v0.6.2

_This is a vulnerability fix release._

Fixes a XSS issue in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.

This affects users of vnc_auto.html and vnc.html, as well as any users of include/ui.js.

Thanks to David Wyde of Cisco for reporting the issue.

v0.6.1

Major Changes Since 0.5.1

_Warning: this release removes support for legacy browsers, namely IE9 and below. IE10 may receive "best-effort" support. IE 11+, Edge, Firefox 31+, and Chrome 44+ continue to be supported_

_Warning: this release includes a number of potentially breaking changes to internal libraries_

Thanks to all the contributors who filed bugs, added features, and fixed bugs during this release 🎉

App-visible Changes

• feature tap-to-click in viewport drag mode (better mobile experience) (#600)
• feature allow passing the token in the path (makes it easier to use noVNC with websockify token plugins) (#537)
• feature support passing config variables via hash fragment (can be used to prevent leaking config to static content hosting) (#547)
• feature: Performance improvements (#488, etc) may affect users who are not just calling the RFB constructor directly, users of older browsers (see warning above)
• feature Support fullscreen mode (#499)
• bugfix: Deal with be launched via symbolic link in launch.sh (#447)
• feature: Support ExtendedDesktopSize and SetDesktopSize messages (supports automatic resizing of remote desktops to fit local session) (#444)
• feature: Support local autoscaling of viewport (supports automatic resizing of local session without resizing remote desktop) (#451)
• refactor: Remove vendored copy of websockify. Instead, if utils/websockify is present, that is used. If not, a global websockify is used if present. Otherwise, websockify is clone using git into utils/websockify (#448) may affect users of launch.sh

Library-visible Changes

• bugfix/refactor: Throw exceptions from the RFB constructor (#474) may affect users who call the RFB constructor themselves
• bugfix: properly unregister event handlers in websock.js (#427)
• bugfix/refactor: change getPosition to use native browser APIs for getting position (#432)

App-internals Changes

• bugfix: Tweak UI to allow vnc.html to be used with more restrictive CSP (#483)
• refactor: Internal UI cleanups (#607) may affect custom themes, users of ui.js, and/or modified versions of vnc.html and vnc_auto.html
• refactor: create a new RFB on each new connection (#473)

v0.5.1

Minor Bugfix Release

Major Changes Since 0.5

• Improved keyboard support via use of keysyms.js
• Fix HEXTILE "blank" tile support
• lower minimum width to accommodate smaller screens
• Fix issue causing true-color cursors to not be changed
• Fix subprotocol support for the TIGHT encoding

v0.5

WARNING: this is the last major release that will have support for Base64 and Internet Explorer 9.
The branch novnc-legacy will contain this code with any future critical bug fixes applied.

Major Changes Since v0.4

General Fixes/Improvements

• Use Object.defineProperty on Array prototype to prevent issues with enumeration
• Internal Refactor for improved testability -- NOTE: code which interfaces directly with noVNC may see minor breakage (e.g. custom UI elements, etc). Please report any bugs you find
• Improved parsing of query string parameters
• Support container page scrolling
• Fixed IE10 keyboard support
• Fixes for mobile keyboards (Android and iOS)
• Improved foreign keyboard support
• dynamic script loading without document.write

Protocol Support

• TightVNC support (we support choosing the NOTUNNEL type if tunnels are requested)
• XVP Support