feat(deps): update kasmtech/kasm-install-wizard 1.18.1 → 1.19.0

[truecharts-admin]

This PR contains the following updates:

Package	Update	Change
kasmtech/kasm-install-wizard	minor	1.18.1 → 1.19.0

---

Release Notes

kasmtech/kasm-install-wizard (kasmtech/kasm-install-wizard)

v1.19.0

Compare Source

1.19.0

Highlights

• Added configurable password complexity settings for local accounts, allowing admins to set minimum length and character requirements. Includes a Force Password Reset toggle to enforce new rules on existing users.
• Added the ability to disable file mappings without having to delete them.
• Added support for h.264, h.265, and AV1 video streaming modes to KasmVNC for container based Workspaces.
• Standardized memory and storage configuration across the admin console and APIs. Input fields now provide unit selectors (Bytes/MiB/GiB for memory, Bytes/GB or Bytes/GiB for storage) while Kasm persists the values as bytes for consistent autoscale and provider provisioning logic.
• Installation will now default to using rolling images. Refer to Rolling Image Management.
• Updated Apache Guacamole to version 1.6.0. This release includes significant improvements:
  • Frame Encoding Pipeline Rewrite with multi-threaded encoding for improved performance.
  • Upgraded to FreeRDP 3.0 for improved RDP session handling
  • RDPGFX (Graphics Pipeline Extension) support via FreeRDP 3.0 GDI-backed rendering backend for enhanced graphics performance
  • Better handling of dynamic display resolution changes
  • Support for additional RDP keyboard layouts: Czech (cs-cz), French Canadian (fr-ca), Portuguese Brazil (pt-br), Portuguese Portugal (pt-pt), and Romanian (ro-ro)
  • The full changelog can be found at https://guacamole.apache.org/releases/1.6.0/
• Added support for Intel and AMD GPU passthrough for graphics and video acceleration.
• Added support for provisioning container workspaces on NVIDIA Multi-Instance GPU (MiG) slices, enabling high-end NVIDIA GPU hardware to be partitioned and shared across multiple simultaneous workspaces without requiring licensed vGPU drivers.
• Added support for full stack Linux VMs delivered over RDP, enabling persistent, high-performance Linux desktop environments accessible directly through the Kasm Workspaces interface.
• Added support for configuring server expiration, allowing servers in a pool to be automatically drained after a configurable period of time and rotated out by the autoscaling system.
• Added support for [direct RDP client authentication](https://docs.kasm.com/docs/1.19.0/how-to/workspaces-sessions/server-workspace/direct-rdp-login, allowing users to connect to Kasm Workspaces using their Kasm credentials from any standard RDP client without a browser. This feature is controlled by group and zone-level settings and is disabled by default.
• Kasm Workspaces on Kubernetes has graduated to General Availability. The Kasm platform management plane is now natively integrated for Kubernetes deployments, removing the need for environment-specific workarounds previously required in the Helm chart.
• Added new Workspace Images:
  • Fedora 42
  • Fedora 43
  • Alpine 3.22
  • Alpine 3.23
  • ParrotOS 7
  • OpenSUSE 16
• Removed EOL Workspace Images.
• Introduced the System Metrics page to help administrators monitor component health, identify affected services, and review detailed metric snapshots for faster troubleshooting.
• Added support for ZTNA via OpenZiti.
• Added a Support Bundle page to generate diagnostic packages that can be downloaded and shared for troubleshooting.

Features

• Usability Enhancements

  • Enhanced group permissions validation to support GROUPS_VIEW, GROUPS_VIEW_IFMEMBER and GROUPS_VIEW_SYSTEM permissions in the /api/admin/get_permissions_group API endpoint.
  • Added public API version for exec_kasm functionality.
  • Added option to disable a manager in the UI.
  • Server Pools, Servers, and AutoScale Configs admin UI tables now use server-side pagination for improved loading performance.
  • Added new group setting to prevent deletion of active anonymous sessions post-expiration.
  • Redesigned the system configuration export/import into four distinct export modes: Complete Data Set, Partial Data Set (with database table selection), Autoscale Configs, and Deployment Configuration (full deployment migration excluding runtime state, with options to preserve manager tokens and API key pairs).
  • Added a two-step import workflow with preview and configuration, including additive imports (now the default), zone/LDAP mapping for autoscale imports, and automatic conflict resolution with datetime-stamped renaming.
  • Added support for tokenizing UUIDs during system configuration export and import.
  • When launching a Workspace, the deployment zone dropdown now shows the latency of each zone, indicates which zone Auto will select, and remembers the user's last selection.
  • Admins can now view the details of deleted Server Enrollment Tokens in the admin UI.
  • Added a new --ignore-dep-failures flag to install.sh and upgrade.sh to continue past optional dependency (rclone, wireguard, v4l2loopback, fuse) install failures instead of aborting.
  • Added a new --enable-epel flag to install.sh and upgrade.sh to enable the EPEL repository, allowing WireGuard and other packages to be installed on RHEL/Rocky/AlmaLinux 8 systems.

• Infrastructure Support Enhancements

  • Updated the Database container to use PostgreSQL 16.10.
  • Added support for Debian 13 (Trixie) installation.
  • Added a new autoscaling script for RPM-based Linux distributions (Oracle Linux and RHEL) and enhanced the existing Debian-based script to support the Kasm Desktop Service (KDS) Linux service.
  • The Kasm installation script now supports flags to provide existing SSL certificates at install time, eliminating the need to manually replace the self-signed certificate after installation.
  • Added support for additional Azure VM provider configuration fields — Plan, Security Type, Secure Boot, and vTPM — directly in the autoscale configuration UI, eliminating the need to specify these settings via the JSON config override.
  • Added a rolling installer tarball that always resolves to the latest patch build.
  • Added cloud-init/cloudbase-init support for VMware vSphere autoscaling, enabling startup script injection without requiring VMware Guest Operations credentials.
  • Added VM SSH Public Key configuration to VMware vSphere provider, available as {ssh_key} variable in startup scripts.
  • Added linked clone support for VMware vSphere autoscaling, allowing VMs to be provisioned from snapshots with reduced storage requirements and faster provisioning.
  • Updated default memory value from MB to MiB.
  • Migrated autoscale, workspace, and provider configuration schemas to byte-based fields (*_bytes) and backfilled existing data for reliable conversions and validation.

• Kasm Desktop Service

  • Replaced PySimpleGUI with license-free FreeSimpleGUI version.
  • Replaced memory and storage inputs throughout the admin console with a storage selector that transparently converts between units and submits byte values to the API.

• Developer API Enhancements

  • Added api/public/get_servers endpoint supporting single server retrieval and paginated list with filtering.
  • Added api/public/get_server_pools endpoint supporting single server pool retrieval and paginated list with filtering.

• Kasm Image Enhancements

  • Added Claude Code CLI image for x86_64/aarch64
  • Added Gemini CLI image for x86_64/aarch64
  • Added Codex CLI image for x86_64/aarch64
  • Added Cursor image for x86_64/aarch64
  • Added Ubuntu Jammy AI Dev image for x86_64/aarch64

Bugfixes

• Fixed Cast session limit being decremented when resuming existing sessions.
• Applied a Guacamole change that improves error communication during user connection creation.
• Fixed issue where volume mappings defined in a registry workspace couldn't be passed when installing the workspace.
• Fixed issue of scripts and file mappings in Kasm Desktop Service windows for prompt user.
• Fixed issue related to passing multiple smart card readers into Kasm Workspaces.
• Fixed bug that prevented defining custom docker container labels via Docker Run Config Override.
• Storage Mapping Based Profiles has been updated to significantly reduce disk space requirements, includes reliability fixes, and a recovery mode.
• Fixed registry memory value not being passed to workspaces.
• Fixed static table sorting issues.
• Updated the minimum version requirement for Docker and Docker-compose.
• Fixed an issue with previously stored values in the Egress provider form on user dashboard.
• Added fix to ensure that a slow database log rotation or kasm update check on the manager does not result in the manager not responding to API requests.
• Added logic to ensure that database log rotation and kasm update check does not run on multiple managers in multi-zone deployments.
• Fixed issue where VSphere provider fails to delete instances if they are powered off.
• Fixed issue of Server Sessions remaining stuck at deleting state by providing force delete option and implementing safe retry logic in manager.
• Fixed issue with get_kasm_screenshot API where height parameter was mapped to width and vice versa.
• Improved the log cleanup background job for more efficient processing using global settings. Debug Log Retention is now based on the number of logs instead of hours. Similarly, Local Log Retention is now based on the number of logs rather than days.
• Fixed issue where some APIs returned incorrect 401 and 403 error codes.
• Fixed some issues with file mapping, including toggles not working on file uploads, and stale data when editing a file map.
• Fixed issue with webcam not recovering after being turned off and back on again without reloading.
• Fixed issue with the microphone state getting out of sync with what it should be if toggled too quickly.
• Fixed data syncing for Storage Mapping Based Profiles during deletion after pause and session stop.
• Fixed issue with [Storage Mapping Based Profiles](https://docs.kasm.com/docs/1.19.0/how-to/data-storage/persistent-profiles#storage-mapping-based-profiles not running on certain distros.
• Fixed logout button missing in user profile on mobile devices.
• Web manifest changed to use absolute URLs rather than relative ones as Chrome appeared to get lost occasionally.
• Fixed upgrade script to block same-version upgrades, preventing database backup permission errors caused by leftover backup files from earlier runs.
• Fixed a bug that prevented connection proxy token refresh when "API Token Refresh Leeway" was set to a very high value.
• Fixed a bug that marked connection proxy tokens as consumed even when an error prevented token refresh.
• Fixed issue with Kasm nginx only resolves upstream dns when it is reloaded.
• Fixed issue with file write and executable option being available in file mapping for server session.
• Fixed unhandled exception when disabling storage mappings.
• Added warnings in kasmweb for features of Kasm Desktop Service - Linux, that are under planned for future release
• Fixed issue with WebAuthn that would prevent large key devices from registering.
• Fixed incorrect inline help entries for Network Name and Interface Type on the Harvester VM provider config.
• Fixed zombie container cleanup issues on multi server deployments.
• Fixed issue where clipboard-up content was truncated at 10 KB.
• Fixed Guacamole seamless clipboard overwriting by handling clipboard streams correctly, and increased the maximum size of content that can be transferred via the clipboard.
• Updated Guac container logging to use size based file rotation instead of time based rotation.
• Fixed file permission issues with Nginx logs not rotating on standard deployments.
• Fixed issue where the Proxmox provider would lose access to a VM that was migrated to another node.
• Fixed issue where VM creation would fail on Harvester 1.7 due to missing limits spec.
• Fixed an issue with Kasm multi-server installation of the web app using a PostgreSQL database.
• Fixed deadlock exception during agent heartbeat caused by conflicting updates to server_image_slots.
• Increased the timeout of STS tokens for S3 based Profile Sync to reduce chances of a large profile taking longer than the STS token is valid for.
• Increased the default timeout for S3 persistent profile sync on session end.
• Fixed issue where the RDP HTTPS Gateway would send keepalives for sessions it was not associated with.
• Fixed PostgreSQL password parsing issues involving special characters and resolved file permission failures during remote database upgrades on systems with restrictive umask settings. Also addressed minor issues in the upgrade script.
• Fixed issue with initialization script for the external DB connection.
• Fixed issue where usernames were injected un-sanitized into LDAP queries allowing arbitrary lookups.
• Fixed bug occurring during system configuration export/import, which caused the omission of User - Server associations, Egress Gateway - Egress Credential associations, and Egress Gateway - Egress Provider Mapping associations.
• Fixed compatibility issue with Docker 29+ where removed iptables isolation chains caused network plugin failures.
• Fixed issue running Guacamole with a cluster size of 1.
• Fixed bug where webcams less than 720p would crash the UI when forwarded to a workspace.
• Fixed issue where servers with utf8 credentials could cause workspace launch failures.
• Added documentation note clarifying that User SSO is required for file and storage mappings on Windows and Linux VM sessions.
• Added an optional wrapper for bwrap in Kali Rolling Desktop and Trace Labs images to prevent the black screen issue for high-privilege sessions. See the KB article for more info.
• Fixed issue where ldap misconfiguration could lead to privilege escalation.
• Improved session handling in guardian loop to prevent potential idle database session accumulation.
• Fixed issue with reset persistent profile not working as NFS submounts were not propagated into the helper container.
• Added retries for kasm_rdp_gateway and kasm_rdp_https_gateway configs in the healthcheck.
• Fixed performance degradation when using the get_users public API with large user datasets.
• Fixed Docker STIG hardening script overwriting the Kasm logging plugin configuration.
• Improved the performance of RDP thick client sessions when Kasm DLP protections are enabled, addressing bitmap-based rendering bottlenecks that caused visible screen tearing at higher resolutions.
• Fixed issue where Windows Desktop Service could not be registered when Kasm is deployed behind a path-based reverse proxy, due to a missing proxy prefix field in the registration form.
• Fixed issue where mobile users with narrow screen resolutions could get stuck with no way to close the displays control panel widget after opening it.
• Fixed issue where Windows autoscale startup scripts failed on the vSphere provider because the VM was not yet registered in the database when the script executed.
• Fixed issue where the Kasm STIG hardening script failed on webapp role servers in multi-server deployments due to attempting to configure services not present on that role.
• Fixed issue where UI-level logging was not captured for users authenticated via SSO.
• Fixed issue where typing in the Workspace Registry search field caused a page crash across all registry sources.
• Fixed regression where the web-native Guacamole client no longer prompted users for credentials when using blank static credentials or the "Prompt User" setting, causing connections to hang instead.
• Fixed issue where container session logs were not captured when a session failed immediately at startup, making it difficult to diagnose launch failures.
• Fixed issue where the Kasm upgrade script did not update the v4l2 kernel module to the latest version on existing installations.
• Fixed issue where running Docker commands inside the Docker-in-Docker (dind and dind-rootless) workspace images failed with an overlay filesystem mount error.
• Fixed issue where file uploads and downloads failed for web-native RDP sessions when the server was configured to use Prompt User credentials.
• Fixed issue where official workspace images displayed broken icons instead of falling back to the registry image when the icon was not available locally.
• Fixed issue where the Kasm Go URL did not execute the configured Docker exec command on the initial workspace launch, only on subsequent resumes.
• Fixed issue where the v4l2loopback kernel module failed to compile on kernel 6.17.
• Fixed issue where setting a very large API Token Lifespan value caused the Guacamole service to continuously restart due to a JavaScript timer overflow.
• Fixed issue where the Kasm Smart Card Bridge became unresponsive after a Chrome 145 browser upgrade due to a change in Chrome's extension messaging API.
• Fixed issue where the rolling images flag was not passed correctly when upgrading the database role in a multi-server deployment.
• Fixed issue where workspace sessions failed to launch when a DLP watermark was configured via file mapping.
• Fixed issue where creating a zone via the API incorrectly defaulted verify_rdp_client_ip to true instead of false.
• Fixed missing translation strings.
• Fixed issue where cloud provider servers (including OCI) could be incorrectly marked as orphaned and have running sessions forcefully terminated when the provider API failed to list instances or returned an empty result.
• Fixed bug where the Proxmox Provider would fail when a node in the Proxmox cluster was non-responsive or offline.
• Fixed issue where delays in provisioning could erroneously allow a user to create multiple sessions.
• Fixed multiple minor bugs in AWS provider module, regarding broken logging and crash handling.
• Fixed an issue where the connection proxy recording pipeline failed to encode .guac segments after the first successful upload. Added information about encoding failure and recovery.
• Fixed edge case where input data was not properly reset after completion.
• Fixed datastore cluster support for VMware vSphere autoscaling, enabling automatic datastore placement via vSphere when cloning from templates.
• Fixed issue with maximum simultaneous sessions settings in server where connection_type is ssh.
• Fixed issue where end users selecting a deployment zone in an pool for servers was not respected.
• Fixed issue where Proxmox full clones fail when clone time is longer than a couple of minutes.
• Fixed issue where a database session from the Kasm API service remained in an "idle in transaction" state indefinitely after startup.
• Fixed issue where the drain settings for an autoscale configuration were not included when cloning the configuration.
• Fixed an issue where session recording was not working with the KasmOS image.
• Fixed an open redirect vulnerability on the session ended page where the redirect target was not validated against the deployment's origin.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[Crow-Control]

Auto approved automated PR