Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-27830: TightVNC: What's New in TightVNC

TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account.

CVE
#vulnerability#web#ios#mac#windows#apple#ubuntu#linux#debian#red_hat#dos#redis#js#git#java#c++#perl#buffer_overflow#auth#ssh#rpm#docker#sap#ssl

TightVNC 2.8.79

  • Server for Windows: Fixed an issue with file transfers that prevented them from working correctly on Windows Server 2008 R2 and Windows 7 when using TightVNC versions from 2.8.75 to 2.8.78.

TightVNC 2.8.78

  • Server for Windows: Added handling of the SetDesktopSize command, as lack of its support caused TigerVNC viewer to crash.

  • Viewer for Windows: Fixed an error in processing the ExtendedDesktopSize pseudo-encoding, which caused flickering when working with TigerVNC server.

  • Server for Windows: Fixed slow performance of the Direct3D screen grabber.

  • Server and Viewer for Windows: Updated the zlib library to the latest version 1.2.13.

TightVNC 2.8.75

  • Server and Viewer for Windows: Updated zlib and libjpeg libraries to their latest versions. Note that older versions of zlib may have security flaws, so this may be an important reason to upgrade TightVNC.

  • Server for Windows: Added server-side support for special protocol extension allowing to display individual monitors in multi-monitor systems. Multi-monitor handling will be implemented in next versions of MightyViewer and Remote Ripple.

  • Server for Windows: Fixed a bug causing the server to crash repeatedly (sf bug #1597).

  • Server for Windows: Blocking file transfers while the system is locked.

  • Server for Windows: Fixed a bug with network drives browsing in service mode.

  • Server for Windows: Fixed a bug with using default configuration set instead of the proper one when capturing screen contents in the service mode.

  • Server for Windows: Fixed an issue with resetting the mouse cursor position when viewers connected in the view-only mode.

  • Server for Windows: Fixed a bug with User Query dialog window in RDP sessions.

  • Server for Windows: Fixed a bug with tilde characters in Polish keyboard layout.

  • Viewer for Windows: Added a workaround to work correctly with HMI panels made by Siemens PLC.

  • Viewer for Windows: Fixed problems with clipboard operations when connected to several remote desktops simultaneously.

  • Server for Windows Installer: The installer now will not insist on setting an Administrative Password.

TightVNC 2.8.63

  • Server for Windows: Improved techniques of fast screen grabbing enabled in Windows 8 and later versions of Windows.

  • Server for Windows: Improved stability of sharing RDP sessions.

  • Server for Windows: Fixed encoding of color cursors, which worked incorrectly for certain cursor formats and shapes.

  • Server for Windows: Fixed erroneous generation of extra character in Greek keyboard layout.

  • Viewer for Windows: Fixed a security problem which could allow a specially crafted “evil” server execute code on the viewer machine. Technically, the security issue was caused by a buffer overrun in ZRLE decoder.

TightVNC 2.8.59

  • Server for Windows: Fixed remote desktop updating problems with -sharedisplay and -sharerect options. If the shared area was changed but its size remained the same, update did not happen.

  • Server and Viewer for Windows: Details in EXE and DLL file properties have been updated. This does not affect functionality in any way (sf bug #1539).

TightVNC 2.8.57 (limited distribution release)

  • Server for Windows: Fixed a bug arising on certain video hardware configurations that might cause the server to crash on accepting new connections (sf bug #1535).

  • Server for Windows: Fixed a problem with restoring custom wallpaper after all viewers disconnect, when using the option “Hide desktop wallpaper” (sf bugs #1505, #1100).

  • Server for Windows: Made minor user interface improvements (almost not noticeable to a normal user).

  • Installer for Windows: Fixed a problem with a configuration form shown during installation which could not be closed properly via the Task Manager.

TightVNC 2.8.55

  • Server and Viewer for Windows: Reverted recent changes in processing keyboard events that caused keyboard-related problems in version 2.8.53 (sf bugs #1530, #1531, #1532, #1533).

  • Server and Viewer for Windows: Fixed a build problem that caused compatibility problems with certain versions of VNC software, due to using wrong protocol extension (sf bug #1534).

  • Server and Viewer for Windows: Improved text labels and layout of elements in a number of screen forms.

  • Server for Windows: Connecting to RDP sessions is now disabled by default and should be enabled explicitly, as sharing some virtual session instead of the main screen is probably not something a user would expect by default.

  • Server for Windows: Fixed a minor resource leak (although it did not seem to cause any problems during normal operation).

TightVNC 2.8.53

  • Server and Viewer for Windows: Added support for Unicode clipboard transfers (UTF-8). The latest public version of the standard RFB protocol (3.8) does not support Unicode text, so we implemented this via a new TightVNC protocol extension. This feature will work when supported at both ends of the connection.

  • Server for Windows: Added support for Echo messages to let viewer software check responsiveness of a server. This may be used for detecting network failures faster when there is no other traffic between Server and Viewer, and will work only with viewers that support and use this new protocol extension. Echo messages will be supported in our latest SDKs but normal TightVNC Viewer does not use them yet.

  • Server for Windows: Protection against brute-force attacks has been improved. Previously, the server allowed no more than 10 authentication failures per 30 seconds from the same IP address. Now the algorithm is more complicated: 1-second timeouts after 2 attempts, 1-minute timeouts after 8 attempts, and 1-hour timeouts after 14 attempts. In other words, it would allow no more than 38 authentication attempts within 24 hours per one IP address.

  • Server for Windows: Now it’s possible to connect to an active RDP session.

  • Server for Windows: Performance has been improved in modern Windows systems (starting with Windows 8). Dragging windows over the desktop should render many times faster, due to the added support of CopyRect encoding with Direct3D and Desktop Duplication APIs.

  • Server for Windows: Performance of file transfers has been improved. In particular, listing contents of large folders should become much faster.

  • Server for Windows: Fixed a crash in server running in application mode that could happen when Windows shows UAC (User Account Control) pop-up prompts. This problem is specific to reverse server-to-client connections (sf bug #1507).

  • Server for Windows: Fixed clipboard transfers. In certain cases, the server did not send clipboard contents to viewers since it wrongly decided there were no clipboard updates for those particular viewers (sf bug #1403).

  • Server for Windows: Fixed crash for large displays, with total resolution over 134 millions of pixels, e.g. 16384 х 8192 and more.

  • Server for Windows: Potentially fixed incorrect handling of mouse cursors on certain Matrox video cards.

  • Server for Windows: Fixed a memory leak (rather a potential one which would not show up during normal operation).

  • Installer for Windows: New “ServiceOnly” configuration option has been added, to prevent TightVNC Server from starting in application mode.

  • Viewer for Windows: Fixed AltGr handling for Korean keyboard layout.

TightVNC 2.8.27

  • Server for Windows: Fixed server crash on changing window size when sharing one particular window with -sharewindow option (sf bug #1475).

  • Server for Windows: Fixed problems with generating incorrect symbols with certain national keyboard layouts, e.g. when pressing “3” in Turkish layout and “6” in Portugese Brazilian ABNT2 layout (sf bugs #1482, #1458).

  • Server for Windows: Fixed problem with sending black screen when a viewer requests 16-bit or 8-bit colors with big-endian byte order (sf bug #1473).

  • Server for Windows: Fixed an issue with mouse cursor jumping to the top left corner of the screen on requesting full screen update.

  • Viewer for Windows: Added support of Romanian diacritical marks.

  • Viewer for Windows: Fixed a problem of adding extra null character when transferring text data from clipboard (sf bug #1485).

  • Viewer for Windows: Fixed incorrect handling of the -mousecursor command-line option (sf bug #1457).

TightVNC 2.8.23

  • Server for Windows: Implemented an adaptive algorithm for improving image quality by re-transmitting static screen areas using lossless compression.

  • Server for Windows: Added option to disable screen reading through Direct3D API.

  • Server for Windows: Fixed lockup after execution of the command -controlservice –sharewindow.

  • Server for Windows: Fixed slowdown while copying screen data through Direct3D API in multi-monitor configurations.

  • Server for Windows: Fixed slowdown while searching video windows by a class name.

  • Server for Windows: Fixed a descriptor leak (low severity).

  • Viewer for Windows: Fixed incorrect character transmission in Swedish keyboard layout.

  • Viewer for Windows: Added new -logpath command line option.

TightVNC 2.8.11

  • Server for Windows: Implemented performance improvements that may notably increase update speed and optimize CPU usage.

  • Viewer for Windows: Fixed a problem that might cause the viewer to continue sending keyboard events even after minimizing a full-screen window (sf bug #1433).

  • Viewer for Windows: Fixed an incorrect calculation in keyboard handling, which unlikely caused any problems though (sf bug #1422).

  • Source Code for Windows (Server and Viewer): Migrated to Visual Studio 2015 and MSBuild tool set as the primary build environment.

TightVNC 2.8.8

  • Installer for Windows: Fixed a problem which caused errors in handling installation parameters (sf bug #1408).

TightVNC 2.8.7 (limited release)

  • Server for Windows: Fixed the bug causing the “Connection has been gracefully closed” problem (sf bug #1386).

TightVNC 2.8.6 (limited release)

  • Server for Windows: Fixed a problem of connecting to Windows 2003 Server after conneting via RDP.

  • Server for Windows: Added extra diagnostics for the “Connection has been gracefully closed” bug (sf bug #1386).

TightVNC 2.8.5

  • Server for Windows: Fixed minor resource leaks (GuiThread and SocketIPv4 objects did not always closed all their handles properly).

  • Server for Windows: Built-in Java Viewer updated to its latest version (2.8.3).

TightVNC 2.8.4 (limited release)

  • Server for Windows: Fixed server crash on some Windows 7 systems. Finally, the bug introduced in version 2.8.2 is fixed for all Windows 7 computers.

  • Server for Windows: Fixed a bug that could make the server crash after a client has disconnected.

  • Source Code for Windows (Server and Viewer): Changed output directory structure in internal build scripts (the changes do not affect distribution packages).

TightVNC 2.8.3 (limited release)

  • Server for Windows: Fixed server crash on Windows 7 introduced in version 2.8.2.

  • Java Viewer: Fixed a problem when the viewer did not start in applet mode (sf bug #1390).

TightVNC 2.8.2

  • Server for Windows: Added support for “IdleTimeout” registry key which specifies how many seconds to wait for mouse or keyboard events. If there was no activity from a client during the specified timeout, the corresponding client will be disconnected. The value 0 (DWORD) stands for no timeout at all (stay connected forever), and that’s the default setting. This setting is not configurable from the user interface.

  • Server for Windows: Improved handling for screen orientation changes.

  • Server for Windows: Significantly improved screen reading performance on Windows 8 with multiple monitors (sf bug #1324).

  • Server for Windows: Fixed a problem with the Alt key becoming stuck in the pressed state after Alt-Tab switching in Windows 8 (sf bugs #1341, #1311, #1303, #1302).

  • Server for Windows: Fixed built-in HTTP server crash on Windows XP and Windows 7 when the request URL includes parameters (sf bug #1344).

  • Server for Windows: Fixed a rare problem triggered when a server shares one display in multi-monitor configuration, with more than one viewer connected. If a user on the server changed the focus to other display, the viewers could see the active windows from the other display on top of the shared display and everything became messy.

  • Server for Windows: Fixed server-side clipboard handling. After receiving clipboard contents from a client, the server could return the same clipboard data back to the same client, and clipboard could be damaged on the viewer side (sf bug #1255).

  • Server and Viewer for Windows: Fixed a bug with truncating data from clipboard, due to an error in calculating text length in Unicode/ANSI conversions (sf bug #1337).

  • Viewer for Windows: Fixed possible memory access violation caused by incorrect calculation of buffer size in the StringStorage object (sf bug #1356).

  • Viewer for Windows: Fixed a bug with deleting random characters from the host:port string. The bug was caused by incorrect calculation of the number of Unicode characters (sf bug #1349).

  • Viewer for Windows: Fixed problems with Shift, Alt and Ctrl keys getting locked in the pressed state on switching from the viewer window to other applications (sf bugs #1360, #1329, #1174).

  • Viewer for Windows: Fixed a problem which prevented from connecting to a Dispatcher using big ID numbers (ID >= 2147483648).

  • Viewer for Windows: A typo has been fixed in the warning window shown on entering the full-screen mode (sf bug #1270).

  • Server and Viewer for Windows: Removed libjpeg-turbo library in favor of the standard libjpeg. The accelerated library did not show major performance improvements in typical situations but introduced questionable requirements on the hardware and the compiler. The codebase goes cross-platform, so we chose to get rid of such dependencies.

  • Java Viewer: Added new -showConnectionDialog command-line option. Set to “No” if you do not want to show initial connection dialog. Default: "Yes".

  • Java Viewer: Fixed an issue that resulted in error message “Value too long” (sf bug #1379).

  • Java Viewer: Increased Java compatibility requirement, now it requires Java 1.7 (previous versions required Java 1.6).

TightVNC 2.8.1 (limited release)

  • Server for Windows: Supporting screen orientation changes on the fly (this resolves sf bugs #1366, #1339, #1335 as well).

  • Server for Windows: Fixed a bug with running on Windows Server 2003, where TightVNC Server could stop accepting connections until the system is rebooted.

  • Server for Windows: Added an option to specify a list of rectangles to be treated as video and sent to viewers with minimal delays. Rectangles are specified by their screen coordinates in the Video tab in the TightVNC Server’s Configuration window. Normally, this option is not very useful, it’s rather for using TightVNC in specialized environments.

  • Server for Windows: When sharing just one application (-shareapp command-line option), do not pass remote keyboard input to other apps.

  • Server for Windows: Documented the -shareapp command-line option in the tvnserver /? output.

  • Server and Viewer for Windows: Implemented support for Dispatcher (it acts as a proxy between servers and viewers and allows connecting to servers not directly accessible from the Internet). Dispatcher is available separately, under commercial licenses only.

  • Java Viewer: Switched to a different library for supporting SSH tunneling (now using Trilead SSH-2 instead of JSch).

  • Java Viewer API: Introducing several APIs and corresponding JAR libraries for using parts of the viewer as an SDK (software development kit).

  • Java Viewer API: Generating Javadoc documentation for the SDK APIs.

  • Java Viewer API: Added an simple example on using the SDK APIs.

TightVNC 2.8.0 (limited release, Java Viewer only)

  • Java Viewer: Added support for TightVNC Dispatcher (a special proxy-type software that connects servers and viewers from different networks that may not be accessible directly).

  • Java Viewer: Implemented key-based SSH authentication. Files with SSH keys should be created in OpenSSH format, in $HOME/.ssh directory.

  • Java Viewer: Added better application icons.

  • Java Viewer: Improved support for OS X, added support for DockerIcon.

  • Java Viewer: Significantly improved rendering performance on Apple Macs with Retina displays.

  • Java Viewer API: Improved API for simplifying integration of the viewer into customer applications.

  • Java Viewer API: Added public API methods for choosing compression level, toggling view-only mode, and sending various protocol messages to server.

  • Java Viewer API: Computing transfer rate between client and server, making this data available via a public API.

  • Java Viewer API: Added support for sending client messages “VideoRectangleSelection” and “VideoFreeze” (TightVNC extensions) from the API.

  • Java Viewer: Conforming to new applet security requirements introduced in Java versions 7u25 and 7u51.

  • Java Viewer: Improved compatibility with built-in server of OS X. Provided a workaround for supporting 8-bit pixel formats (and formats with less than 8 bits) that were represented incorrectly by the OS X.

  • Java Viewer: Implemented new infrastructure for supporting different tunnel types (TightVNC extensions of the RFB protocol).

  • Java Viewer: Fixed a crash in ZRLE decoder when decompressing data from a built-in server of OS X.

  • Java Viewer: Fixed crashing on reading erroneous “color depth” and “bits per pixel” values in pixel format description.

  • Java Viewer: Fixed a bug with disconnecting on receiving clipboard contents from the server.

  • Java Viewer: Fixed a problem with disappearing controls while zooming out in the full-screen mode (sf bug #1267)

  • Java Viewer: Fixed a bug with endless loop in the full-screen mode (sf bug #1268)

  • Java Viewer: Refactored and fixed the source code in various places to eliminate warnings of code analysers.

TightVNC 2.7.10

  • Server for Windows: Now all displays are shown in Viewer when monitors are connected to different graphics cards, rather then showing only one.

  • Server for Windows: No more cursor disappearing or freezing when an application window controlled remotely is dragged by its title bar.

  • Viewer for Windows: Added detection of a Windows key press (alone or in combination with other keys), as well as Alt-Tab combination in the full-screen mode.

  • Viewer for Windows: Improved a File transfer window: file listing in the directory is now case insensitive.

  • Viewer for Windows: Added sorting of files by Name, Size or date Modified either in ascending or descending order.

  • Server and Viewer: Performance gain is achieved when TightVNC encoding is used due to accelerated JPG encoding and decoding. It is noticeable mostly on old hardware configurations.

TightVNC 2.7.7

  • Server for Windows: Fixed a bug with multi-monitor configurations running on Windows 8. The main display can be safely set to any monitor in a row or column.

  • Server for Windows: On Windows 8, data is no longer corrupted when the screen resolution is not divided by four (native resolution for some laptops).

  • Server for Windows: No more issues on the Server side when a zero compression level is set in the Viewer settings (Options / Set custom compression level / level: 0).

  • Server for Windows: Fixed incompatibility with older versions of TightVNC Viewer (1.3.10).

  • Viewer for Windows: Fixed a keyboard bug: it stopped working after a file transfer window is opened.

TightVNC 2.7.3

  • Server for Windows: Improved performance when the remote desktop is shown in its original size. Moreover, the image quality is now improved in case pixel-size checkerboard patterns are used.

  • Server for Windows: Fixed an issue on connection to a server from a built-in remote desktop client on Mac.

  • Server for Windows: You can safely change screen properties (resolution, etc.) on the server running on Windows.

  • Server for Windows: No more bad desktop size issues if the server is running on Windows 7 (SP1) or Windows Server 2008 (SP1) while there are no drivers installed. A server can be run on a virtual machine as well.

  • Server for Windows: Added more verbose logging (when a logging level is set to 9).

  • Server for Windows: Optimized Tight encoding to work faster.

  • Server for Windows: Increased speed of ZRLE encoding up to 25%.

  • Java Viewer: Fixed a compatibility issue with non-TightVNC servers (Mac remote desktop, UltraVNC) when ZRLE encoding is used.

  • Java Viewer: Optimized memory usage when Tight or ZRLE encoding is used.

TightVNC 2.7.1

  • Server for Windows: If a server is running on Windows 8, remote desktop screen is updated much faster.

  • Server for Windows: Now it is possible to show a single application rather than the whole remote desktop. For that, run a server with a -shareapp command-line option and pass a running process ID as its argument.

  • Server for Windows: Now it is possible to password protect access to server settings (by default, they are accessible once the server is running). It is required to enter an administrative password to make any changes when “Ask password for each operation” is checked in the Administration tab.

  • Server for Windows: Added ZRLE and RRE encoding support.

  • Server for Windows: Fixed issues when Extra Ports are used: now clients can safely establish connection to a server.

  • Server for Windows: When a client has disconnected, pressed key states are reset on the server side.

  • Server for Windows: Fixed an issue with drawing of a cursor on the server side when Let remote server deal with cursor option is enabled in the Viewer settings. Transparency issues for a cursor are also fixed.

  • Server for Windows: Fixed a bug with desktop size after the screen DPI is changed.

  • Server for Windows: Invalid JPG data now leads to error throwing rather than crashing.

  • Server for Windows: Fixed a bug with queued and non-sent updates on desktop changes.

  • Server for Windows: Fixed a missing system libraries error on Windows 2003 (sometimes wtsapi32.dll or psapi.dll could not be found).

  • Viewer for Windows: Now it is possible to change the port the Viewer listens on (in the Listening mode) and reconnect to the server right on the fly.

  • Viewer for Windows: Now Viewer can successfully connect to servers that require RFB protocol 4.0 or higher (in fact, RFB 3.8 will be used to establish connection).

  • Viewer for Windows: If minimized, a full-screen window is now restored as a full-screen application rather than a windowed one.

  • Viewer for Windows: Ctrl + M command is now applicable when in the full-screen mode.

  • Viewer for Windows: Now correct resolution is reported in the Connection Info window when a remote screen size is not divided by 4.

  • Viewer for Windows: Fixed invalid memory allocations that caused Viewer to crash when a Tight or ZRLE decoder is used.

  • Viewer for Windows: Fixed a bug with VNC session files if a port is less than 100.

  • Viewer for Windows: Fixed grayscale color issue (instead of a full color) when a Tight decoder is used.

  • Viewer for Windows: Fixed rare mouse scrolling issues.

  • Viewer for Windows: Fixed memory leaking when incorrect JPG data is received.

  • Viewer for Windows: Fixed a bug when Viewer cannot connect to a server (with Windows XP or Windows 2003) with a Unicode name.

  • Viewer for Windows: Now a file transfer dialog can be in the background.

  • Source Code for Windows (Server and Viewer): Added dependencies from Windows 8 SDK. Now the source code can be built in Windows 7, Windows Server 2008 R2, Windows 8 and Windows Server 2012.

  • Source Code for Windows (Server and Viewer): Fixed issues with a Visual Studio 2010 project file.

  • Source Code for Windows (Server and Viewer): Fixed a thread-related deadlock when waiting for a thread to start.

  • Source Code for Windows (Server and Viewer): Fixed a bug with image corruption when multiple clients are connected to a server (due to the refactored Server code).

  • Source Code for Windows (Server and Viewer): Fixed issues with string loading from *.rc files in non-Unicode builds.

  • Source Code for Windows (Server and Viewer): Added correct error handling on Server or Viewer crashing (a proper message is now shown).

  • Source Code for Windows (Server and Viewer): zlib library is updated to version 1.2.7.

TightVNC 2.7.0 (Java Viewer only)

  • Java Viewer: Start-up dialog window is now shown on the task bar: it can be closed, switched to, etc.

  • Java Viewer: When Java Viewer is embedded into HTML code, it connects to the specified server instead of allowing a user to choose a custom one.

  • Java Viewer: No more toolbar disappearing when a server has an VNC password set.

  • Java Viewer: Fixed non-working key combinations with Ctrl.

  • Java Viewer: Fixed memory leaking issues when reestablishing connection to the same server.

  • Java Viewer: If the sever desktop is smaller than the Viewer window, gray is used to color the empty space.

TightVNC 2.6.4

  • Installer for Windows: Fixed a problem where TightVNC Server was registered as a Windows service, despite that was disabled via the MSI property SERVER_REGISTER_AS_SERVICE.

  • Server for Windows: New version of the built-in Java Viewer (version 2.6.2).

  • Server for Windows: Refactored the desktop architecture (no changes in the functionality).

  • Viewer for Windows: A number of improvements in full screen mode.

  • Viewer for Windows: Fixed a problem where the viewer could hang up or crash after disconnect.

  • Viewer for Windows: Fixed minor errors in Tight decoder.

TightVNC 2.6.2 (Java Viewer only)

  • Java Viewer: Now Java Viewer has two configurations: with and without built-in SSH tunneling.

  • Java Viewer: Added “Clear History” button to the Connection dialog.

  • Java Viewer: Added support for Local Mouse Cursor Shapes: dot cursor (default), small dot cursor, system default cursor, no cursor.

  • Java Viewer: Viewport zoom property is now saved with connection history options.

  • Java Viewer: Fixed hang-up on connecting to an out-of-range port number.

  • Java Viewer: Fixed the width of the Host combobox control on the Connection dialog.

  • Java Viewer: Fixed a problem with the button panel when it did not render properly when starting the viewer in full screen mode for the first time.

TightVNC 2.6.0

  • Installer for Windows: New USEMIRRORDRIVER MSI property.

  • Installer for Windows: Now the installer offers setting/changing passwords at the end of each installation.

  • Installer for Windows: The passwords were not deleted from the registry if the options “do not use … authentication” were selected or the corresponding properties were set to -1.

  • Server for Windows: Fixed a crash of TightVNC Server in a service mode on system reboot. A crash dialog appeared on Windows shutdown when the server had connected clients.

  • Server for Windows: Fixed the Apply button behavior in the Configuration window. It stayed disabled when “Use mirror driver” setting had been changed.

  • Server for Windows: Fixed mapping of additional TCP ports to specified screen area with negative coordinates.

  • Server for Windows: Fixed -sharerect command-line option. It did not work properly with negative coordinates.

  • Viewer for Windows: Improved performance of TightVNC Viewer for Windows.

  • Viewer for Windows: TightVNC Viewer window now adjusts when changing viewport scale.

  • Viewer for Windows: Now, the pointer position is sent to a remote server only if it has actually changed.

  • Viewer for Windows: The screen is now updated not at once but gradually, if the encoding is “Raw” and shared screen area is large.

  • Viewer for Windows: Now, a list of files can be sorted by name, size and modification time in File Transfer system.

  • Viewer for Windows: Fixed occasional slow remote screen rendering.

  • Viewer for Windows: Fixed connection option saving.

  • Viewer for Windows: Fixed scroll bar in history combobox - it was always hidden.

  • Viewer for Windows: Fixed Ctrl and Alt key handling. Sometimes the state of Ctrl and Alt buttons on the viewer toolbar did not correspond to the actual state of the hardware keys.

  • Viewer for Windows: Fixed unexpected behavior of the viewer. The viewer quit silently if the user entered incorrect VNC authentication password.

  • Viewer for Windows: Fixed the button “Listening mode” accessibility after closing listening daemon.

  • Java Viewer: Added built-in SSH tunneling via the JSch library.

  • Java Viewer: Added maintenance of connection history and connection options.

  • Java Viewer: Added autocomplete the connection form with the parameters of the most recent connection.

  • Java Viewer: Fixed a problem with erroneous message (“Connection error: cannot write 16 bytes”) appearing after pressing Close in the authentication dialog.

  • Java Viewer: Fixed a bug with the viewer not showing remote screen when ShowControls option was set to 'no’.

  • Source Code (Viewer for Windows): Refactoring of the viewer-core API for future protocol extensions (e.g. new message types, authentication methods).

  • Source Code (Viewer for Windows): Changed CoreEventsAdapter interface in viewer-core.

TightVNC 2.5.2

  • Java Viewer: Introducing new full-screen mode, with optional auto-scaling, auto-scrolling and a pop-up toolbar.

  • Installer for Windows: Added new MSI installer properties, to automate pre-setting passwords in silent mode.

  • Server for Windows: Fixed a problem with querying local users on incoming connections. TightVNC has a feature to let local user approve or reject incoming connections. If there was no user action within a pre-configured time limit, new connection will be either accepted or rejected automatically. Unfortunately, the timeout setting did not work correctly in previous version and that could result in infinite timeouts. That has been fixed.

  • Server for Windows: Fixed the Apply button in the Configuration window - it stayed disabled on editing configuration settings.

  • Viewer for Windows: Fixed authentication handling in RFB protocol version 3.7. This should resolve connectivity problems with Ubuntu systems and Vino servers.

  • Viewer for Windows: Fixed hang-up on changing language or keyboard layout. To fix this problem, Windows message handling has been re-designed completely.

  • Viewer for Windows: Fixed priority of preferred encodings. Previous version could work inefficiently with servers that do not support Tight encoding, because the Viewer could choose uncompressed Raw encoding instead of well-compressed ZRLE.

  • Viewer for Windows: Eliminated 34-character limit on hostnames in the New Connection window.

  • Viewer for Windows: Using correct line ending characters in cross-platform clipboard transfers.

  • Viewer for Windows: Introduced a number of improvements and fixes in the user interface. That includes new commands in the toolbar and in the system menu, and architectural changes such as restoring the option to start new connections from the same Viewer instance.

  • Viewer for Windows: Adjusting viewer window size on remote desktop resizing.

  • Viewer for Windows: Other minor improvements and fixes.

  • Source Code (Server and Viewer for Windows): Improved logging architecture. The changes will not be visible to end user, but developers will appreciate new logging system. There should be no more static methods and global log objects, so it will be easier to reuse separate components in third-party applications. Now all components work via a simple logging interface or can work without logging at all.

  • Source Code (Server and Viewer for Windows): Corrected build problems in various combinations of build configurations and platforms, in both Visual Studio 2008 and Visual Studio 2010.

TightVNC 2.5.1

  • Installer for Windows: Proper viewer binary is now included in the 64-bit installer. In the previous version, 32-bit viewer was included by mistake.

  • Installer for Windows: A few text labels and warning messages have been corrected.

  • Server for Windows: Fixed a bug with uninitialized memory which could lead to random crashes.

  • Viewer for Windows: “Entering full screen” warning now includes an option for not showing it next time.

  • Viewer for Windows: Fixed a problem with -optionsfile command-line option not working correctly unless full path was provided with the options file. Also, error reporting have been improved when using -optionsfile.

  • Viewer for Windows: Initial image of the remote desktop did not always render correctly in full screen. Now that should be fixed.

TightVNC 2.5.0

  • Installer for Windows: Parameter-based silent installation. You can pre-configure TightVNC Server via MSI parameters and perform mass installation via a batch file or Group Policy.

  • Installer for Windows: Both 32-bit (x86) and 64-bit (x64) versions of the installer are available.

  • Server for Windows: Full support for 64-bit systems. Besides obvious benefits of using native architecture, this allows to attach so called “message hooks” to 64-bit applications. In a simple language, message hooks help at detecting screen activity, so that we can get updates almost immediately instead of polling the complete screen once per second or so.

  • Server for Windows: Support for mirror video driver (DFMirage). This makes screen reading ultra-fast in all supported versions of Windows, from Windows 2000 to Windows 7. DFMirage driver is a separate product, but it’s free for TightVNC users (and it’s available commercially if needed).

  • Server for Windows: Improved performance when sharing a desktop with Windows Aero enabled. With Aero, each screen reading operation is expensive, and we can improve performance by reading more pixels in less operations.

  • Server for Windows: Improved logging. Most importantly, new version reports all incoming connections to Windows Event Log. Also, logging to text files has been improved - the service writes to the same log file from all its child processes. There’s always just one log file, so it’s easier to locate an error message or e-mail the log to technical support service.

  • Server for Windows: New option to configure extra ports mapped to arbitrary screen areas. If a client connects to such an extra port, it will be shown the corresponding part of the screen only.

  • Server for Windows: New command-line options to share full desktop, primary monitor, selected monitor, a window, or an arbitrary rectangular area.

  • Server for Windows: Optimized video processing for specific window classes. You can tell TightVNC to treat certain windows as video by providing a list of window class names. Once a matching window is detected, its contents will be sent to clients continuously, with minimum delays.

  • Viewer for Windows: Completely rewritten version, free of GPL-only source code.

  • Viewer for Windows: Native 64-bit version for improved performance in x64 systems.

  • Viewer for Windows: Fast screen drawing and optimized decoders.

  • Viewer for Windows: New ZRLE decoder for improved compatibility with wide range of VNC-compatible servers.

  • Viewer for Windows: Desktop scaling that can be easily controlled via the toolbar.

  • Viewer for Windows: New feature to pause screen updates. You can freeze the remote desktop at any moment, e.g. to make a screenshot, examine details or demonstrate the screen to other people.

  • Viewer for Windows: Unicode-enabled compilation. Unlike previous versions of TightVNC Viewer, this one fully supports Unicode and has no problems with using multiple national languages in user input, screen labels, file names etc.

  • Viewer for Windows: Easily reusable source code. The viewer has been redesigned from the scratch. The primary design goal was to develop a “remote control SDK” and build the viewer on top of it. And we’ve done just that. So not only we provide new version of the viewer, but we also give software developers an easy way to add remote control functionality to their products (both free and commercial). The resulting SDK has a simple interface which hides all the complexity of the underlying protocols. It’s written in C++, has minimum dependencies on Windows systems and will be made truly cross-platform in its future versions.

  • Java Viewer: Desktop scaling that can be easily controlled via the toolbar.

TightVNC 2.1 (Java Viewer only)

  • Java Viewer: Added support for various color modes. You can restrict the number of colors to save traffic, or prefer a rich-color format to maximize image quality. From the GUI, you can choose a color mode with 8, 64, 256, 65536, 16777216 colors, or select the server’s native number of colors. However, the core component supports any color format as allowed by the RFB protocol (except palette-based modes).

  • Java Viewer: Corrected negotiation of the protocol version. There was an error which made TightVNC Java Viewer incompatible with Apple Screen Sharing (built-in VNC-compatible server in Mac OS X). New version should be able to connect to Mac OS X.

  • Java Viewer: Various minor fixes and improvements.

TightVNC 2.0.4

  • Server for Windows: Fixed a potential security problem which could allow a logged in user to gain elevated privilegies in file transfers. This problem affected Windows 2000 systems only.

  • Server for Windows: CPU use was significantly reduced in idle periods when there are no users connected.

  • Server for Windows: Fixed a problem which resulted in wrong color rendering in “big-endian” viewers (e.g. PowerPC-based Mac viewers).

  • Server for Windows: Fixed rendering of semi-transparent mouse cursors. Previously, big black boxes could be seen instead of such cursors.

TightVNC 2.0.3

  • Server for Windows: Fixed a bug which prevented file transfers from working properly under Windows 2000.

  • Server for Windows: Introducing new “error handler” which allows saving memory dumps on critical errors.

  • Server for Windows: In systems with swapped left and right mouse buttons, remote mouse events will be adjusted accordingly. As a result, the remote mouse should work just like the local one.

  • Server for Windows: Fixed a number of problems led to errors on setting service passwords from the installer.

  • Server for Windows: Not allowing to enter administrative passwords longer than eight characters. This limitation is caused by using standard DES-based VNC-compatible authentication. Previous versions used only the first eight characters anyway but it was possible to enter longer passwords and that could confuse users who did not know about the limitation.

  • Server for Windows: Fixed a problem with injecting lowercase characters when CapsLock was on on the server. Previous version generated uppercase characters when CapsLock was on, regardless of the Shift state.

  • Server for Windows: Implemented a special trick to bypass the problem with generating “^6” instead of “6” when using US International keyboard layout. It looks like there is a bug in Windows so we could do nothing better than to cook a workaround specifically for this case.

  • Server for Windows: Fixed clipboard handling with multiple client connections. Previously, clipboard contents might not be sent to particular clients in certain circumstances.

  • Server for Windows: Adjusted log verbosity levels for log messages generated by the control interface connection, so that such messages will not overload the log any more.

  • Server for Windows: Improved support for simple RFB clients that cannot handle desktop size changes.

  • Server for Windows: Made minor adjustments in the user interface. Specifically, the “About…” form has been cleaned up, and a typo has been corrected in the Configuration window.

  • Viewer for Windows: Fixed a number of problems with keyboard handling: preventing modifier keys from being stuck on switching to/from the viewer window; distinguishing left and right modifiers properly; sending arbitrary Unicode characters even if they were not defined in the original X11 protocol; and sending correct codes for the keys on the numeric keypad.

  • Viewer for Windows: Ctrl-Alt-Del combination should not depend on current ScrollLock state (which normally toggles Alt key to Meta key conversion).

  • Viewer for Windows: Fixed an issue with not sending update requests after choosing Minimize then Maximize on the viewer window (as opposed to the Minimize/Restore sequence which always worked correctly).

  • Viewer for Windows: Fixed a number of problems with saving and restoring connection options.

  • Viewer for Windows: Fixed user interface logic in the Options window. There were incorrect dependencies between compression-related controls.

  • Viewer for Windows: Improved phrasing for a number of error messages and log records in the file transfer module.

  • Source Code: Visual Studio 2010 is now supported, upgraded solution and project files are included in the source distribution. Versions for Visual Studio 2008 are included as well.

TightVNC 2.0.2

  • Server for Windows: The server could work incorrectly or even crash when font size adjustment or DPI scaling feature was used. New version should be fully compatible with Windows desktop scaling. This fix was developed for TightVNC 2.0.1 but was not included in that version due to a packaging problem.

  • Server and Viewer for Windows: More fixes have been made to solve problems with clipboard transfers. Both server and viewer could send question characters instead of non-ASCII symbols if current input language did not match the text encoding. These fixes complement related changes introduced in version 2.0.1.

TightVNC 2.0.1

  • Server for Windows: The server could work incorrectly or even crash when font size adjustment or DPI scaling feature was used. New version should be fully compatible with Windows desktop scaling. [UPDATE: Due to a packaging problem this fix was not included in version 2.0.1.]

  • Server for Windows: Fixed log file rotation. After creating five backup copies, it failed to rename old files and just overwrote the most recent log file.

  • Viewer for Windows: Server-to-client clipboard transfers have been fixed. Characters beyond the basic ASCII set could be copied into the local clipboard incorrectly.

TightVNC 2.0 (available for Windows only)

  • Server and Viewer for Windows: Introducing new file transfer subsystem based on new protocol extensions. Multiple files and directories can be copied at once, directories are processed recursively. Data compression is used to speed-up copying. Files can be renamed or removed, new directories can be created. File sizes are not limited by 4 Gb any more.

  • Server for Windows: Implemented new architecture which separates service code from the user interface. This enables service-mode operation under Windows Vista and Windows 7. Also, this fixes all known problems with multi-user features of modern Windows systems like Fast User Switching and Terminal Services.

  • Server for Windows: Screen updates have become reliable. If something went wrong and the picture in the viewer is garbled, incomplete or outdated, it will be recovered in reasonable time. There should be no more hidden menus or destructive window movements. If fast update detection methods fail, full-screen polling will keep updates going.

  • Server for Windows: Featuring new secure administrative interface. What was called “TightVNC tray icon” in previous versions is now a separate process which acts as a control interface to the TightVNC service. Control interface can be optionally protected with a password to make sure users cannot reconfigure or shut down the service unless they know the password (or have administrator privileges).

  • Server for Windows: There should be no more confusion between “default settings” and "user settings". In TightVNC 2.0, there is only one service-mode configuration and it is not affected by any per-user settings. The “Configure…” menu item of the service always shows the effective configuration. From the other side, TightVNC Server can be started as an application, and in that case each user has his/her own configuration.

  • Server for Windows: Featuring IP-based access control for incoming connections. Previous versions of TightVNC did allow similar IP filtering, but now everything is easily configurable. You can even test the rules on specific IP addresses, prior to applying new rules.

  • Installer: TightVNC 2.0 distribution has been packaged with new installer. It’s smarter and more efficient. It tries to prevent reboots whenever possible. It invites to set passwords so that TightVNC Server would be ready to work right at the moment of finishing the installation. From the other side, it can operate silently (when run with /S option in the command line). Finally, the complete self-installing TightVNC package (both server and viewer parts, and the uninstall tool) is only 550 kilobytes in size.

  • Server and Viewer for Windows: Keyboard handling has been improved. Older versions of TightVNC had problems with passing characters that do not fit in the Latin-1 code space. TightVNC 2.0 adds full support for different national codepages and keyboard layouts.

  • This list of changes is not full. TightVNC Server 2.0 for Windows has been completely rewritten by the TightVNC team. It does not include old TightVNC 1.3 code. So the right answer to the “What’s New?” question must be "Everything!".

TightVNC 1.3.10

  • Windows Server: Impersonating currently logged on user while processing file transfer requests. Disabling file transfers if current user is unknown or nobody is logged in.

  • Windows Server: Fixed rendering problems when multiple CopyRects were combined with normal updates. That could caused distortions that never updated even with full-screen polling active.

  • Windows Server: Added new "-silent" command-line option which modifies the behavior of -install, -reinstall and -remove options and makes them not show informational windows on successful execution. Note that -silent should precede other respective options in the command line.

  • Windows Server: LastRect, XCursor and RichCursor pseudo-encodings were not properly enabled if they preceded true encodings in the SetEncodings protocol message.

  • Windows Viewer: Fixed integer overflow vulnerabilities reported by Core Security Technologies. A specially modified VNC server could currupt the heap of the connected viewer causing its crash or malfunction.

  • Windows Viewer: TightVNC Viewer version 1.3.9 saved only successful connections in the list of recently visited VNC servers. Now we save unsuccessful connections too so that users would not ever have to re-type server names after connection failures. Also, several other enhancements were made to the code which handles the list of recent connections.

  • Windows Viewer: Fixed a bug with not loading passwords from saved .vnc files correctly if the first byte of their encrypted representation was zero.

  • Windows Viewer: Fixed problems under Windows Vista where Windows taskbar could remain visible above the full-screen window.

  • Windows Viewer: Fixed a problem with decoding JPEG rectangles wider than 2048 pixels.

  • Windows Viewer: Fixed a bug with not saving log file name correctly on using the Browse button.

  • Windows Viewer: Usability improvements in the “New Connection” dialog.

  • Windows Packaging: Improved installer and uninstall utility. In this version, self-installing executable will not try to install service in Windows Vista. Improved uninstall program always removes the WinVNC service if it was previously installed.

  • Unix Server: Applied fixes for 64-bit Linux issues, a patch from Russel Miranda.

  • Unix Server: Made the vncserver script read configuration from files (system-wide /etc/tightvncserver.conf and user-specific $HOME/.vnc/tightvncserver.conf).

  • All viewers: Allow configuring JPEG quality level regardless of the preferred encoding set. This makes sense because TightVNC Servers can transmit video data as JPEG even if Tight is not the preferred encoding.

  • Java viewer: Fixed a bug that caused NullPointerException when connecting to any VNC server not supporting TightVNC protocol extensions.

  • Java viewer: Fixed a bug with ignoreCursorUpdates option in 24-bit color mode caused the viewer to disconnect. Thanks to Damien Mascre for pointing out the issue.

  • Java viewer: PORT parameter is not required any more, now it defaults to 5900.

  • Java viewer: Do not defer update requests by default, to minimize delays in screen updates.

  • Java viewer: Improvements in reporting statistics on disconnect.

  • Java viewer: Added debugging parameters (DEBUG_XU, DEBUG_CU) that allow using the viewer as a tool for measuring VNC server performance.

  • Other minor improvements and bugfixes.

TightVNC 1.3.9

  • All platforms: Added support for the standard RFB protocol version 3.8 with TightVNC extensions.

  • All platforms: Made “host:port” parsing maximally compatible with VNC4. Interpreting a number in host names like somehost:5900 as an actual port number if it’s not in the range [0…99].

  • Windows Server: Various user interface enhancements - changes in GUI labels, tray icon with a red border when incoming connections are not possible for any reason, more information in the tray icon tip, smarter logic in displaying the Properties dialog, and more.

  • Windows Server: Fixed a problem introduced in TightVNC 1.3.8 - default passwords were not respected if user passwords were not set.

  • Windows Server: Slightly improved handling of passwords. One of the notable changes is that now it’s enough to enter a view-only password without providing primary password.

  • Windows Server: Fixed problems with running WinVNC service and Terminal Services. When a Remote Desktop (RDP) client connected to the console, WinVNC showed black screen and did not restore normal operations even on disconnection of that RDP client. Now, we always share the console correctly, and disable simultaneous RDP and VNC sessions. The changes were ported from VNC 4.1.2.

  • Windows Server: Better way of simulating Ctrl+Alt+Del. There are reports that this solves the problem with greyed username and password fields on Windows 2003 Server (bug #887617).

  • Windows Server: Bugfix for the bug #1109102: attempt to restart the machine remotely via TightVNC led to disconnect if there was some non-saved data, and further connections were rejected.

  • Windows Viewer: Multiple selection now works in file transfers, thanks to developers at Novell and personally Rohit Kumar.

  • Windows Viewer: The viewer terminated silently when the server dropped connection right after accepting it. Now we report such errors.

  • Windows version source archive: Included project files for compiling with Visual C++ 2005 Express Edition. Also, all required libraries are now included within the source distribution.

  • Unix Server: Applied patches from Debian Linux that port Xvnc to x86_64 platform (tightvnc-1.2.9-amd64support.p and tightvnc-1.3_alpha7-x86_64.patch), thanks to Quanah Gibson-Mount.

  • Java viewer: Implemented scaling, either with a fixed scaling factor or automatic. If Java 2D API is available (Java 1.2 and higher), then high-quality scaling is used. From the other side, the viewer remains compatible with Java 1.1 where it would simply use scaling with much decreased image quality. Scaling can be enabled with new “Scaling Factor” parameter but cannot be controlled from the GUI yet.

  • Java viewer: Added support for ZRLE encoding.

  • Java viewer: Disabled focus traversal keys under JVMs 1.4 and higher. This fixes the problem with not sending Tab key events to the VNC server.

  • Java viewer: Fixed wrong pixel format interpretation at decoding RichCursor pseudo-encoding (local cursor could be rendered in wrong colors).

  • Other improvements and bugfixes, see ChangeLog files within the distribution for more details.

TightVNC 1.3.8, release candidate version

  • Win32 server: Fixed major problem with disconnecting clients on screen locking, user logoff and logon, in the service mode.

  • Win32 server: Added support for DFMirage driver direct screen access mode (from DemoForge LLC).

  • Win32 server: Added support for multiple monitors (from DemoForge LLC).

  • Win32 server: Improved layout and functionality of the Properties dialog.

  • Win32 server: More accurate password handling - now the server code tries to distinguish between “empty” and “unset” passwords better.

  • Win32 server: New -shareall, -shareprimary and -sharearea command-line options, working similarly to the -sharewindow option.

  • Win32 server: Fixed problems with restoring desktop wallpaper.

  • Win32 viewer: Fixed bug with not enabling JPEG compression by default.

  • Win32 viewer: Fixed bug with not setting proper size of the viewer window.

  • Unix server: Port numbers are now calculated modulo 65536 with vncviewer’s -listen option. That makes it possible to listen on TCP ports under 5900.

  • Java viewer: Automatic encoding selection based on measuring current network throughput.

  • Other improvements and bugfixes, see ChangeLog files within the distribution for more details.

TightVNC 1.3dev7, release candidate version

  • Win32 server: Fixed the problem with “olemainthreadwndname not responding” in service mode under Windows NT 4.0. Under that OS, the TightVNC service could hang on logoff.

  • Win32 server: Removed the code for “desktop optimizations” that was rather harmful than useful. Hopefully, this should fix problems with crashing Delphi applications. Also this should prevent settings like font smoothing always set to true on disconnect.

  • Win32 server: Fixed the issue with port number edit boxes that were labeled incorrectly in the Properties dialog.

  • Win32 server: Disallowing clipboard transfers in view-only mode.

  • Win32 server: Fixed the problem with carriage return/linefeed conversion of clipboard data.

  • Win32 server: Fixed the problem with wallpaper being removed only after completing the initial screen transmission.

  • Win32 server: Minor improvements in the File Transfers dialog.

  • Win32 server: More context help messages in Properties and File Transfers dialogs.

  • Unix server: Fixed a serious bug with sending cursor updates when there was no FrameBufferUpdateRequest from that client.

  • Unix server: Fixed problems with building Xvnc on modern linux distributions, such as Fedora Core 3.

  • Unix server: Disallowing clipboard transfers for view-only clients.

  • Other improvements and bugfixes, see ChangeLog files within the distribution for more details.

TightVNC 1.3dev6, Win32 release candidate version

  • Win32 server: Improved layout of the Properties dialog, added context help for every option. Also, current mirror driver status is shown in the Hooks tab.

  • Win32 server: Implemented new checkbox “Enable applet params in URLs” corresponding to EnableURLParams registry setting.

  • Win32 server: The option “Don’t use mirror display driver even if available” is now functional.

  • Win32 server: New option "Blank screen on client connections". When set and new client connects, the server’s monitor is forced to go to power saving mode.

  • Win32 server: Fixed bugs with saving certain settings in the registry, and bugs with setting default values when the registry is not writable.

  • Win32 server: Fixed a problem with one-pixel mouse offset.

  • Win32 server: Fixed problems with inter-thread locking, this should solve “Unhandled message type received” problems.

  • Win32 server: Fixed a problem with the setting "Block remote input on local activity", it was not working with DLL hooks disabled.

  • Win32 server: Fixed various problems with file transfer implementation. Error handling was improved, the C: drive bug under Win98/Me seems to be solved.

  • Win32 viewer: New “Auto” scaling mode. In this mode, the viewer scales remote desktop to fit local window or screen size. If the window size is changed, the scaling factor is adjusted automatically.

  • Win32 viewer: Now the viewer checks server’s capabilities and does not ever use non-standard protocol messages not supported by the server. This change affects file transfers only, as other features do not use non-standard protocol messages…

  • Java viewer: New “scale remote cursor” option has been added. It allows to reduce or enlarge cursor image in the full-control mode.

  • Java viewer: A cursor repaint problem has been fixed.

  • Other improvements and bugfixes, see ChangeLog files within the distribution for more details.

TightVNC 1.3dev5, development version

  • Win32 server: Support for the “DFMirage” mirror video driver has been added (the driver itself will be available separately). Using the mirror driver greatly increases the speed and reliability of updates, and also desreases CPU utilization on the server.

  • Win32 server: New polling algorithm has been implemented. It’s similar to that found in x0rfbserver. New algorithm uses minimum CPU time when there are no changes on the screen, and detects major changes very quickly, resulting in greatly improved responsiveness on the client side.

  • Win32 server: Improved methods for filtering screen changes that actually do not change anything. New algorithm not only works faster, but it also detects changes much more accurately, leaving less work to encoders.

  • Win32 viewer: A special mode for Unix users has been implemented: when ScrollLock is on, the viewer will send Meta on pressing Alt keys.

  • Win32 server: Fixed a problem with view-only clients that were enabled full control on just opening the Properties dialog of the server.

  • Win32 server: It should not ever hang any more on changing ports or the LoopbackOnly setting.

  • Win32 server: DisableTrayIcon and RemoveWallpaper settings are working again.

  • Win32 server: The problem with not saving Query Settings has been fixed.

  • Win32 server: The polling mode “on event received only” has been fixed - it did not work correctly in previous version.

  • Win32 server: Fixed a number of issues with mouse handling, including that annoying problem with pointer jumping on slow connections.

  • Win32 server: Applied a bugfix from HorizonLive solving the problem with crashes or incorrect operation after color depth changes on the server’s desktop.

  • Win32 viewer: It does not crash any more on entering long passwords in the authentication window.

  • Win32 viewer: Positioning and resizing logic of the viewer window has been improved.

  • Win32 viewer: Now the viewer chooses more reasonable file names for saved .vnc sessions.

  • Win32 viewer: In the full-screen mode, the viewer allows other windows to be shown above the remote desktop. This makes hotkeys such as Shift-Ctrl-Alt-O useful in the full-screen mode.

  • Unix version: A number of bugfixes – copying clipboard to non-authenticated clients in Xvnc, delayed cursor shape updates in Xvnc, and crashing on switching between KDE virtual desktops in vncviewer.

  • Unix viewer: Support for the new -autopass option has been added, a patch from Ki NETWORKS, Inc.

  • Other changes, see ChangeLog files within the distribution for more details.

TightVNC 1.3dev4, development version

  • Featuring updated Unix version and Java viewer, supporting RFB protocol version 3.7, with or without TightVNC protocol extensions. Version 3.3 of the protocol is supported as well.

  • Win32 version: Built-in Java viewer was absent in the previous development version; now it’s available again.

  • Win32 version: Now the server does not crash on remote Ctrl-Alt-Del events, and on changing display modes.

  • Win32 version: A problem with reinstalling the service has been fixed (WinVNC -reinstall command-line option). In previous versions, reinstalling the service could fail if a user did not close “Service unregistered” message box within a few seconds.

  • Win32 version: Now the server does not hang on selecting equal RFB and HTTP port numbers. A warning is shown instead.

  • Win32 version: The server does not hang on toggling loopback connection options, and on changing port/display numbers.

  • Win32 version: WinVNC does not crash on choosing “Kill All Clients” during file download.

  • Win32 version: CopyRect handling in the server has been fixed, the CopyRect encoding is enabled again.

  • Win32 version: The Advanced Properties dialog of the server has been removed. The controls of that dialog has been moved to tabs in the Properties dialog.

  • Win32 version: Context help in the server’s Properties dialog has been implemented (although not all descriptions are ready yet).

  • Unix viewer: Fixed a bug with the viewer crashing on selecting text in Xvnc, and then choosing F8 / Clipboard: local -> remote, twice.

  • There was some progress on supporting pluggable encryption and authentication methods, in both Win32 and Unix versions, and in the Java viewer.

  • Other changes, see ChangeLog files within the distribution for more details.

TightVNC 1.3dev3, Win32 development (unstable) version

  • All features and fixes from 1.2.9 and 1.3dev1 versions included.

  • Improved GUI of the viewer featuring toolbar, hotkeys, pre-set connection profiles, more configuration options, context help in dialogs, and more. Finally, the viewer remembers all per-connection and global settings in the registry.

  • File transfers between viewer and server machines.

  • Support for RFB protocol version 3.7, with TightVNC extensions.

  • A possibility to turn off hooking via VNCHooks.dll in WinVNC while full screen polling is in use.

  • Other changes, see ChangeLog files within the distribution for more details.

TightVNC 1.2.9

  • Win32 version: Major security-related bug in the server has been fixed – handling of the “QueryAllowNoPass” option was seriously broken. Together with fixing this bug, the whole authentication logic in the server code has been redesigned.

  • Win32 version: Now the HKEY_CURRENT_USER registry hive is being closed properly on restoring display settings, on disconnect. This change should solve the problem with unloading the registry on logout, when WinVNC is running as a service.

  • Win32 version: Problems with “QuerySetting” and “QueryTimeout” options have been fixed – the settings could be copied from user configuration to default settings without user’s intention.

  • Win32 version: A long-standing bug has been fixed – the logic to handle retries after authentication failures was flawed, and used to delete the same object twice under certain conditions.

  • Win32 version: Now it’s possible to specify port numbers with the winvnc -connect option, using the “host::port” format. Also, providing a -connect option without arguments now brings up the “Add New Client” dialog.

  • Unix version: New “Request refresh” button has been implemented in the viewer’s F8 popup menu.

  • Unix version: Xvnc compilation fixes for HP-UX and MacOS X have been applied, from Ki NETWORKS, Inc.

  • Unix version: New vncpasswd -f command-line option has been implemented. It allows providing passwords on stdin and writes encrypted passwords to stdout. In addition, the password file name "-" now denotes stdout. Finally, a buffer overflow has been fixed in vncpasswd – it could be caused by a long file name in the command line.

  • Unix version: A patch to fix input focus problems in the X11 viewer has been applied, from Greg Breland.

  • Unix version: A patch fixing Xvnc crashes on Sparc has been applied, from the RealVNC distribution.

  • Unix version: A problem with incorrect port interpretation has been fixed, in the vncviewer’s -tunnel option handling. Thanks to Clark Sessions.

  • Java viewer: A modification from Bernd Krueger-Knauber has been accepted, to pass through X keysyms for foreign currencies.

  • Java viewer: The problem with initial keyboard focus not set to the desktop on some JVMs has been fixed.

  • Other minor improvements and bugfixes.

TightVNC 1.2.8

  • Unix and Win32 versions: Support for a separate view-only password has been implemented. Now the servers support two passwords – one to allow full control, another to restrict remote keyboard and mouse input.

  • Win32 version: The password reset problem has been solved. In versions starting from 1.2.4, the password could get changed in the registry on opening Properties dialog and just hitting the OK button.

  • Win32 version: New "-reload" command-line option has been implemented in Win32 server. It forces the running instance to reload the registry settings.

  • Win32 version: “RemoveWallpaper” and “LockSetting” options have been made configurable in the Properties dialog; the code has been ported from RealVNC 3.3.6.

  • Win32 version: Support for “AllowEditClients” registry setting has been ported from RealVNC 3.3.6.

  • Unix version: New "-x11cursor" option has been implemented in vncviewer; a patch from Peter Astrand. This option allows using a real X11 cursor with X11-style cursor shape updates, disables the dot cursor, and disables cursor position updates in non-fullscreen mode.

  • Unix version: New “RunCommand” command to customize the X11 vncviewer popup menu has been implemented; a patch from Peter Astrand.

  • Unix version: Several patches from Debian Linux have been applied. This should fix a number of bugs and improve building on some platforms supported by Debian Linux.

  • Unix version: A problem with Xvnc eating all CPU time after xfs restarts has been fixed; a patch from Martin Koegler.

  • Other minor improvements and bugfixes.

TightVNC 1.2.7

  • Unix and Win32 versions, Java viewer: The most significant problem with local cursor handling has been solved – now clients can see remote cursor movements performed on the server or by another client. New PointerPos encoding and cursor shape updates both minimize bandwidth requirements and greatly improve responsiveness of the mouse pointer, while still allow to track correct pointer position in all situations.

  • Unix and Win32 versions: In all the places where display numbers had to be used, now it’s easy to use port numbers as well. The viewers now allow to use new “hostname::port” syntax, in addition to the traditional “hostname:display” format. The same new syntax can be used in the “Add new client” dialog of Win32 server. In the server, now it’s equally easy to set display and port numbers. Besides that, HTTP and RFB port numbers can be set individually.

  • Unix and Win32 versions: In servers, decreased JPEG quality factors for low quality levels. This improves bandwidth usage while the image quality remains satisfactory in most cases. In clients, JPEG compression is now enabled by default, because usually it’s a reasonable choice. To prevent viewers from requesting JPEG compression, new -nojpeg option can be used.

  • Unix and Win32 versions: Improved installer under Windows, better RPMs for Linux.

  • Win32 version: Major enhancements in layout and functionality of the dialog boxes.

  • Win32 version: New keyboard handling code has been ported from RealVNC 3.3.6. This should solve all the issues with arrow keys acting as numbers in console windows, and shift+arrows not working under Win2k.

  • Win32 version: Adopted WinVNC -reinstall option from RealVNC 3.3.5, together with a number of other changes in different places. The viewer now accepts a port number after the -listen command-line option, an improvement from RealVNC 3.3.6.

  • Win32 version: Eliminated high CPU usage on the server before sending cursor shape updates.

  • Unix version: Bugfix for Xvnc’s -localhost and -interface options that were broken on many systems, thanks to Luke Mewburn for the bugfix. Xvnc -version command-line option is now supported.

  • Tight encoding is now documented in rfbproto.h files within source archives.

  • Java viewer: Implemented new buttons “Login again” and “Close window” near the disconnect or error messages in the applet mode, and introduced new “Offer Relogin” parameter to control this improvement. Thanks to Peter Astrand for the initial version of the “Login again” patch.

  • Java viewer: Support for connections via HTTP proxies using HTTP CONNECT method. This will not work in the applet mode, due to Java security restrictions.

  • Java viewer: Extra .vnc files have been removed, having just index.vnc should be enough. Also, an example HTML page has been prepared, to simplify installation under a standalone Web server.

  • Java viewer: Added a MANIFEST to the JAR archive, to allow easy execution of the JAR file, using java -jar command-line option.

  • Other minor improvements and bugfixes.

TightVNC 1.3dev1, Win32 development (unstable) version

  • Implemented partial screen sharing. Any single window or any rectangular screen area can be shared instead of the whole screen. The position and dimensions of the shared screen area can be changed dynamically, and client windows will adjust their dimensions on the fly. The user interface to choose shared screen area is very intuitive and easy to use.

  • Screen resolution changes won’t cause WinVNC to disconnect clients any more (but changes in screen color format still result in disconnects, this will be fixed later).

  • It’s possible to make WinVNC ignore remote inputs when local mouse or keyboard is in use. Remote events will be re-enabled after a specified timeout (3 seconds by default).

  • There may be other changes I forgot to mention. :-)

TightVNC 1.2.6

  • Win32 version: In this version, when WinVNC binds to a local TCP port, it does not try to check several times if the port is in use. It just re-uses the port if the display number is not set to "Auto". One visible effect of this change is that the delay between starting up and showing the icon is greatly reduced.

  • Unix version: Fixed the bug which caused the vncserver script to fail when the XAUTHORITY environment variable was not set.

  • Unix version: Fixed the bug which prevented the vncpasswd utility from setting correct permissons on the passwd file.

  • Unix version: Fixed a repeated challenge replay attack vulnerability, bugtraq id 5296.

  • Unix version: Added files to simplify building of Linux RPMs, thanks to Peter Astrand.

  • Unix version: Improved scrolling in the full-screen mode, modified patch from Ville Herva.

  • Minor cleanups.

TightVNC 1.2.5

  • Win32 version: Fixed a problem in the I/O subsystem that was introduced in TightVNC 1.2.2 and was causing major slowdown in communication with clients.

  • Win32 version: Enabled remote upgrade in the installation script. Also, the installer will install a copy of the TightVNC Web site, and will create shortcuts to most important documentation pages.

  • Win32 version: Implemented new feature to specify applet parameters in URL requests being sent to the built-in HTTP server. Added support for new “EnableURLParams” registry setting which can be used to enable this feature.

  • Win32 version: Added support for the NewFBSize pseudo-encoding allowing to change framebuffer geometry on the fly on server’s request.

  • Win32 version: Included “solution” and “project” files for MS Visual Studio 7, from Andrew van der Stock, applied a set of minor fixes to suppress compilation warnings under MS Visual Studio 7.

  • Win32 version: The viewer now tries to preserve the size and position of the desktop window after applying new connection options.

  • Unix version: Implemented new feature to specify applet parameters in URL requests being sent to the built-in HTTP server. Added support for new $PARAMS variable in .vnc HTML templates.

  • Unix version: Added the possibility to keep users’ vnc directories under /tmp, as suggested by Ivan Popov. This mode can be enabled by editing the $vncUserDir variable in the vncserver script. Also, new -t option has been implemented in the vncpasswd utility which allows to change VNC password files under /tmp.

  • Unix version: Applied Xvnc -viewonly patch from Ehud Karni.

  • Unix version: Applied Linux/PowerPC Xvnc fix from Peter A. Castro.

  • Unix version: Bug fixed: Xvnc failed to reset compression level and JPEG image quality on reading lists of encodings supported by clients.

  • Unix version: Made the viewer handle XCursor encoding operating on the framebuffer instead of setting new cursors directly in X.

  • Unix version: Applied a number of porting fixes from Ki Networks, Inc.

  • Java viewer: Added new feature allowing to save RFB sessions in FBS files compatible with rfbproxy. This feature works only if JVM security manager allows access to the local filesystem, which is usually true only when the viewer is used as a standalone application or if the viewer applet is cryptographically signed. New “Record” button will appear in the button panel if this feature is enabled.

  • Java viewer: Added new “ENCPASSWORD” parameter, modified patch from Peter Astrand.

  • Java viewer: Applied patch from Peter Astrand to fix problems with Swedish keys and broken JVMs.

  • Other minor fixes and cleanups.

TightVNC 1.2.4

  • Win32 version: WinVNC crashes on reporting zero statistics were fixed. This should eliminate crashes when using x2vnc and win2vnc client programs.

  • Win32 version: a problem with listening viewer was fixed. Initiating multiple non-shared connections could crash the viewer application.

  • Win32 version: real passwords are never placed into the password text control in the WinVNC Properties dialog any more. This should prevent grabbing plain-text passwords from that text control.

  • Win32 version: logging on errors was improved to provide better diagnosis for errors, especially for those causing the message “Connection closed” right after authentication.

  • Win32 version: handling of log files was improved. Now WinVNC should be able to save backup copies of log files under Win95/98/Me. Also, all log files are now written in MS-DOS/Windows text format instead of the Unix one.

  • Win32 version: a problem with reporting error messages in the listening viewer was fixed.

  • Win32 version: reporting incorrect statistics in the Tight encoder was fixed.

  • Win32 version: HTML pages and templates for the built-in HTTP server were improved.

  • Unix version: applied patch from Ki Networks, Inc. solving build problems on a number of commercial Unix systems, and fixing a number of minor bugs and typos.

  • Unix version: added a possibility to denote standard input with the "-" file name instead of a real password file name.

  • Unix version: fixed a bug causing vncpasswd utility work incorrectly when a file name argument was given in the command line.

  • Unix version: applied patch to solve keyboard focus problems in the full-screen vncviewer, from Peter Astrand. The patch does not seem to solve all the issues, but definitely makes things better. New grabKeyboard resource was added to control full-screen mode behavior.

  • Java viewer: new “Show Offline Desktop” parameter was added to make the desktop still visible even after the remote side has closed connection.

  • Java viewer: error messages were made much more meaningful.

  • Java viewer: keyboard focus problems were fixed. This should prevent opening new windows (e.g. Options or Clipboard) behind the active authenticator or desktop window.

  • Java viewer: now “R"/"r” keys can be used to request screen updates in view-only mode.

  • Java viewer: applied patch from Peter Astrand to fix problems with Swedish keys and broken JVMs.

  • Other minor fixes and cleanups.

TightVNC 1.2.3

  • Unix and Win32 versions: zlib library was updated to the most recent version (1.1.4) where a potential security issue was fixed.

  • Unix and Win32 versions: fixed blocking I/O problems in built-in HTTP servers. Older versions had to wait while one client finishes his transaction, only then they served new client connections, thus making easy denial-of-service attacks possible.

  • Unix and Win32 versions: updated built-in Java viewer, see details below.

  • Win32 version: Added support for mouse wheel events. Wheel mouse support is fully compatible and interoperable with Unix version where this feature was available for a long time.

  • Win32 version (WinVNC): The -connect command-line option now accepts a display number after a hostname.

  • Win32 version: Creating associations for .vnc files in the installer.

  • Java viewer was GREATLY improved: the code was converted to Java 1.1, painting techniques were re-designed completely (now the viewer should work in MacOS), several new parameters were added, all parameters were documented in the README file. Most important new features include: support for 24-bit colors, JPEG support in Tight encoding, RFB Bell message support, new “Refresh” button, a possibility to operate in a separate scrollable window, dynamic view-only mode. Many more changes were introduces, see the ChangeLog for more information. Please note that new Java viewer class names were changed, e.g. vncviewer.jar file has become VncViewer.jar etc.

  • Unix version: a number of changes in the vncserver script, e.g. the default color depth is now 24, extra delay after Xvnc startup removed, font path is now configurable in the beginning of the script, and more.

  • Unix version: zlib library was removed from the core X sources. Instead, both vncviewer and Xvnc now can use either system zlib and JPEG libraries, or ones packaged within TightVNC source archive in the lib/ directory. Unix sources are distributed in two versions: one with these libraries for those who don’t have them installed in the system, and another version without libraries, copied directly from CVS, for those who do have zlib and/or JPEG libraries installed. In the former case, build procedure would include additional “make libs” step. System libraries will be linked dynamically, libraries included in the source archive will be linked in statically.

  • Unix version now includes comprehensive manual pages for vncviewer, vncserver, Xvnc, vncconnect and vncpasswd programs. The vncinstall script in the source distribution now accepts one more parameter allowing to specify where to install manual pages.

  • Unix version (Xvnc): a number of patches from Red Hat Linux vnc package were incorporated into the TightVNC codebase. This adds support for more architectures including s390 and s390x, adds a possibility to use tcp_wrappers for Xvnc access control.

  • Unix version (Xvnc): several bugfixes, e.g. applied patch to fix crash in the code dealing with font server; fixed word alignment problem in raw encoder experienced by Sparc users.

  • Unix version is no more distributed as patches to a standard VNC release. This is because patches cannot handle changes in binary files and handle file removals very inefficiently.

  • Other minor fixes and cleanups.

TightVNC 1.2.2

  • Win32 server: long-standing Win9x resource consumption problem has been fixed. Now the server thread does not use blocking I/O, and therefore is always ready to process messages from the VNCHooks DLL.

  • Win32 server: now built-in HTTP daemon may be enabled and disabled interactively from the Advanced Preferences dialog (this setting is saved in new “EnableHTTPDaemon” registry key).

  • Win32 server: changes in layout and text of the Advanced Preferences dialog.

  • Xvnc: Minor bugfix which should prevent potential dereference of a NULL pointer.

  • Unix viewer: Now viewer window would be raised on beep (bell) event, unless new -noraiseonbeep option is provided in the command line or “raiseOnBeep” resource set to False.

  • One more packaging option for the Unix source: ready to build archive with Zlib and JPEG libraries inside.

  • Other minor fixes and cleanups.

TightVNC 1.2.1

  • Win32 server: added support for reverse connections on ports other than 5500, modified patch from Steve Kann.

  • Win32 viewer: added support for new command-line options: -noshared and -encoding XXX.

  • Bugfixes in Win32 viewer: changes in exception handling eliminate Borland C++ compilation problems causing application crashes on repetitive connections, notably in the listen mode. Also, now warning exceptions causing disconnects are reported to user, except for the case when a user has closed the viewer window.

  • Better packaging in Win32 version: self-installing package is available, vncviewer now shows correct icon image.

  • Unix vncviewer: Default tunneling command template has been changed, to allow tunneled connections to hosts where only loopback VNC connections are enabled. New -via <GATEWAY> command-line option provides enhanced tunneling functionality, now one can make vncviewer tunnel connections to a VNC host via third machine acting as a gateway.

  • Java viewer: Addition of new parameters PASSWORD, "Show Controls", and "View Only", modified patch from Steve Kann.

TightVNC 1.2.0

  • Tight encoding is now configurable and can operate at different compression levels where low compression levels are very fast in terms of CPU usage. New "-compresslevel N" option implemented in vncviewer to set compression levels for Tight encoding (1 - fast, 9 - best).

  • Enhanced techniques to split large rectangles in Tight encoder; now it tries to find large solid-color areas and send them in separate rectangles.

  • Lossy JPEG compression in Tight encoding has been implemented, new "-quality N" vncviewer option should be used to enable this feature (0 - low image quality and best compression, 9 - best image quality). JPEG compression is used only for screen areas that seem to be suitable for JPEG compression (although algorithms to detect such areas are not perfect, of course).

  • New “XCursor” and “RichCursor” encodings implemented. They are used to transmit cursor shape updates from server to clients (“local cursor” feature requested by many users). Mouse movement no longer causes framebuffer updates to happen, vncviewer processes mouse locally when this feature is active. New -nocursorshape vncviewer option turns this feature off.

  • A number of recent changes from both TridiaVNC and AT&T’s releases merged into the source, now the code is based on version 3.3.3r2 for Unix part, and on 3.3.3r9 for Win32.

  • Unix vncviewer: When -tunnel option is specified in the command line, special rules are now used to choose preferred encoding. Now viewer does not think that server is running on the same machine when tunneling is on and the preferred encoding is now “tight” with default compression instead of raw.

  • Xvnc: Rules to set default pixel formats have been changed: now they are RGB565 instead of BGR556 for color depth 16, and RGB888 instead of BGR888 for depth 24. This makes Xvnc compatible with Imlib renderer used in Gnome and also helps to avoid unnecessary pixel format translations in many cases.

  • Xvnc: X11 modifier mapped to META key is now Mod4 instead of Mod1. New -compatiblekbd option implemented in Xvnc to force META and ALT keys behave the same way as they do in the original AT&T’s version.

  • A number of bugs fixed: viewer crashes after inflate() call, Xvnc CoRRE encoding problems, Xvnc bit-order issues in XCursor and RichCursor encodings, etc.

  • Java viewer now supports Tight encoding and cursor shape updates. Drawing techniques were changed, settings “Raw pixel drawing: Fast/Reliable” and “CopyRect: Fast/Reliable” removed from the Options panel since they do not make sense in new drawing model.

  • Other new features, optimizations, fixes and cleanups, see ChangeLog files.

VNC Tight Encoding 1.1

  • New ``gradient’’ filter implemented in servers (it can be disabled in Xvnc with new -lazytight option). The filter preprocess full-color screen areas prior to compression in order to achieve better compression ratios (with the cost of slower compression). Vncviewers of version 1.0 had support for this filter already, but there was small bug causing image distortions in certain cases. So it is recommended to upgrade both servers and viewers.

  • Stupid bug fixed: extra unused color was included in palettes in many cases; compression ratios used to be worse than they should be.

  • The algorithm used to split large rectangles into parts has been changed. This change can increase compression ratios in many situations.

  • Byte-order issues in servers have been (hopefully) fixed.

  • Performance tuning, code rewrites and cleanups in various places.

VNC Tight Encoding 1.0

  • Initial release.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907