Apache Guacamole 1.3.0 is an archived release, and was originally released on 2021-01-01. The latest release of Apache Guacamole is 1.5.5.
Apache Guacamole is split into two subprojects: "guacamole-client", the HTML5 web application which serves the Guacamole client to users, and "guacamole-server", the remote desktop proxy which the web application communicates with. The source code for each of these may be downloaded below.
You must verify the integrity of any downloaded files using the OpenPGP signatures we provide with each release. The signatures should be verified against the KEYS file, which contains the OpenPGP keys of Apache Guacamole's Release Managers. Checksums of each released file are also provided.
Filename | Signatures / Hashes |
---|---|
guacamole-client-1.3.0.tar.gz | PGP SHA-256 |
guacamole-server-1.3.0.tar.gz | PGP SHA-256 |
If you do not wish to build Apache Guacamole entirely from source, pre-built versions of the web application (.war) and all extensions are provided here in binary form for convenience. Please note that guacamole-server must still be built and installed from source.
The 1.3.0 release features support for automatically prompting users for their remote desktop credentials, user group support for both CAS and OpenID, and several bug fixes. For a full list of all changes in this release, please see the changelog.
The 1.3.0 release is compatible with older 1.x components. You should upgrade older components to 1.3.0 when possible, however things should continue to work correctly in the interim:
Regardless of inter-component compatibility, there are changes in 1.3.0 which may affect downstream users of Guacamole’s APIs and the Guacamole protocol. Please see the deprecation / compatibility notes section for more information.
Historically, Guacamole has required that remote desktop credentials either be stored alongside connection configuration, passed through from web application authentication (typically Active Directory), or retrieved interactively by the remote desktop itself.
In addition to these methods, Guacamole will now automatically prompt the user to enter any credentials not already provided by the administrator if those credentials are required.
If using a CAS or OpenID identity provider to automatically sign in your users, user groups can now also be retrieved from the identity provider. Similar to the support already present for SAML, this support allows the admininstrator to define how user groups are exposed by the identity provider and allow those user groups to affect the permissions granted to their members within Guacamole.
ldap-user-attributes
property to Guacamole Docker image (GUACAMOLE-987)ldap-dereference-aliases
, ldap-follow-referrals
, ldap-max-referral-hops
, and ldap-operation-timeout
properties to Guacamole Docker image (GUACAMOLE-1147)totp-period
is set (GUACAMOLE-1146)skip-if-unavailable
breaks expired password change (GUACAMOLE-1152)disable-copy
flag does not work (GUACAMOLE-1158)allowed-languages
property incorrectly documented as available-languages
(GUACAMOLE-1107)UNIX_TIME
macro (GUACAMOLE-949)nbproject/
directory from git via .gitignore
(GUACAMOLE-1151)Each 1.x release of Apache Guacamole should be compatible with components of older 1.x releases. This compatibility is intended at the Guacamole protocol level and at the extension level, but not necessarily at the API level. This means:
As of 1.3.0, the following changes have been made which affect compatibility with past releases:
GuacamoleSocket
should now implement getProtocol()
The required
and argv
instructions both refer to connection parameters by
name. As it is the underlying protocol of a connection that determines the
semantics of connection parameters, client implementations will commonly need
to expose this information in some way. The mainline web application provided
by Apache Guacamole is one such implementation.
A new getProtocol()
function has been added to GuacamoleSocket
to
facilitate this, and implementations of GuacamoleSocket
should aim to provide
implementations of this function with that in mind.
This will happen automatically for ConfiguredGuacamoleSocket
.
getHistory()
for User
and Connection
interfacesThe User
and Connection
interfaces have both continued to define a basic
getHistory()
function for retrieving a raw list of history records. Unlike
the getUserHistory()
and getConnectionHistory()
functions exposed by the
UserContext
, the getHistory()
functions do not support filtering or
searching.
The old getHistory()
functions have now been deprecated in favor of newer
functions that do support filtering. Implementations that provide
getHistory()
will continue to work, but should migrate to the new functions
when possible.
required
instructionTo allow the server to request that the client provide credentials (or any
other parameters), a new required
instruction has been added to the Guacamole
protocol. This instruction informs the client that one or more connection
parameters need to be specified for the connection to continue. If the client
indicated support for the required
instruction during the initial connection
handshake, the client is then expected to supply values for each of these
parameters using argv
streams.
protocol_version
added to guac_user_info
structureA new protocol_version
member has been added to guac_user_info
to allow
implementations to make decisions based on the Guacamole protocol version in
use, affecting the size of this structure.
Additionally, because guac_user_info
forms a part of guac_user
, this change
also affects the memory offsets of members of the guac_user
structure which
follow the info
member, such as data
and various instruction handlers.
Downstream usages of libguac which make use of guac_user
or guac_user_info
will need to be rebuilt to ensure that the structure sizes and memory offsets
used are correct.