Apache Guacamole 1.5.5

Apache Guacamole is split into two subprojects: "guacamole-client", the HTML5 web application which serves the Guacamole client to users, and "guacamole-server", the remote desktop proxy which the web application communicates with. The source code for each of these may be downloaded below.

You must verify the integrity of any downloaded files using the OpenPGP signatures we provide with each release. The signatures should be verified against the KEYS file, which contains the OpenPGP keys of Apache Guacamole's Release Managers. Checksums of each released file are also provided.

If you do not wish to build Apache Guacamole entirely from source, pre-built versions of the web application (.war) and all extensions are provided here in binary form for convenience. Please note that guacamole-server must still be built and installed from source.

Release notes

The 1.5.5 release is a bugfix release that addresses bugs and regressions from 1.5.4 and earlier, including a resource leak that may affect RDP and SSH connections, and updates all dependencies to their latest compatible versions. For a full list of all changes in this release, please see the changelog below.

The 1.5.5 release is compatible with older 1.x components. You should upgrade older components to 1.5.5 when possible, however things should continue to work correctly in the interim:

  • Extensions written for older 1.x releases can be used by 1.5.5.
  • Components written for the version of the Guacamole protocol used by older 1.x releases can be used with components of the 1.5.5 release.

Regardless of inter-component compatibility, there are changes in 1.5.5 which may affect downstream users of Guacamole’s APIs. Please see the deprecation / compatibility notes section for more information.


Docker images

  • Japanese characters display garbled in terminal when using guacd docker image (GUACAMOLE-1726)

Authentication, integration, and storage

  • Per-user connection concurrency limit does not default to unlimited (GUACAMOLE-1909)

Protocol support / guacd

  • Starting/joining an RDP connection may segfault depending on timing of underlying RDP/SFTP connection(s) (GUACAMOLE-1140)
  • Build fails with “undefined reference to ‘timer_create’” (GUACAMOLE-1892)
  • Resizing an RDP connection produces segfault (GUACAMOLE-1900)
  • guacd 1.5.4/master double free issue (GUACAMOLE-1903)
  • TLS sockets are not synchronized (GUACAMOLE-1910)
  • Updates to clipboard contents may be delayed due to lack of flush (GUACAMOLE-1917)
  • Multitouch attribute not correctly synced for guac_common_surface (GUACAMOLE-1918)
  • When the cumulative number of user connections reaches a certain amount, guacd will report an error. “RDP server closed/refused connection: Security negotiation failed (wrong security type?)” (GUACAMOLE-1920)
  • Missing VNC password challenge (GUACAMOLE-1921)

General housekeeping and cleanup

Deprecation / Compatibility notes

Each 1.x release of Apache Guacamole should be compatible with components of older 1.x releases. This compatibility is intended at the Guacamole protocol level and at the extension level, but not necessarily at the API level. This means:

  • Extensions from older 1.x releases should still work in binary form, but may need code changes before their source will build against a newer version of guacamole-ext.
  • Software which uses the Guacamole protocol of an older 1.x release should still work.
  • Software which uses libguac from an older 1.x release should still work by continuing to use the libguac from that release, as newer versions of libguac may not be API/ABI compatible. In the case of third-party protocol support plugins for guacd, this means that the guacd from that release must also be used. Compatibility with respect to libguac is represented by the soname.
  • You should update to newer versions where applicable and when possible.

As of 1.5.5, the following changes have been made which affect compatibility with past releases:

Addition of socket_lock to guac_socket_ssl_data structure

The internal guac_socket_ssl_data structure used by the SSL/TLS variant of guac_socket now contains an additional pthread_mutex_t member at its end, increasing its overall size. Offsets of established structure members are not affected.

It is unlikely that any external code manually allocates instances of this structure and passes those instances back to libguac, but any such code would need to be rebuilt to be compatible.