Apache Guacamole 0.9.11-incubating is an archived release, and was originally released on 2017-02-02. The latest release of Apache Guacamole is 1.5.5.
Apache Guacamole is split into two subprojects: "guacamole-client", the HTML5 web application which serves the Guacamole client to users, and "guacamole-server", the remote desktop proxy which the web application communicates with. The source code for each of these may be downloaded below.
You must verify the integrity of any downloaded files using the OpenPGP signatures we provide with each release. The signatures should be verified against the KEYS file, which contains the OpenPGP keys of Apache Guacamole's Release Managers. Checksums of each released file are also provided.
| Filename | Signatures / Hashes |
|---|---|
| guacamole-client-0.9.11-incubating.tar.gz | MD5 SHA PGP |
| guacamole-server-0.9.11-incubating.tar.gz | MD5 SHA PGP |
If you do not wish to build Apache Guacamole entirely from source, pre-built versions of the web application (.war) and all extensions are provided here in binary form for convenience. Please note that guacamole-server must still be built and installed from source.
The 0.9.11-incubating release features support for two-factor authentication, password policies (complexity rules, preventing password reuse, etc.), and the ability to use the Docker images with arbitrary Guacamole extensions, not just MySQL, PostgreSQL, and LDAP. If using both a database and LDAP, new settings allow you to restrict access to only those users which exist in the database, rather than allowing any LDAP user access.
This release contains changes which break compatibility with past releases. Please see the deprecation / compatibility notes section for more information.
Guacamole now provides support for two-factor authentication, and includes a new extension which integrates with Duo using their “Auth API”. Users who use the Duo authentication service can add Guacamole to their list of applications. Once configured, Guacamole will then require confirmation from Duo before allowing an otherwise successful authentication attempt to proceed.
With this first implementation of two-factor authentication completed, support for other two-factor authentication services is expected to follow.
The database authentication extensions can now be configured to enforce password complexity rules, including requiring specific classes of characters, disallowing passwords containing the user’s username, and preventing previous passwords from being reused. Users can also now be required to change their password regularly, or prevented from changing their password too frequently.
The Guacamole Docker image previously only supported the official MySQL,
PostgreSQL, and LDAP extensions, with configuration automatically generated
based on environment variables. No support for deploying other extensions was
provided. As of 0.9.11-incubating, arbitrary extensions and their configuration
files can be deployed through providing a template GUACAMOLE_HOME directory.
The requirement that the Guacamole Docker image be linked to the guacd Docker
image has also been lifted. Though Guacamole still requires a connection to
guacd, that connection can now be described using the GUACD_HOSTNAME and
GUACD_PORT environment variables.
For the common case where Guacamole’s LDAP support is used purely for authentication, with an MySQL or PostgreSQL database used to house connection data, it is now possible to configure the database authentication extensions to reject authentication attempts for users which are not defined in the database. For those whose LDAP directories contain many users that will never be granted access to Guacamole, these new settings mean that such users can be denied access immediately, rather than presenting them with an empty and useless Guacamole home screen.
In addition, if your LDAP directory was so extensive that it exceeded the
default query size limit of 1000 records, the query size limit can now be
manually increased within guacamole.properties.
The new screen sharing support added in 0.9.10-incubating lead to a regression
which could cause connections to fail when the maximum number of file
descriptors supported by select() was exceeded. This effectively limited the
maximum number of connections a Guacamole server could support, regardless of
how powerful the server might otherwise be. This has been fixed, and Guacamole
has been refactored to use poll() instead of select().
This latest release of Guacamole also addresses potential resource leaks in the use of SSL/TLS by guacd, segfaults in the built-in terminal emulator and VNC client, and adds a Norwegian translation for the Guacamole interface.
As of 0.9.11-incubating, the following changes have been made which affect compatibility with past releases:
The MySQL and PostgreSQL schemas have changed to facilitate support for
password policies. Users of the database authentication will need to run the
upgrade-pre-0.9.11.sql script specific to their chosen database.