Release: IGEL Universal Desktop LX / OS 5.03.100

IGEL Universal Desktop OS 2
Version 5.03.100
Apr 30 2014

Dual monitor configuration for “unsupported hardware” works only if “native
driver support” works properly. It is a prerequisite to assure that the
native driver is really working, as the fallback VESA driver does not provide
any dual monitor configuration. Have a look at Application Launcher’s
About tab->Hardware-Graphics Chipset. If VESA is listed there the native
driver does not work and dual monitor configuration is not functional.
– Citrix Receiver
– Citrix Receiver
– Citrix HDX Realtime Media Engine 1.4.0-902
– Citrix Access Gateway Standard Plug-in
– IGEL Legacy RDP Client 1.0
– IGEL RDP Client 2.1
– FabulaTech USB for Remote Desktop 5.0.0
– VMware View client 2.3.0-1551379
– Quest vWorkspace Client 7.6
– Leostream Java Connect
– Ericom PowerTerm
– Ericom Webconnect
– IBM iSeriesAccess 7.1.0-1.0
– Firefox 17.0.11
– Totem Media Player 2.30.2
– Voip Client Ekiga 3.2.7
– Thinlinc Client 3.2.0
– NX Client 3.5.0-7
– Cisco VPN Client
– NCP Secure Client (Enterprise) 3.25-rev15580-i686
– ThinPrint Client 7.0.59
– Xorg X11 Server 1.11.4
– Xorg Xephyr 1.7.6
– PC/SC Lite 1.8.9
– MUSCLE CCID Driver 1.4.13
– Omnikey CCID Driver legacy-3.6.0
– Omnikey RFID Driver legacy-2.7.2
– HID Global Omnikey CCID Driver
– REINER SCT cyberJack Driver 3.99.5final.SP03
– SCM Microsystems CCID Driver 5.0.27
– Safenet / Aladdin eToken Driver 8.1.0-4
– ACS CCID Driver 1.0.5
– A.E.T SafeSign PKCS#11 Library 3.0.3665
– Gemalto IDPrime PKCS#11 Library 1.1.0
– Athena IDProtect PKCS#11 Library 623.07
– SecMaker NetID PKCS#11 Library
– Philips Speech Driver 12.0.9
– Legacy Philips Speech Driver 5.0.10
– Client 0.8.3 for RedHat Enterprise Virtualization Desktops 3
– INTEL Graphics Driver 2.17.0
– ATI Graphics Driver 6.14.99_git20111219
– VIA Graphics Driver
– NVIDIA Graphics Driver 304.60
– 2X Client 10.1-1263
– Imprivata OneSign ProveID Embedded


IMPORTANT: This releases integrates two Citrix Receiver versions 12 and 13.
You can only choose to run either of the versions.
The old 12 Citrix Receiver is still available for compatibility reasons and
activated by default. Version 13 of the Citrix Receiver can be activated at
the local setup of the device or through a UMS profile configuration.
Please check in this readme which restrictions apply and how to switch the

Known issues:
[ICA/Citrix Receiver 13]
– Currently Kerberos is not supported, so Kerberos passthrough will not work
with ICA sessions and Citrix XenApp/StoreFront.
Workaround: configure “Passthrough authentication”
– Smartcard authentication is supported for ICA sessions created on the IGEL
device (supported with Citrix servers up to version 6.5). Kerberos
passthrough and Citrix XenApp/StoreFront login are not supported.
– Only the “User name and password” StoreFront authentication method is supported.
– During Citrix XenApp/StoreFront logoff the logoff for running desktop sessions
does not work.
– Com-port redirection is not supported.
– Webcam redirection is not supported with H.264 hardware and software encoding,
still legacy theora encoding is supported.

– Fabulatech USB Redirection is not supported with IGEL Legacy RDP Client 1.0.
Please use IGEL RDP Client 2 – RDP legacy mode can be deactivated at
IGEL Setup -> Sessions -> RDP -> RDP Global -> Options page

[Quest vWorkspace]
– Multimedia Redirection:
Sound redirection is not working with WMV/WMA streams
– USB Redirection does not work reliable

[NVIDIA graphics support]
– In dual screen configurations DPMS monitor saving mode creates
display content corruptions on secondary VGA display after resume
New features:
[ICA/Citrix Receiver 13]
– Added Citrix Receiver 13.0.2
– Added support for StoreFront

Hints (It is IMPORTANT to read this, if you plan to use Citrix Receiver 13
instead of 12 and/or want to connect to a Citrix server version 7.x):
– This firmware contains two Citrix Receivers, but only one of them can be
active at a time. Default is Citrix Receiver 12. The version can be
switched by the new parameter “Use Citrix Receiver version 13” in the
IGEL setup at “Sessions->Citrix->Citrix Receiver Selection” (registry:
ica.useversion13). For Citrix Receiver 13 configuration setting the new
parameter “Citrix server version” is mandatory (see below).
– The new parameter “Citrix server version” on IGEL setup page
“Sessions->Citrix->Citrix XenApp/StoreFront->Server” (registry key:
ica.pnlogin.serverversion) defines the capabilities of the Receiver
accroding to the used Citrix server versions (default is “XenApp 6.x or
IGEL Setup or UMS 4.07.100 the server url is automatically stored at the
correct keys, if you use the provided setup page at
“Sessions->Citrix->Citrix XenApp/StoreFront->Server”):
Depending on the Citrix server version you have configured, different
sets of server url configurations apply:
* XenApp/XenDesktop 7.x Store:
For access to a Citrix Storefront:
registry keys ica.pnlogin.browseraddress_store<NR>.*
(optional: ica.pnlogin.browseraddress_store<NR>.farm)
* XenApp/XenDesktop 7.x Legacy Mode
For access to the legacy mode of a Citrix Storefront:
registry keys ica.pnlogin.browseraddress_store_legacy<NR>.*
(optional: ica.pnlogin.browseraddress_store_legacy<NR>.farm)
* XenApp 6.x or older:
For access to a XenApp Server:
registry keys ica.pnlogin.browseraddress<NR>.*
(optional: ica.pnlogin.browseraddress<NR>.farm)

– For Citrix StoreFront access with Citrix Receiver 13 only https web interfaces
are supported. If the SSL certificate of your Citrix server is not signed
by a trusted certificate authority (like Verigsign, Thawte etc.), you have to
install the root certificate of your own certificate authority on each Thin
Please use to access the document
on how to install SSL certificate.
– With Citrix Receiver 13 it is not possible to connect to a Citrix server
with other methods than the web interface (this affects the parameter
“Use Citrix XenApp Services Site” registry key: ica.pnlogin.useserversettings).
Due to that it is not possible to select another password change method than
“Citrix XenApp Services Site”.
– ICA sessions created on the IGEL device only work with Citrix XenApp servers up
to version 6.5.
– The parameter “Deferred update mode” has no effect anymore.
– The window options on IGEL setup page
“Sessions->Citrix->Citrix XenApp/StoreFront->Options” are not supported anymore.

Hints for the configuration on server side (for Citrix servers version 7.x):
– After installation and basic configuration of Machine Catalogs and Delivery
Groups, you end up with a store that uses http only. But the Citrix Receiver
13 for Linux supports stores with https only (the Windows version of Citrix
Receiver has this limitation, too; but it is possible to change some
registry keys on the client side to enable http support; unfortunately
this is not possible with the Linux version of Citrix Receiver).
– To switch the store to https, change the base URL on page “Server Group”
in the Citrix StoreFront Management Console.
– Then adjust the “Transport Type” in the “Manage Delivery Controllers”
dialog of the “Store” page in Citrix StoreFront Management Console.
– Then add a https binding for the website in the IIS Management Console
(you have to choose an SSL certificate in the corresponding dialog).
– Password change is disabled by default on a Citrix server 7.x. To enable it,
open the Citrix StoreFront Management Console and go to page
“Authentication”. Click on the authentication method “User name and
password” and then on “Manage Password Options” on the right pane.
– The error messages of Citrix servers 7.x and Citrix Receiver 13 are terribly
misleading. When you are using Citrix servers 7.x and you experience
problems with the connection itself or login, please double check
that everything is ok on the server side. It is a good thing to check the
overview page for a target machine in Citrix Studio. To get there, choose
“View Machines” in the context menu of a Delivery Group.
Then check for each machine:
– that the “Registration State” of the machine is “Registered”
– that the “Maintenance Mode” of the machine is “Off”
– that the “Power State” of the machine is “On”
– that you are using the correct user if there is a user
mentioned in the column “User”.
Also, if something does not work (although it really should), try to reboot
the Citrix server. In our tests this helped sometimes when we experienced
strange problems.

– With Citrix Receiver 13 there is support for new graphics codec parameters:
– H264 deep compression codec registry keys:
* ica.wfclient.h264enabled (disabled by default)
* ica.wfclient.texttrackingenabled
* ica.wfclient.smallframesenabled
The H264 codec is only usable if the multimedia codec pack is installed.
– JPEG codec registry keys:
* ica.wfclient.directdecode
* ica.wfclient.batchdecode (enabled by default)

Detailed description of the parameters are available at: and

Click to access Linux-OEM-Guide-13.0-12-13-13.pdf

[ICA/Citrix Receiver 12]
– Improved ICA sessions with Kerberos Passthrough: it is now possible to choose
the Kerberos implementation(s) which are used with Citrix via parameter

– Changed default authentication mode to support NLA authentication aside local logon
for automatic access to Windows Server 2008, 2008 R2, 2012 and 2012 R2.
You can disable local logon and network authentication at IGEL setup page
“Sessions->RDP->RDP Global->Local Logon”
(registry: rdp.login.use_rdplogin and rdp.login.enable-network-authentication)
– IGEL RDP 2 only:
– Improved RDP remote apps
– correct positioning of drop down windows
– improved window maximizing and minimizing
– fixed display errors
– Added support for audio recording capability
– Improved RD Web Access:
Added support for the following options at IGEL setup page “Sessions->RDP->RDP Global”:
– Mapping (everything)
– Performance (RemoteFX only)
– Options (Inverted cursor color only)
– Native USB Redirection
– Multimedia Redirection .
– Added RDP session resolution with random settings.
– Added a “RDP connection bar” in a fullscreen RDP sessions, to minimize and quit the session.
The feature can be enabled at IGEL setup page “Sessions->RDP->RDP Global->Window->Enable toolbar”
(registry key: rdp.winconnect.enable-toolbar)

– Added new method to define multiple USB serial devices:
“Sessions->Citrix->ICA Global->Mapping->COM Ports->COM Port Devices”
(registry: ica.wfclient.comport<NR>)
“Sessions->RDP->RDP Global->Mapping->COM Ports->COM Port Devices”
(registry: rdp.winconnect.comport<NR>)
(registry: print.cups.printer<NR>.serial_device)
For RDP and ICA COM Port Mapping, serial printers, USB serial devices
can be defined through USB vendor and device ID. This is done in the format
/dev/usbserial/ttyUSB_Vxxxx_Pyyyy, where xxxx and yyyy are the USB vendor
and product IDs in lower case hexadecimal digits (4 digits each).
In the IGEL Setup running on the thin client currently available devices
will be shown when pressing the “Detect Devices…” button.
– Updated Philips Speech Drivers to version 12.0.9

[VMware Horizon View]
– Updated VMware Horizon View to version 2.3.0-1551379
– Added Realtime Audio Video (RTAV) support. Can be activated in IGEL setup at
“Sessions->Horizon View Client Global->Real Time Audio Video”
– Added switch for “Ctrl+Alt+Insert” redirection to VM. Depending on server
configuration either “Ctrl+Alt+Insert”, “Ctrl+Alt+Delete” or no action can be triggered.
The registry key is located at “vmware.view.sendctrlaltinstovm” (default is false).
– For passthrough authentication added possibility to use the shortened domain name
instead of the fully qualified domain name, like “EXAMPLE” instead of “EXAMPLE.COM”.
Enable shortened domain name for a particular session with registry key

– Added NCP Secure Enterprise client version 3.25-rev15580-i686

– Updated all WiFi drivers backported from 3.13.2 Linux kernel,
new support for dual Band 2.4GHz/5Ghz wireless USB adapters
based on Ralink RT3572 chipset.
For other new supported devices, please check 3rd party hardware database.
– Added support for self service WiFi connections (Cafe Wireless):
The user can manage and select WiFi connections via the WiFi tray icon’s context menu.
This feature is disabled by default. It can be enabled at IGEL setup page
“Network->LAN Interfaces->Wireless->Enable wireless manager” (registry:
– Added new parameters for better control of WiFi roaming capabilities with access
points that share the same SSID:
* network.interfaces.wirelesslan.device0.lock_initial: Default: false
If true the device will stick to the access point it is connected to
even if candidates with better signal quality are present.
Setting this parameter to true is a last resort for problems that are caused by
too much roaming.
* network.interfaces.wirelesslan.device0.bgscan.module: Default: “none”
These settings should be changed by experts only.
Selection of the bgscan (“background scan”) module used by wpa_supplicant
in the cases of WPA Enterprise and WPA2 Enterprise.
If the parameter “lock_initial” is set to true, it is recommended that this be “none”.
Possible values:
– “none”:
No background scanning is done.
– “simple”:
The WiFi module tries to scan for a potentially better fitting AP in the background.
The simple module has the following parameters (default values are those
hardcoded in NetworkManager
* network.interfaces.wirelesslan.device0.bgscan.simple.signal_strength: (default: -45)
This defines a threshold that determines which of the following two parameters
shall be effective.
A signal level (dBm) is expected.
* network.interfaces.wirelesslan.device0.bgscan.simple.short_interval: (default: 30)
Interval between background scans in seconds if the actual signal level
of the currently connected access point is worse than
* network.interfaces.wirelesslan.device0.bgscan.simple.long_interval: (default: 300)
Interval between background scans in seconds if the actual signal level
of the currently connected access point is better than
– Added new parameters that control WiFi roaming between WiFi networks with different SSIDs:
* network.interfaces.wirelesslan.device0.mssid_check_interval: (default: 10)
The interval in seconds between checking if automatic roaming might be neccessary.
This includes detecting that a connection has been lost and a new one should be
* network.interfaces.wirelesslan.device0.mssid_quality_threshold: (default: 20)
If the current connection’s quality percentage is below this value
scanning will be performed to find a potentially better network.
* network.interfaces.wirelesslan.device0.mssid_quality_difference_threshold: (default: 40)
A candidate for automatic roaming is only considered if its quality percentage
is this much better than the current connection’s quality.
* network.interfaces.wirelesslan.device0.mssid_previously_used_threshold: (default: 55)
During boot: If the previously used SSID’s quality percentage is above this threshold
it is preferred.
* network.interfaces.wirelesslan.device0.mssid_user_selection: Default: false
If true, the user can initiate roaming to a network via the WiFi tray icon’s context menu.
(The context menu must be enabled.).
If automatic roaming shall not interfere with the user’s choice, the following
values are appropriate:

– Added network-related system tray icons, one per device and VPN controlled with
the following settings:
* IGEL setup “Network/Lan Interfaces->Interface[1,2]->Enable tray icon”
(registry: network.applet.lan[1,2].enable_trayicon):
Defines whether the tray icon is shown or not (default: enabled)
* IGEL setup “Network/Lan Interfaces->Interface[1,2]->Enable context menu”
(registry: network.applet.lan[1,2].enable_context_menu):
Switches the the context menu on or off (default: enabled)
* IGEL setup “Network/Lan Interfaces->Interface[1,2]->Enable network info dialog”
(registry: network.applet.lan[1,2].enable_network_info_dialog):
Switches access to the info dialog on or off (i.e. IP address) (default: enabled)
* IGEL setup “Network/LAN Interfaces/Wireless->Enable tray icon”
(registry: network.applet.wireless.enable_trayicon):
Defines whether the tray icon is shown or not (default: enabled)
* IGEL setup “Network/LAN Interfaces/Wireless->Enable context menu”
(registry: network.applet.wireless.enable_context_menu):
Switches the the context menu on or off (default: enabled)
* IGEL setup “Network/LAN Interfaces/Wireless->Enable network info dialog”
(registry: network.applet.wireless.enable_network_info_dialog):
Switches access to the info dialog on or off (i.e. IP address) (default: enabled)
* IGEL setup “Network/LAN Interfaces/Wireless->Enable wireless manager”
(registry: network.applet.wireless.enable_connection_editor):
Switch access to the self service wireless manager on or off (default: disabled)
* IGEL setup “Network->VPN->Enable tray icon”
(registry: network.applet.vpn.enable_trayicon):
Defines whether the tray icon is shown or not (default: enabled)
* IGEL setup “Network->VPN->Enable context menu”
(registry; network.applet.vpn.enable_context_menu):
Switches the the context menu on or off (default: enabled)
* IGEL setup “Network->VPN->Enable network info dialog”
(regsitry: network.applet.vpn.enable_network_info_dialog):
Switches access to the info dialog on or off (i.e. IP address) (default: enabled)
– Improved PowerTerm Interconnect IBM 5250 Emulation:
Added new parameters KBDTYPE and CHARSET at IGEL Setup page
“Sessions->PowerTerm Terminal Emulation->[Session Name]->General”.

– Updated Java Runtime Environment to 1.7.0 U55.
– Added exception sites list to allow Java applications to be run after
the appropriate security prompts (according to Oracle’s JRE security
Exception sites (=URL) can be added at IGEL’s registry parameter
“java.deployment.exception_site%”. There you have to add a new instance for
each site.
Example: Use a self-signed Java webstart application.
– Added possibility to set the JRE security level by changing the registry
key “java.deployment.security_level”.

[base system]
– Updated FabulaTech USB for Remote Desktop to version 5.0
– Updated StepOver serversonet to version 0.7.16
– Updated Adobe Flash Player download url to version
– New TC Setup version 4.6.13
– Improved Active Directory/Kerberos Logon to specify the default lifetime and renewal
lifetime of Kerberos tickets through registry parameters:
– “auth.krb5.libdefaults.ticket_lifetime” (default: 10 hours)
– “auth.krb5.libdefaults.renew_lifetime” (default: 7 days)
– Changed the hotkey to hide all windows and show the desktop to be active by default.
The default hotkey is “Ctrl + Windows-Key + ‘d'”. You can disable the hotkey at IGEL setup:
“User Interface->Hotkeys->Commands->Hide all windows and show desktop”
– Updated Chinese, Dutch, French and German userinterface translations.
– Added an webcam test application. The application can be started from
“Application Launcher->System tab->Webcam Information”.
For scripting access use the command “webcam-info”:
* option “-l”:
retrieve a list containing all possible frame resolutions and frame rates.
– Fixed tray-manager regarding missing system tray icons in some cases.

– Added new smart card PKCS#11 library Athena IDProtect version 623.07.
– Added new SecMaker Net iD PKCS#11 library,
the SecMaker Net iD Browser Plugin has been removed.
– Added new version 1.1.0 of Gemalto IDPrime PKCS#11 Library with support for
all new IDPrime cards.
– Added new HID Global Omnikey smart card reader driver version
IMPORTANT:Some applications (e.g. A.E.T. SafeSign) require the following parameter
to be set in the registry: scard.pcscd.omnikey_tpdu_t1mode
Support for the following new driver models is added:
VendorID ProductID Name in Driver
0x076B 0x0596 OMNIKEY CardMan (076B:0596) 2020
0x076B 0x3020 OMNIKEY CardMan (076B:3020) 3020
0x076B 0x3022 OMNIKEY CardMan (076B:3022) 3021
0x076B 0x3620 OMNIKEY CardMan (076B:3620) 3620
0x076B 0x7021 OMNIKEY CardMan (076B:7021) 3121
0x076B 0x3623 OMNIKEY CardMan (076B:3623) 3621
0x076B 0x3822 OMNIKEY CardMan (076B:3822) 3821
0x076B 0x3823 OMNIKEY CardMan (076B:3823) 3821
0x076B 0x5820 OMNIKEY CardMan (076B:5820) 4121 CL
0x076B 0x512D OMNIKEY CardMan (076B:512D) 5025 PROX CL
0x076B 0x502A OMNIKEY CardMan (076B:502A) 5025 PROX CL
0x076B 0xC001 OMNIKEY CardMan (076B:C001) 5121
0x076B 0xC100 OMNIKEY CardMan (076B:C100) 5121
0x076B 0xC101 OMNIKEY CardMan (076B:C101) 5121
0x076B 0xC104 OMNIKEY CardMan (076B:C104) 5125 CL
0x076B 0xC105 OMNIKEY CardMan (076B:C105) 5125
0x076B 0x5127 OMNIKEY CardMan (076B:5127) 5127 CK
0x076B 0x5220 OMNIKEY CardMan (076B:5220) 5220 Pay CL
0x076B 0x5221 OMNIKEY CardMan (076B:5221) 5221 Pay
0x076B 0x5311 OMNIKEY CardMan (076B:5311) 5321
0x076B 0x532B OMNIKEY CardMan (076B:532B) 5321 Pay
0x076B 0xA521 OMNIKEY CardMan (076B:A521) 5321
0x076B 0x5326 OMNIKEY CardMan (076B:5326) 5326 DFR
0x076B 0x5421 OMNIKEY CardMan (076B:5421) 5421
0x076B 0x1784 OMNIKEY CardMan (076B:1784) 6020
0x076B 0x6623 OMNIKEY CardMan (076B:6623) 6121
0x076B 0x6310 OMNIKEY CardMan (076B:6310) 6311 CL
0x076B 0x1BD0 OMNIKEY CardMan (076B:1BD0) 7120
0x076B 0x1BD1 OMNIKEY CardMan (076B:1BD1) 7121
0x076B 0x8630 OMNIKEY CardMan (076B:8630) 8630
0x076B 0x9621 OMNIKEY CardMan (076B:9621) 9621
0x076B 0xA023 CCID SC Reader (076B:A023)
0x076B 0xA024 CCID SC Reader (076B:A024)
0x076B 0xA111 CCID SC Reader (076B:A111) Keyboard
0x076B 0xA112 CCID SC Reader (076B:A112) Keyboard
0x076B 0xA721 CCID SC Reader (076B:A721)
0x076B 0xB000 CCID SC Reader (076B:B000) HID identiCLASS
0x076B 0xB001 CCID SC Reader (076B:B001) iCLASS Smart@Link
0x076B 0xC000 CCID SC Reader (076B:C000)
0x076B 0xC200 CCID SC Reader (076B:C200)
0x076B 0xC300 CCID SC Reader (076B:C300)
0x046A 0x007B Cherry SmartTerminal XX44 (046A:007B)
0x046A 0x0090 Cherry SC Reader (046A:0090)
0x046A 0x0091 Cherry SC Reader (046A:0091)
0x046A 0x0092 Cherry SC Reader (046A:0092)
0x0BF8 0x101B CCID SC Reader (0BF8:101B) Fujitsu D321
Fixed bugs:
[ICA/Citrix Receiver 12]
– Fixed Citrix XenApp matching of application names in ICA autostart list
– Fixed Citrix XenApp refresh command.
– Fixed display of user name in screen lock/unlock dialog,
if Citrix XenApp password is synchronized with screen lock password.

[ICA/Citrix Receiver 13]
– Added support for “BypassSetLED” parameter:
registry key ica.wfclient.bypasssetled, Fixed issue with enabled key:
when a published application is configured to run a macro on one of the LED keys
(Caps Lock, Num Lock, or Scroll Lock), pressing the key can cause the macro to
run multiple times.

[XenDesktop Appliance]
– Fixed a minor bug with german keyboard layout and numblock DEL key.

– Fixed RDP native USB redirection device rules:
Product and vendor IDs need to be entered in hexadecimal now (decimal is not
supported anymore).
Streamlined with all other USB redirection rules.
– Fixed RemoteFX codec if “Legacy mode” is enabled:
– crash of RDP sessions to Windows 8 RDVH
– wrong rendering in RDP sessions with Server 2012
– Fixed logon with Gemalto .net cards and Windows Server 2008

[VMware Horizon View]
– Fixed smart card redirection in Horizon View with RDP protocol

[Quest vWorkspace]
– Fixed fullscreen sessions started from web interface.
Additional screen dimensions defined in the websession config are ignored.
– Fixed bug for SSL secured gateway/nat/proxy settings

– Fixed setting “Autosave Size and Position” to not send thin client settings
to UMS at termination of session any more. Instead keep size and position
stored locally on thin client.

– Fixed imprivata appliance mode to work with dual screen settings in Citrix,
if the setting “ICA->ICA Global->Window->Multi Monitor Fullscreen Mode” is enabled.

– Fixed support for PCI WLAN adapter based on Ralink RT3091.

– Fixed wrong netmask in the network information dialog of the network tray icon.

– Fixed bug in smart card service pcsc-lite: When entering the smart card PIN
with certain PIN pad readers inside an ICA session, the PIN input window was
not displayed correctly.
– Fixed SCM Microsystems/Identive smart card readers: handle older reader models
with driver version 5.0.21, only new ones with 5.0.27.
This fixes problems with old readers in driver version 5.0.27.
– Implemented SCARD_ATTR_CURRENT_PROTOCOL_TYPE in pcsc-lite;
this helps smart card log on with SafeSign minidriver

– improved the “default” mark of a printer configured in IGEL Setup

[base system]
– Fixed OpenSSL Heartbleed bug: CVE-2014-0160,
security patches for CVE-2014-0092,CVE-2014-1959,CVE-2013-4242.
– Fixed system suspend/resume caps-lock/scroll-lock modifiers reset.
– Fixed Kerberos authentication:
when typing a wrong password at log on or screen saver unlock, badPwdCount in
Active Directory was incremented by 2 instead of 1 and thus the account was
locked too soon.
– Fixed smart card logon to a Windows 2003 Server based Active Directory.
In this case the parameter “auth.krb5.realms.pkinit.pkinit_win2k” has to be set.
– Fixed non native resolutions with VIA VX800/VX855 graphic chipsets:
the desktop is expanded over the whole screen again.
– Fixed custom partition: For downloading via FTP over SSL use explicit FTPS
instead of implicit FTPS.
– Fixed disappearing of network connection dialog, if no pointer device is connected.
– Fixed VIA graphics chipsets for dual monitor configuration with autodetected
resolutions and manual connector assignment
– Fixed SW cursor support with VIA graphics chips
– Fixed special character % in desktop folder names
– Improved handling of Lock keys in VNC Server. All modifiers will be cleared by default
when shadowing is started. Lock keys are handled on client side only by default.
(registry: network.vncserver.clear_all and network.vncserver.skip_lockkeys)

– Fixed smartcard access used in java webstart UMS.