Releases: neutrinolabs/xrdp
xrdp v0.9.25.1
Release notes for xrdp v0.9.25.1 (2024/03/13)
This release fixes a bug that occurred in v0.9.25 where scrolling did not work in the Xvnc backend.
Thanks to @bsmojver reporting the issue and testing!
General announcements
This is the last v0.9.x version which is released regularly. v0.9.x will be maintained for a while but less actively. New releases will happen only when severe security vulnerabilities or critical bugs are found.
We have created a fund on Open Collective. Support us if you like xrdp! Direct donations to each developer via GitHub Sponsors are also welcomed.
Bug fixes
Contributors
Assets 4
xrdp v0.9.25
Release notes for xrdp v0.9.25 (2024/03/11)
- Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.
General announcements
This is the last v0.9.x version which is released regularly. v0.9.x will be maintained for a while but less actively. New releases will happen only when severe security vulnerabilities or critical bugs are found.
We have created a fund on Open Collective. Support us if you like xrdp! Direct donations to each developer via GitHub Sponsors are also welcomed.
Security fixes
No new security fixes in this release.
Bug fixes
New features
- If the client announces support for the Image RemoteFX codec it is logged (back-port of #2946)
Internal changes
- FreeBSD CI version bumped to 13.2 from 12.4 (#2897)
- Some test timeouts have been increased for slow CI machines (#2903)
Known issues
xrdp v0.10.0-beta.1
This is the first beta release of xrdp v0.10.0.
xrdp v0.9.24
Release notes for xrdp v0.9.24 (2023/12/30)
- Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.
General announcements
We have created a fund on Open Collective. Support us if you like xrdp!
Direct donations to each developer via GitHub Sponsors are also welcomed.
Security fixes
No new security fixes in this release.
Bug fixes
- Checking group membership should now work better on systems using directory services (#2806 #2817)
- Pasting more than 32K characters of text to the clipboard now succeeds (#1839 #2824)
- An incompatibility with FreeRDP 2.11.2 in the drive redirector has been fixed (#2834 #2839)
New features
- Side buttons on some mice are now supported by NeutrinoRDP (#2860). Thanks to new contributor @naruhito for this patch.
Internal changes
- cppcheck version used for CI bumped to 2.13.0 (#2830/#2887). Note that this greatly increases cppcheck scan times.
Known issues
Contributors
Assets 4
xrdp v0.9.23.1
Release notes for xrdp v0.9.23.1 (2023/09/27)
This is a security fix release for CVE-2023-42822. This update is recommended for all xrdp users.
Security fixes
Bug fixes
No bug fixes other than the above security fix in this release.
New features
No new features in this release.
Internal changes
- cppcheck install script no longer installs z3 for cppcheck >= 2.8 (#2782)
xrdp v0.9.23
Release notes for xrdp v0.9.23 (2023/08/31)
General announcements
- Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.
Security fixes
- CVE-2023-40184: Improper handling of session establishment errors allows bypassing OS-level session restrictions (Reported by @gafusss)
Bug fixes
- Environment variables set by PAM modules are no longer restricted to around 250 characters (#2712)
- X11 clipboard clients now no longer hang when requesting a clipboard format which isn't available (#2767)
New features
No new features in this release.
Internal changes
- Introduce release tarball generation script (#2703)
- cppcheck version used for CI bumped to 2.11 (#2738)
Known issues
xrdp v0.9.22.1
Release notes for xrdp v0.9.22.1 (2023/05/23)
This release is just a re-packing of source code tarball since v0.9.22 tarball includes invalid source code (#2687).
See v0.9.22 release note for functional changes since v0.9.22.1 is what v0.9.22 should be.
Thanks to @morgancoxuk and @bsmojver for reporting and testing!
References
xrdp v0.9.22
Release notes for xrdp v0.9.22 (2023/05/07)
NOTICE: This version unintentionally includes old source code. Use v0.9.22.1 instead.
General announcements
- Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.
Security fixes
No security fixes in this release.
New features
- Empty passwords are no longer automatically passed through to sesman for authentication (#2509)
- Don't try to listen on the scard socket if it isn't there (#2507)
- The directory where PAM configuration files are installed can now be set with --with-pamconfdir (#2552 #2557 #2566)
- Sesman can now be configured to ignore alternate shells passed from the client (#2634)
- Allow longer UserWindowManager strings (#2653)
Bug fixes
- Minor documentation fixes (#2508 #2582)
- Memory management fixes to list module (#2548 #2577)
- Fix some noise when MP3/AAC are in use and some logging improvements (#2519 #2537 #2554)
- Fix potential NULL dereferences in chansrv (#2574)
- An erroneous free in the smartcard handling code has been removed (#2611)
- An unnecessary 'check.h' include was removed which prevented compilation on Arch systems (#2650)
Internal changes
- cppcheck version used for CI bumped to 2.10 (#2521)
- g_malloc, g_free, g_memset, and g_memcpy are now macros. These should not be used in new code (#2612)
- FreeBSD CI now runs on FreeBSD 12.4 (#2622)
Changes for packagers or developers
- openSUSE Bug 1208121 has been addressed in upstream
Known issues
xrdp v0.9.21.1
Release notes for xrdp v0.9.21.1 (2022/12/13)
This release only includes following fix for packagers. Packagers try to build xrdp on distributions other than Arch Linux, Debian, SUSE, Red Hat(ish), FreeBSD and macOS may be required to use this release.
Changes for packagers or developers
xrdp v0.9.21
Release notes for xrdp v0.9.21 (2022/12/10)
General announcements
- Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.
Security fixes
This update is recommended for all xrdp users and provides following important security fixes:
- CVE-2022-23468
- CVE-2022-23477
- CVE-2022-23478
- CVE-2022-23479
- CVE-2022-23480
- CVE-2022-23481
- CVE-2022-23483
- CVE-2022-23482
- CVE-2022-23484
- CVE-2022-23493
These security issues are reported by Team BT5 (BoB 11th). We appreciate their great help with making and reviewing patches.
New features
- openSuSE Tumbleweed move to /usr/lib/pam.d is now supported in the installation scripts (#2413)
- VNC backend session now supports extra mouse buttons 6, 7 and 8 (#2426)
Bug fixes
- Passwords are no longer left on the heap in sesman (#1599 #2439)
- Set permissions on pcsc socket dir to owner only (#2454 #2460)
Internal changes
- CI updates to cope with github upgrades (#2395)
Changes for packagers or developers
Nothing this time.