Download Latest Version
UFTC-1.11.iso (2.1 GB)
Get an email when there's a new version of User Friendly Thin Client | 100% Free
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| README.md | 2025-10-19 | 2.3 kB | |
| UFTC 2.1 - Security Release - MBR_UEFI - AMD64 source code.tar.gz | 2025-10-19 | 151.1 kB | |
| UFTC 2.1 - Security Release - MBR_UEFI - AMD64 source code.zip | 2025-10-19 | 155.2 kB | |
| UFTC-2.1-VHD.7z | 2025-10-19 | 1.3 GB | |
| UFTC-2.1.iso | 2025-10-19 | 1.7 GB | |
| Totals: 5 Items | 3.0 GB | 1 | |
This is a security release that fixes a code execution vulnerability on the login screen, updating is strongly recommended.
- Additional input sanitization has been added to the UI to safely pass the input to the second bash session. This is done in two places, first the login screens input is instantly sanitized before this gets passed further in the program. Second, as an additional safety measure the additionally defined parameters and settings get sanitized right before they pass trough the second bash instance that could previously be tricked into executing code.
- Citrix is now fully omitted in this release rather than broken (A separate 1.11 release will be published with Citrix included)
Known issues: While Citrix released an update a few days ago, this only brought compatibility with Ubuntu 24.04. In testing it has proven to still be incompatible with Debian 13. Citrix and its dependencies have not been included in this pre-release.
My apologies for not catching the exploit sooner, while I do test for input sanitization issues this bug (that was found during my own extra testing) was specific to the way xfreerdp has to be launched causing it not to trigger in my earlier test runs for these inputs. In subsequent runs I had tried a variety of exploits commands including ones found online and ones suggested by AI none of which triggered originally. Bash has built in protections against exploits like the one I discovered and in most input fields these worked successfully causing the illusion of universal protection across the program. With the added measures and the gained knowledge this should be fully patched in the current and future releases.
ISO: A more traditional installer using clonezilla for those who prefer a premade install medium instead of relying on disk cloning software. Also can be used for PXE deploying and image capture. 7z: VHD + Manuals, you can customize it in a VM and then deploy it your way (For example with Rescuezilla or to a portable USB with Rufus)