Last week Citrix announced a Cross-Site Scripting Vulnerability in Citrix Web Interface 5.x. It’s highly recommended that you upgrade to the newest Citrix Web Interface 5.4 that fixes this issue and also give you the new facelift. After the release of the previous Web Interface 5.x in black a lot of people have been spending much time on adding the white template and customizing it.
I would highly recommend you to take a look at my previous post “How to Load Balance Citrix Web Interface with NLB” since your Web Interface Server is probably one of your single point of failures. The nice thing with the release of Citrix Access Gateway is the possibility to use your internal Citrix Web Interface, which means you will have an Load Balanced Web Interface cluster for both internal and external access.
Be aware that some people have problems installing Citrix Web Interface 5.4 on a domain controller (Citrix Support Forum). I haven’t had time to take a closer look at this error message, but I confirmed it when I installing it in my RackSpace Lab.
Update 23/10/2011 – Citrix now states that they don’t support installing Citrix Web Interface 5.4 on a domain controller, actually they’ve never supported this even tough it worked before.
How hard would it be for Citrix to create a framework that people around the world could use to create their own look and feel, similar to the themes we have with WordPress blogs? In the comments section below tell me what you think.