IGEL OS 11

Citrix

• Integrated Citrix Workspace App 2303
  Available Workspace Apps in this release: 2303 (default), 2302, and 2010
• New features:
  
• Inactivity Timeout for Citrix Workspace app

• Background blurring for webcam redirection

• Integrated RTME 2.9.600 for Skype for Business

AVD

• Updated IGEL AVD client to version 1.1.17
  
• Added: Cache of last entered username for AVD sessions if no other username preset is active.
  
• Added parameter to disable the username cache

VMware Horizon

• Updated Horizon client to version 2303-8.9.0-21435420
  Added parameter for the browser redirection feature and
  setting rtav related audio out option:

Chromium

• Updated Chromium browser to version 112.0.5615.165

Firefox

• Updated Mozilla Firefox to version 102.10.0 esr

WiFi

• Added iwlwifi backport WiFi driver which can be used if issues with Intel WiFi devices occur.
  
• Added registry key (reboot is required to become effective)

Smartcard

• Updated Pointsharp (formerly SecMaker) Net iD Client to version 1.1.0.37.

CUPS Printing

• Added LRS printing agent V1R1.0.000
• Corresponding configuration options in setup - Devices > Printing > LRS

Cisco Webex

• Integrated Cisco Webex VDI 43.4.0.25788

Base system

• Added Canadian Multilingual Standard keyboard layout.
• Added BIOS update and password management support for HP t540 and t640. How- to-guide via [https://kb.igel.com/hp-ami-bios], added parameters:

Driver

• Updated Olympus driver for dictation to version 4.0.3.

Audio

• Updated EPOS Connect to version 7.4

Hardware

• Added hardware support for Lenovo ThinkPad L14 Gen3 (Intel) - integrated LTE is not supported yet.
• Added hardware support for HP Elite mt645 G7, includes WWAN Intel XMM 7560 R+
• Added hardware support for LG CQ600i-6N.
• Added hardware support for LG 24CQ650i-6N.
• Added hardware support for HP t550.

Remote Management

• Remote management evaluates a HTTP cookie which is propagated to the device during the ICG handshake and uses this cookie in all HTTP and Websocket connections belonging to the established ICG connection. This enables the load balancing mechanism involving an affinity HTTP cookie to relate device's HTTP and Websocket requests to a particular ICG connection.
• Upgraded libwebsockets to v4.1.6
• IGEL remote manager agent exposes in all ICG connections and HTTP(s) requests the User-Agent HTTP header in the form: igel-rmagent/<RMAGENTVERSION>

Fabulatech

• Updated Fabulatech plugins to version 3.10.0.9.

Chromium

• Fixed Chromium browser security issues CVE-2023-1236, CVE-2023-1235, CVE-2023-1234, CVE-2023-1233, CVE-2023-1232, CVE-2023-1231, CVE-2023-1230, CVE-2023-1229, CVE-2023-1228, CVE-2023-1227, CVE-2023-1226, CVE-2023-1225, CVE-2023-1224, CVE-2023-1223, CVE-2023-1222, CVE-2023-1221, CVE-2023-1220, CVE-2023-1219, CVE-2023-1218, CVE-2023-1217, CVE-2023-1216, CVE-2023-1215, CVE-2023-1214 and CVE-2023-1213.
• Fixed Chromium browser security issues CVE-2023-2137, CVE-2023-2136, CVE-2023-2135, CVE-2023-2134, CVE-2023-2133, CVE-2023-2033, CVE-2023-1534, CVE-2023-1533, CVE-2023-1532, CVE-2023-1531, CVE-2023-1530, CVE-2023-1529, CVE-2023-1528, CVE-2022-2136 and CVE-2022-2033.
  
• Updated chromium browser to version 112.0.5615.165

Firefox

• Updated Mozilla Firefox to version 102.10.0 ESR
  Security fixes for mfsa2023-14, also known as:
  CVE-2023-29533, CVE-2023-29535, CVE-2023-29536, CVE-2023-29539,
  CVE-2023-29541, CVE-2023-1945, CVE-2023-29548, CVE-2023-29550.
  Security fixes for mfsa2023-10, also known as:
  CVE-2023-25751, CVE-2023-28164, CVE-2023-28162, CVE-2023-25752,
  CVE-2023-28176.

Base system

• Updated Intel-microcode from 20221108 to 20230214 version for solving relevant security issues.
  
• Fixed sudo security issues CVE-2023-28487, CVE-2023-28486 and CVE-2023-2848.
  
• Fixed vim security issues CVE-2023-1175, CVE-2023-1170, CVE-2023-0433, CVE-2023-0288, CVE-2023-0054, CVE-2023-0049, CVE-2022-47024, CVE-2022-2946, CVE-2022-2923, CVE-2022-2849, CVE-2022-2845, CVE-2022-2581, CVE-2022-2571, CVE-2022-2345, CVE-2022-2304, CVE-2022-2206, CVE-2022-2183, CVE-2022-2175, CVE-2022-2129, CVE-2022-2126, CVE-2022-2125, CVE-2022-2124, CVE-2022-1968, CVE-2022-1942, CVE-2022-1898, CVE-2022-1851, CVE-2022-1796, CVE-2022-1785, CVE-2022-1735, CVE-2022-1733, CVE-2022-1720, CVE-2022-1674, CVE-2022-1629 and CVE-2022-0413.
  
• Fixed bubblewrap security issue CVE-2021-41133.
  
• Fixed heimdal security issue CVE-2022-45142.
  
• Fixed xorg-server security issue CVE-2023-1393.
  
• Fixed ghostscript security issue CVE-2023-28879.
  
• Fixed protobuf security issues CVE-2022-1941 and CVE-2021-22570.
  
• Fixed python2.7 security issue CVE-2023-24329.
  
• Fixed python3.6 security issue CVE-2023-24329.
  
• Fixed zulu8-ca security issues CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967 and CVE-2023-21968.
  
• Fixed systemd security issues CVE-2022-3821 and CVE-2022-4415.
  
• Fixed openssl1.0 security issues CVE-2023-0466, CVE-2023-0465 and CVE-2023-0464.
  
• Fixed openssl security issues CVE-2023-0466, CVE-2023-0465 and CVE-2023-0464.
  
• Fixed gnutls28 security issue CVE-2023-0361.
  
• Fixed qemu security issue CVE-2022-1050.
  
• Fixed ffmpeg security issues CVE-2022-48434, CVE-2022-3964, CVE-2022-3341 and CVE-2022-3109.

AVD

• Fixed MS-Teams video color issues for remote video feeds and screenshares.
• Optimized h.264 encoder settings for MS-Teams VDI calls.
  
• Added a registry parameter to change the x264enc speed-preset property used for MS-Teams VDI

• Removed smartcard option until smartcard support is stabilized. Smartcard redirection still can be enabled by setting sessions.wvd%.options.cmd_ext = --smartcard

RDP/IGEL RDP Client 2

• Fixed RDP sessions not starting on configured monitor.
• Fixed RDP sessions no longer starting on multiple monitors when using different resolutions.
• Fixed cursor position not updated correctly in RDP sessions.

Firefox

• Fixed browser startup behavior if multiple browser sessions are started. As example, different autostarted browser sessions on different monitors.
  For that browser's remote interface is required to start the next session which takes time on slow endpoints.
  A configurable timeout is implemented:

• Fixed usage of more than one Firefox session. This was prevented by app-armor lacking an additional exception for Firefox 102 ESR.
• Fixed handling of ica files - required to start Citrix sessions (restored former behavior).
• Fixed typo in browser start script which could corrupt URL in some cases.

Network

• Fixed: Set thirdparty r8125 as default driver on Lenovo L14 Gen 3 (Intel- based)
  
• Added new registry key to prefer thirdparty r8125 over r8169 network driver.

• Fixed tray icon for Fibocom L860-GL-16 LTE Module
• SCEP:
  -Fixed SCEP via proxy
  -Added separator definition to use if multiple values of distinguished name attributes are desired, e.g. multiple organizational units. The separator also affects organization, state, locality, and potentially more in the future.

WiFi

• Fixed: WiFi IP setting changes become effective immediately now.

Base system

• Fixed serial port support for TSharc touch devices.
  
• Added new registry key:

• Fixed missing node actions for changing Device Encryption settings
• Disabled suspend support on Intel based Lenovo L14 Gen 3 as it does not work currently.
• Fixed handling of certificate files in PEM format which do not include a final newline character.

Custom Partition

• Fixed: Creating or updating a custom partition is decoupled from the partition's mounting so that the creating process doesn't interrupt the boot process and runs in the background now. This fixes problems with premature abort while creating the custom partition by a timeout during boot.

X11 system

• Fixed out of range issue for NEC EA223WM monitors.
• Added quirk for DisplayLink leads to long Xorg start on boot.
  
• Added new registry key x.xserver0.quirks.displaylink_crash_workaround

VNC Viewer

• Added VNC viewer parameter to control if current or all monitors are used when switching to full-screen mode.

Remote Management

• IGEL remote management reacts now on every change among the all available network interfaces in the running IGEL OS. So if a network interface becomes online or offline then the remote management tries to connect the UMS or the ICG server.

Citrix

• To launch multiple desktop sessions with Citrix HDX RTME and Citrix H.264
  acceleration plugin, the following registry key needs to be enabled:

• This workaround is not applicable when "Enable Secure ICA" is active for the
  specific delivery group.
• Adding smartcard readers during running / active session does not work. The reader is visible, but cannot be used due to unknown reader status. Only relevant for CWA versions earlier than 2112.
• There are known issues with GStreamer 1.0 in combination with Citrix. These occure with multimedia redirection of H.264, MPEG1 and MPEG2. (GStreamer 1.0 is used if browser content redirection is enabled active.)
• Browser Content Redirection (BCR) does not work if DRI3 and hardware accelerated H.264 deep compression codec is enabled.
• Enabled DRI3 on an AMD GPU with enabled Citrix H.264 acceleration could lead to a freeze. Selective H.264 mode (API v2) is not affected from this issue.
  
• Citrix H.264 acceleration plugin does not work with enabled server policy "Optimize for 3D graphics workload" in combination with server policy "Use video codec compression" -> *"For the entire screen"**.
• Currently H.264 for Citrix sessions cannot be used in parallel with video input acceleration.
• While starting Self-Service, it is possible that process ServiceRecord segfaults -> Self-Service cannot be started afterwards.
  A cache cleanup with reboot is needed. In addition, the following parameters should set to true.

• Logoff of Self-Service causes a segfault with CWAL 2211 which ends the application. Restart of Self-Service is functional.
• Browser Content Redirection (BCR) may not work with Chrome version 105.0.* or later
• White/ green fragments may appear during desktop launch if JPEG graphical codec is used. -There may be problems with webcam redirection at Citrix. To fix the problem Gstreamer 1.0 must be enabled, this can be done either via the registry for the session or by enabling the browser content redirection.-
  Under certain conditions, webcam redirection may not work.
  If this is the case, GStreamer has to be set to version 1.0 via registry or by enabling Browser Content Redirection (BCR).

OSC Installer

• OSC not deployable with IGEL Deployment Appliance: Version 11.3 or later is required for deploying IGEL OS 11.06. and following.

AVD

• AVD MS-Teams optimization can crash the AVD client if H264 software decoder is used (fluh264dec). AVD prefers the hardware decoders (fluvadec) but when there are no hardware decoders or when all hardware decoders are in use already, the software decoder is utilized which may randomly crash the AVD client. It is likely when it crashes in a certain MS-Teams call, it might crash quite soon again when rejoining the same call. A fix for that is in development. A workaround is to disable incoming video in such MS-Teams calls, which is an option in the "..." menu from the control bar during an active call.
• H.264 hardware decoding for MS-Teams optimization is currently limited to non- AMD devices due to stability issues on AMD devices.
• Scanning images within AVD session (with usage of FabulaTech Scanner Redirection) might fail and cause a reconnection if the compression level is set to high quality.
  As a workaround the compression level must be reduced.

VMware Horizon

• After disconnect of an RDP-based session, the Horizon main window which contains the server or sessions overview, cannot be resized anymore.
• Copying text from Horizon Blast sessions is not possible.
• The on-screen keyboard in Horizon appliance mode does not work correctly with local logon.
  It is necessary to switch off local logon and enable the following two keys via IGEL registry:
  userinterface.softkeyboard.autoshow
  userinterface.softkeyboard.autohide
• Zoom VDI Media Plugin versions below 5.8.0 make Horizon Client crash upon connection to the remote desktop when TCSetup is running at the same time.
• With usage of PCoIP protocol, the virtual channel provided by VMware used for serial port and scanner redirection could freeze on logout from remote session.

This happens only with enabled scanner or serial port redirection.
The freeze does not occur if both redirection methods are enabled or none of them. The Blast Protocol is not affected by this bug.

The respective settings can be found in the IGEL Registry:
vmware.view.enable-serial-port-redir
vmware.view.enable-scanner-redir * Keyboard Input Source Language Synchronization works only with usage of local layout and deadkeys enabled.
If a keyboard layout is used which has deadkeys disabled (which is the default on IGEL OS), Horizon client falls back to en-US layout. * PCoIP sessions may crash in some cases, switch to Blast Protocol is recommended then. H.264/HEVC encoding can be disabled when overall performance is too low. * Client drive mapping and USB redirection for storage devices can be enabled at the same time, but this could lead to sporadic problems.
Horizon Client tracks the drives which are dynamically mounted and adds them to the remote session using client drive mapping, means USB redirection is not used for theses devices then.
However, in case of devices like USB SD card readers, Horizon does not map them as client drives but forcefully uses USB-redirection which results in an unclean unmount.
As a work-around, the IDs of these card readers can be added to IGEL USB access rules and denied.

Parallels Client

• Attached storage devices appear as network drives in the remote session
  
• USB device redirection is considered as experimental for the Parallels client for Linux

Firefox

• With enabled Citrix Browser Content Redirection, Firefox has no H.264 and AAC multimedia codec support. Means, when codec support is needed in Firefox, BCR needs to be disabled. Citrix Browser Content Redirection is disabled by default.
• Multimedia playback in Firefox is unstable if GStreamer version 0.10 is active. The default GStreamer version for Firefox sessions.browser<inst>.gstreamer_version was set to 1.0.

Network

• Wakeup from system suspend fails on DELL Latitude 5510
• If applications are configured to start after established network connection and network mounts are configured, spurious "Failed to start application" notifications may be shown. The applications still start.
• Set of credentials for manual system wide proxy is broken.

WiFi

• TP-Link Archer T2UH WiFi adapters does not work after system suspend/resume. Workaround: Disabling system suspend at IGEL Setup > System > Power Options > Shutdown.

Cisco JVDI Client

• There may be a segfault shown in the logs (during logout of Citrix Desktop session). Occurs only when using Citrix Workspace App 2010 and Cisco JVDI.

Base system

• Hyper-V (Generation 2) needs a lot of memory (RAM). The machine needs a sufficient amount of memory allocated.
• Update from memory stick requires network online state (at least when multiple update stages are triggered / necessary)

Conky

• The right screen when using multiscreen environment may not be shown correctly.
  Workaround: The horizontal offset should be set to the width of the monitor (e.g. if the monitor has a width of 1920, the offset should be set to 1920)

Firmware update

• On devices with 2 GB of flash storage it could happen that there is not enough space for updating all features. In this case, a corresponding error message occurs. Please visit [https://kb.igel.com/igelos-11.04/en/error-not-enough- space-on-local-drive-when-updating-to-igel-os-11-04-or-higher-32870765.html] for a possible solution and additional information.

Appliance Mode

• When ending a Citrix session in browser appliance mode, the browser is restarted twice (instead of once).
• Appliance mode RHEV/Spice: spice-xpi firefox plugin is no longer supported. The "Console Invocation" has to allow 'Native' client (auto is also possible) and should be started in fullscreen to prevent any opening windows.
• Browser Appliance mode can fail when the Web URL contains special control characters like ampersand (& character).
  Workaround: Add quotes at the beginning and the end of an affected URL. E.g.:
  'https://www.google.com/search?q=aSearchTerm&source=lnms&tbm=isch'

Audio

• IGEL UD2 (D220) fails to restore the volume level of the speaker when the device used firmware version 11.01.110 before.
• Audio jack detection on Advantec POC-W243L does not work. Therefore, sound output goes through a possibly connected headset and also the internal speakers.
• UD3-M340C: Sound preferences are showing Headphone & Microphone, although not connected.

Multimedia

• Multimedia redirection with GStreamer could fail when using Nouveau GPU driver.

Hardware

• Some newer Delock 62599 active DisplayPort to DVI (4k) adapters only work on INTEL-based devices.
• Wake up from suspend via UMS does not work on HP mt645 devices. Workaround: Disable system suspend and use shutdown instead.
• System suspend is not supported on Lenovo L14 Gen 3 Intel based device.
• If bluetooth is disabled via tray icon / menu on Lenovo L14 Gen3 (Intel- based), bluetooth tray icon is permanently disabled. Can be solved / re- enabeld with console command rfkill unblock bluetooth

Remote Management

• AIT feature with IGEL Starter License is only supported by UMS version 6.05.100 or newer.

Fabulatech

• Scanning images within AVD session (with usage of FabulaTech Scanner Redirection) might fail and cause a reconnection if the compression level is set to high quality.
  As a workaround the compression level must be reduced.

Citrix

• Added Citrix Workspace App 2302.
• New features:
  
• Screen pinning in custom web stores [Technical Preview]

• Available Citrix workspace apps: 23.02 (default), 22.11, and 20.10

Citrix NSGClient

• Added Citrix EPA client for Netscaler analysis.
  No configuration necessary. When the Netscaler URL is opened in the browser (Chromium or Firefox), the NSEPA checks configured in Netscaler are performed automatically.
  Dynamic updates are not possible in IGEL OS, due to the read-only system. Therefore, the option "Linux EPA Plugin Upgrade" must be set to "Never" in Netscaler.

• Added Citrix NSGClient client for Netscaler VPN connections.
  No configuration necessary. When the Netscaler URL is called in the browser (Chromium or Firefox), the NSGClient is configured automatically. Additionally a desktop icon can be configured by adding an instance of sessions.nsgclient%

AVD

• Updated AVD client to version 1.1.12 with MS-Teams screen share and tcp buffer bump fixes.

VMware Horizon

• Updated VMware Horizon client to version 2212-8.8.0-21079016
• Fixed vmware-view protocol handler used for federated (SAML-based) authentication.
• Added support for the monitors option to specify which monitors (and in what order) are to be used for a all-monitros fullscreen mode.
  Furthermore, added minimized launch of the client window and the use of the useExisting option for letting
  the client use an already running client to start a new desktop or app session.

Parallels Client

• Updated Parallels client to version 19.1.1.

HP Anyware

• Updated HP Anyware PCoIP Software Client to version 23.01.1
  
• Added new parameter in registry for enabling high-performance options

Firefox

• Updated Firefox to version 102.8.0.

Network

• Added check if BIOS has Wake-on-LAN disabled. If disabled, it is not recommended to configure network interface to use WoL.
  ** Registry key:

• This check is only supported / possible on Lenovo devices with official IGEL OS hardware support.

WiFi

• Added: Set default wireless regulatory domain on HP devices, based on product option code.

HID

• Changed touchpad parameter name from Enable Touchpad to Enable Touchpad on Boot - just to clarify what is meant here.

• Furthermore, changed function of TouchpadOff registry key. This is now only used used for switching on and off tapping.

CUPS Printing

• Updated PrinterLogic (Vasion) PrinterInstallerClient to version 25.1.0.625

Cisco Webex

• Integrated Cisco Webex VDI 43.2

Note: Webex VDI requires a compatible Webex Meetings plugin installed in the client. * Integrated Cisco Webex Meetings VDI Plugin 43.2.1.18
Available Webex Meetings Plugins in this release: 43.2.1.18 (default), 42.10.8.14 and 42.6.11.6

Cisco JVDI Client

• Integrated Cisco JVDI 14.1.3.307560

Base system

• Updated sscep to version 0.10.0
• Added CPU temperature monitoring tools:
  Graphical tool /usr/bin/psensor
  Command line tool /usr/bin/sensors
• Changed the default mem sleep mode to deep as some devices defaults to s2idle which cases issues.
  
• Added new registry key to set the suspend mem sleep mode.

• Updated DriveLock Agent to version 22.2.2.42489 (2022.2).
• Added for LVFS Bios update support:
  ** Improved version detection of installed BIOS version with fwupd.
  ** Added registry key for enabling installion of not signed BIOS files

• Added registry key to enable bluetooth debugging messages.

CID Key Agent

• Update of Stratusphere Connector ID Key to version 6.6.2-3

X11 system

• Added new registry key to activate tear-free for modesetting driver

Multimedia

• Added VP9 video hardware acceleration.
• Added new registry key to switch from fluendo to vaapi gstreamer plugin for h264 hardware acceleration.

zoomvdi

• Updated Zoom VDI plugin to version 5.13.1.22610 and 5.12.6.22200
  Available Zoom VDI plugins in this release: 5.13.1.22610 (default), 5.12.6.22200 and 5.8.4.21112
• Updated Zoom VDI plugin 5.13.10.23090
  Available plugins in this release: 5.13.10.23090 (default), 5.12.6.22200 and 5.8.4.21112

Hardware

• Added hardware support for HP USB-C G5 ESSENTIAL DOCK
• Added hardware support for Lenovo ThinkCentre Neo50q Gen 4 (Celeron) device.
  
• Added hardware support for Lenovo ThinkCentre Neo50q Gen 4 (i3) device.
• Added hardware support for Lenovo ThinkCentre M75q Gen 2 device.
• Added hardware support for Lenovo K14 Gen 1 (AMD based) device.
• Added hardware support for Lenovo ThinkCentre M70q Gen 3 device.
• Added hardware support for HP t740.
• Added hardware support for Lenovo K14 Gen1 (INTEL) device.

TC Setup (Java)

• Added usage of long(er) device names - with port name in Audio Setup now. This affects "Default Sound Output" and "Default Sound Input" configuration at setup page Accessories - Sound Preferences - Options. The change is backwards- compatible.

Fabulatech

• Updated Fabulatech USB for Remote Desktop version 6.1.2.9

Chromium

• Fixed forbidden file access. If enabled, downloads, bookmarks and printing in Chromium is disabled.
• Fixed Chromium-browser security issues CVE-2023-0941, CVE-2023-0933, CVE-2023-0932, CVE-2023-0931, CVE-2023-0930, CVE-2023-0929, CVE-2023-0928, CVE-2023-0927, CVE-2023-0705, CVE-2023-0704, CVE-2023-0703, CVE-2023-0702, CVE-2023-0701, CVE-2023-0700, CVE-2023-0699, CVE-2023-0698, CVE-2023-0697, CVE-2023-0696, CVE-2023-0474, CVE-2023-0473, CVE-2023-0472, CVE-2023-0471, CVE-2023-0141, CVE-2023-0140, CVE-2023-0139, CVE-2023-0138, CVE-2023-0137, CVE-2023-0136, CVE-2023-0135, CVE-2023-0134, CVE-2023-0133, CVE-2023-0132, CVE-2023-0131, CVE-2023-0130, CVE-2023-0129, CVE-2023-0128, CVE-2022-4440, CVE-2022-4439, CVE-2022-4438, CVE-2022-4437 and CVE-2022-4436.
  
• Updated Chromium-browser to version 110.0.5481.177.

Network

• Fixed privilege escalation in network management.

Base system

• Fixed privilege escalation in setup_cmd tool.
• Changed: For security reasons, the default password protection value for the System Information accessory is set to Administrator.

• Fixed empty password entry for floppy group.
• Fixed sysstat security issue CVE-2022-39377.
  
• Fixed binutils security issue CVE-2022-38533.
  
• Fixed libarchive security issues CVE-2022-36227 and CVE-2022-28066.
  
• Fixed curl security issues CVE-2023-23916, CVE-2023-23915, CVE-2023-23914, CVE-2022-43552, CVE-2022-43551, CVE-2022-42916, CVE-2022-42915, CVE-2022-35260 and CVE-2022-32221.
  
• Fixed xorg-server security issues CVE-2022-46344, CVE-2022-46343, CVE-2022-46342, CVE-2022-46341, CVE-2022-46340 and CVE-2022-46283.
  
• Fixed libksba security issue CVE-2022-47629.
  
• Fixed nautilus security issue CVE-2022-37290.
  
• Fixed python2.7 security issue CVE-2022-45061.
  
• Fixed python3.6 security issue CVE-2022-45061.
  
• Fixed net-snmp security issues CVE-2022-44793, CVE-2022-44792 and CVE-2022-4479.
  
• Fixed tiff security issue CVE-2022-3970.
  
• Fixed webkit2gtk security issues CVE-2023-23518, CVE-2023-23517, CVE-2022-42826, CVE-2022-46700, CVE-2022-46699, CVE-2022-46698, CVE-2022-46692, CVE-2022-46691, CVE-2022-42867, CVE-2022-42863, CVE-2022-42856 and CVE-2022-42852.
  
• Fixed qemu security issues CVE-2022-4172 and CVE-2022-3165.
  
• Fixed vim security issue CVE-2022-0392.
  
• Fixed sudo security issue CVE-2023-22809.
  
• Fixed libxpm security issues CVE-2022-4883, CVE-2022-46285 and CVE-2022-44617.
  
• Fixed zulu8-ca security issues CVE-2023-21830, CVE-2023-21835 and CVE-2023-21843.
  
• Fixed heimdal security issues CVE-2022-45142, CVE-2022-44640, CVE-2022-42898, CVE-2022-41916, CVE-2022-3437 and CVE-2021-44758.
  
• Fixed python-setuptools security issue CVE-2022-40897.
  
• Fixed pam security issue CVE-2022-28321.
  
• Fixed mysql-5.7 security issue CVE-2023-21840.
  
• Fixed xorg-server security issue CVE-2023-0494.
  
• Fixed e2fsprogs security issue CVE-2022-1304.
  
• Fixed openssl1.0 security issues CVE-2023-0286 and CVE-2023-0215.
  
• Fixed openssl security issues CVE-2023-0286, CVE-2023-0215, CVE-2022-4450 and CVE-2022-4304.
  
• Fixed tpm2-tss security issue CVE-2023-22745.
  
• Fixed nss security issue CVE-2023-0767.
  
• Fixed python3.6 security issue CVE-2022-37454.
  
• Fixed tiff security issues CVE-2023-0804, CVE-2023-0803, CVE-2023-0802, CVE-2023-0801, CVE-2023-0800, CVE-2023-0799, CVE-2023-0798, CVE-2023-0797, CVE-2023-0796 and CVE-2023-0795.
  
• Fixed rsync security issue CVE-2022-29154.
  
• Fixed tar security issue CVE-2022-48303.
• Updated ca-certificates to version 20230311.

Citrix

• Fixed H264 codec: When the server was configured to update only regions which have changed, sometimes massive glitches in the shape of green rectangles appeared.
• Fixed: Expired DigiCertSHA2SecureServerCA certificate was replaced with a valid one.

RDP/IGEL RDP Client 2

• Fixed RDP fullscreen-toggle not working when trying to switch from fullscreen to windowed mode.

AVD

• Fixed MS-Teams optimized video playback to not slow down on high CPU load.
• Fixed percentage (%) window size settings.
• Fixed workarea session window size.
• Fixed multimonitor switching during session.
• Supports all kinds of multi monitor constellations.
• MS-Teams optimization stability fixes.
• Fixed Zoom VDI support for multimonitor.
• Fixed video encoder buffer queuing up endlessly and crashing the client when it runs out of memory. Instead we drop webcam frames when the CPU cannot catch up with encoding.
• Fixed MS Teams screenshare on multi-monitor.
• Fixed session size preset to take effect when not multi-monitor.
• Added fixes from the latest RdClientSDK including the TCP buffer bump to avoid unwanted client session dis-/reconnections.

NX client

• The value of sessions.nxclient%.general.commandline is not converted to lowercase anymore when being written to a session config file

Chromium

• Fixed Chromium browser could not be restarted after closing it too quickly.
• Fixed ClearBrowsingDataOnExitList policy for Chromium browser.
• Fixed Chromium browser not starting if persistent partition was missing.

Firefox

• Mozilla Firefox 102 ESR starting Citrix Desktops, requires an ica file to start sessions.
• In normal browser session, the following parameter must be disabled:
  Sessions > Firefox Browser > Firefox Browser Global > Security > Hide local filesystem
• If browser appliance mode is used, following is required to activate :

• Fixed Registry parameter sessions.browser<instance>.gstreamer_version: If set to 1.0 via setup, 0.10 was activated and vice versa.

Network

• Added registry key for choosing the base of decisions regarding automatically switching on and off enabling Wi-Fi carrier : either completed IP configuration of an Ethernet interface (default, traditional implementation) or just Ethernet carrier. The new key has no effect if network.applet.wireless.enable_wifi_auto_switch is false.

• Fixed set of 100Mbps ethernet modes
• Improved reliability of Ethernet configuration on IGEL D220 devices
• Fixed disabling of WoL - which was not applied without a reboot.

WiFi

• Fixed: System regulatory domain now also set on the self-managed driver rtl8852be
• Fixed default wireless regulatory domain for HP devices delivered to Indonesia
• by detecting the HP option code.
• Fixed: HP Probook 450 G8 with Intel AX201 Wifi.
• Improved finding hidden SSIDs with MT7922 WLAN adapter (e.g. in Lenovo ThinkPad L14 Gen 3)
• Improved restoration of Wi-Fi rfkill state on startup

Imprivata

• Improved error messages on PIN enrollment.

Smartcard

• Fixed cryptas TicTok v3 smartcards for usage within Horizon sessions.
• Fixed sporadic duplicated smartcard user entries at login screen.

Cisco Webex

• Integrated Cisco Webex Meetings VDI Plugin 42.6.11.6

Base system

• Added new registry key to set left-hand on touchpad devices

• Fixed sporadic delayed local logon when logon logging is enabled.
• Fixed German translation of "Enter new password" in password change dialog of local login window.
• Fixed starter license on devices with multiple network interfaces.
• Fixed autostart notification.
• Fixed error message on login screen in case Kerberos KDC (domain controller) is unreachable.
• Added Fluendo h264 codec version 24012023, which fixes stability issues with AVD MS-Teams optimization.
• Changed default of registry key devices.bluetooth.connect_only to true to make connect after reboot for bluetooth the new default.

• Fixed WoL BIOS setting detection for Lenovo M75q Gen 2.
• Fixed "fwupdmgr get-devices" command.
• Fixed disabling of the "BIOS Tools" feature on setup page System > Firmware Customization > Features.
• Improved Bluetooth auto connect.

X11 system

• Fixed monitor refresh rate handling in Display Switcher.
• Fixed issue that display switcher settings were overwritten by UMS if network connection changed and the display switcher is still open.
• Added registry key to influence the graphic card order in IGEL setup.

• Changed default X11 graphic driver from modesetting to intel on Dell Wyse

Audio

• Added new registry key to limit max headphone volume (setting will survive a reset to factory defaults)

• Fixed audio output on jack in LG 24CN650N device.

Hardware

• Fixed issue on specific monitors stayed black after resume (DPMS off).

Citrix

• Support for dynamic emergency calling within MS Teams

• Integrated Citrix Workspace App 2209.
  Available Citrix Workspace apps in this release: 2209 (default), 2207 and 2010
• New features:
  
• Support for Authentication using FIDO2 (Technical Preview)

• Integrated Citrix Workspace App 2211.
  Available Citrix Workspace apps in this release: 2211 (default), 2207 and 2010
• New features:
  
• Support for Authentication using FIDO2 (Technical Preview)

AVD

• Added max-threads option for WebRTC H.264 decoder module fluh264dec.

• Updated AVD client
  
• Based on Microsoft's new RdClientSDKv2 that includes stability and performance fixes
  
• MS-Teams stability fixes
  
• MS-Teams background blur and virtual background support
  
• Preliminary UDP short path support (disabled by default, enable on your own risk)

VMware Horizon

• Added support of deviceTRUST virtual channel

Parallels Client

• Updated Parallels client to version 19.1

WiFi

• Added registry key for controlling kernel parameters arp_evict_nocarrier and ndisc_evict_nocarrier for WLAN with WPA Supplicant. The default "1" leaves the traditional behaviour unchanged, i.e. the respective tables are evicted particularly during roaming. "0" results in quicker resumption of sending packets after roaming, but it also leads to some packet loss.

Imprivata

• Added support for smartcard reader RFIDEAS CCID (USB vid=0x0C27, pid=0xCCDB).
• Added registry key for enabling "auto-open-grid-menu"

Smartcard

• Updated SecMaker Net iD Enterprise to version 6.8.5.20 with support for Thales ID Prime 940.
  Beginning with this version, the admin console has to be started with command iid -admin.

Cisco Webex

• Integrated Cisco WebEx VDI plugin version 42.10.0.23814

Base system

• Updated IGEL EULA to version August 2022.

Audio

• Added new registry key which possibly fixes microphone issues on newer Intel devices.

zoomvdi

• Integrated Zoom VDI plugin 5.12.1.21950
  Available plugins in this release: 5.12.1.21950 (default), 5.11.2.21530 and 5.8.4.21112

Misc

• Updated DriveLock Agent to version 2022.1 (22.1.2.38801).
  "Fixed issues:
  On IgelOS, the DriveLock Linux Agent can not reset/disconnect USB drives during policy updates.
  The Linux Agent now handles Unicode characters correctly."
  New parameter:

Hardware

• Added hardware support for HP mt645 G7 (without LTE support).
• Added hardware support for Lenovo L14 Gen 3 (without LTE support)

Chromium

• Fixed Chromium browser security issues CVE-2022-4262, CVE-2022-4195, CVE-2022-4194, CVE-2022-4193, CVE-2022-4192, CVE-2022-4191, CVE-2022-4190, CVE-2022-4189, CVE-2022-4188, CVE-2022-4187, CVE-2022-4186, CVE-2022-4185, CVE-2022-4184, CVE-2022-4183, CVE-2022-4182, CVE-2022-4181, CVE-2022-4180, CVE-2022-4179, CVE-2022-4178, CVE-2022-4177, CVE-2022-4176, CVE-2022-4175, CVE-2022-4174, CVE-2022-4135, CVE-2022-3890, CVE-2022-3889, CVE-2022-3888, CVE-2022-3887, CVE-2022-3886, CVE-2022-3885, CVE-2022-3450, CVE-2022-3449, CVE-2022-3448, CVE-2022-3447, CVE-2022-3446, CVE-2022-3445, CVE-2022-3444, CVE-2022-3443, CVE-2022-3373, CVE-2022-3370, CVE-2022-3318, CVE-2022-3317, CVE-2022-3316, CVE-2022-3315, CVE-2022-3314, CVE-2022-3313, CVE-2022-3312, CVE-2022-3311, CVE-2022-3310, CVE-2022-3309, CVE-2022-3308, CVE-2022-3307, CVE-2022-3306, CVE-2022-3305, CVE-2022-3304, CVE-2022-3201, CVE-2022-3661, CVE-2022-3660, CVE-2022-3659, CVE-2022-3658, CVE-2022-3657, CVE-2022-3656, CVE-2022-3655, CVE-2022-3654, CVE-2022-3653, CVE-2022-3652 and CVE-2022-3723.
  
• Updated Chromium browser to version 108.0.5359.94.

Base system

• Fixed beacown vulnerability
  
• Fixed kernel WiFi stack security issues CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721 and CVE-2022-42722.
• Fixed bind9 security issues CVE-2022-38178, CVE-2022-38177 and CVE-2022-2795.
  
• Fixed gmp security issue CVE-2021-43618.
  
• Fixed ghostscript security issue CVE-2020-27792.
  
• Fixed libksba security issue CVE-2022-3515.
  
• Fixed sqlite3 security issues CVE-2020-35525 and CVE-2022-35737.
  
• Fixed isc-dhcp security issues CVE-2022-2929 and CVE-2022-2928.
  
• Fixed webkit2gtk security issues CVE-2022-42824, CVE-2022-42823, CVE-2022-42799, CVE-2022-32923, CVE-2022-32888, CVE-2022-32912, CVE-2022-32891 and CVE-2022-32886.
  
• Fixed zulu8-cd security issues CVE-2022-21628, CVE-2022-21626, CVE-2022-21624 and CVE-2022-21619.
  
• Fixed expat security issue CVE-2022-43680.
  
• Fixed pillow security issue CVE-2022-22817.
  
• Fixed perl security issue CVE-2020-16156.
  
• Fixed mysql-5.7 security issues CVE-2022-21617, CVE-2022-21608, CVE-2022-21592 and CVE-2022-21589.
  
• Fixed dbus security issues CVE-2022-42012, CVE-2022-42011 and CVE-2022-42010.
  
• Fixed ntfs-3g security issue CVE-2022-40284.
  
• Fixed libxml2 security issues CVE-2022-40304 and CVE-2022-40303.
  
• Fixed pixman security issue CVE-2022-44638.
  
• Fixed tiff security issues CVE-2022-3599, CVE-2022-3598, CVE-2022-3570, CVE-2022-34526, CVE-2022-2869, CVE-2022-2868 and CVE-2022-2867.
  
• Fixed xorg-server security issues CVE-2022-3550 and CVE-2022-3551.
  
• Fixed krb5 security issue CVE-2022-42898.
  
• Fixed libvncserver security issue CVE-2020-29260.
  
• Fixed libarchive security issues CVE-2022-36227 and CVE-2022-26280.
  
• Fixed heimdal security issues CVE-2022-44640, CVE-2022-42898, CVE-2022-3437 and CVE-2021-44758.
  
• Fixed libice security issue CVE-2017-2626.
  
• Fixed jbigkit security issue CVE-2017-9937.
• Updated ca-certificates to version 20211016ubuntu0.20.04.1.

AVD

• Fixed umlaut keys for Swiss keyboard layout
• Fixed crash of AVD client if Fabulatech plugins were enabled
• Fixed smartcard redirection
• Fixed possibly frozen incoming video in MS-Teams
• Added paths where AVD searches for static, dynamic-1.1 and dynamic-2.0 virtual channel plugins and automatically loads all of them:
  /usr/lib/igelrdp3/plugins/automatic/static-channels
  /usr/lib/igelrdp3/plugins/automatic/dynamic-1.1-channels
  /usr/lib/igelrdp3/plugins/automatic/dynamic-2.0-channels
  This is used by all AVD sessions automatically on session startup.
• Disabled legacy workspace download by default. It still can be enabled under options.workspace-1.enabled per AVD session. This slighly speeds up workspace download time.
• Fixed MS-Teams background FX related client crashes.
• Fixed immediate AVD session crash on M350C and similar hardware - caused by some compiler optimization applied at build time. This optimization has been removed for the sake of compatibility.

Firefox

• Fixed passthrough authentication for Firefox manual proxy.

Network

• Fixed shutdown getting stuck id local logon was configured and network (LAN) was not connected.
• Fixed mounting of NFS version 3 shares at boottime

Smartcard

• Fixed smartcard access in Firefox browser with activated AppArmor.

Base system

• Fixed power line frequency configuration upon plug/unplug of a camera device.
• Fixed battery notification on other language than english.
• Fixed on-screen keyboard being broken after Kerberos logon
• Fixed persistance of brightness, changed by function keys, over reboot.
• Fixed handling of BIOS update files.
• Fixed LVFS BIOS update did not work with enabled secure boot.
• Enhance possibilities to set cstate kernel parameters.
  
• Allow 0 for max_cstate now too which sets intel_idle.max_cstate kernel cmdline parameter

• Added new registry key to set processor.max_cstate kernel cmdline parameter.

X11 system

• Fixed DisplaySwitcher UI bug that displayed the wrong frequency.
• Fixed monitor went to sleep after resolution change on HP docking stations.
• Added quirks to overcome Hotplug or DP MST issues.
  
• Added new registry keys:

Audio

• Fixed audio support on HP T240 hardware.

Hardware

• Fixed bluetooth support on Lenovo L14 Gen3 hardware.

Citrix

• Support for dynamic emergency calling within MS Teams

• Integrated Citrix Workspace App 2207.
  Available Citrix Workspace Apps in this release: 2207 (default), 2205 and 2010 **Composite USB redirection

• Citrix Workspace app allows the splitting of composite USB devices. A composite USB device can perform more than one function. These functions are accomplished by exposing each of those functions using different interfaces. An example of a composite USB device is the Bloomberg keyboard which consists of a keyboard, fingerprint reader, an audio device, and USB hub, etc.
• The Composite USB redirection feature adds the CONNECT value to the rules for USB devices.
• CONNECT - Set the "CONNECT" keyword to enable auto-redirect of a device when a session starts.
• ALLOW - Set the "ALLOW" keyword to allow auto-redirect of a device only after a session starts. However, if the "CONNECT" or "ALLOW" keyword is set, the device is auto-redirected when it is unplugged and plugged in during a session.
• When redirect the composite USB device, normally the whole device is forwarded to the virtual host. However, now there is the possibility to split and forward only the child interfaces that use a generic USB channel. To do this, it is necessary to add the following filter parameters (split and intf) to the device rules. The split parameter specifies whether a composite device must be forwarded as separate devices or as a single composite device. "Split=1" means that the selected child interfaces of a composite device must be forwarded as split devices, while split=0 must not be forwarded (If the split parameter is omitted, Split=0 is assumed). The intf parameter selects the specific child interfaces of the composite unit to which the action is to be applied.
• In IGEL Setup, the device rules can be added under "Sessions / Citrix / Citrix Global / Native USB Redirection / Device Rules". Adding the first two filter parameters Vendor id/vid and Product id/ pid, which redirects the entire composite device in the session. If splitting of the composite device is required, adding additional parameters in the "Extra config" as shown in the example is required.
• Example:
  CONNECT: vid=047F pid=C039 split=1 intf=03 # Allow HID device and connect automatically.
  DENY: vid=047F pid=C039 split=1 intf=00 # Deny audio endpoints
  ALLOW: vid=047F pid=C039 split=1 intf=05 # Allow mgmt intf but do not connect automatically
• Note: [https://kb.igel.com/igelos-11.08/en/native-usb- redirection-63804310.html]ÿ the third option "connect" has been added to the class and device rules. Composite USB redirection can change the behavior. If a device is no longer redirected with CWA 2207, should be changed to 'Connect'.
  
• Enhancement to improve audio quality
  ** Playback Delay Thresh

• With this enhancement, the maximum output buffering value is decreased from 200 ms to 50 ms in Citrix Workspace app. As a result, the user experience of the interactive audio application is improved. Also, the Round trip time (RTT) is decreased by 150 ms.ÿThis parameter is valid only when AudioRedirectionV4 is set to True.
  **
  ** Audio Temp Latency Boost

• When the audio throughput undergoes a sudden spike or is not enough for an unstable network, this value increases the output buffering value. This increase in the output buffering value provides smooth audio. However, the audio might be slightly delayed. This parameter is only valid when AudioRedirectionV4, and AudioLatencyControlEnabled is set to True.
  
• Improved audio echo cancellation support

• Support for DPI matching

• The display resolution and DPI scale values set in the Citrix Workspace app match the corresponding values in the virtual apps and desktops session.ÿDPI scaling is mostly used with large size and high-resolution monitors to display applications, text, images, and other graphical elements in a size that can be viewed comfortably.
  
• App Protection

• App protection is an add-on feature for the Citrix Workspace app that provides enhanced security when using Citrix Virtual Apps and Desktops published resources. Two policies provide anti-keylogging and anti-screen-capturing capabilities for a Citrix HDX session. This feature is fully supported only for workspace app 2207,ÿ with older workspace apps, you may experience x11vnc crashes.
• Updated deviceTRUST Client Extension to version 21.1.310.0.

OSC Installer

• Added option in factory mode for an automatical shutdown after self-check. Log file of this deployment self-check is written to dummy partition.

AVD

• Added SIGTERM and SIGHUP signal handlers to disconnect sessions once received these signals. Since remote log-off is not supported in RDP, both signal handlers perform a session disconnect.
• Fixed audio crackling
  
• Added potential fix for the ClaimsTokenAuthChallenge issue that dialog pops up to often!
  
• Added SIGTERM and SIGHUP. As soon as the RdCoreSDK supports session log-off as well, SIGHUP handler will be used instead of the disconnect
  
• Added potential fixes for crashes with enabled printer redirection
  
• Fixed MS-Teams VDI the local video window went black occasionally
  
• Applied patch to fix bug in boost 1.69.0 that caused the "User cancelled" issue.
  [https://github.com/boostorg/container/commit/90de9533ecef08e98d82e8f8c26fad57 839e4184] at boost 1.74.0
  
• Added two parameters regarding MS-Teams (WebRTC) redirection video decoding:

RDP/IGEL RDP Client 2

• Updated deviceTRUST Client Extension to version 21.1.310.0.

RD Web Access

• Added new parameter to enable support for Interactive Logon Messages.

VMware Horizon

• Updated VMware Horizon client to version 2206-8.6.0-20094634

Power Term

• Updated Ericom PowerTerm LTC to version 14.0.3.71814. This fixes scaling the emulation window to large sizes.

IBM_5250

• Added startup splash screen to IBM iAccess client. Thus the user gets a visual feedback of sessions about to start.

HP Anyware

• Renamed Teradici PCoIP Ultra to HP Anyware PCoIP

Updated HP Anyware PCoIP client to version 22.07.0-18.04

Network

• Updated Modemmanager and libraries to improve LTE device support.

WiFi

• Added initial support for Realtek 8852ce WiFi chipset

AppliDis

• Updated Applidis SLB Linux client to version 6.1.4.17.

Smartcard

• Updated Thales SafeNet Authentication client to version 10.8.1013.

CUPS Printing

• Added the dynamic default printer feature: If several printer are defined,
  the last plugged printer will be set as default printer.
  On boot the printer will be selected which is connected at the time.
  If more than one printer are connected at boot, the one which is the
  last in the list of printers defined in the OS gets the default.
  If a printer which was default is removed, the remaining printer will
  be elected as default.
  If more than one remains, the last in the list of printers defined
  in the OS, gets the default.
• Fixed printer activation on usb-hotplug which could fail in rare occasions.
  
• Fixed cases where choosing the first usb printer fails as not named usblp0 by the kernel as expected, as higher number were used
  (e.g. usblp2) even if no other usb printers were connected. First usb printer is now defined as the one which is first in the (sorted)
  list of all connected usb printers.
  Accordingly the second usb printer is the second in the list of usb printers.
  For the case more than one usb printer is used at the same time,
  first or second printer should not be used as selection method, as numbering is also depending on the timing the printer is registered
  on endpoint. On next boot, the numbering can be different
  especially if the devices are switched on individually.
  In this case it's recommended to use instead the usbclass backend or selection
  by the USB Port on the endpoint or by the printers USB IDs.
• Updated HP Linux Imaging and Printing (HPLIP) to version 3.22.6
• Updated printer list to include all new printers from HPLIP 3.22.6 (which do not require a proprietary plugin).

Cisco Webex

• Integrated Cisco WebEx Meetings VDI plugins 42.6.8.5 and 42.2.10.7
  Available plugins in this release: 42.6.8.5 (default), 42.2.10.7 and 41.12.6.12
• Integrated Cisco WebEx VDI plugin 42.8.0.23214

Cisco JVDI Client

• Integrated Cisco JVDI 14.1.2

Base system

• Updated kernel to version 5.17.15.
  
• Updated VDPAU library to version 1.5.
  
• Updated gphoto library to version 2.5.29.
  
• Updated OpenConnect VPN client to version 9.01.
• Updated bluetooth stack (bluez) to version 5.64.
  
• Updated OpenVPN client to version 2.6.0 (with OpenVPN DCO support).
  
• Updated MESA OpenGL stack to version 22.1.5.
  
• Updated wireless regdb to version 2022.06.06.
• Added support for webcam virtual background (must be activated in System->FimwareCustomization->Features Virtual Background for Webcam)
  
• Also added new registry keys (to use the feature, multimedia.webcam.virtual_background.enabled must be set to true)

• Added possibility to use ntfs with compression as Chromium and Firefox profile partition filesystem.
  
• Changed registry keys (added ntfs option):

zoomvdi

• Added Smart Virtual Background support for zoomvdi.

• Integrated Zoom VDI pluginÿ5.11.2.21530
  Available plugins in this release: 5.11.2.21530 (default), 5.10.6.21295 and 5.8.4.21112

Hardware

• Updated DisplayLink driver to version 5.6.0.
  
• Improved performance of AMD devices and DisplayLink solutions.
• Added hardware support for Dell Optiplex 3000TC

TC Setup (Java)

• Updated TC Setup to version 6.10.4.

Fabulatech

• Updated FabulaTech Scanner for Remote Desktop to version 3.0.1.0

Chromium

• Fixed Chromium browser security issues CVE-2022-3075, CVE-2022-3058, CVE-2022-3057, CVE-2022-3056, CVE-2022-3055, CVE-2022-3054, CVE-2022-3053, CVE-2022-3052, CVE-2022-3051, CVE-2022-3050, CVE-2022-3049, CVE-2022-3048, CVE-2022-3047, CVE-2022-3046, CVE-2022-3045, CVE-2022-3044, CVE-2022-3043, CVE-2022-3042, CVE-2022-3041, CVE-2022-3040, CVE-2022-3039, CVE-2022-3038, CVE-2022-2861, CVE-2022-2860, CVE-2022-2859, CVE-2022-2858, CVE-2022-2857, CVE-2022-2856, CVE-2022-2855, CVE-2022-2854, CVE-2022-2853 and CVE-2022-2852.
• Fixed Chromium browser security issues CVE-2022-3195, CVE-2022-3196, CVE-2022-3197, CVE-2022-3198, CVE-2022-3199, CVE-2022-3200 and CVE-2022-3201
  
• Updated Chromium browser to version 105.0.5195.125.

Firefox

• Updated Mozilla Firefox to version 91.13.0 ESR
  
• Fixes for mfsa2022-35, also known as:
  CVE-2022-38472, CVE-2022-38473, CVE-2022-38478.
  
• Fixes for mfsa2022-29, also known as:
  CVE-2022-36319, CVE-2022-36318.
  
• Fixes for mfsa2022-25, also known as:
  CVE-2022-34479, CVE-2022-34470, CVE-2022-34468, CVE-2022-34481,
  CVE-2022-31744, CVE-2022-34472, CVE-2022-2200, CVE-2022-34484.
  
• Fixes for mfsa2022-21, also known as:
  CVE-2022-31736, CVE-2022-31737, CVE-2022-31738, CVE-2022-31740,
  CVE-2022-31741, CVE-2022-31742, CVE-2022-31747.

Base system

• Fixed libinput security issue CVE-2020-1215.
  
• Fixed libarchive security issue CVE-2022-26280.
  
• Fixed ntfs-3g security issues CVE-2022-30789, CVE-2022-30788, CVE-2022-30787, CVE-2022-30786, CVE-2022-30785, CVE-2022-30784, CVE-2022-30783 and CVE-2021-46790.
  
• Fixed openssl1.0 security issues CVE-2022-2068 and CVE-2022-1292.
  
• Fixed openssl security issues CVE-2022-2097, CVE-2022-2068 and CVE-2022-1292.
  
• Fixed gnupg2 security issues CVE-2022-34903 and CVE-2019-13050.
  
• Fixed webkit2gtk security issues CVE-2022-26710, CVE-2022-22677, CVE-2022-22662, CVE-2022-30294, CVE-2022-30293, CVE-2022-26719, CVE-2022-26717, CVE-2022-26716, CVE-2022-26709 and CVE-2022-26700.
  
• Fixed nss security issues CVE-2022-34480 and CVE-2022-22747.
• Fixed Nvidia graphics driver 470 security issues CVE-2022-31607 and CVE-2022-31608.
  
• Updated Nvidia graphics driver to version 470.141.03.
  
• Fixed curl security issues CVE-2022-32208, CVE-2022-32207, CVE-2022-32206 and CVE-2022-32205.
  
• Fixed unzip security issues CVE-2022-0530 and CVE-2022-0529.
  
• Fixed freetype security issues CVE-2022-31782, CVE-2022-27406, CVE-2022-27405 and CVE-2022-27404.
  
• Fixed gnutls28 security issues CVE-2022-2509 and CVE-2021-4209.
  
• Fixed mysql-5.7 security issue CVE-2022-21515.
  
• Fixed python2.7 security issue CVE-2015-20107.
  
• Fixed python3.6 security issue CVE-2015-20107.
  
• Fixed net-snmp security issues CVE-2022-24810, CVE-2022-24809, CVE-2022-24808, CVE-2022-24807, CVE-2022-24806, CVE-2022-24805 and CVE-2022-248.
  
• Fixed zulu8-ca security issues CVE-2022-34169, CVE-2022-25647, CVE-2022-21541 and CVE-2022-21540.
  
• Updated zulu8-ca JRE to version 8.0.345.
  
• Fixed libtirpc security issue CVE-2021-46828.
  
• Updated Intel microcode to version 20220809 which fixed security issue CVE-2022-21233.
  
• Fixed postgresql-10 security issue CVE-2022-1552.
  
• Fixed webkit2gtk security issues CVE-2022-32816, CVE-2022-32792 and CVE-2022-2294.
  
• Updated webkit2gtk to version 2.36.6.
• Fixed open-vm-tools security issue CVE-2022-31676.
  
• Fixed postgresql-10 security issue CVE-2022-2625.
  
• Fixed libxslt security issues CVE-2021-30560 and CVE-2019-5815.
  
• Fixed zlib security issue CVE-2022-37434.
  
• Fixed rsync security issue CVE-2022-37434.
  
• Fixed webkit2gtk security issue CVE-2022-32893.
  
• Fixed gnutls28 security issues CVE-2022-2509 and CVE-2021-4209.
  
• Fixed curl security issue CVE-2022-35252.
  
• Fixed flac security issues CVE-2017-6888, CVE-2020-0499 and CVE-2021-0561.
  
• Fixed libsndfile security issue CVE-2021-4156.
• Fixed gst-plugins-good1.0 security issues CVE-2022-1920, CVE-2022-1921, CVE-2022-1922, CVE-2022-1923, CVE-2022-1924, CVE-2022-1925 and CVE-2022-2122.
  
• Updated GStreamer 1.x to version 1.20.3.
• Fixed vim security issues CVE-2022-1621, CVE-2022-1620, CVE-2022-1619, CVE-2022-1616, CVE-2022-1154 and CVE-2022-0943.
  
• Fixed tiff security issues CVE-2022-22844, CVE-2022-2058, CVE-2022-2057, CVE-2022-2056, CVE-2022-1355, CVE-2022-0924, CVE-2022-0909, CVE-2022-0908, CVE-2022-0907, CVE-2020-19144 and CVE-2020-19131.
  
• Fixed qemu security issues CVE-2022-35414, CVE-2022-2962, CVE-2022-1050, CVE-2022-0216 and CVE-2020-14394.
  
• Fixed expat security issue CVE-2022-40674.

X server

• Fixed Xorg security issues CVE-2022-2319 and CVE-2022-2320.
  
• Updated Xorg server to version 21.1.4.

OSC Installer

• Fixed wrong icon in OSC installer.
• Fixed deploying IGEL OS GPT images to Fujitsu Lifebook U7311 via IGEL SCCM Add-On.

RDP/IGEL RDP Client 2

• Fixed RDP Client displaying wrong error message when account is locked.

Amazon Workspace Client

• Fixed deviceTRUST virtual channel configuration.

Chromium

• Fixed hardware accelerated video decoding on newer Intel chipsets using the iHD VA-API backend.

Firefox

• Fixed Firefox Tabs crashing if system uses iHD VAAPI driver.

Network

• Fixed MBB connection editor

WiFi

• Fixed: System regulatory domain now also set on the self-managed driver rtl8852be
• Fixed: HP Probook 450 G8 with Intel AX201 Wifi.
• Fixed: Realtek 8852BE WiFi chipsets (included in HP T655)
• Fixed missing firmware files of iwlwifi driver for INTEL chipsets.

Imprivata

• Improved disconnect/reconnect speed with Imprivata and Horizon. Fixes Imprivata/Horizon roaming issue.
• Added: Minor improvements on Vendor Launch Scripts.

AppliDis

• Fixed wrong port for HTTPS.

Smartcard

• Fixed startup of SecMaker Net iD service.

Base system

• Fixed confusing touchpad functions if changed between right and left hand mouse.
• Fixed touchpad enable / disable by hotkey.
• Fixed battery notification.
• Fixed: Not rotate SystemInformation.log at startup. Rotation is only done with successful upload.
• Fixed failed firmware update from servers with low bandwidth
• Fixed NTP time configuration in Setup Assistant if time was set before issued starter license.
• Fixed corrupted BIOS update where relevant files were missing in rare cases.
• Added experimental DSC over DP MST support to Intel graphic driver.
  
• Added new registry key:

• Updated fwupd tool to fix possible issue with LVFS Bios update.

X11 system

• Updated xprintidle to version 0.2.4, which offers reasonable output also when DPMS state is not On.
• Added support for HDMI4 to HDMI8 connectors as newer devices possibly have these connectors.
  
• Changed registry keys to allow HDMI connectors up to HDMI8

• Updated ATI / Radeon graphic driver to version 19.1.0 which fixed issues with radeon Xorg driver and rotation.
• Updated amdgpu graphic driver to version 22.0.0 which improves performance with DisplayLink USB solutions.

Audio

• Fixed audio output via display port/HDMI for HP Elitedesk 800 G6
• Fixed issues with 3.5mm audio jack on LG AiO 24CN67 and 24CN65 devices.

Hardware

• Improved bluetooth stability.