IGEL OS 11

Firmware version 11.10.190
Release date 2024-10-23
Last update of this document 2024-10-24

Supported Devices

UD2-LX 52, UD2-LX 51
UD3-LX 60
UD7-LX 20

> Supported IGEL OS 11 thirdparty devices

Release Notes 11.10.190 (Based On 11.10.150)

Security Fixes

Chromium

Updated chromium browser to current mainline version 129.0.6668.100.
Fixed chromium security issues CVE-2024-9603, CVE-2024-9602, CVE-2024-9370, CVE-2024-9369, CVE-2024-9123, CVE-2024-9122, CVE-2024-9121, CVE-2024-9120, CVE-2024-8909, CVE-2024-8908, CVE-2024-8907, CVE-2024-8906, CVE-2024-8905, CVE-2024-8904, CVE-2024-8639, CVE-2024-8638, CVE-2024-8637, CVE-2024-8636, CVE-2024-8362, CVE-2024-8198, CVE-2024-8194, CVE-2024-8193, CVE-2024-8035, CVE-2024-8034, CVE-2024-8033, CVE-2024-7981, CVE-2024-7980, CVE-2024-7979, CVE-2024-7978, CVE-2024-7977, CVE-2024-7976, CVE-2024-7975, CVE-2024-7974, CVE-2024-7973, CVE-2024-7972, CVE-2024-7971, CVE-2024-7970, CVE-2024-7969, CVE-2024-7968, CVE-2024-7967, CVE-2024-7966, CVE-2024-7965, CVE-2024-7964, CVE-2024-7550, CVE-2024-7536, CVE-2024-7535, CVE-2024-7534, CVE-2024-7533, CVE-2024-7532, CVE-2024-7256, CVE-2024-7255, CVE-2024-7025, CVE-2024-7005, CVE-2024-7004, CVE-2024-7003, CVE-2024-7001, CVE-2024-7000, CVE-2024-6999, CVE-2024-6998, CVE-2024-6997, CVE-2024-6996, CVE-2024-6995, CVE-2024-6994, CVE-2024-6993, CVE-2024-6992, CVE-2024-6991, CVE-2024-6990, CVE-2024-6989, CVE-2024-6988, CVE-2024-6779, CVE-2024-6778, CVE-2024-6777, CVE-2024-6776, CVE-2024-6775, CVE-2024-6774, CVE-2024-6773, CVE-2024-6772, CVE-2024-6293, CVE-2024-6292, CVE-2024-6291 and CVE-2024-6290.

Firefox

Updated Mozilla Firefox to version 115.16.1 ESR
Fixes for mfsa2024-30, also known as:
CVE-2024-7652, CVE-2024-6600, CVE-2024-6601, CVE-2024-6602,
CVE-2024-6603, CVE-2024-6604.
Fixes for mfsa2024-34, also known as:
CVE-2024-7519, CVE-2024-7521, CVE-2024-7522, CVE-2024-7524,
CVE-2024-7525, CVE-2024-7526, CVE-2024-7527, CVE-2024-7529,
CVE-2024-7531.
Fixes for mfsa2024-41, also known as:
CVE-2024-8381, CVE-2024-8382, CVE-2024-8383, CVE-2024-8384.
Fixes for mfsa2024-48, also known as:
CVE-2024-9392, CVE-2024-9393, CVE-2024-9394, CVE-2024-9401.
Fixes for mfsa2024-51, also known as:
CVE-2024-9680.

Component Versions

Clients
Amazon WorkSpaces Client	4.1.0
Chromium	129.0.6668.100-1igel1728465922
Cisco JVDI Client	14.3.0
Cisco Webex VDI plugin	44.4.0.29960
Cisco Webex Meetings VDI plugin	42.10.8.14
Cisco Webex Meetings VDI plugin	42.6.11.6
Cisco Webex Meetings VDI plugin	43.6.8.4
Zoom Media Plugin	5.16.10.24420
Zoom Media Plugin	5.17.5.24630
Zoom Media Plugin	5.17.6.24660
Citrix EPA Client	23.10.3
Citrix HDX Realtime Media Engine	2.9.600
Citrix Secure Access Client	23.10.3
Citrix Workspace App	20.10.0.6
Citrix Workspace App	23.11.0.82
Citrix Workspace App	24.02.0.65
deviceTRUST Citrix Channel	23.1.200
Crossmatch DP Citrix Channel	0125
Conky System Monitor	1.12.2-1
ControlUp Agent	8.1.5.500
deskMate Client	2.1.3
DriveLock Agent	22.2.2.42489
EPOS connect	7.7.0.44352
Ericom PowerTerm	14.0.3.71814
Evidian AuthMgr	1.5.8825
Evince PDF Viewer	42.3-0ubuntu3.1
FabulaTech Plugins	4.0.0.2
FabulaTech USB for Remote Desktop	6.2.0.0
FabulaTech Scanner for Remote Desktop	3.6.1.3
FabulaTech Webcam for Remote Desktop	2.8.11
Firefox	115.16.1
IBM i Access Client Solutions	1.1.9.2
IGEL RDP Client	2.2igel1717589021
IGEL AVD Client	1.2.0igel1718803791
deviceTRUST RDP Channel	23.1.200
Imprivata OneSign ProveID Embedded	onesign-generic-bootstrap-loader_7.12.0.688624_amd64
IGEL Agent for Imprivata	0.6.0igel1717406898
Lakeside SysTrack Channel	9.0
Login VSI Enterprise	4.8.6
NCP Secure Enterprise Client	6.00_rev29368
NX Client	7.8.2-4igel1685535669
Open VPN	2.6.9-1+b1igel1709638175
Zulu JRE	17.0.11-1
Parallels Client	19.2.0.23906
Spice GTK (Red Hat Virtualization)	0.42-2+b1igel1709635434
Remote Viewer (Red Hat Virtualization)	11.0-3igel1704876668
Usbredir (Red Hat Virtualization)	0.13.0-2.1igel1709635747
SpeechWrite	1.0
Stratusphere UX Connector ID Key software	6.6.2-3
Systancia AppliDis	6.1.4-17
HP Anyware PCoIP Software Client	23.08.1-22.04
ThinLinc Client	4.16.0-3389
ThinPrint Client	7-7.6.126
Parole Media Player	4.16.0-3igel1686304269
VNC Viewer	1.13.1+igel-1igel1697962544
VMware Horizon client	2312.1-8.12.1-23543969
Voip Client Ekiga	4.0.1-9build1igel1685429059

Dictation
Diktamen driver for dictation	2017/09/29
Grundig Business Systems dictation driver	0.12/21-12-21
Nuance Audio Extensions for dictation	B308
Olympus driver for dictation	4.0.4
Philips Speech driver	13.2.3

Signature
Kofax SPVC Citrix Channel	3.1.41.0
signotec Citrix Channel	8.0.10
signotec VCOM Daemon	2.0.0
StepOver TCP Client	2.4.2

Smartcard
PKCS#11 Library A.E.T. SafeSign	3.6.0.0-AET.000
PKCS#11 Library Athena IDProtect	7-20210902
PKCS#11 Library cryptovision sc/interface	8.0.13
PKCS#11 Library Thales SafeNet	10.8.1050
PKCS#11 Library OpenSC	0.25.0~rc1-1igel1709808441
PKCS#11 Library Pointsharp NetID Enterprise	6.9.1.17
PKCS#11 Library Pointsharp NetID Client	1.1.4.38
PKCS#11 Library 90meter	3.0.0.45
Reader Driver ACS CCID	1.1.11-1igel1715329126
Reader Driver HID Global Omnikey	4.3.3
Reader Driver Identive CCID	5.0.35
Reader Driver Identive eHealth200	1.0.5
Reader Driver Identive SCRKBC	5.0.24
Reader Driver MUSCLE CCID	1.5.5-1igel1704887471
Reader Driver REINER SCT cyberJack	3.99.5final.sp14-2+b1igel1704984443
Resource Manager PC/SC Lite	2.2.1-1igel1715329696
Cherry USB2LAN Proxy	3.2.0.3

System Components
OpenSSL	1.0.2n-1ubuntu5.13igel1686114423
OpenSSL	1.1.1f-1ubuntu2.22
OpenSSL	3.0.2-0ubuntu1.15
OpenSSH Client	9.7p1-7igel1719842129
OpenSSH Server	9.7p1-7igel1719842129
Bluetooth Stack (bluez)	5.73-1igel1713457475
MESA OpenGL Stack	24.0.6-1+b1igel1715159987
VDPAU Library Version	1.5-2igel1677954724
Graphics Driver INTEL	2.99.917+git20210115-1igel1654609037
Graphics Driver ATI/RADEON	22.0.0-1igel1704966675
Graphics Driver ATI/AMDGPU	23.0.0-1igel1705669076
Graphics Driver Nouveau (Nvidia Legacy)	1.0.17-2igel1654608979
Graphics Driver Nvidia	525.147.05-0ubuntu0.22.04.1
Graphics Driver VMware	13.3.0-3igel1654607153
Graphics Driver QXL (Spice)	0.1.6-1igel1687782644
Graphics Driver FBDEV	0.5.0-2igel1654609009
Graphics Driver VESA	2.6.0-1igel1704966930
Input Driver Evdev	2.10.6-2+b1igel1647004239
Input Driver Elographics	1.4.3-1igel1678083379
Input Driver eGalax	2.5.8825
Input Driver Synaptics	1.9.2-1+b1igel1683803726
Input Driver VMMouse	13.1.0-1ubuntu2igel1628499891
Input Driver Wacom	1.2.0-3igel1709642706
Input Driver ELO Multitouch	4.3.0.0
Input Driver ELO Singletouch	5.2
Kernel	6.6.22 #mainline-lxos-g1720435065
Xorg X11 Server	21.1.12-1igel1720008240
Xorg Xephyr	21.1.12-1igel1720008240
CUPS Printing Daemon	2.4.7-2igel1718171599
PrinterLogic	25.1.0.637
Lightdm Graphical Login Manager	1.30.0-0ubuntu5igel1685475374
XFCE4 Window Manager	4.14.5-1~18.04igel1643191202
ISC DHCP Client	4.4.1-2.3ubuntu2.4
NetworkManager	1.42.4-1igel1692869696
ModemManager	1.22.0-3igel1705908135
GStreamer 1.x	1.24.1-1igel1712123636
Gstreamer 1.0 Fluendo aacdec	1.0.1
Gstreamer 1.0 Fluendo asfdemux	1.0.1
Gstreamer 1.0 Fluendo h264dec	1.0.4
Gstreamer 1.0 Fluendo mp3dec	1.0.1
Gstreamer 1.0 Fluendo mpeg4videodec	1.0.1
Gstreamer 1.0 Fluendo vadec	1.0.2
Gstreamer 1.0 Fluendo wmadec	1.0.1
Gstreamer 1.0 Fluendo wmvdec	1.0.1
WebKit2Gtk	2.44.2-1~deb12u1igel1716390763
WebKit2Gtk	2.40.5-1igel1700725614
Python3	3.10.12

VM Guest Support Components
Virtualbox Guest Utils	7.0.14-dfsg-4igel1709105342
Virtualbox X11 Guest Utils	7.0.14-dfsg-4igel1709105342
Open VM Tools	12.3.5-3~ubuntu0.22.04.1
Open VM Desktop Tools	12.3.5-3~ubuntu0.22.04.1
Xen Guest Utilities	7.20.2-0ubuntu1~22.04.2
Spice Vdagent	0.22.1-4+b1igel1704922460
Qemu Guest Agent	8.2.3+ds-2igel1715153009

Features with Limited IGEL Support
Mobile Device Access USB (MTP)	1.1.21-3.1igel1709728407
Mobile Device Access USB (imobile)	1.3.0-7.1igel1704836660
Mobile Device Access USB (gphoto)	2.5.31-2.1igel1709726214
VPN OpenConnect	9.12-1+b1igel1709637921
Scanner support	1.1.1-5
VirtualBox VM within IGEL OS	7.0.14-dfsg-4igel1709105342
Virtual Background for Webcam

Services	Size	Reduced Firmware
Asian Language Support	21.8M	Included
Java SE Runtime Environment	53.8M	Included
Citrix Workspace app Citrix StoreFront Citrix Appliance	813.0M	Included
Ericom PowerTerm InterConnect	10.0M	Included
Media Player	256.0K	Included
Local Browser (Firefox) Citrix Appliance	86.8M	Included
VMware Horizon RDP	4.8M	Included
Cendio ThinLinc	10.8M	Included
Printing (Internet printing protocol CUPS)	18.5M	Included
NoMachine NX	26.0M	Included
VMware Horizon	194.5M	Included
Voice over IP (Ekiga)	6.0M	Included
Citrix Appliance	768.0K	Included
NCP Enterprise VPN Client	11.5M	Not included
Fluendo GStreamer Codec Plugins	3.2M	Included
IBM i Access Client Solutions	134.8M	Not included
Red Hat Enterprise Virtualization	2.8M	Included
Parallels Client	5.8M	Included
NVIDIA graphics driver	372.5M	Not included
Imprivata Appliance	31.8M	Included
AppliDis	256.0K	Included
Evidian AuthMgr	2.8M	Included
Hardware Video Acceleration	14.8M	Included
Extra Font Package	1.0M	Included
Fluendo GStreamer AAC Decoder	768.0K	Included
x32 Compatibility Support	4.2M	Included
Cisco JVDI client	61.5M	Included
PrinterLogic	37.5M	Not included
Biosec BS Login	9.8M	Not included
Login VSI Login Enterprise	28.2M	Not included
Stratusphere UX CID Key software	5.2M	Not included
Elastic Filebeat	35.5M	Not included
AVD	39.8M	Included
Local Browser (Chromium)	117.5M	Not included
Amazon WorkSpaces Client	32.2M	Included
deskMate Client	5.5M	Included
Cisco Webex VDI	100.2M	Not included
Cisco Webex Meetings VDI	193.5M	Not included
Zoom Media Plugin	180.8M	Not included
DriveLock	12.5M	Included
SpeechWrite Client	256.0K	Included
IGEL Agent for Imprivata	512.0K	Included
LRS Output Management	256.0K	Included
Fluendo Browser Codec Plugins	10.2M	Included
HP Factory deployment documentation	88.0M	Included
BIOS Tools	2.0M	Included
HP Anyware Client	34.8M	Included
90meter Smart Card Support	512.0K	Included
Mobile Device Access USB (Limited support) Virtualbox (Limited support) VPN OpenConnect (Limited support) Scanner support / SANE (Limited support) Virtual Background for Webcam (Limited IGEL Support) Limited Support Features	256.0K	Not included
Mobile Device Access USB (Limited support)	256.0K	Not included
VPN OpenConnect (Limited support)	1.0M	Not included
Scanner support / SANE (Limited support)	8.0M	Not included
Virtualbox (Limited support)	74.0M	Not included
Virtual Background for Webcam (Limited IGEL Support)	45.8M	Included

Known Issues

Citrix

Adding smartcard readers during running / active session does not work. The reader is visible, but cannot be used due to unknown reader status. Only relevant for CWA versions earlier than 2112.
Browser Content Redirection (BCR) does not work if DRI3 and hardware accelerated H.264 deep compression codec is enabled.
Citrix H.264 acceleration plugin does not work with enabled server policy "Optimize for 3D graphics workload" in combination with server policy "Use video codec compression" -> *"For the entire screen"**.
Currently H.264 for Citrix sessions cannot be used in parallel with video input acceleration.
While starting Self-Service, it is possible that process ServiceRecord segfaults -> Self-Service cannot be started afterwards.
A cache cleanup with reboot is needed. In addition, the following parameters should set to true.

Parameter	`Clean up UI cache after Self-Service termination`
Registry	`ica.selfservice.cleanupwebui`
Value	false (default)/true
Parameter	`Clean up Store cache after Self-Service termination`
Registry	`ica.selfservice.cleanupstore`
Value	false (default)/true

Browser Content Redirection (BCR) may not work with Chrome version 105.0.* or later. See https://support.citrix.com/article/CTX473065/hdx-browser-content- redirection-broken-with-google-chrome-browser-version-105-or-higher
White / green fragments may appear during desktop launch if JPEG graphical codec is used.
MS Teams calls may stop if blurred background is enabled. This affects Citrix Workspace App 2305 and later.
ZoomVDI version 5.16 or newer is no longer supported with Citrix Workspace app 20.10
Browser Content Redirection (BCR) may not work with Citrix workspace app 23.11 and current Chrome versions.
If Self-Service is closed when the credential window is active, it may happen that the session cannot be restarted. A reboot is necessary.

OSC Installer

OSC not deployable with IGEL Deployment Appliance: Version 11.3 or later is required for deploying IGEL OS 11.06. and following.

AVD

When closing the AVD client while audio input (microphone redirection) is in use, the client might crash. This will be fixed in future versions.
Webcam redirection support is preliminary / experimental and may not work with all webcams yet.
H.264 hardware decoding for MS-Teams optimization is currently limited to non- AMD devices due to stability issues on AMD devices.

VMware Horizon

After disconnect of an RDP-based session, the Horizon main window which contains the server or sessions overview, cannot be resized anymore.
Copying text from Horizon Blast sessions is not possible.
The on-screen keyboard in Horizon appliance mode does not work correctly with local logon.
It is necessary to switch off local logon and enable the following two keys via IGEL registry:
userinterface.softkeyboard.autoshow
userinterface.softkeyboard.autohide
With usage of PCoIP protocol, the virtual channel provided by VMware used for serial port and scanner redirection could freeze on logout from remote session.
This happens only with enabled scanner or serial port redirection.
The freeze does not occur if both redirection methods are enabled or none of them. The Blast Protocol is not affected by this bug.
The respective settings can be found in the IGEL Registry:
vmware.view.enable-serial-port-redir
vmware.view.enable-scanner-redir
Keyboard Input Source Language Synchronization works only with usage of local layout and deadkeys enabled.
If a keyboard layout is used which has deadkeys disabled (which is the default on IGEL OS), Horizon client falls back to en-US layout.
PCoIP sessions may crash in some cases, switch to Blast Protocol is recommended then. H.264/HEVC encoding can be disabled when overall performance is too low.
Client drive mapping and USB redirection for storage devices can be enabled at the same time, but this could lead to sporadic problems.
Horizon Client tracks the drives which are dynamically mounted and adds them to the remote session using client drive mapping, means USB redirection is not used for theses devices then.
However, in case of devices like USB SD card readers, Horizon does not map them as client drives but forcefully uses USB-redirection which results in an unclean unmount.
As a work-around, the IDs of these card readers can be added to IGEL USB access rules and denied.

Parallels Client

Attached storage devices appear as network drives in the remote session
USB device redirection is considered as experimental for the Parallels client for Linux

Chromium

Hardware accelerated video decoding is currently not supported.

Firefox

With enabled Citrix Browser Content Redirection, Firefox has no H.264 and AAC multimedia codec support. Means, when codec support is needed in Firefox, BCR needs to be disabled. Citrix Browser Content Redirection is disabled by default.

Network

Wakeup from system suspend fails on DELL Latitude 5510

Cisco JVDI Client

Citrix Workspace App 2010 may cause problems with Cisco JVDI. Newer ZoomVDI versions and App Protection are no longer supported with CWA 2010.

Base system

After updating the BIOS on the HP mt645 G7 or HP mt645 G8, the device shuts down instead of rebooting.
Update from memory stick requires network online state (at least when multiple update stages are triggered / necessary)
It is not possible to perform an unattended OS12 migration to base system 12.2.0 as an additional / manual reboot is necessary. The recommended upgrade version for unattended migration is base system 12.2.1.
Due to suspend/resume issues of a Innodisk NVME we disabled the suspend support for systems where this NVME is present. The issue otherwise will lead to a complete loose of the storage device as the NVME will not work after resume.

Conky

The right screen when using multiscreen environment may not be shown correctly.
Workaround: The horizontal offset should be set to the width of the monitor (e.g.�if the monitor has a width of 1920, the offset should be set to 1920)

Firmware update

A firmware update started on 11.10.100 can sporadically block, so that the device must be rebooted manually. The update continues without problem after reboot.
On devices with 4 GB flash storage or smaller it could happen that there is not enough space for updating all features. In this case, a corresponding error message occurs. Please visit https://kb.igel.com/igelos-11.09/en/error- not-enough-space-on-local-drive-when-updating-to-igel-os-11-08-or- higher-101059051.html for a possible solution and additional information.

Appliance Mode

When ending a Citrix session in browser appliance mode, the browser is restarted twice (instead of once).
Appliance mode RHEV/Spice: spice-xpi firefox plugin is no longer supported. The "Console Invocation" has to allow `Native� client (auto is also possible) and should be started in fullscreen to prevent any opening windows.
Browser Appliance mode can fail when the Web URL contains special control characters like ampersand (& character).
Workaround: Add quotes at the beginning and the end of an affected URL. E.g.:
`https://www.google.com/search?q=aSearchTerm&source=lnms&tbm=isch�

Audio

Audio jack detection on Advantec POC-W243L does not work. Therefore, sound output goes through a possibly connected headset and also the internal speakers.
UD3-M340C: Sound preferences are showing Headphone & Microphone, although not connected.
Microphone (TRRS headset) is broken on LG 27CN650

Multimedia

Multimedia redirection with GStreamer could fail when using Nouveau GPU driver.

Hardware

Audio- and mic mute function key led is not working on HP Elite mt645 G8.
Some HP devices will turn off instead of restarting during the BIOS update procedure. After turning the devices back on manually, it may take up to three minutes before anything is displayed on the screen (the only indicator is the power LED). Wake on LAN (e.g.�via UMS) doesn�t seem to work in this state, either.
The BIOS is still updated successfully.
Affected devices as of the time of this writing:
mt645 G7
mt645 G8
Wake up from suspend via UMS does not work on HP mt645 devices. Workaround: Disable system suspend and use shutdown instead.
Built-in fingerprint sensor is not supported on HP mt440 and mt645.
MAC-Address Passthrough not supported on Lenovo USB-C Hybrid Docking Station.
Wake-on-Lan via docking stations is not supported.
In some rare cases it is possible that connecting or booting Lenovo USB-C Hybrid Docking station over USB-C results in non working / faulty display output.
** It may help to (re-)connect via USB-A. If this is the case, USB-C should be also functional then.
Display configuration of displays connected to HP G5 Docking Station may fail with HP t655.

Remote Management

AIT feature with IGEL Starter License is only supported by UMS version 6.05.100 or newer.

Release Notes 11.10.150 (Based On 11.10.100)

New Features

AVD

Updated IGEL AVD to version 1.2.0
Based on the latest RdClientSDK from Microsoft
UI update for AVD sessions
Added UDP shortpath

Registry	`sessions.wvd%.options.udp-short-path`
Value	enabled (default) / disabled

Added smartcard support

Registry	`sessions.wvd%.options.enable-smartcard`
Value	enabled / disabled (default)

Added network status

Registry	`sessions.wvd%.options.network-status-in-toolbar`
Value	enabled (default) / disabled

Registry	`sessions.wvd%.options.network-status-on-startpage`
Value	enabled (default) / disabled

Added battery status (if battery exists)

Registry	`sessions.wvd%.options.battery-status-in-toolbar`
Value	enabled (default) / disabled

Registry	`sessions.wvd%.options.battery-status-on-startpage`
Value	enabled (default) / disabled

Added hidden login

Registry	`sessions.wvd%.options.hidden-login`
Value	enabled / disabled (default)

Registry	`sessions.wvd%.options.hidden-login-timeout`
Value	5000 (default)

Added preliminary / experimental webcam redirection

Registry	`sessions.wvd%.options.enable-webcam-redirection`
Value	enabled / disabled (default)

Added FPS (frames per second) indicator

Registry	`sessions.wvd%.options.show-fps`
Value	enabled / disabled (default)

VMware Horizon

Updated VMware Horizon Client to version 2312.1-8.12.1-23543969.

IGEL Agent for Imprivata

Added teardown screensaver on badge event
- Added showing computername in lockscreen�s upper right corner
- Added support for cookieinsert method for Citrix virtual server on NetScaler.

Parameter	`NetScaler�COOKIEINSERT`
Registry	`iia.cookieinsert`
Type	string
Value	""(default)

Fixed Device Control Button�s visibility not in sync with Computer Policy

Smartcard

Updated Pointsharp Net iD Client to version 1.1.4.38. Detailed release notes via https://docs.pointsharp.com/net-id-client/latest/nic-release- notes/nic-114-release-notes.html
Net iD user service now is configurable and disabled by default - set / enable via following registry parameter:

Parameter	Net iD Client user service
Registry	scard.pkcs11.netid-client.userservice
Value	false (default) / true

Fixed AD/Kerberos login with username and password when login with Net iD Client smartcard is active. For this, Net iD SessionToken was disabled by default. It can be enabled via the following registry parameter:

Parameter	SessionToken
Registry	scard.pkcs11.netid-client.sessiontoken
Value	false (default) / true

Cisco Webex

Updated Cisco Webex VDI to version 44.4.0.29960

Base system

Added HP BIOS tools to update the BIOS version, BIOS settings and BIOS password on supported HP mobile devices HP Pro mt440 G3, HP Elite mt645 G7 and HP Elite mt645 G8. IGEL supports the BIOS update mechanism only - all BIOS updates are performed / executed at own risk!
Added option to set hardware clock. The default, Auto, will look for Windows partitions and, if present, assume that Windows is installed and the real time clock is set to local time.

Parameter	`HW clock timezone`
Registry	`system.time.hwclock_timezone`
Range	[Auto (default)] [UTC] [localtime]

X11 system

Added alternative Display Switcher implementation to solve issues with multiscreen setups on docking stations. This alternative implementation must be enabled by following parameter:

Parameter	`Use new user_display_xrandr`
Registry	`x.new_user_display_xrandr`
Value	enabled / disabled (default)

The alternative implementation is only used if "Smart display configuration" parameter is enabled:

IGEL Setup	`Accessories / Display Switch / Options`
Parameter	`Smart display configuration`
Registry	`x.auto_associate`
Value	enabled (default) / disabled

This implementation can not yet be used in multi GPU scenarios.

IgelDesktop

Replaced IGEL company logo with new design in wallpaper and Setup Assistant.
Replaced IGEL company logo with new design in screensaver.

Audio

Added parameter to enable or disable audio overamplification:

Parameter	`Output overamplification`
Registry	`userinterface.sound.overamplification`
Type	bool
Value	enabled (default) / disabled

Parameter	`Input overamplification`
Registry	`userinterface.sound.input_overamplification`
Type	bool
Value	enabled (default) / disabled

Evidian

Updated Evidian�s rsUserAuth to version 1.5.8825.
- Added RFIDeas PC/SC Mixed-Mode.
  Set "RFIDMixMode=on" in rsUserAuth.ini configuration file and handle RFIDeas badges as PC/SC one.
- Added support for Read-only protection on the domain field.
  Set "GreyOutDomainField=on" in rsUserAuth.ini configuration file to set Domain field uneditable.
- Fixed welcome screen not properly displayed with different DPI Settings. Homogenization of the entire interface.

Hardware

IGEL UD7 H850C (UD7-LX 10, UD7-LX 11): Removed hardware support.
Added support for Intel EC1000R network device.
Added hardware support for HP Elite mt645 G8 Mobile Thin Client.
Added hardware support for Lenovo Thinkpad L14 Intel Gen 5.
Updated fwupd to version 1.9.19
Updated IGEL LVFS bios tools to allow controlling CapsuleOnDisk updates via the new parameter: fwtools.bios-tools.disable_capsule_on_disk (default: true)
Improved hardware detection of supported LG devices.
Added support for Quectel CAT16 WW SKU - EM160R-GL Gen2 and Quectel CAT 6 WW SKU - EM061K-GL on Lenovo ThinkPad L14 Intel Gen5

Fabulatech

Updated FabulaTech plugins to version 4.0.0.2
Updated FabulaTech Scanner for Remote Desktop to version 3.6.1.3
Updated FabulaTech USB for Remote Desktop to version 6.2.0.0

Security Fixes

Chromium

Fixed Chromium security issues CVE-2024-6103, CVE-2024-6102, CVE-2024-6101, CVE-2024-6100, CVE-2024-5847, CVE-2024-5846, CVE-2024-5845, CVE-2024-5844, CVE-2024-5843, CVE-2024-5842, CVE-2024-5841, CVE-2024-5840, CVE-2024-5839, CVE-2024-5838, CVE-2024-5837, CVE-2024-5836, CVE-2024-5835, CVE-2024-5834, CVE-2024-5833, CVE-2024-5832, CVE-2024-5831, CVE-2024-5830, CVE-2024-5499, CVE-2024-5498, CVE-2024-5497, CVE-2024-5496, CVE-2024-5495, CVE-2024-5494, CVE-2024-5493, CVE-2024-5274, CVE-2024-5160, CVE-2024-5159, CVE-2024-5158, CVE-2024-5157, CVE-2024-4950, CVE-2024-4949, CVE-2024-4948, CVE-2024-4947, CVE-2024-4761, CVE-2024-4671, CVE-2024-4559, CVE-2024-4558, CVE-2024-4368 and CVE-2024-4331.
Updated Chromium browser to version 126.0.6478.114.

Firefox

Updated Mozilla Firefox to version 115.12 ESR
Fixes for mfsa2024-26, also known as:
CVE-2024-5702, CVE-2024-5688, CVE-2024-5690, CVE-2024-5691,
CVE-2024-5693, CVE-2024-5696, CVE-2024-5700.
Fixes for mfsa2024-22, also known as:
CVE-2024-4367, CVE-2024-4767, CVE-2024-4768, CVE-2024-4769,
CVE-2024-4770, CVE-2024-4777.
Fixes for mfsa2024-19, also known as:
CVE-2024-3852, CVE-2024-3854, CVE-2024-3857, CVE-2024-2609,
CVE-2024-3859, CVE-2024-3861, CVE-2024-3302, CVE-2024-3864.

Base system

Fixed glibc security issues CVE-2024-33602, CVE-2024-33601, CVE-2024-33600, CVE-2024-33599 and CVE-2024-2961.
Fixed gnutls28 security issues CVE-2024-28835 and CVE-2024-28834.
Fixed nghttp2 security issue CVE-2024-28182.
Fixed pillow security issue CVE-2024-28219.
Fixed less security issue CVE-2024-32487.
Fixed tpm2-tss security issue CVE-2024-29040.
Fixed libvirt security issues CVE-2024-4418 and CVE-2024-2494.
Fixed qemu security issues CVE-2024-3567, CVE-2024-3447, CVE-2024-3446, CVE-2024-26328 and CVE-2024-26327.
Fixed tpm2-tools security issues CVE-2024-29039 and CVE-2024-29038.
Fixed xorg-server security issues CVE-2024-31083, CVE-2024-31082, CVE-2024-31081 and CVE-2024-31080.
Fixed glib2.0 security issue CVE-2024-34397.
Fixed zulu17-ca security issues CVE-2024-21012, CVE-2023-41993, CVE-2024-21011, CVE-2024-21005, CVE-2024-21004, CVE-2024-21003, CVE-2024-21002, CVE-2024-21094 and CVE-2024-21068.
Fixed webkit2gtk security issues CVE-2024-27834, CVE-2024-23284, CVE-2024-23280, CVE-2024-23263, CVE-2024-23254, CVE-2024-23252, CVE-2023-42956, CVE-2023-42950 and CVE-2023-42843.
Fixed python-idna security issue CVE-2024-3651.
Fixed libxml2 security issue CVE-2024-34459.
Fixed postgresql-14 security issue CVE-2024-4317.
Fixed iperf3 security issue CVE-2024-26306.
Fixed libarchive security issue CVE-2024-26256.
Fixed aom security issue CVE-2024-5171.
Fixed gdk-pixbuf security issue CVE-2022-48622.
Fixed giflib security issues CVE-2022-28506 and CVE-2021-40633.
Fixed tiff security issue CVE-2023-3164.
Fixed cups security issue CVE-2024-35235.
Fixed mysql-8.0 security issues CVE-2024-21102, CVE-2024-21096, CVE-2024-21087, CVE-2024-21069, CVE-2024-21062, CVE-2024-21060, CVE-2024-21054, CVE-2024-21047, CVE-2024-21013, CVE-2024-21009, CVE-2024-21008, CVE-2024-21000, CVE-2024-20998 and CVE-2024-20994.
Fixed libndp security issue CVE-2024-5564.
Fixed ntfs-3g security issue CVE-2023-52890.
Fixed ffmpeg security issues CVE-2023-50010, CVE-2023-51793, CVE-2023-51794, CVE-2023-51795, CVE-2023-51798 and CVE-2024-31585.
Fixed ghostscript security issues CVE-2024-33871, CVE-2024-33870, CVE-2024-33869, CVE-2024-29510 and CVE-2023-52722.
Fixed privilege escalation in network management.
Fixed openssh security issue CVE-2024-6387.

Resolved Issues

Citrix

Fixed not working HDX webcam redirection for Citrix 2203 and later.
Fixed Browser Content Redirection.

AVD

Fixed AVD session when driven from IGEL Imprivata Agent

RDP/IGEL RDP Client 2

Fixed RDP Session dropping characters when input occurs too fast.

RD Web Access

Fixed Passthrough and Kerberos Authentication for RD Web Access.
Added block for keyboard shortcuts containing windows key for RD Web Access apps. Can be disabled in IGEL Setup

Registry	`rdp.rd_web_access.suppress-windows-key-shortcuts`
Value	enabled (default) / disabled

Fixed RD Web Access failing with Error 400 by providing a new RD Web Tool. A switch back to the old tool is possible via IGEL Setup Registry:

Registry	`rdp.rd_web_access.options.legacy_rdweb`
Value	enabled / disabled (default)

Chromium

Fixed still being able to download files if file access was disabled - occured in combination with empty download directory.

Network

On devices that support mobile broadband and eSim an automatic switch to the physical sim slot is now performed if eSim has no profile assigned

Base system

Fixed Post Session Command `Shutdown�.
Fixed wrong assignment of socks proxy port

Hardware

Fixed missing firmware file for Intel 9462NGW Wi-Fi.
Fixed LVFS BIOS update on Lenovo ThinkCentre M70q Gen3.
Fixed microphone mute function key on HP mt645 G8.

Remote Management

Fixed resource leak in ICG reconnect mechanism.
Fixed: All connections / device connectors are used during OS 12 migration now.
Fixed ICG reconnecting - now it reliably invokes a reconnect whenever a device is not connected to configured ICG server.
Fixed UMS registering via UMS registration tool in IGEL OS - if device is registered to root directory in UMS.

Release Notes 11.10.100

New Features

Citrix

Updated Citrix Workspace App to version 2402.
Available Citrix Workspace Apps in this release: 2402 (default), 2311 and 2010
New features:
Synchronize multiple keyboards at session start. All available keyboards on client are synchronized with VDA after the session starts in full-screen mode.

Parameter	`Synchronize multiple keyboards at session start`
Registry	`ica.wfclient.SyncKbdLayoutList`
Value	false (default) / true

Support for Audio volume synchronization. Synchronize audio volume between the VDA and connected audio devices.

Parameter	`Support for Audio volume synchronization`
Registry	`ica.module.EnableVolumeSync`
Value	true (default)/ false

Default values of the following have been changed as per Citrix.
Enable Packet Loss Concealment to improve audio performance. "ica.module.PacketLossConcealmentEnabled = True"
Loss tolerant mode for audio. "ica.module.EdtUnreliableAllowed = True"
Use system Audio in MS Teams while screen sharing.

Parameter	`Use system Audio in MS Teams while screen sharing`
Registry	`ica.module.EnableVolumeListener`
Value	false (default)/ true

Enhanced Desktop Viewer toolbar [Technical Preview]

Parameter	`Enhanced Desktop Viewer toolbar`
Registry	`ica.wfclient.ToolbarVersion`
Value	0 (default)/ 1

Customize toolbar [Technical Preview]. From this version onwards, it is possible to activate or deactivate each button individually instead of the entire toolbar.

Parameter	`Show USB device button`
Registry	`ica.module.DevicesButtonVisible`
Value	true (default)/ false

Note: Similarly, you can activate or deactivate the following buttons in the toolbar. They are all activated by default.
ica.module.CloseButtonVisible
ica.module.FullscreenButtonVisible
ica.module.MinimizeButtonVisible
ica.module.PinButtonVisible
ica.module.PreferencesButtonVisible
ica.module.ShortcutsButtonVisible
ica.module.SwitchDesktopButtonVisible
Include system audio while screen sharing in MS Teams

Parameter	`Share system audio`
Registry	`ica.teams.sharesystemaudio`
Value	false (default)/ true

Specify the minimum and maximum range of UDP ports for Microsoft Teams optimization. If the UDP Port cannot be allocated for any reason, the WebRTC falls back to TCP. Minimum range of UDP ports for Microsoft Teams optimization.

Parameter	`UDP Port range minimum`
Registry	`ica.teams.PortRangeMin`
Value	3000

Maximum range of UDP ports for Microsoft Teams optimization.

Parameter	`UDP Port range max`
Registry	`ica.teams.PortRangeMax`
Value	3100

Firefox

Fixed lock of browser in kiosk mode, when URL or navigation bar are blocked:
Firefox asks the user using a dialog to query for permissions of the current website for location access, microphone and camera use, notifications and auto-play of media streams.
In recent Firefox versions this locks the browser in case the URL-input or even the whole navigation bar are not shown.
To prevent, following policies / parameters are added:
If permissions are needed, these must be granted for the specific websites in advance. Note that wild-cards in the URLs cannot be used.
These websites, depending on the type of permission, must be added here:
browserglobal.app.permissions.microphone.allowed%.origin
browserglobal.app.permissions.webcam.allowed%.origin
browserglobal.app.permissions.location.allowed%.origin
browserglobal.app.permissions.notification.allowed%.origin
browserglobal.app.permissions.autoplay.allowed%.origin

Parameter	{{Website with microphone access}}
Registry	{{browserglobal.app.permissions.microphone.allowed%.origin}}
Type	string
Value	empty Default

Parameter	{{Website without microphone access}}
Registry	{{browserglobal.app.permissions.microphone.blocked%.origin}}
Type	string
Value	empty Default

Parameter	{{Block new requests for microphone access}}
Registry	{{browserglobal.app.permissions.microphone.blocknew}}
Type	bool
Value	enabled / disabled (default)

Parameter	{{Microphone access settings locked}}
Registry	{{browserglobal.app.permissions.microphone.locked}}
Type	bool
Value	enabled / disabled (default)

Parameter	{{Website with webcam access}}
Registry	{{browserglobal.app.permissions.camera.allowed%.origin}}
Type	string
Value	empty Default

Parameter	{{Website without webcam access}}
Registry	{{browserglobal.app.permissions.camera.blocked%.origin}}
Type	string
Value	empty Default

Parameter	{{Block new requests for webcam access}}
Registry	{{browserglobal.app.permissions.camera.blocknew}}
Type	bool
Value	enabled / disabled (default)

Parameter	{{Webcam access settings locked}}
Registry	{{browserglobal.app.permissions.camera.locked}}
Type	bool
Value	enabled / disabled (default)

Parameter	{{Allow Website to send notifications}}
Registry	{{browserglobal.app.permissions.notification.allowed%.origin}}
Type	string
Value	empty Default

Parameter	{{Deny Website to send notifications}}
Registry	{{browserglobal.app.permissions.notification.blocked%.origin}}
Type	string
Value	empty Default

Parameter	{{Block new notification requests}}
Registry	{{browserglobal.app.permissions.notification.blocknew}}
Type	bool
Value	enabled / disabled (default)

Parameter	{{Notification settings locked}}
Registry	{{browserglobal.app.permissions.notification.locked}}
Type	bool
Value	enabled / disabled (default)

Parameter	{{Allow autoplay on Website}}
Registry	{{browserglobal.app.permissions.autoplay.allowed%.origin}}
Type	string
Value	empty Default

Parameter	{{Block autoplay on Website}}
Registry	{{browserglobal.app.permissions.autoplay.blocked%.origin}}
Type	string
Value	empty Default

Parameter	{{Autoplay Default}}
Registry	{{browserglobal.app.permissions.autoplay.default}}
Range	[Allow Audio and Video][Block Audio][Block Audio and Video]
Value	Block Audio

Parameter	{{Autoplay settings locked}}
Registry	{{browserglobal.app.permissions.autoplay.locked}}
Type	bool
Value	enabled / disabled (default)

Parameter	{{Website with location access}}
Registry	{{browserglobal.app.permissions.location.allowed%.origin}}
Type	string
Value	empty Default

Parameter	{{Website without location access}}
Registry	{{browserglobal.app.permissions.location.blocked%.origin}}
Type	string
Value	empty Default

Parameter	{{Block new location requests }}
Registry	{{browserglobal.app.permissions.location.blocknew}}
Type	bool
Value	enabled / disabled (default)

Parameter	{{Location settings locked}}
Registry	{{browserglobal.app.permissions.location.locked}}
Type	bool
Value	enabled / disabled (default)

IGEL Agent for Imprivata

Updated IGEL Agent for Imprivata to version 1.0.0.
Added Features:
Changed FUS (Fast User Switching) to be a standalone IGEL Session.
Removed `rfideas-only barrier� for virtual channel.
Changed running text to show only the username.
Improved logging.
Introduced new parameter to insert command to execute on FUS user switch or logout:

Registry	`iia.fus_user_change_cmd`
Type	string
Value	"" (default)

Introduced new reg key to configure the LockScreen shortcut:

Registry	`iia.lockscreen_shortcut`
Type	string
Value	""(default)

Security Fixes

Chromium

Updated Chromium browser to version 124.0.6367.78. (ISN 2024-11)

Base system

Fixed aom security issues CVE-2021-30475, CVE-2021-30474, CVE-2021-30473, CVE-2020-36135, CVE-2020-36133, CVE-2020-36131 and CVE-2020-36130.
Fixed openssl security issues CVE-2024-0727, CVE-2023-5678, CVE-2023-3817 and CVE-2023-3446.
Fixed zlib security issues CVE-2022-37434 and CVE-2018-25032.
Fixed pipewire security issue CVE-2022-4964.
Fixed libuv1 security issue CVE-2024-24806.
Fixed libwebp security issue CVE-2023-4863.
Fixed iwd security issue CVE-2024-28084.
Fixed qemu security issue CVE-2023-6683.
Fixed opensc security issues CVE-2024-1454 and CVE-2023-5992.
Fixed libde265 security issues CVE-2023-49468, CVE-2023-49467, CVE-2023-49465, CVE-2023-47471, CVE-2023-43887, CVE-2023-27103, CVE-2023-27102, CVE-2023-25221, CVE-2023-24758, CVE-2023-24757, CVE-2023-24756, CVE-2023-24755, CVE-2023-24754, CVE-2023-24752, CVE-2023-24751, CVE-2022-47665, CVE-2022-43250, CVE-2022-43249, CVE-2022-43245 and CVE-2022-43244.
Fixed postgresql-14 security issue CVE-2024-0985.
Fixed tiff security issues CVE-2023-6277, CVE-2023-6228 and CVE-2023-52356.
Fixed dnsmasq security issues CVE-2023-50868 and CVE-2023-50387.
Fixed python-cryptography security issue CVE-2023-50782.
Fixed less security issue CVE-2022-48624.
Fixed expat security issue CVE-2024-28757.
Fixed libxml2 security issue CVE-2024-25062.
Fixed texlive-bin security issues CVE-2024-25262 and CVE-2023-32668.
Fixed vim security issues CVE-2024-22667 and CVE-2023-2426.
Fixed unixodbc security issue CVE-2024-1013.
Fixed bash security issue CVE-2022-3715.
Fixed util-linux security issue CVE-2024-28085.
Fixed curl security issues CVE-2024-2398 and CVE-2024-2004.
Fixed libvirt security issue CVE-2024-1441.
Updated intel-microcode to version 20240312.
Removed custom command selection from application start dialog of file manager to prevent execution of arbitrary commands by user. (ISN 2024-09)
Fixed a privilege escalation issue in the starter license. Acknowledgements to Zack Didcott for responsible disclosure. (ISN-2014-12)

Resolved Issues:
* Fixed display of German Umlauts (non-ascii chars).
* Fixed password change after 2nd factor is submitted.

Base system

Changed initial default device name and hostname of UD Pockets to
"UDP". Systems already in use will only be affected after reset to factory defaults.
Updated OpenVPN client to version 2.6.9.
Updated GStreamer to version 1.24.1.
Updated Virtualbox guest tools to version 7.0.14.
Updated MESA OpenGL Stack to version 24.0.4
Updated ATI/RADEON Graphics Driver to version 22.0.0
Updated NVIDIA Graphics Driver to version 525.147.05
Updated VESA Graphics Driver to version 2.6.0
Updated ModemManager to version 1.22.0.
Updated kernel to version 6.6.22.

Resolved Issues

Citrix

Added registry key ica.chrome-double-download to control flock feature at wfica_wrapper. `Enable flock� blocks double app starts (due to double downloads by Chromium browser).

Parameter	`Control download mechanic for Citrix applications for Chrome web access`
Registry	`ica.chrome-double-download`
Range	[Enable Lock][Disable Lock]
Value	enable / disable (default)

After connecting to Citrix VDA, support for multiple audio devices sometimes may not work. This problem has been fixed.
New parameter since CWAL-2402: Availability of Credential Insertion SDK for cloud stores (see: https://docs.citrix.com/en-us/citrix-workspace-app-for- linux/sdk-and-api.html)

Parameter	`CredentialInsertionEnabled`
Registry	`ica.authman.CredentialInsertionEnabled`
Value	false (default) / true

Changed / corrected parameter name from KioskFUIEnhanced to KioskSFUIEnhanced

Parameter	`KioskSFUIEnhanced`
Registry	`ica.authman.KioskSFUIEnhanced`
Type	bool
Value	enabled / disabled (default)

Added parameter ica.authman.longLivedTokenSupport. Previously the value was set to constant "false", now it is possible to set / configure. "true" enables re-login with Selfservice.

Parameter	`longLivedTokenSupport`
Registry	`ica.authman.longLivedTokenSupport`
Value	false (default) / true

RD Web Access

Fixed RD Web Access failing with Error 400 by providing a new RD Web Tool. A switch back to the old tool is possible via IGEL Setup Registry:

Registry	`rdp.rd_web_access.options.legacy_rdweb`
Value	enabled / disabled (default)

Chromium

Fixed blocking file access was not working if URLBlocklist was defined as custom policy.
Fixed RDP sessions did not properly start from Chromium Browser.

Firefox

Fixed automatic restart of Firefox sessions.
Fixed microphone pop-up.

Network

Added configuration for PKCS#7 encryption and signature algorithms (see sscep options -E and -S)

Parameter	{{PKCS#7 encryption algorithm}}
Registry	{{network.scepclient.cert%.encalg}}
Range	[automatic][des][3des][blowfish][aes128][aes192][aes256]
Value	__ (automatic)

Parameter	{{PKCS#7 signature algorithm}}
Registry	{{network.scepclient.cert%.signalg}}
Range	[automatic][md5][sha1][sha224][sha256][sha384][sha512]
Value	__ (automatic)

Fixed sporadic network connection problems on Lenovo L14/L15 Gen4 AMD if ethernet cable is un- and re-plugged.

Open VPN

Added configuration to enable legacy cryptographic algorithms for openssl.

Parameter	`Enable legacy cryptographic algorithms`
Registry	`system.openssl.legacy-cryptographic-algorithms`
Type	bool
Value	disabled (default) / enabled

OpenConnect VPN

Removed dependency on ipsec-tools

HID

Fixed touchpad activation/deactivation via hotkey.

CUPS Printing

Fixed PrinterLogic startup.

Base system

Fixed OS12 migration issues.

X11 system

Fixed crash with HP t655 and two monitors connected to G5 docking station.
Added registry key to change the connector order of intel GPUs. Newer kernels changed the order, this can be used to revert it to former state.

Parameter	{{Reverse the connector enumeration.}}
Registry	{{x.drivers.intel.reverse_connector_enumeration}}
Range	[Default][No][Yes]
Value	Default

Audio

Fixed audio on HP t240: Removed internal speaker and microphone devices as not supported. Fixed hotplug of external headsets.
Added new entry in registry to prevent automatic switching of bluetooth profile.

Parameter	{{Set pulseaudio auto switching headset to A2DP}}
Registry	{{multimedia.pulseaudio.daemon.module-bluetooth-autoswitch-to-a2dp}}
Type	bool
Value	enabled (default) / disabled

Changed: On first boot (after installation) all devices are set to 50% volume.
Fixed headset at LG CK500

Licensing

Fixed IGEL license detection on hardware where network interface initialization takes more time.

Hardware

Fixed missing firmware file for intel 9462ngw WiFi.
Added hardware recognition to include LG 24CN670IK6N for fixing related audio issues.