What’s new in Kasm 1.16.0
Highlights
Kubernetes Technical Preview for deploying Kasm service containers to K8s via our open-source Helm chart. The preview includes providers for Harvester and KubeVirt that provide autoscaling of virtual machines for agents and servers. *Note: The Technical Preview is for testing/integration and is not supported in support contracts until v1.17. Feedback and/or issues on the capability can be submitted here.
Egress Providers that dynamically create network sidecars for container workspaces that manage OpenVPN and Wireguard gateways to establish deterministic exits from logical or geographical locations.
RDP Gateway allows users to connect to Windows Workspaces using Remote Desktop Protocol software clients over HTTPS (Port 443). RDP software clients connect transparently to allow access to local devices, including smart card, USB, and webcam passthrough.
Per-Workspace Progressive Web Apps (PWAs) enable the install of PWA remote apps to provide direct launch of workspaces. This allows the creation of shortcuts to your applications/desktops without the browser frame.
Enhanced Windows Service and Windows RemoteApp capabilities.
Variable Substitution for Storage Mappings that allow directories to be based upon the 1. User, 2. Session, 3. Workspace.
Image Releases: KasmOS, Ubuntu Noble, Forensic OSINT
Features
Usability Enhancements
Inline help fields have been integrated into the user interface to provide more information about configuration items and provide links to documentation that provide additional details.
Custom Storage Mappings for creating free-form configurations that create docker volumes and then map them into containers. This includes enhanced support for using rclone crypt wrappers for file-based encryption for transparent encryption/decryption when utilized in the Kasm session.
The Workspaces table in the user interface can now be edited for the most frequently changed items, such as cores, memory, docker image, and persistent profile path, to make bulk editing easier.
Updated registry schema to 1.1, this adds the ability for individual registries to have “channels” in order to give users an idea of which tags are available and allow them to choose which to use.
GCP Provider enhancements, including startup script types: Windows scripting via powershell, batch file or command shell.
Additional Cloudflare Turnstile and hCaptcha CAPTCHA types to augment Google reCAPTCHA v2.
Path-based reverse proxies for routing user to the correct UI based upon URL path values.
Default UI Language Group Setting to configure the default language of the application user interface. Users can still override the setting by specifying the language within their user profile.
Casting Link Custom Branding to specify custom launch screen background.
When launching a workspace, the page title and favicon now update to match that of the workspace being launched.
Enhanced keyboard accessibility, including: interactive tiles, open sessions actions, search, categories, user profile and toggle buttons.
The Automatically Prune Images setting now defaults to Aggressive for Agents.
The All Users Group now has allow_kasm_stop and allow_kasm_pause Group Settings enabled by default on new installs.
The Anonymous User Expiration Global Setting is defaulted to 8 hours on new installs.
Default values populated for initial branding configs.
Added resolution and scaling options to Guac-based workspaces, similar to those available in container-based workspaces under Streaming Quality / Advanced.
Removed display of Kasm Guac Token from installer since it is no longer needed.
Changed session URL text from kasm to session.
Infrastructure Support Enhancements
Upgrade Kasm Database to use PostgreSQL 14.x.
Add support for installing on Ubuntu Noble 24.04.
Improve functionality of Kasm Manager health check to guard against managers stuck on provisioning and ensure Primary Manager does not change when many Servers are provisioned at once.
Improve behavior of autoscaling, allow multiple autoscale configs to be scaled up and down concurrently. Improve concurrency of orphan server cleanup.
Added Microsoft RemoteApp support at the Workspace Image level for easier administration of Windows RemoteApps.
Added support to specify maximum simultaneous sessions and maximum simultaneous users independently for RDP servers, allowing for greater flexibility for RemoteApps and scenarios in Windows RDS and terminal services environments.
Windows server health is now tracked for servers with the Kasm Service installed. Sessions will not be assigned to servers that are not reporting in, enhancing reliability of created sessions.
Managers and Connection Proxy components automatically register as stopped when the containers are stopped for normal deployments and in Kubernetes will automatically deregister themselves.
Connection Proxy components perform health checks and will automatically register as missing if they fail to check in within Component Missing Expiration. If configured to do so, Kasm can automatically remove these components if they fail to check in within Component Dead Expiration.
Removed support for Slim (Alpine) based service images.
Added support for Kasm to manage Active Directory users.
Added support for Managed Egress Providers.
Added support for Red Hat Enterprise Linux 8 and Red Hat Enterprise Linux 9.
Kasm Image Enhancements
Added Forensic OSINT image for amd64.
Added KasmOS Core for amd64/arm64 and KasmOS Desktop image for amd64.
Added watermark support for RDP sessions with default global and per server settings.
Added Fedora 40 Desktop images for x86_64/aarch64
Added Fedora 40 Core images for x86_64/aarch64
Added Ubuntu Noble Desktop images for x86_64/aarch64
Added Ubuntu Noble Core images for x86_64/aarch64
Added Alpine 3.20 Desktop images for x86_64/aarch64
Added Alpine 3.20 Core images for x86_64/aarch64
Added Ubuntu Noble DinD images for x86_64/aarch64
Added Ubuntu Noble DinD Rootless images for x86_64/aarch64
Retroarch rebased to Ubuntu Jammy from Focal
Removed images based on end of life Operating systems (centos 7, oracle 7, Fedora 37, and Fedora 38)
Kasm Desktop Service
Simplified Windows Service installation and registration process.
Enhanced logging for easier troubleshooting and auditing.
The Windows service reports health to the Kasm deployment, failed check-ins will result in the server changing to a missing status. Servers in a missing status will not get assigned user sessions.
Installer includes Windows Firewall rules for both domain, private, and public profiles.
Guac web-native RemoteApp wrapper, allows for better web-native RemoteApp support.
Support for multiple concurrent RemoteApp sessions per user, per server, when users connect via RDP through the Kasm RDP Gateway.
Bugfixes
Fixed bug where kasm autogenerated docker networks were not being cleaned up properly
Fixed issue that caused S3 persistent profiles to not store files if there are a large number of very small files.
Perform additional workspace cleanup before performing S3 persistent profile sync in order to speed up synchronization.
Fixed bug that caused Agents that stopped checking in, to not get marked as missing in accordance with the Host Missing Expiration global setting.
Fixed issue with casting links when connecting with anonymous users.
Fixed issue that prevented the ‘allow_totp_2fa’ setting from being enabled by default on new installs.
Fixed issue with windows sessions not being redirected after time limit finishes if the countdown is hidden.
Fixed an issue with storage providers where the name of a provider wasn’t updateable after it was created.
Fixed issue that caused the wget command to not work on Ubuntu, Oracle and AlamaLinux images when Web Filtering is enabled.
Fixed issue where windows workspaces with the agent installed would sometimes generate error logs about calls to an unknown
/style/
urlFixed
kasm_guac
not purging old log files.Fixed sessions Agent field showing the wrong value for the hostname.
Disabled the Uploads and Downloads control panel sections when using a GUAC session but Kasm Desktop Service has not been installed.
Fixed issue with public API not returning new JWT formatted session tokens.
Fixed an installer bug that would install plugins and host dependencies on servers that did not require them.
Fixed configuration of KasmVNC to block container user from making changes with vncconfig cli tool or other methods.
The list of groups a user is in on the user profile now wraps rather than trying to fit on a single line.
Fixed issue where requesting a Kasm on behalf of a default user that has never logged in fails.
Cloning workspaces and autoscale configs is done server side to prevent hidden fields saving incorrect data which is then hard to debug to find the cause of issues.
Fixed vulnerability KASM-2024-0001.
Fixed issue where SAML and OIDC configurations could not be disabled.
Fixed issue where downloads from within a session would be opened by the browser for certain file types.
Fixed issue where connection errors for Workspace Registries and Update Checks could be generated in offline deployments.
Fixed editable dropdowns being hard to read in dark mode.
Fixed issue where firewall rules were not added when installing the Kasm Desktop Service on domain joined systems.
Fixed Retorarch image init given new binary path.
Fixed issue where Windows Single Sign-On stops working after the period of time defined by the “Session Lifetime” Server Setting.
Fixed issue where a “Paste” context menu would appear in Guac based sessions on Firefox.
Rolling Bug Fixes
The following fixes have been made in the rolling tagged versions of the Kasm Workspaces container images.
Kasm Service Images
(10/04/2024) Fixed issue that resulted in printer redirection in Windows Guac based sessions to emit and empty file
(10/04/2024) Fixed issue with OIDC Authentication that may result in failed logins when identifying user or group attributes.
(11/01/2024) Fixed “Instance is not bound to a Session” exception that could occur intermittently when autoscaling.
(12/04/2024) Fixed errors that could occur when Managed Egress Accounts are updated.
Docker Network Plugin
(12/04/2024) Fixed an issue that prevented OpenVPN from working when using Egress on systems with
runc
versions1.2.0
or later. See Upgrading Docker Network Plugin for details on how to apply the fix to an existing installation.