NoMachine 9.4.14

What's new in this version:

Changes to keys in configuration files:
- The new CustomXauthorityPath key in server.cfg, allows administrators to change the location of the .Xauthority file or to create separate .Xauthority files per virtual desktop session. This helps prevent XAUTHORITY conflicts in environments with shared home directories and is primarily intended for complex or enterprise deployments. The TokenExpiryTimeout key in server.cfg, lets you define the validity period of the token generated by the server to allow clients to reconnect after a connection failure. By default, the token remains valid for five minutes (300 s). Additionally, the 'EnableDbusLaunch' key in node.cfg has been renamed into 'EnableDbusWrapper'. This new key name is available for fresh new installations, updates will not rename the original EnableDbusLaunch key.

Ability to log-in automatically Linux Guest Users via web:
- Two new keys in server.cfg, EnableWebGuestsAutoLogin and ForceGuestUserCreation, enable seamless guest access to Linux web sessions, where system guests are automatically logged in to the system without encountering any login prompt.

Improvements to session list and export of history:
- A new option, the '--no-physical' parameter, allows you to exclude physical sessions from the output of session list commands ('nxserver --list', 'nxserver --connectionlist' and 'nxserver --history'). Another new parameter, '--filter item,value' applies the same logic of the '--format items_list' option but limits the output to entries matching the specified item-value pair. The full list of available items can be obtained by running 'nxserver --history --format'. Additionally, the 'nxserver --history' output can now be exported in JSON or CSV formats, facilitating data integration with external analysis platforms and third‑party tools.

OpenSSL:
- OpenSSL libraries shipped by NoMachine client and server packages are now v3.0.19

Perl:
- A patch for CVE-2024-56406 has been applied to the current Perl version shipped by NoMachine server packages

Fixed:
- Kerberos authentication may fail with 'Cannot initialize gssapi'
- Black screen after connection to macOS with a sleeping display
- Black screen may occur when connecting to Linux physical desktops
- On RHEL 10 starting a single application may be not possible
- On RHEL 10, creating a virtual desktop may not be possible
- Possible privileges escalation on Windows via named pipe impersonation
- Possible privilege escalation via a valid Kerberos ccache file
- Possible arbitrary deletion of files by exploiting the NoMachine environment variable for Kerberos cache path
- After power outage it could be no longer possible to connect via VPN
- The connections limit counter is sometimes wrongly increased
- License incorrectly in active state after incomplete installation using '--subscriptionset'
- Possible unexpected termination of nxnode on Linux
- Monitors of client are treated as a single monitor when the X11 graphics mode is disabled
- In a multinode environment, session could not be started when "ClientMenuconfiguration none" is set on the node
- A timeout error occurred while attempting to connect to host with private key and passphrase
- Cannot connect to a node via Web when Duo Authentication is enabled
- Web sessions or virtual desktops with X11 vector graphics mode disabled are counted twice in the connection limit counter
- Unwanted scrolling when scrolling a page with two fingers in a web session