Skip to main content

Release Notes

Please get in touch at support@netcubed.io for any questions or feature requests.

Make sure you follow the Migrations Guide if you are upgrading from a version 1.5.0 or below.

2.9.2

  • Updated Guacamole to version 1.5.3. Release notes can be found at https://guacamole.apache.org/releases/1.5.3/.
  • This is a maintenance release and does not contain any new features.
  • Switched default volume type to gp3 from gp2 which reduces cost and improves performance.

2.9.1

  • Updated Guacamole to version 1.5.2. Release notes can be found at https://guacamole.apache.org/releases/1.5.2/.
  • Fixed issue with connecting to an external MySQL database with SSL enabled
  • Fixed issue with VNC support missing from the last release
  • Stability and performance improvements

2.9.0

2.8.4

  • Prefer FIPS compliant ciphers and algorithms for SSH connections
  • Resolved issue with the guawsql command tried to connect to the wrong host
  • Resolved issue with the cluster CloudFormation template where the database connection was not set correctly

2.8.3

  • Resolved issue with Windows RDP connections where the remote desktop would not resize after the browser is resized.
  • Resolved an issue with Safari where the connection would not be established.
  • The log level defined in the /home/ec2-user/guaws/.env file now also applied to the guacd service.
  • The configuration of the external database connection has been moved to /home/ec2-user/guaws/database.env.
  • The guawsql command now automatically picks up the database configuration from database.env to establish the connection.
  • The Batch Import of Users script has been improved to support all attributes available in Guacamole, such as name, role, organization and access policies like expired which forces the user to reset their password after first log in.

2.8.2

This updated resolves issues with the SAML authentication provider provided in version 1.4.0 of Guacamole and provides important information for customers using the SAML authentication provider.

  • Fixed a redirect loop when using SAML authentication with Azure Active Directory and other SAML providers.
  • For security reasons, saml-strict mode is now enabled by default. That means that if you are using saml-idp-url instead of saml-idp-metadata-url, your authentication flow will no longer work.

On January 11, 2022, the following security vulnerability in the SAML authentication provider was published (https://www.cve.org/CVERecord?id=CVE-2021-43999): Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user.

If you have SAML authentication enabled and are using version 1.2.0 or 1.3.0 of the SAML provider, please upgrade as soon as possible to version 1.4.0. The SAML provider can be updated individually without the need to replace the instance. Please follow the instructions in the SAML guide.

Please contact support at support@netcubed.io if you need help with the update.

2.8.1

  • Fixed an issue with the nginx generated error pages.

2.8.0

2.7.0

  • Added a default Content-Security-Policy header to the Guacamole web application.
  • Added ability to customize the branding of the web application.
  • The command line tools guawsql and guawsctl are now available to all operating system users.
  • Added a default guacamole.properties that disables a limit on the maximum number of connections per user.
  • Fixed an issue where the guacenc utility was not installed properly.

2.6.2

  • Added dedicated documentation for AWS SSO and SAML 2.0 integrations
  • Update operating system

2.6.0

  • Updated Guacamole to version 1.3.0. Release notes can be found at https://guacamole.apache.org/releases/1.3.0/. Highlights include

    • Windows connections will now prompt for a password if not configured in the connection settings (the security mode for the connection is set to NLA).
    • User groups can now be retrived from the SAML identity provider.

  • Bugfix: Removed example directory from web server.

2.5.0

  • Add ARM64 image for Graviton2 instances

2.4.0

  • Updated Guacamole to version 1.2.0. Release notes can be found at https://guacamole.apache.org/releases/1.2.0/. Highlights include
    • Single Sign-On with the SAML 2.0 authentication provider (instructions)
    • Granular control of clipboard and file transfer
    • Improvements to the RDP keyboard behavior

2.3.0

  • Now ships with Let's Encrypt certbot to provide an easy way to request a certificate (see Security)
  • Hardened nginx configuration. The minimal supported TLS version is now 1.2, HSTS is now enabled.
  • Changes to the nginx.conf file in /home/ec2-user/guaws/nginx are now applied immediately with a restart of the nginx container (guawsctl restart nginx) and don't require an image build
  • Added support for http2

2.2.0

2.1.0

  • Add support for Amazon Cognito as Single-Sign on authentication provider
  • Fix problem with the auto-discovery agent failing if the guacadmin user was deleted

2.0.4

  • Fix issue for clients using MacOS Catalina with respect to the self-signed certificate presented by the web server

2.0.3

  • Fix issue where file uploads would fail randomly over high-latency connections
  • Addressed issue in the GuAWS agent which caused it to stall and stop to pick up new instances
  • Updated Linux Kernel to version 4.19 from 4.14 for improved network performance

2.0.0

New Features:

  • Support for instance discovery across VPCs, regions and accounts via VPC Transit Gateways or VPC Peering Connections
  • Updating Guacamole will no longer require replacing the instance
  • Added a Command Line Interface guawsctl which will assist with common maintenance tasks
  • Added experimental support for VNC connections

Bug Fixes and Improvements:

  • Removed limit for file uploads (previously 512mb)
  • Stopped instances are no longer removed from the list of connections
  • Connection history written to CloudWatch Logs now include AWS account ID, region and VPC ID of the instance
  • Logs from all containers are now written to journald and are easily accessible via guawsctl logs -f
  • Simplified setting up file sharing with the browser by providing sensible defaults

v1.5.0

  • Upgraded Apache Guacamole to version 1.0.0. Release notes can be found at https://guacamole.apache.org/releases/1.0.0/. Highlights are support for user groups, seamless clipboard integration in Chrome, multi-factor authentication with Google Authenticator (TOTP) and support for creating ad-hoc connections.

v1.4.0

  • Guacamole has been updated to support modern ciphers for SSH connections (relevant for FIPS 140-2 and CIS benchmark compliance).
  • Support for running Guacamole in a highly available cluster configuration using CloudFormation.
  • Session recording is now much easier to setup. All recordings will be persisted to disk in a central location.
  • The image now ships with the guacenc utility which can convert raw session recordings into video streams that can be played back.
  • Fixed an issue where audit log were not written to CloudWatch Logs when EC2 permissions were missing.

v1.3.0

  • Upgraded to Apache Guacamole v0.9.14 (http://guacamole.apache.org/releases/0.9.14/)
  • Documentation on how to enable two-factor authentication through Duo.com and Auth0.com.
  • Expose the GUACAMOLE_HOME directory to the host EC2 instance. This makes changes to the guacamole.properties file possible.
  • Custom authentication extensions are now included by default.

v1.2.1

  • Upgraded the base operating system to the brand-new Amazon Linux 2
  • Startup time from a cold launch has been improved
  • AMI can now be launched in a private subnet with no internet access

v1.2.0

  • Increased file upload limit to 512mb
  • Exposed MySQL port to localhost for programmatic access to users and connections

v1.1.2

  • Upgraded to Apache Guacamole v0.9.13
  • Upgraded to latest Amazon Linux AMI

v1.1.0

  • Upgraded Apache Guacamole to v0.9.12
  • Switched to Amazon Linux from Ubuntu

Migrations

From 1.5.0 or below to 2.0.0 or above

Please review your instance profile attached to the instance to match the instance profile described in the Setup Instructions. Additional permissions are required for cross-account discovery of instances and more reliable logging to CloudWatch Logs.

If you only rely on the automatic discovery feature and don't have custom connections, users or groups, you can simply spin up a new instance with the v2.0.4 AMI. It will discover any instances in your environment and you can retire the previous version.

Follow these steps if you want to restore all custom connections, users and groups:

  • Log on to the existing Guacamole instance and execute the following command to create a database backup
    mysqldump --protocol=TCP --skip-lock-tables --add-drop-table --user=guacamole --password=guacamole --databases guacamole > backup.sql
  • Launch an instance with at least version 2 of the Guacamole Bastion Host from the marketplace
  • Move backup.sql to the new instance
  • Stop the Guacamole agent
    guawsctl stop guaws
  • Execute the following command to restore the existing database.
    guawsql < backup.sql
  • Download and import the migration script to migrate the database to the new schema.
    curl -sO http://netcubed-ami.s3-website-us-east-1.amazonaws.com/guaws/v2.4.0/sql/v1-to-v2-0-0.sh
    bash v1-to-v2-0-0.sh | guawsql
    guawsctl start guaws
  • Log in via the Guacamole web interface