TLDR: I released X2Go Client for Windows 4.0.2.1+hotfix1+build2 in order to update the bundled openssl to 1.0.1i (security fixes), but bug #564 was introduced and it is bad enough that I do not recommend using it yet. Continue to use 4.0.2.1+hotfix1. X2Go Devs, I also want to know if I should announce the release anyway on x2go-announcements.
So I released X2Go Client for Windows 4.0.2.1+hotfix1+build2 in the sense that I did the following:
- Uploaded it to http://code.x2go.org/releases/binary-win32/x2goclient/releases/4.0.2.1+hotfi...
- Generated the .md5 and .sha1 files
However, I did not do the following yet:
- Announce it on x2go-announcements (I'm not sure if I should announce it or not yet.)
- Update the wiki page http://wiki.x2go.org/doku.php/doc:release-notes-mswin:x2goclient-4.0.2.1 (I'll do so tomorrow, I need to get some lseep now.)
I haven't announced it yet because I discovered bug #564 while testing it http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=564
As I explained in the bug report, I am shocked that a regression like this was introduced because I thought that openssl 1.0.1* updates were very unlikely to introduce regressions. And I thought that there was never a need to recompile anything due to these updates. (If 1.0.2 or 1.1.0 came out, then there would be a need to recompile.) This is why I didn't test the updated build of x2goclient before posting it to code.x2go.org/releases/ .
I will look into this further tomorrow. In the meantime, I recommend staying with 4.0.2.1+hotfix1 until I fix this bug (or someone else fixes it.)
I also want to know if I should announce the release anyway on x2go-announcements.
-Mike#2