Package: x2goclient Version: 4.0.3.1 Severity: grave Tags: patch I've just setup an x2go load balanced setup using x2gobroker (http connection - x2goclient --broker-url=http://server:8080/plain/inifile), after putting it into production we found a number of our users had their passwords rejected when trying to sign into the x2go client to access the broker. Tracing through the traffic/logs we found that the problem is that password values were being set unencoded to the broker, so for example if there was an & present in a password the form data was submitted in the form of task=listsessions&user=user&password=mypass&word&authid= which resulted in the data being read by the server as the pasword being mypass rather than mypass&word The attached patch in my testing (done on Linux) fixes the client so data is correctly escaped so the above example would be submitted as task=listsessions&user=user&password=mypass%26word&authid= which is correctly parsed as the password being mypass&word and allows the login to work. If we could get an indication of when this fix is likely to make a client release it would appreciated since we currently don't have Windows and OSX builds with the patch and are trying to workout if it's worth the time of setting up development workstations to be able to compile the client for those platforms vs just waiting for the next client release. Thanks for your time. Jason