock-tables --add-drop-table --user=guacamole --password=guacamole --databases guacamole > backup.sql
- Launch an instance with at least version 2 of the Guacamole Bastion Host from the marketplace
- Move
backup.sql
to the new instance - Stop the Guacamole agent
guawsctl stop guaws
- Execute the following command to restore the existing database.
guawsql < backup.sql
- Download and import the migration script to migrate the database to the new schema.
curl -sO http://netcubed-ami.s3-website-us-east-1.amazonaws.com/guaws/v2.4.0/sql/v1-to-v2-0-0.sh
bash v1-to-v2-0-0.sh | guawsql
guawsctl start guaws - Log in via the Guacamole web interface