This post provides additional guidance for installing the ThinLinc server security patches to be released at noon UTC 2026-04-22. This article is intentionally released before the patches are made available. You can read more about the issue here:
Applying the security patch is done in the same way as a regular ThinLinc server upgrade. This process is covered by the Upgrading ThinLinc chapter in the ThinLinc Administrator’s Guide. All ThinLinc masters and agents in the cluster need upgrading.
The security patch is made available for all ThinLinc server versions currently under support (4.15.0 to 4.20.0) at noon UTC 2026-04-22. The server versions released at this time will be 4.15.1, 4.16.1, 4.17.1, 4.18.1, 4.19.1, and 4.20.1. All six of these releases incorporate the security patch.
Upcoming ThinLinc versions (4.21.0 and onwards) will also incorporate the patch.
Do I need to restart existing sessions after the upgrade?
No. The changes will take effect without restarting the remote sessions running on your ThinLinc cluster.
Which server version should I install?
While we normally recommend upgrading to the latest ThinLinc version, staying on the same minor version (e.g., upgrading from 4.16.0 to 4.16.1 instead of 4.20.1) may be preferable if you do not want to account for any changes in functionality during the upgrade procedure.
You can check your current ThinLinc version with the following command on your ThinLinc master server:
cat /opt/thinlinc/etc/thinlinc-release
Note that ThinLinc 4.18.1 is the latest patched version to support Red Hat Enterprise Linux 7, Debian 9, Ubuntu 18.04, and SUSE Linux Enterprise 12.
Do I need new license files?
ThinLinc licenses are issued per minor version, meaning that upgrading to a patch version of the same minor version will not require new license files. To exemplify, upgrading your ThinLinc server from version 4.18.0 to 4.18.1 will not require new license files, while upgrading from 4.18.0 to 4.20.1 may require new license files.
New licenses can be downloaded from the ThinLinc customer portal.
On ThinLinc 4.19.0 and above, you can check the maximum ThinLinc version your licenses are compatible with by running the following command on your ThinLinc master server:
sudo /opt/thinlinc/sbin/tlctl license agreement
On ThinLinc 4.18.0 and below, you instead need to inspect the .license files on the master server to determine which server version they are compatible with. They are located under /opt/thinlinc/etc/licenses/ on the ThinLinc master server, either as standalone files or in a ZIP archive. In the .license files, the following line will indicate the maximum ThinLinc version they are compatible with:
thinlinc_version = 4.20