Re: Guacamole server support request
On Thu, Feb 2, 2023 at 5:07 AM Alessandro Vandelli < a.vande...@dreamonkey.com> wrote: > Good morning, > > I'm new in the community and I need to create a demo project to show the > capabilities of guacamole without the needs to create a new server in the > first instance. > Is there a way to use the java guacamole server and establish a direct > connection from a web-application to the guacamole guacd service without > the need of passing the auth-token, fetching the available devices and > passing the device id but rather by just ignoring the auth token and > directly passing the ip, port and eventually the credentials of the final > device (RDP/VNC) on which we want to establish the connection? > > Yes, you can use the guacamole-common and guacamole-common-js components to write your own application that will talk to guacd directly. Guacamole Client is intended to be a full end-to-end solution that includes all of the connection and user management, and also provides the HTTPS and/or WebSocket endpoints for the tunnel. You need not use the full client if you just need a direct connection, or if you're going to handle those portions of access and connection management within your own application - the common portions are intended to be usable on their own. -Nick
Guacamole server support request
Good morning,I'm new in the community and I need to create a demo project to show the capabilities of guacamole without the needs to create a new server in the first instance.Is there a way to use the java guacamole server and establish a direct connection from a web-application to the guacamole guacd service without the need of passing the auth-token, fetching the available devices and passing the device id but rather by just ignoring the auth token and directly passing the ip, port and eventually the credentials of the final device (RDP/VNC) on which we want to establish the connection?Thanks in advance, Alessandro Vandelli-- Alessandro Vandelli Developer | Frontend Developer+39 348 3441789 | a.vande...@dreamonkey.comwww.dreamonkey.com | i...@dreamonkey.com - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: Tomcat 10
I was curious and checked, and here are the fixes for each CVE: CVE Fixed in CVE-2020-11996 9.0.36 CVE-2020-13934 9.0.37 CVE-2020-13935 9.0.37 CVE-2020-13943 9.0.38 CVE-2020-17527 9.0.40 CVE-2021-24122 9.0.40 CVE-2021-25122 9.0.43 CVE-2021-25329 9.0.43 CVE-2021-30640 9.0.46 CVE-2021-33037 9.0.48 CVE-2020-9484 9.0.58 CVE-2021-43980 9.0.62 CVE-2022-29885 9.0.63 CVE-2022-34305 9.0.65 CVE-2022-42252 9.0.68 So the any version equal or above 9.0.68 contains all the required fixes. By the way, Tomcat has a security page for that: https://tomcat.apache.org/security-9.html CheersAntoine Le mardi 31 janvier 2023 à 22:56:52 UTC+1, Nick Couchman a écrit : On Tue, Jan 31, 2023 at 4:34 PM Sean Hulbert wrote: > > Hello, > > > > Are there any special requirements for Guacamole 1.4.0 to update Tomcat > 9.0.31 to Tomcat 10 or reasons not to do this? > Yes, Tomcat 10 makes some servlet API changes that require code changes to Guacamole. It's documented, here: https://issues.apache.org/jira/browse/GUACAMOLE-1325 > To resolve the CVE below, and are there any procedural steps documented? WIthout looking at each individual CVE you mentioned, I would say that most, if not all, are probably also fixed in a version of Tomcat 9.0, which will still work with Guacamole. For example, CVE-2021-43980 only impacts 9.0.47 to 9.0.60, and is fixed in current 9.0 releases. I would venture a guess that many/most/all of the rest are the same. So, updating to the latest version of Tomcat 9.x should be a perfectly acceptable procedural step. -Nick - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
