Clipboard handling takes a significant step forward in this release. Linux X11 hosts now support clipboard sharing, and Windows adds full HTML clipboard support alongside the plain-text clipboard introduced earlier. This means rich content — styled text, links, and formatted data — can now be copied and pasted across machines on Windows just as it would locally.

On the authentication front, Kyber now supports OpenID Connect (OIDC), giving teams and self-hosters the ability to integrate with existing identity providers such as Keycloak, Auth0, or any standards-compliant SSO system. Both the server and the desktop client support the full OIDC flow. The RTP streaming backend, which had silently stopped working after IPv6 support was added in 0.25.0, is now fixed.

The media pipeline receives a major upgrade with FFmpeg 8.1, bringing improved codec support and performance. AMD (AMF) and Linux VAAPI encoder settings are now correctly applied, resolving encoding quality and configuration issues. On Windows, Intel's HEVC 4:2:2 and 4:4:4 encoder has been replaced with the Microsoft equivalent, which is more broadly supported. Two new Linux screen capture backends — XCB and wlroots — are now available, expanding compatibility with different desktop environments.

The server's Windows system tray is now more resilient: tray icon initialization failures no longer crash the server, and the tray recovers automatically if the Windows taskbar is restarted. The service also stops its restart loop when it detects an invalid configuration rather than cycling indefinitely. The connected-client count shown in the tray is now correctly updated when sessions time out. The server watchdog process, previously always active, is now optional and can be disabled if not needed. On the web client side, the UI ships updated branding.

Changelog​

• kynput/x11: Add clipboard support
• libkynput/win32: Add HTML clipboard support
• controller/ws: Use kycom to interact with kyavserver and kynput
• kycontroller/win32: Make tray init non-fatal with TaskbarCreated recovery
• kyservice/win32: Stop restart loop on invalid config
• kycontroller: Update tray client count on session timeout
• kycontroller: make watchdog optional
• kymedia: Bump to ffmpeg 8.1
• kymedia: Correctly configure amf and vaapi encode settings
• kymedia/vlc: Replace Intel HEVC 422/444 support by the Microsoft one
• kymedia: Add "xcb" and "wlroots" grab_backend
• kycontroller: Add OIDC support
• desktop: Add OIDC support
• kycontroller: Fix RTP backend. Was broken since IPv6 support
• kynput: Export scancode conversion helpers for all platforms
• (web) ui: integrate new branding
• (web) kyctl: Extract AV players into separate crates

Kyber 0.25.0 adds IPv6 support across both the desktop and web clients, making it possible to connect over IPv6 networks and dual-stack environments without any extra configuration. The server now handles connections over IPv6 with the same reliability as before.

Linux gains a DRM/KMS screen capture backend in this release, complementing the existing X11 and NvFBC options and enabling capture directly at the display driver level — useful for setups without a traditional desktop environment. The Windows server now displays a system tray icon, giving quick visual feedback on the server's state. On Windows, display unplug events during an active streaming session are now handled correctly by the capture and encoding server, preventing crashes or hangs when a monitor is disconnected at runtime.

The command-line tool now surfaces control-plane connection errors clearly instead of silently failing, making troubleshooting easier. A bug where the server's configured public port was incorrectly cached and served stale values to clients has been fixed, as has a deadlock that could cause the login endpoint to block indefinitely under load. The web client adds HTTP timeouts to all outgoing requests, preventing hangs in degraded network conditions. JWT key generation is now available directly from the command-line tool, streamlining certificate and token management. The server's incoming connection handling is also more robust against edge cases in the QUIC transport accept loop. On Windows, keyboard setting changes are now monitored at runtime so input behaviour stays correct if the user adjusts keyboard settings while a session is active.

Changelog​

• kycontroller: Redirect /webclient to /webclient/
• kynput/win32: Monitor keyboard setting changes
• kyclient: Use rustls-platform-verifier
• kycontroller/win32: Add tray icon
• linux: Implement DRM/KMS grab
• kyavservice/dxgi: Correctly handle display unplug at runtime
• kyctl: Expose control plan connection error
• kyclient: Add HTTP timeout to all requests
• kycontroller: Fix public_port incorrectly cached in shared Kymux infrastructure
• kyctl/jwt-gen: Add key generation support
• kycontroller: Improve robustness of kymux incoming connection accept
• kycontroller: Fix /login blocking forever on mutex contention
• Add IPv6 support
• (web) Add IPv6 support
• (web) kyclient: Add HTTP timeout to all requests

This release introduces basic password authentication, allowing server administrators to require a password before clients can connect. For deployments that do not need token-based authentication at all, the JWT backend can now be disabled entirely, simplifying the security model for simpler setups.

Cross-origin protections in the server have been tightened, reducing the attack surface for browser-based deployments. The Intel Quick Sync (QSV) encoder initialization bug that prevented QSV encoding from starting in some configurations is fixed. Log verbosity can now be controlled with the KYBER_VERBOSE environment variable without editing configuration files, which helps with debugging in production environments. The QUIC transport layer has been updated to wtransport 0.7.0, replacing the previously pinned pre-release build. The clipboard is now size-limited on the input handling side, preventing unexpectedly large clipboard payloads from being forwarded across the connection.

On the web client, the sidebar is now scrollable, fixing layouts where many options were cut off. A button to send Ctrl+Alt+Del directly to the host has been added to the sidebar — useful for Windows remote desktop scenarios. The web client also gains the same basic password authentication support as the desktop client.

Changelog​

• Rename kysdk components
• Correctly place shebang in build scripts
• kyclient: Update VLC. Kymux branch is now based on 4962271021
• kycontroller: Correctly log toml parsing errors
• kymux: Update wtransport to official 0.7.0
• kynput: Limit clipboard size
• kycontroller: Improve cross origin protections
• Add basic authentication password support
• Allow to disable jwt backend
• kyavserver: Fix QSV acquisition
• kyavserver: set log level based on KYBER_VERBOSE environment variable
• (web) sidebar is now scrollable
• (web) sidebar: Add a button to send Ctrl+Alt+Del to the host
• (web) Add basic authentication password support

This release removes the --non-free flag from the FFmpeg build configuration, improving compatibility with open-source build pipelines and distributions that require fully open licensing. The desktop client gains additional TLS certificate verification options, giving users more control over how server certificates are validated — useful for self-signed certificates, private CA setups, or stricter security policies. The web client received internal repository restructuring with no user-facing changes.

Changelog​

• avserver/ffmpeg: Remove ffmpeg --non-free flag
• desktop: Add more TLS certificate verification options
• (web) Integrate new repository tree

Version 0.22.0 is one of the most feature-packed releases to date, adding automatic reconnection, multi-client support, watermarking, new capture backends, and a range of reliability improvements across the board.

Automatic reconnection is now built into both the desktop and web clients. When a connection drops unexpectedly, the client will attempt to reconnect transparently without requiring manual intervention. The web client exposes this through new reconnecting, reconnected, and reconnection_failed events, allowing web-based integrations to react accordingly. Multi-client support arrives on the server side: multiple clients can now connect to the same streaming session simultaneously, laying the groundwork for collaborative and monitoring use cases.

Two new capture backends have been added for Linux. NvFBC support enables high-performance, low-latency capture directly from NVIDIA GPUs, bypassing the compositor entirely. A watermark feature is available on Windows and Linux X11 with NVENC, allowing a visible overlay to be stamped on the captured stream — useful for content attribution or identifying source machines in multi-host setups.

On Windows, the capture and encoding server now prevents the display from sleeping when a frame acquisition timeout occurs, keeping the host awake during active sessions. Display hotplug events are now detected and handled at runtime, so connecting or disconnecting a monitor no longer requires a server restart. The x264 software encoder is now available on Windows as a fallback when hardware encoding is not available or desired. QUIC and WebTransport connections can now be handled simultaneously on the same server, improving compatibility with different client types. TLS certificate hashes are now verified by the client for QUIC connections, and TLS certificate paths have also been made configurable in the server configuration file. On Windows, multiple server instances can now run on the same machine without conflicting, and child processes are automatically cleaned up if the parent exits unexpectedly. The keyboard is grabbed in fullscreen mode on both Windows and Linux, ensuring key events are not intercepted by the local OS. The web client fixes scroll behaviour in Safari, resolves a configuration UI loading issue in Safari, and adds a gamepad blocklist option for filtering unwanted input devices.

Changelog​

• windows/linux: Grab keyboard when fullscreen is enabled
• desktop: Add automatic reconnection support
• libkypc/windows: Implement automatic child process cleanup
• windows: Allow to run multiple controller instances on the same machine
• vlc: Fix build issues for Windows cross build and iOS/visionOS build
• controller: make TLS certificate paths configurable
• avserver/win32: Prevent display sleep on frame acquisition timeout
• controller: QUIC and Webtransport connections can now be handled simultaneously
• libclient: Verify TLS certificate hash for QUIC connections
• Implement watermark feature. For Windows and Linux X11 + nvenc only
• linux: Implement NvFBC grab
• controller: Add basic multi-client support
• avserver/win32: Allow to use x264
• avserver/win32: Detect display hotplug
• (web) libkynput: Fix scroll behaviour in Safari
• (web) jsapi: Add gamepad blocklist support
• (web) ui: Vertically center canvas
• (web) Add automatic reconnection support with new events: reconnecting, reconnected, reconnection_failed
• (web) html: fix config ui loading in safari

⚠️ This patch regenerates the bundled TLS test certificates, which had expired. Both the desktop and web clients are affected. Update both the server and client to restore TLS connectivity if you use Kyber's built-in test certificates.

Changelog​

• tls: Regenerate test certificate
• (web) tls: Regenerate test certificate

This patch fixes a bug in cookie key generation for the authentication system introduced in 0.21.0, where session cookies could be generated with an incorrect key, causing authentication failures on reconnect.

Changelog​

• controller/auth: Correctly generate cookie key generation

Kyber 0.21.0 introduces full authentication support. Both the desktop and web clients can now authenticate with a server that requires credentials, enabling secure deployments where access to the streaming session must be gated. The server generates and validates session tokens, and the full authentication flow is integrated into both the native and browser clients.

On Windows, key repeat is now handled on the host side, ensuring that held keys produce repeated input events correctly regardless of the client's local keyboard repeat settings. Unicode codepoint injection is also now supported on Windows, making it possible to send arbitrary Unicode characters to the host — important for input method editors, non-Latin scripts, and special characters. The virtual display service on Windows now supports more than one virtual screen, enabling multi-monitor remote desktop configurations with multiple virtual monitors.

The capture and encoding server has been updated to FFmpeg 7.1.2. At startup, the server now logs all available GPU adapters and identifies which one it selected for encoding, making it easier to diagnose GPU selection issues in multi-GPU machines. The clock offset between client and server is now always synchronised, not just at connection start, improving timestamp accuracy over long sessions. Server process startup errors are now logged with more detail, making failure diagnosis faster when the server fails to start a subprocess.

Changelog​

• Add authentication support
• libclient: always update clock offset
• libkynput/win32: Implement keypress repetition on Host side
• libkynput/win32: Add Unicode codepoint injection support
• windows_service/kidd: Allow to plug more than one screen
• avserver: Update to ffmpeg 7.1.2
• avserver/win32: Log available adapters and used adapter
• controller: Correctly log when a process fails to start
• (web) Add authentication support
• (web) libclient: always update clock offset

Clipboard support arrives on Windows in this release, allowing text to be copied and pasted between the client and host machines in both directions. The web client also gains clipboard support, bringing parity across native and browser deployments.

The audio capture pipeline on Windows fixes a channel count mismatch that could cause audio to be incorrectly routed or silenced in certain multi-channel configurations. PS4 controller trigger injection is fixed — triggers were previously not registering correctly when injected on the host side. The input handling layer is updated to SDL 2.32.8, picking up upstream bug fixes and compatibility improvements.

Metrics support is integrated into both the desktop and web clients, providing a foundation for monitoring streaming health and performance. The networking stack has been updated to current versions, incorporating security patches and performance improvements. The web JavaScript API now exposes the current bitrate in client state, and the bitrate is also reported immediately at connection start.

Changelog​

• Rust toolchain updated to 1.89.0
• windows: Add clipboard support for client and host side
• libkynput: Correctly inject PS4 controller triggers. PS4 triggers must also be injected as buttons
• Integrate metrics support
• Update actix, rustls, quinn, wtransport
• avserver/wasapi: Correctly fill channel count
• libkynput: Update SDL to 2.32.8
• (web) Rust toolchain updated to 1.89.0
• (web) libkynput: Add Clipboard support
• (web) jsapi: Expose bitrate in ClientState
• (web) libclient: Notify bitrate at startup
• (web) Integrate metrics support
• (web) Upgrade web-sys/js-sys to 0.3.77
• (web) Upgrade wasm-bindgen-cli to 0.2.100

This patch fixes a crash in the input handling layer where a single malformed network packet would cause the input pipeline to abort entirely. The input handler now skips malformed packets and continues processing, improving resilience in degraded network conditions.

Changelog​

• libkynput: Don't fail on first malformed packet