FIXED: Active Directory user accounts with no expiry date can now be used to authenticate to VNC Server using single sign-on (SSO)
FIXED: VNC Server’s Information Center dialog no longer shows an erroneous error message when the legacy SecurityTypes parameter is set to a value other than <auto> (this may affect users upgrading from VNC 5.x).
FIXED: VNC Server in Virtual Mode (Xvnc) no longer crashes due to a bug in the X11 render extension.
For a video explaining major features, and links to other resources, please see our release summary page.
NEW: VNC Server supports multi-factor authentication. Choose a scheme based on X.509 digital certificates stored on pluggable smartcards/authentication tokens or
in certificate stores, or a RADIUS server implementation from an identity management provider such as RSA SecurID or Duo.
Alternatively, create a custom scheme containing as many factors as you need.
NEW: Conveniently assign discovery permissions to computers in your RealVNC account by creating groups of people and computers. Restricting discovery improves security, and
helps team members reduce the number of computers they interact with in VNC Viewer.
NEW: Organize computers in VNC Viewer using labels. Right-click on the address book to create a new label, or assign a label to a computer on its Properties page.
NEW: Display a details view of computers VNC Viewer instead of a screenshot icon view, and sort by name, last connected time, and label.
More intuitive scaling options for the remote computer desktop are now available from VNC Viewer’s Properties page.
VNC Server now prompts you to send anonymous usage data to RealVNC, to help improve the user experience. You can opt out on VNC Server’s Options > Privacy page.
NEW: VNC Connect is available for Raspberry Pi. It is included with Raspbian, and
pre-licensed to offer both cloud and direct connectivity to Home subscribers.
NEW: VNC Viewer has a medium setting for the picture quality of a remote desktop, to complement high and low. By default, the
picture quality is automatically adjusted to suit the speed of the network.
VNC Connect is available in French, German, and Spanish again. The appropriate language for the desktop of each user is automatically
selected. This can be changed (if required) using the Locale parameter.
NEW: VNC has a new brand name, VNC Connect. VNC Server and VNC Viewer have new brand colors, icons and logos.
NEW: VNC Connect is licensed by annual subscription rather than perpetual license key.
When a paid Professional or Enterprise subscription expires, remote access stops. If you’re an existing, entitled VNC 5.x customer, you can automatically upgrade
to a new Enterprise subscription.
NEW: Establish secure, seamless, reliable cloud connections from VNC Viewer to VNC Server. If you have an Enterprise
subscription, this can be as well as, or instead of, traditional direct connections.
NEW: Invite people in to your team to quickly share remote access, and manage computers, subscriptions, renewals and
payment methods much more conveniently online using your RealVNC account.
NEW: Sign in to VNC Viewer with your RealVNC account credentials to backup and sync your address book between all your desktop and mobile devices.
NEW: VNC Address Book is integrated into VNC Viewer, so everything is accessible from one place. Use File > Import connections to transfer VNC 5.x
connections in from VNC Address Book, or from a directory of .vnc files.
NEW: VNC Viewer can remember remote access credentials so you don’t have to enter them each time. Note under Linux we
additionally recommend setting a master password for VNC Viewer; see below.
NEW: Use File > Preferences > Privacy to set a master password to protect VNC Viewer from unauthorized use.
NEW: Save desktop previews for connections (that is, screenshots in thumbnail form) to make VNC Viewer more intuitive to use.
NEW: Give connections friendly names.
NEW: Quickly forget sensitive data such as passwords and desktop previews if VNC Viewer is running on a shared computer.
NEW: If you start VNC Viewer and simultaneously establish a direct connection at the command line, use the -useaddressbook flag to integrate with your address
book, for example vncviewer-useaddressbook192.168.1.99:65. If the connection is to a known computer, stored settings are applied.
If the connection is to a new computer, it is added to your address book.
NEW: Configure the rate at which a desktop is panned when in full screen mode using the BumpScrollSpeed VNC Viewer parameter.
VNC Server now needs an Enterprise subscription in order to run in User Mode or Virtual Mode.
Only direct connectivity is available in these modes.
VNC Viewer now sets File > Preferences > Proxy to the system proxy server by default, rather than to no proxy server.
FIXED: Setting the poll parameter to a number of milliseconds (for example 200) in an appropriate configuration file (such as ~/.vnc/config.d/vncserverui-virtual for Virtual Mode) or
/etc/vnc/common.custom (for all modes) now works around copy and paste issues in X applications such as gVim.
SELinux policy modules are automatically registered on Red Hat-compatible distributions (version 5.0+ only) if SELinux is enabled during installation or upgrade, meaning the vncserver-x11-serviced and
vncserver-virtuald daemons, and printing, work out-of-the-box. On Debian-compatible distros, or if SELinux is enabled later, you can register the policy modules manually.
NEW: Providing VNC Server and VNC Viewer are both version 5.3, connections use the very latest RFB 5 protocol for enhanced security, with updated cipher suites and support for Perfect
NEW: VNC Server with an Enterprise or a Personal license can restrict the IP addresses on which it listens for connections, reducing the attack surface. Note the InTransports parameter
has been removed, which means VNC Server with a Free license can no longer listen on just IPv4 addresses, or on just IPv6 addresses.
NEW: VNC Viewer can send keep alive messages to VNC Server in order to maintain (perhaps minimized) connections that might otherwise be considered idle by routers or gateways, and
unexpectedly terminated. Conversely, the same mechanism can clean up connections that have terminated, perhaps due to network failure.
NEW: VNC Server has a new screen capture architecture that is both more robust and responsive. Users should see fewer disconnections and reconnections when transiting between desktop and
login screens. System administrators should be aware of a new vncagent binary and process.
Screen capture on Windows 8+ computers using DirectX is now more efficient, giving a better user experience. As part of this work, the UpdateMethod parameter has been
renamed CaptureMethod on all platforms, and has new defaults that make choosing the optimal capture method easier.
Configuring security for VNC Server at the command line or using policy is now simpler using new, separate, more intuitive Authentication and Encryption parameters. On upgrade,
SecurityTypes and UserPasswdVerifier values are mapped appropriately unless a VNC password is mandated using policy.
The vncpasswd utility now has flags that make specifying a VNC password for VNC Server in all modes easier. In addition, running the utility without a flag now shows the help rather than
defaulting to VNC Server in User Mode.
The Password parameter is now included in policy template files so VNC Server with an Enterprise license can be remotely provisioned with a VNC password. To obtain a password in the correct
obfuscated format, run vncpasswd-print.
NEW: Support for Ubuntu 15.04—15.10, Debian 8, Red Hat/CentOS 7, and Fedora 21—23.
By default, VNC Server in Service Mode now logs to the syslog USER facility, and the VNC Server in Virtual Mode daemon to the DAEMON facility, instead of to
file (note other facilities are available).
VNC Server in Virtual Mode now checks up to 500 X display numbers for the next available display, up from 99. Note that X displays in the range 0-99 are mapped to ports 5900-5999 as before;
subsequently, the mapping is as follows: 100-199 (ports 7100-7199); 200-299 (ports 7300-7399); 300-399 (ports 7500-7599); 400-499 (ports 7700-7799).
Users in the sudo group can now authenticate to VNC Server in Service Mode with an Enterprise or a Personal license on
Linux platforms out-of-the-box. This is in addition to users in the admin group and the root user.
NEW: On 10.7+ computers, VNC Viewer can be made full screen in the same way as any other Mac app. Note this does mean the app window can no longer span multiple monitors. To do this, revert to legacy
full screen mode.
NEW: VNC Server can remap keys received from VNC Viewer, perhaps to inject a non-native character or control key.
VNC Viewer can now send special keys such as Cmd+Tab and the Spotlight shortcut to VNC Server whenever the app window has focus, and not just in full screen mode.
By default, VNC Server in Service Mode now logs to syslog instead of to file.
Chat and file transfer are no longer separate applications but rather merged into the vncserverui.exe program. To configure chat and file transfer using Group Policy, examine the VNC Server > mode
> User Interfacepolicy folder.
FIXED: VNC applications can now be run from user accounts with a $ character in the account name.
FIXED: Active Directory groups with ‘universal’ scope can now be registered with VNC Server on the Users & Permissions page of the Options dialog, in addition to groups with ‘global’ and ‘domain
VNC Server in Service Mode (vncserver-x11-serviced) and the VNC Server in Virtual Mode daemon (vncserver-virtuald) can now be started using
systemctl on Linux distributions that support systemd, such as the latest Fedora.
VNC Server now supports PAM session modules, and session actions in pam_umask.so, pam_limits.so, pam_env.so, and pam_unix.so are automatically referenced in /etc/pam.d/vncserver (or
Chat is no longer a separate application but rather merged into the vncserverui program. To configure chat using policy, edit the vncserverui-<mode>policy template file.
FIXED: VNC hosted on a network share no longer relies on the cacerts.pem file.
NEW: VNC Server can check whether critical software patches, and product updates to which you are entitled, are available to download from the RealVNCweb site.
NEW: VNC Server publishes a more-memorable catchphrase than the unique signature on which it is based, deterring man-in-the-middle attacks by making identity checks more intuitive for
NEW: VNC applications can be configured remotely, and locked down to prevent change, using policy. Policy template files are available to download for distribution to target computers using
a suitable mechanism, for example Group Policy under Windows. (Enterprise only)
NEW: Message boxes displayed when connections are unexpectedly terminated can now be suppressed using the HideCloseAlert VNC Viewer parameter, making scripting easier.
The VNC Server Options dialog has been made easier to use, and highlights features locked down by policy. For both VNC Server and VNC Viewer, it also simplifies the process of creating debug log
files to send to RealVNC Support.
The new Permissions VNC Server parameter replaces NtLogon_Config (Windows) and AllowedUsers and AllowedGroups (other platforms).
Existing users, groups, and permissions are automatically upgraded. (Enterprise and Personal only)
The Permissions parameter now grants access to features in the following sets: f (full), d (default), v (view-only). (Enterprise and Personal only)
The Permissions parameter now supports explicitly denying permission to use a feature, as well as allowing and not allowing that feature. Deny cannot be overridden by individual members of a
group. (Enterprise and Personal only)
VNC Server logs are now directed to file at more appropriate locations, as determined by the new LogDir parameter.
The VNC Server Information Center dialog now distinguishes between successful and unsuccessful connections on the Diagnostics page, which may give warning of a port sniffing or brute-force
All instances of VNC Server running on a computer can be reconfigured without downtime using the vnclicense-reload command.
Single sign-on authentication is now easier to set up and benefits from new documentation. (Enterprise only)
NEW: Separate MSI installers for VNC Server and VNC Viewer are available for download for deployment to target computers in a Group Policy Object. VNC Server can also be licensed at install-time using
a Group Policy transform.
FIXED: Key combinations such as Alt+Tab are now supported for connections to Windows 8 computers. Note VNC Server must be installed to a secure location such as C:\ProgramFiles.
FIXED: Second and subsequent monitors plugged-in to discrete graphics cards on Windows 8 computers are now remoted to connected users.
FIXED: Local users can no longer execute arbitrary code as root by passing a maliciously crafted argument to the VNC Server in User Mode (vncserver-x11) or Virtual Mode (Xvnc) setuid-root helpers.
Note this issue only affected 5.0.6. See CVE-2013-6886.
FIXED: Local users can no longer execute arbitrary code as root by passing a maliciously crafted argument to the VNC Server in User Mode (vncserver) setuid-root helper. Note this issue only
affected 5.0.6. See CVE-2013-6886.
NEW: The mouse cursor snaps to a corner of the host computer’s desktop if it exits the VNC Viewer window within a certain distance of a corner (configurable via the
PointerCornerSnapThreshold parameter), making it easier to trigger hotspots under the latest operating systems (particularly Windows 8 and Mac OS X 10.8).
NEW: Support for 10.8 (Mountain Lion). VNC is a signed (that is, legitimate) application for download from the Internet.
NEW: Support for Mac Book Pro computers with Retina displays.
FIXED: Connections can now be established to a computer whose display is asleep (lower of the two sliders in the System Preferences > Energy Saver pane). Note connections cannot be established
if the computer itself is asleep.
FIXED: RDP connections to 32-bit XP computers now succeed when VNC Server is running in Service Mode. Note that VNC Viewer users who subsequently connect must request control, since VNC and RDP
connections cannot co-exist; the RDP user may or may not grant control requests.