These packages were built with libjpeg-turbo 2.0.3:
https://sourceforge.net/projects/libjpeg-turbo/files/2.0.3/

Package signatures

To ensure the integrity of the TurboVNC binary packages, the RPM and DEB files and the source tarball are signed using the following key:
https://www.TurboVNC.org/key/VGL-GPG-KEY-1024
https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xecf01671d05e2a105ff84dc46bbefa1972feb9ce
and the Windows installers and Mac app/package/DMG are signed using a code signing certificate.

2.2.3

Significant changes relative to 2.2.2:

1. The Elliptic Curve Diffie-Hellman (ECDH) key exchange algorithm is now supported by the TurboVNC Server when using OpenSSL 1.0.2 or later.

2. A new security configuration file directive (permitted-cipher-suites) in the TurboVNC Server and a new Java system property (turbovnc.ciphersuites) in the Java TurboVNC Viewer can now be used to specify a list of permitted TLS cipher suites for the TLS and X509 security types.

3. Fixed an issue in the Mac TurboVNC Viewer whereby drawing tablet stylus buttons were ignored or mapped to incorrect mouse button events.

4. The built-in HTTP server in the TurboVNC Server now accepts : and @ in any TurboVNC Viewer parameters that are appended to the URL. This allows for specifying an SSH user name in the Via parameter and an RFB display/port in the Server parameter.

5. The X RandR outputs in the TurboVNC Server have been renamed to "VNC-0", "VNC-1", etc. This prevents a dialog ("Authentication is required to create a color managed device") from popping up when using the GNOME 3 window manager on recent Linux distributions, including Fedora, RHEL 8, and Ubuntu 18 and later.

6. Fixed a packaging regression, introduced by 2.2 beta1[17], that prevented full-screen multi-screen spanning from working properly with the Mac TurboVNC Viewer app.

7. Fixed a regression introduced by 2.2 beta1[11] that caused the TurboVNC Server to leak memory when certain X11 applications or frameworks requested that clipboard updates from the X server be converted to UTF-8 (by calling XConvertSelection() with a target of xaUTF8_STRING.)

8. Fixed an error ("java.lang.IllegalArgumentException: Error in security property. Constraint unknown: ECDH_ DH_RSA") that occurred when attempting to use any of the TLS* security types with the Java TurboVNC Viewer running under Java 7u211, 8u201, 11.0.2, or later with OpenSSL 1.1.x.

9. Fixed an issue (CVE-2019-15683) in the TurboVNC Server whereby a specially-crafted VNC viewer could be used to remotely trigger a stack overflow in the server by sending it a malformed RFB Fence message. This issue could never have been encountered when using any of the VNC viewers that currently support the RFB Fence message (TurboVNC and TigerVNC.) Furthermore, since exploiting the issue would have first required successfully authenticating with a TurboVNC session, the issue did not generally provide an attack vector for anyone other than the session owner and any collaborators authorized by the owner.

10. Fixed various issues with remote mouse events that would occur when running the Linux TurboVNC Viewer in a Wayland session.

11. The TurboVNC Server now generates a 2048-bit DSA key for use with the TLS security types. This fixed an error ("dh key too small") that occurred when attempting to connect, using one of those security types, to a TurboVNC session running on a RHEL 8 host. It also fixed an error ("javax.net.ssl.SSLHandshakeException: DHPublicKey does not comply to algorithm constraints") that occurred when attempting to connect, using one of the TLS security types, to a TurboVNC session with the Linux TurboVNC Viewer running on a RHEL 8 client. A new security configuration file directive (tls-key-length) can be used to restore the behavior of previous releases of TurboVNC (generating a 1024-bit DSA key) or to increase the key length for additional security.