KCM Version 2.16.0

Security Updates

• Base version of Apache Guacamole updated to 1.5.2 from 1.3.0

  • KCM has been using Apache Guacamole 1.3.0 as its basis for some time now, backporting changes from upstream over time. With the latest upstream release being 1.5.2, we should bring our packages up-to-date with that release and remove any patches that are no longer necessary.

  • The upstream Apache Guacamole 1.5.2 release contains changes that address issues with security implications. The issues in question:

    • CVE-2023-30575: Apache Guacamole: Incorrect calculation of Guacamole protocol element lengths

    • CVE-2023-30576: Apache Guacamole: Use-after-free in handling of RDP audio input buffer

  • With this base version update, there are no implications for compatibility. Extensions that worked with previous versions of KCM should continue to work identically.

• Dependency updates

  • The various C, Java, and JavaScript dependencies used by KCM are brought up-to-date with their latest available and compatible versions.

New Features

• apply command for kcm-setup.run

  • The kcm-setup.run installation script now provides an apply command to more easily allow administrators to apply changes made to docker-compose.yml: ./kcm-setup.run apply

    • Unlike upgrade, the apply command strictly applies changes made externally to docker-compose.yml and does not pull new images.

    • The installation script has also been updated to use depends_on within declared services to ensure that stop need not be run before upgrade or apply are used. Administrators can simply run the command and rely on the script and Docker Compose to automatically stop/start services as needed.

Bug Fixes

• Resolved Issue where Batch import does not support some unicode characters