• The -unixpw_system_greeter option, when used in combined unixpw and XDMCP FINDCREATEDISPLAY mode (for example: -xdmsvc), enables the user to press Escape to jump directly to the XDM/GDM/KDM login greeter screen. This way the user avoids entering his unix password twice at X session creation time. Also, the unixpw login panel now has a short help displayed if the user presses 'F1'.
• x11vnc now tries to be a little bit more aggressive in keeping up with VNC client's framebuffer update requests. Some broken VNC clients like Eggplant and JollysFastVNC continuously spray these requests at VNC servers (regardless of whether they have received any updates or not.) Under some circumstances this could lead to x11vnc falling behind. The -extra_fbur option allows one to fine tune the setting. Additionally, one may also dial down delays: e.g. "-defer 5" and "-wait 5" (or to 1 or even 0) or -nonap or -allinput to keep up with these VNC clients at the expense of increased system load.
• Heuristics are applied to try to determine if the X display is currently in a Display Manager Greeter Login panel (e.g. GDM) If so, x11vnc's creation of any windows and use of XFIXES are delayed. This is to try to avoid x11vnc being killed after the user logs in if the GDM KillInitClients=true is in effect. So one does not need to set KillInitClients=false. Note that in recent GDM the KillInitClients option has been removed. Also delayed is the use of the XFIXES cursor fetching functionality; this avoids an Xorg bug that causes Xorg to crash right after the user logs in.
• A new option -findauth runs the FINDDISPLAY script that applies heuristics that try to determine the XAUTHORITY file. The use of '-auth guess' will use the XAUTHORITY that -findauth reveals. This can be handy in with the lastest GDM where the ability to store cookies in ~/.Xauthority has been removed. If x11vnc is running as root (e.g. inetd) and you add -env FD_XDM=1 to the above -findauth or -auth guess command lines, it will find the correct XAUTHORITY for the given display (this works for XDM/GDM/KDM if the login greeter panel is up or if someone has already logged into an X session.)
• The FINDDISPLAY and FINDCREATEDISPLAY modes (i.e. "-display WAIT:cmd=...", -find, -create) now work correctly for the user-supplied login program scheme "-unixpw_cmd ...", as long as the login program supports running commands specified in the environment variable "RFB_UNIXPW_CMD_RUN" as the logged-in user. The mode "-unixpw_nis ..." has also been made more consistent.
• The -stunnel option (like -ssl but uses stunnel as an external helper program) now works with the -ssl "SAVE" and "TMP" special certificate names. The -sslverify and -sslCRL options now work correctly in -stunnel mode. Single port HTTPS connections are also supported for this mode.
• There is an experimental Application Sharing mode that improves upon the -id/-sid single window sharing: -appshare (run "x11vnc -appshare -help" for more info.) It is still very primitive and approximate, but at least it displays multiple top-level windows.
• The remote control command -R can be used to instruct x11vnc to resend its most recent copy of the Clipboard, Primary, or Cutbuffer selections: "x11vnc -R resend_clipboard", "x11vnc -R resend_primary", and "x11vnc -R resend_cutbuffer".
• The fonts in the GUI (-gui) can now by set via environment variables, e.g. -env X11VNC_FONT_BOLD='Helvetica -16 bold' and -env X11VNC_FONT_FIXED='Courier -14'.
• The XDAMAGE mechanism is now automatically disabled for a period of time if a game or screensaver generates too many XDAMAGE rectangles per second. This avoids the X11 event queue from soaking up too much memory.
• There is an experimental workaround: "-env X11VNC_WATCH_DX_DY=1" that tries to avoid problems with poorly constructed menu themes that place the initial position of the mouse cursor inside a menu item's active zone. More information can be found here.

 
Here are some features that appeared in the 0.9.8 release (Jul/2009):

• Stability improvements to -threads mode. Running x11vnc this way is more reliable now. Threaded operation sometimes gives better interactive response and faster updates: try it out. The threaded mode now supports multiple VNC viewers using the same VNC encoding. The threaded mode can also yield a performance enhancement in the many client case (e.g. class-room broadcast.) We have tested with 30 to 50 simultaneous clients. See also -reflect.

  For simultaneous clients: the ZRLE encoding is thread safe on all platforms, and the Tight and Zlib encodings are currently only thread safe on Linux where thread local storage, __thread, is used. If your non-Linux system and compiler support __thread one can supply -DTLS=__thread to enable it. When there is only one connected client, all encodings are safe on all platforms. Note that some features (e.g. scroll detection and -ncache) may be disabled or run with reduced functionality in -threads mode.

• Automatically tries to work around an Xorg server and GNOME bug involving infinitely repeating keys when turning off key repeating. Use -repeat if the automatic workaround fails.
• Improved reliability of the Single Port SSL VNC and HTTPS java viewer applet delivery mechanism.
• The -clip mode works under -rawfb.

 
Here are some features that appeared in the 0.9.7 release (Mar/2009):

• Support for polling Linux Virtual Terminals (also called virtual consoles) directly instead of using /dev/fb. The option to use is, for example, "-rawfb vt2" for Virtual Terminal 2, etc. In this case the special file /dev/vcsa2 is used to retrieve vt2's current text. Text and colors are shown, but no graphics.
• Support for less than 8 bits per pixel framebuffers (e.g. 4 or 1 bpp) in the -rawfb mode.
• The SSL enabled UltraVNC Java viewer applet now has a [Home] entry in the "drives" drop down menu. This menu can be configured with the ftpDropDown applet parameter. All of the applet parameters are documented in classes/ssl/README.
• Experimental support for VirtualGL's TurboVNC (an enhanced TightVNC for fast LAN high framerate usage.)
• The CUPS Terminal Services helper mode has been improved.
• Improvements to the -ncache_cr that allows smooth opaque window motions using the 'copyrect' encoding when using -ncache mode.
• The -rmflag option enables a way to indicate to other processes x11vnc has exited.
• Reverse connections using anonymous Diffie Hellman SSL encryption now work.

 
Here are some features that appeared in the 0.9.6 release (Dec/2008):

• Support for VeNCrypt SSL/TLS encrypted connections. It is enabled by default in the -ssl mode. VNC Viewers like vinagre, gvncviewer/gtk-vnc, the vencrypt package, SSVNC, and others support this encryption mode. It can also be used with the -unixpw option to enable Unix username and password authentication (VeNCrypt's "*Plain" modes.) A similar but older VNC security type "ANONTLS" (used by vino) is supported as well. See the -vencrypt and -anontls options for additional control. The difference between x11vnc's normal -ssl mode and VeNCrypt is that the former wraps the entire VNC connection in SSL (like HTTPS does for HTTP, i.e. "vncs://") while VeNCrypt switches on the SSL/TLS at a certain point during the VNC handshake. Use -sslonly to disable both VeNCrypt and ANONTLS (vino.)
• The "-ssl ANON" option enables Anonymous Diffie-Hellman (ADH) key exchange for x11vnc's normal SSL/TLS operation. Note that Anonymous Diffie-Hellman uses encryption for privacy, but provides no authentication and so is susceptible to Man-In-The-Middle attacks (and so we do not recommend it: we prefer you use "-ssl SAVE", etc. and have the VNC viewer verify the cert.) The ANONTLS mode (vino) only supports ADH. VeNCrypt mode supports both ADH and regular X509 SSL certificates modes. For these ADH is enabled by default. See -vencrypt and -anontls for how to disable ADH.
• For x11vnc's SSL/TLS modes, one can now specify a Certificate Revocation List (CRL) with the -sslCRL option. This will only be useful for wide deployments: say a company-wide x11vnc SSL access deployment using a central Certificate Authority (CA) via -sslGenCA and -sslGenCert. This way if a user has his laptop lost or stolen, you only have to revoke his key instead of creating a new Certificate Authority and redeploying new keys to all users.
• The default SSL/TLS mode, "-ssl" (no pem file parameter supplied), is now the same as "-ssl SAVE" and will save the generated self-signed cert in "~/.vnc/certs/server.pem". Previously "-ssl" would create a temporary self-signed cert that was discarded when x11vnc exited. The reason for the change is to at least give the chance for the VNC Viewer side (e.g. SSVNC) to remember the cert to authenticate subsequent connections to the same x11vnc server. Use "-ssl TMP" to regain the previous behavior. Use "-ssl SAVE_NOPROMPT" to avoid being prompted about using passphrase when the certificate is created.
• The option -http_oneport enables single-port HTTP connections via the Java VNC Viewer. So, for example, the web browser URL "http://myhost.org:5900" works the same as "http://myhost.org:5800", but with the convenience of only involving one port instead of two. This works for both unencrypted connections and for SSH tunnels (see -httpsredir if the tunnel port differs.) Note that HTTPS single-port operation in -ssl SSL encrypted mode has been available since x11vnc version 0.8.3.
• For the -avahi/-zeroconf Service Advertizing mode, if x11vnc was not compiled with the avahi-client library, then an external helper program, either avahi-publish(1) (on Unix) or dns-sd(1) (on Mac OS X), is used instead.
• The "-rfbport PROMPT" option will prompt the user via the GUI to select the VNC port (e.g. 5901) to listen on, and a few other basic settings. This enables a handy GUI mode for naive users:

     x11vnc -gui tray=setpass -rfbport PROMPT -logfile $HOME/.x11vnc.log.%VNCDISPLAY
  

  suitable for putting in a launcher or menu, e.g. x11vnc.desktop. The -logfile expansion is new too. In the GUI, the tray=setpass Properties panel has been improved.
• The -solid solid background color option now works for the Mac OS X console.
• The -reopen option instructs x11vnc to try to reopen the X display if it is prematurely closed by, say, the display manager (e.g. GDM.)

 
Here are some features that appeared in the 0.9.5 release (Oct/2008):

• Symmetric key encryption ciphers. ARC4, AES-128, AES-256, blowfish, and 3des are supported. Salt and initialization vector seeding is provided. These compliment the more widely used SSL and SSH encryption access methods. SSVNC also supports these encryption modes.
• Scaling differently along the X- and Y-directions. E.g. "-scale 1280x1024" or "-scale 0.8x0.75"    Also, "-geometry WxH" is an alias for "-scale WxH"
• By having SSVNC version 1.0.21 or later available in your $PATH, the -chatwindow option allows a UltraVNC Text Chat window to appear on the local X11 console/display (this way the remote viewer can chat with the person at the physical display; e.g. helpdesk mode.) This also works on the Mac OS X console if the Xquartz X11 server (enabled by default on leopard) is running for the chatwindow.
• The HTTP Java viewer applet jar, classes/VncViewer.jar, has been updated with an improved implementation based on the code used by the classes/ssl applets.

 
Here are some features that appeared in the 0.9.4 release (Sep/2008):

• Improvements to the -find and -create X session finding or creating modes: new desktop types and service redirection options. Personal cupsd daemon and SSH port redirection helper for use with SSVNC's Terminal Services feature.
• Reverse VNC connections via -connect work in the -find, -create and related -display WAIT:... modes.
• Reverse VNC connections (either normal or SSL) can use a Web Proxy or a SOCKS proxy, or a SSH connection, or even a CGI URL to make the outgoing connection. See: -proxy. Forward connections can also use: -ssh.
• Reverse VNC connections via the UltraVNC repeater proxy (either normal or SSL) are supported. Use either the "-connect repeater=ID:NNNN+host:port" or "-connect repeater://host:port+ID:NNNN" notation. The SSVNC VNC viewer also supports the UltraVNC repeater. Also, a perl repeater implemention is here: ultravnc_repeater.pl
• Support for indexed colormaps (PseudoColor) with depths other than 8 (from 1 to 16 now work) for non-standard hardware. Option "-advertise_truecolor" to handle some workaround in this mode.
• Support for the ZYWRLE encoding, this is the RealVNC ZRLE encoding extended to do motion video and photo regions more efficiently by way of a Wavelet based transformation.
• The -finddpy and -listdpy utilities help to debug and configure the -find, -create, and -display WAIT:... modes.
• Some automatic detection of screen resizes are handled even if the -xrandr option is not supplied.
• The -autoport options gives more control over the VNC port x11vnc chooses.
• The -ping secs can be used to help keep idle connections alive.
• Pasting of the selection/clipboard into remote applications (e.g. Java) has been improved.
• Fixed a bug if a client disconnects during the 'speed-estimation' phase.
• To unset Caps_Lock, Num_Lock and raise all keys in the X server use -clear_all.
• Usage with dvorak keyboards has been improved. See also: -xkb.
• The Java Viewer applet source code is now included in the x11vnc-0.9.*.tar.gz tarball. This means you can now build the Java viewer applet jar files from source. If you stopped shipping the Java viewer applet jar files due to lack of source code, you can start again.

• Viewer-side pixmap caching. A large area of pixels (at least 2-3 times as big as the framebuffer itself; the bigger the better... default is 10X) is placed below the framebuffer to act as a buffer/cache area for pixel data. The VNC CopyRect encoding is used to move it around, so any viewer can take advantage of it. Until we start modifying viewers you will be able to see the cache area if you scroll down (this makes it easier to debug!) For testing the default is "-ncache 10". The unix Enhanced TightVNC Viewer ssvnc has a nice -ycrop option to help hide the pixel cache area from view.

• Building with no OpenSSL libssl available (or with --without-ssl) has been fixed.
• One can configure x11vnc via "./configure --with-system-libvncserver" to use a system installed libvncserver library instead of the one bundled in the release tarball.
• If UltraVNC file transfer or chat is detected, then VNC clients are "pinged" more often to prevent these side channels from becoming serviced too infrequently.
• In -unixpw mode in the username and password dialog no text will be echoed if the first character sent is "Escape". This enables a convenience feature in SSVNC to send the username and password automatically.

• The UltraVNC Java viewer has been enhanced to support SSL (as the TightVNC viewer had been previously.) The UltraVNC Java supports ultravnc filetransfer, and so can be used as a VNC viewer on Unix that supports ultravnc filetransfer. It is in the classes/ssl/UltraViewerSSL.jar file (that is pointed to by ultra.vnc.) The signed applet SignedUltraViewerSSL.jar version (pointed to by ultrasigned.vnc) will be needed to access the local drive if you are using it for file transfer via a Web browser. Some other bugs in the UltraVNC Java viewer were fixed and a few improvements to the UI made.
• A new Unix username login mode for VNC Viewers authenticated via a Client SSL Certificate: "-users sslpeer=". The emailAddress subject field is inspected for username@hostname and then acts as though "-users +username" has been supplied. This way the Unix username is identified by (i.e. simply extracted from) the Client SSL Certificate. This could be useful with -find, -create and -svc modes if you are also have set up and use VNC Client SSL Certificate authentication.
• For external display finding/creating programs (e.g. WAIT:cmd=...) if the VNC Viewer is authenticated via a Client SSL Certificate, then that Certificate is available in the environment variable RFB_SSL_CLIENT_CERT.

• VNC Service advertising via mDNS / ZeroConf / BonJour with the Avahi client library. Enable via "-avahi" or "-zeroconf".
• Implementations of UltraVNC's TextChat, SingleWindow, and ServerInput extensions (requires ultravnc viewer or ssvnc Unix viewer.) They toggle the selection of a single window (-id), and disable (friendly) user input and viewing (monitor blank) at the VNC server.
• Short aliases "-find", "-create", "-svc", and "-xdmsvc" for commonly used FINDCREATEDISPLAY usage modes.
• Reverse VNC connections (viewer listening) now work in SSL (-ssl) mode.
• New options to control the Monitor power state and keyboard/mouse grabbing: -forcedpms, -clientdpms, -noserverdpms, and -grabalways.
• A simple way to emulate inetd(8) to some degree via the "-loopbg" option.
• Monitor the accuracy of XDAMAGE and apply "-noxdamage" if it is not working well. OpenGL applications like like beryl and MythTv have been shown to make XDAMAGE not work properly.
• For Java SSL connections involving a router/firewall port redirection, an option -httpsredir to spare the user from needing to include &PORT=NNN in the browser URL.

 
Here are some features that appeared in the 0.8.4 release (Feb/2007):

• Native Mac OS X Aqua/Quartz support. (i.e. OSXvnc alternative; some activities are faster)
• A new login mode: "-display WAIT:cmd=FINDCREATEDISPLAY -unixpw ..." that will Create a new X session (either virtual or real and with or without a display manager, e.g. kdm) for the user if it cannot find the user's X session display via the FINDDISPLAY method. See the -svc and the -xdmsvc aliases.
• x11vnc can act as a VNC reflector/repeater using the "-reflect host:N" option. Instead of polling an X display, the remote VNC Server host:N is connected to and re-exported via VNC. This is intended for use in broadcasting a display to many (e.g. > 16; classroom or large demo) VNC viewers where bandwidth and other resources are conserved by spreading the load over a number of repeaters.
• Wireframe copyrect detection for local user activity (e.g. someone sitting at the physical display moving windows) Use -nowireframelocal to disable.
• The "-N" option couples the VNC Display number to the X Display number. E.g. if your X DISPLAY is :2 then the VNC display will be :2 (i.e. using port 5902.) If that port is taken x11vnc will exit.
• Option -nodpms to avoid problems with programs like KDE's kdesktop_lock that keep restarting the screen saver every few seconds.
• To automatically fix the common mouse motion problem on XINERAMA (multi-headed) displays, the -xwarppointer option is enabled by default when XINERAMA is active.

 
Here are some features that appeared in the 0.8.3 release (Nov/2006):

• The -ssl option provides SSL encryption and authentication natively via the www.openssl.org library. One can use from a simple self-signed certificate server certificate up to full CA and client certificate authentication schemes.
• Similar to -ssl, the -stunnel option starts up a SSL tunnel server stunnel (that must be installed separately on the system: stunnel.mirt.net ) to allow only encrypted SSL connections from the network.
• The -sslverify option allows for authenticating VNC clients via their certificates in either -ssl or -stunnel modes.
• Certificate creation and management tools are provide in the -sslGenCert, -sslGenCA, and related options.
• An SSL enabled Java applet VNC Viewer applet is provided by x11vnc in classes/ssl/VncViewer.jar. In addition to normal HTTP, the applet may be loaded into the web browser via HTTPS (HTTP over SSL.) (one can use the VNC port, e.g. https://host:5900/, or also the separate -https port option.) A wrapper shell script ss_vncviewer is also provided that sets up a stunnel client-side tunnel on Unix systems. See Enhanced TightVNC Viewer (SSVNC) for other SSL/SSH viewer possibilities. Samira Al-Ghuiyy reports that SSVNC works properly in remote helpdesk mode using UltraVNC Single-click in Windows Vista.
• The -unixpw option supports Unix username and password authentication (a simpler variant is the -unixpw_nis option that works in environments where the encrypted passwords are readable, e.g. NIS.) The -ssl or -localhost + -stunnel options are enforced in this mode to prevent password sniffing. As a convenience, these requirements are lifted if a SSH tunnel can be deduced (but -localhost still applies.)
• Coupling -unixpw with "-display WAIT:cmd=FINDDISPLAY" or "-display WAIT:cmd=FINDCREATEDISPLAY" provides a way to allow a user to login with their UNIX password and have their display connected to automatically. See the -svc and the -xdmsvc aliases.
• Hooks are provided in the -unixpw_cmd and "-passwdfile cmd:,custom:..." options to allow you to supply your own authentication and password lookup programs.
• x11vnc can be configured and built to not depend on X11 libraries "./configure --without-x" for -rawfb only operation (e.g. embedded linux console devices.)
• The -rotate option enables you to rotate or reflect the screen before exporting via VNC. This is intended for use on handhelds and other devices where the rotation orientation is not "natural".
• The "-ultrafilexfer" alias is provided and improved UltraVNC filetransfer rates have been achieved.
• Under the "-connect_or_exit host" option x11vnc will exit immediately unless the reverse connection to host succeeds. The "-rfbport 0" option disables TCP listening for connections (useful for this mode.)
• The "-rawfb rand" and "-rawfb none" options are useful for testing automation scripts, etc., without requiring a full desktop.
• Reduced spewing of information at startup, use "-verbose" (also "-v") to turn it back on for debugging or if you are going to send me a problem report.

• Linux console framebuffer keystroke and mouse insertion is now supported by the uinput linux device driver. This enables full interaction with non-X applications on the Linux console (e.g. Qt-embedded/Qtopia-Core apps). This will be autodetected in: -rawfb console mode, and can be forced on via: -pipeinput UINPUT
• The -display WAIT:... option extends the normal -display option by having x11vnc wait until a VNC viewer connects before attaching to an X display. A command can also be supplied that will determine the DISPLAY and XAUTHORITY data. A default one is built-in for WAIT:cmd=FINDDISPLAY. Coupling this with "-unixpw -users unixpw=" (available in beta version) provides a way to allow a user to login with their UNIX password and have their display connected to automatically.
• The -grabkbd and -grabptr options allow some degree of grabbing the pointer and keyboard so local users cannot perform input (e.g. remote helpdesk application).
• More new options:
  • -allowedcmds to fine-tune which external commands may be run by x11vnc, rather than shutting them all off with -nocmds,
  • -env VAR=VALUE convenience option to avoid the need of setting environment variables before starting x11vnc,
  • -allinput option to enable libvncserver handleEventsEagerly parameter,
  • -rawfb rand fun/testing option using /dev/urandom as a fb,
  • -license print license, copying, warranty information.

• Improved support for Webcams and TV tuner devices (/dev/video) with the -rawfb option. E.g. "-rawfb video0" will autodetect the video WxHxB (requires Video4Linux buildtime or the v4l-info utility). Use "-rawfb video -pipeinput VID" for a simple keystroke utility to configure the capture device.
• Convenience utility -rawfb console to connect to the linux console (/dev/fb0) and inject keystrokes into it (/dev/ttyX). Like LinuxVNC or -pipeinput vcinject.pl, but now built in.
• The -24to32 option provides automatic translation from 24bpp to 32bpp framebuffers to avoid problems with viewers, etc (often needed for webcams).
• The -usepw option will try to use your existing ~/.vnc/passwd or ~/.vnc/passwdfile passwords or otherwise prompt you to create one (the server exits unless a password file is found and used). Use "x11vnc -storepasswd" to prompt for a password without echoing and save it in ~/.vnc/passwd
• The X CLIPBOARD selection is now managed in addition to PRIMARY. Use -noclipboard and -nosetclipboard for the previous PRIMARY-only behavior.
• Use -capslock and -skip_lockkeys to help manage CapsLocks behavior better.
• The -fbpm option provides FBPM support for hardware that provides framebuffer power management (it needs to be disabled when vnc clients are connected).
• The -xinerama option is now on by default. Use -noxinerama option to disable.
• Bug fixes and speedups.

• TightVNC file transfer added to libvncserver by Rohit Kumar is enabled (use -nofilexfer to disable).
• The -passwdfile option has been enhanced to handle any number of full-access and view only passwords in an easy to maintain format. Automatic rereading or file removal can be enabled.
• The -8to24 option enables some multi-depth viewing on systems that don't support -overlay. The 8bpp regions are transformed to depth 24 TrueColor.
• The -loop option will run x11vnc in an outer loop restarting each time (useful for situations where the X server restarts often).
• The -afteraccept option is like -accept however it enables running a user supplied command after client authentication has taken place. The RFB_* environment variables have been extended.
• The -slow_fb allows for slow polling for special purpose applications (e.g. video).
• -blackout noptr,WxH+X+Y,... will prevent the pointer from going into a blacked out region.
• The x11vnc source code has gone through a major reorganization. The build has been enhanced and many bugs fixed.

Here are some notes about features added in 0.7.2. Checking/Testing them is still useful and appreciated!

Note that the X DAMAGE feature will be on by default and so I am interested if that causes any problems. I'd also like to have the new wireframe move/resize, the wireframe copyrect translation, and the scroll detection+copyrect features all on by default as well since when they work they give a great speedup! (CopyRect is a VNC encoding and is very fast because the viewer already has the image data that needs to be copied: e.g. it just moves it to another part of its screen). The scroll copyrect is currently the least stable, you can toggle it off via "-noscr" or via the gui (all of the other new features can also be toggled by cmdline option or gui, see -help output for more info).