KasmVNC 1.3.2

Features

  • Small performance tweaks to DRI3 support.

Bug Fixes

  • Disable seamless clipboard on Firefox by default, due to the Firefox overlaying a ‘Paste’ menu over the canvas.

  • Fixed CVE-2024-38449, directory traversal bug in built-in webserver. The vulnerability required credentials and did not provide access to files the user didn’t already have access to inside of the KasmVNC session. This vulnerability was not exposed or exploitable for sessions served by Kasm Workspaces and only applies to the use of KasmVNC outside of Kasm Workspaces.

  • Allow for larger header sizes, up to 16k. Provide better logging and handling for requests that contain HTTP headers that are larger than the 16k limit.

  • Fixed memory leak in kasmproxy

  • Fixed mime types of downloads to ensure the browser interprets them as downloads.