NoMachine makes available version 9.4.14, introducing a number of improvements, along with updates to third‑party components affected by CVEs, as well as fixes for issues found in previous releases.
Changes to keys in configuration files
The new CustomXauthorityPath key in server.cfg, allows administrators to change the location of the .Xauthority file or to create separate .Xauthority files per virtual desktop session. This helps prevent XAUTHORITY conflicts in environments with shared home directories and is primarily intended for complex or enterprise deployments. The TokenExpiryTimeout key in server.cfg, lets you define the validity period of the token generated by the server to allow clients to reconnect after a connection failure. By default, the token remains valid for five minutes (300 s). Additionally, the 'EnableDbusLaunch' key in node.cfg has been renamed into 'EnableDbusWrapper'. This new key name is available for fresh new installations, updates will not rename the original EnableDbusLaunch key.
Ability to log-in automatically Linux Guest Users via web
Two new keys in server.cfg, EnableWebGuestsAutoLogin and ForceGuestUserCreation, enable seamless guest access to Linux web sessions, where system guests are automatically logged in to the system without encountering any login prompt.
Improvements to session list and export of history
A new option, the '--no-physical' parameter, allows you to exclude physical sessions from the output of session list commands ('nxserver --list', 'nxserver --connectionlist' and 'nxserver --history'). Another new parameter, '--filter item,value' applies the same logic of the '--format items_list' option but limits the output to entries matching the specified item-value pair. The full list of available items can be obtained by running 'nxserver --history --format'. Additionally, the 'nxserver --history' output can now be exported in JSON or CSV formats, facilitating data integration with external analysis platforms and third‑party tools.
OpenSSL
OpenSSL libraries shipped by NoMachine client and server packages are now v3.0.19. The full list of CVE patched by OpenSSL v3.0.19 is available on their Official web site https://github.com/openssl/openssl/releases/tag/openssl-3.0.19.
Perl
A patch for CVE-2024-56406 has been applied to the current Perl version shipped by NoMachine server packages. Details about the CVE are available at: https://nvd.nist.gov/vuln/detail/CVE-2024-56406
Trouble Reports solved
Here is the complete list of fixes released in version 9.4.14:
TR02X11721 - Kerberos authentication may fail with 'Cannot initialize gssapi'
TR11W11638 - Black screen after connection to macOS with a sleeping display
TR03X11742 - Black screen may occur when connecting to Linux physical desktops
TR07W11488 - On RHEL 10 starting a single application may be not possible
TR07W11489 - On RHEL 10, creating a virtual desktop may not be possible
TR01X11689 - Possible privileges escalation on Windows via named pipe impersonation
TR02X11711 - Possible privilege escalation via a valid Kerberos ccache file
TR02X11710 - Possible arbitrary deletion of files by exploiting the NoMachine environment variable for Kerberos cache path
TR03X11758 - After power outage it could be no longer possible to connect via VPN
TR11W11630 - The connections limit counter is sometimes wrongly increased
TR01X11694 - License incorrectly in active state after incomplete installation using '--subscriptionset'
TR01X11699 - Possible unexpected termination of nxnode on Linux
TR03U10791 - Monitors of client are treated as a single monitor when the X11 graphics mode is disabled
TR01X11685 - In a multinode environment, session could not be started when "ClientMenuconfiguration none" is set on the node
TR02X11712 - A timeout error occurred while attempting to connect to host with private key and passphrase
TR01X11693 - Cannot connect to a node via Web when Duo Authentication is enabled
TR11W11629 - Web sessions or virtual desktops with X11 vector graphics mode disabled are counted twice in the connection limit counter
TR07V11189 - Unwanted scrolling when scrolling a page with two fingers in a web session
