# 20xx-xx-xx Version 2.8.x Notewhorth changes: * Backported #8324: Internal replacements for md4, md5 and hmac-md5 For the time being the RDP protocol requires these outdated hash algorithms. So any distribution that wants to ship a working FreeRDP should check the options WITH_INTERNAL_MD4 (and depending on OpenSSL deprecation status WITH_INTERNAL_MD5) Fixed issues: For a complete and detailed change log since the last release run: git log 2.8.1..2.8.x # 2022-10-12 Version 2.8.1 Notewhorth changes: * Fixed CVE-2022-39282 * Fixed CVE-2022-39283 * Added missing commit for backported #8041: Remove ALAW/ULAW codecs from linux backends (unreliable) * Added hash checks for android build script dependencies Fixed issues: * Backported #8190: Fix build break with newer FFMPEG versions * Backported #8234: Updated flatpak with build script * Backported #8210: Better execinfo support check for android * Backported #7708: Header now defines DumpThreadHandles * Backported #8176: Check fullscreen state and not setting * Backported #8236: Send resize on window state change * Backported #7611: Audin macOS monterey fix * Backported #8291: Android build script update # 2022-07-28 Version 2.8.0 Noteworthy changes: * Backported API to get peer accepted channel option flags * Backported API to get peer accepted channel names * Backported Stream_CheckAndLogRequiredLength * Backported #7954: Add server side handling for [MS-RDPET] * Backported #8010: Add server side handling for [MS-RDPECAM] * Backported #8041: Remove ALAW/ULAW codecs from linux backends (unreliable) * Backported #8051: Relieve CLIPRDR filename restriction when connecting to non-MS Windows servers * Backported #8048: TLS version control * Backported #7987: Add a new command line arg to enforce tls1.2 Fixed issues: * Fixed #7837: Prevent out of bound reads for FFMPEG * Backported #7859 and #7861: Unwind support for backtrace generation * Backported #7440: wlfreerdp appid * Backported #7832: RAIL window restore * Backported #7833: Refactored WinPR thread locking * Backported #7893: Mac rdpsnd memory leak fixes * Backported #7895: Mac audin memory leak fixes * Backported #7898: Automatic android versioning * Backported #7916: GFX 10.7 capability support * Backported #7949: Server RDPSND API improvements * Backported #7957: Server DVC API improvements * Backported #7760: Fixed osMinorType values * Backported #8013: Add missing osMajorType values * Backported #8076: Fix wrong usage of subband diffing flag (tile artifact fix) For a complete and detailed change log since the last release run: git log 2.7.0..2.8.0 # 2022-04-25 Version 2.7.0 Noteworthy changes: * Backported OpenSSL3 gateway support (#7822) * Backported various NTLM fixes * Backported WINPR_ASSERT to ease future backports Fixed issues: * Backported #6786: Use /network:auto by default * Backported #7714: Workaround for broken surface frame marker * Backported #7733: Support 10bit X11 color (BGRX32 only) * Backported #7745: GFX progressive double free * Backported #7808: Disable websockets with /gt:rpc * Backported #7815: RAIL expect LOGON_MSG_SESSION_CONTINUE Important notes: For a complete and detailed change log since the last release run: git log 2.6.1..2.7.0 # 2022-03-07 Version 2.6.1 Noteworthy changes: Fixed issues: * Backported freerdp_abort_connect during freerdp_connect fix (#7700) * Backported improved version dection see docs/version_detection.md for details * Backported various rdpsnd fixes (#7695) Important notes: For a complete and detailed change log since the last release run: git log 2.0.0..2.6.1 # 2022-02-22 Version 2.6.0 Noteworthy changes: * Backported android FFMPEG build scripts * Updated android build dependencies Fixed issues: * Backported #7303: Fix PDU length for RDPINPUT_PROTOCOL_V300 * Backported #7658: Sanitize optional physical monitor size values * Backported #7426: Wayland memory corruption * Backported #7293: Remove unused codec x264 * Backported #7541: Allow resolutions larger 2048x2048 * Backported #7574: FFMPEG 5.0 support * Backported #7578: FFMPEG 5.0 support * Backported #7580: Fixed device hotplugging * Backported #7583: GetUserNameExA: Prefer getpwuid_r over getlogin_r over getlogin * Backported #7585: Android Mediacodec support Important notes: For a complete and detailed change log since the last release run: git log 2.5.0..2.6.0 # 2022-01-12 Version 2.5.0 Noteworthy changes: * Fixed smartcard login in case a redirection occurs the pin was lost * Backported windows client drawing fixes * Backported improved macOS keyboard layout detection * Backported TcpConnectTimeout * Backported LibreSSL compatibility patches * Backported signal handler backtrace * Backported OpenSSL 3.0 support Fixed issues: * Backport #7539: Wayland client clipboard issues * Backport #7509: Various fixes regarding registry emulation, addin loader and updated locale detection * Backport #7466: Android android_register_pointer missing initialization Important notes: For a complete and detailed change log since the last release run: git log 2.4.1..2.5.0 # 2021-10-20 Version 2.4.1 Noteworthy changes: * Refactored RPC gateway parsing code * OpenSSL 3.0 compatibility fixes * USB redirection: fixed transfer lengths Fixed issues: * #7363: Length checks in ConvertUTF8toUTF16 * #7349: Added checks for bitmap width and heigth values Important notes: * CVE-2021-41159: Improper client input validation for gateway connections allows to overwrite memory * CVE-2021-41160: Improper region checks in all clients allow out of bound write to memory For a complete and detailed change log since the last release run: git log 2.4.0..2.4.1 # 2021-07-27 Version 2.4.0 Noteworthy changes: * Backported multithreadded progressive decoder (#7036) * Backported clipboard fixes (#6924) * Fixed remote file read (#7185) Fixed issues: * #6938: RAILS clipboard remote -> local * #6985: Support newer FFMPEG builds * #6989: Use OpenSSL default certificate store settings * #7073: Planar alignment fixes # 2021-03-15 Version 2.3.2 For a complete and detailed change log since the last release run: git log 2.3.2..2.4.0 Noteworthy changes: * Fixed autoreconnect printer backend loading * Fixed compilation on older mac os versions < 10.14 * Fixed mouse pointer move with smart-sizing * Added command line option to disable websocket gateway support * Fixed drive hotplugging issues with windows * Fixed smartcard issues on mac Fixed issues: * #6900: Transparency issues with aFreeRDP * #6848: Invalid format string in smartcard trace * #6846: Fixed static builds * #6888: Crash due to missing bounds checks * #6882: Use default sound devoce on mac For a complete and detailed change log since the last release run: git log 2.3.1..2.3.2 # 2021-03-01 Version 2.3.1 Noteworthy changes: * This is a compatibility bugfix release readding some (deprecated) symbols/defines * Also add some more EXPERIMENTAL warnings to CMake flags as some were not clear enough. * Fixed a memory leak in xfreerdp (mouse pointer updates) * No longer activating some compile time debug options with -DWITH_DEBUG_ALL=ON which might leak sensitive information. * Added -DDEFINE_NO_DEPRECATED for developers to detect use of deprecated symbols For a complete and detailed change log since the last release run: git log 2.3.0..2.3.1 # 2021-02-24 Version 2.3.0 Important notes: * CMake option WITH_PROXY_MODULES is currently experimental, do not use in production. * The clipboard struct FILEDESCRIPTOR was replaced by FILEDESCRIPTORW with proper data types. They are binary compatible and the former is kept for compatibility but compilers will emit warnings. Noteworthy changes: * Websocket support for proxy connections * Progressive codec improvements. Reduces graphical glitches against windows and ogon servers * Fixed +glyph-cache, now working properly without disconnects * Huge file support in clipboard * XWayland support for xfreerdp (keyboard grabbing) * Improved wlfreerdp (wayland client) * Option to allow keyboard scancodes to be remapped manually * Improved mouse wheel behaviour when scrolling * Improved dynamic channel behaviour, more stable event detection * New connection state PubSub notification: Clients can now monitor current connection state Fixed issues: * #6626: Fixed parsing of FastGlyph order. * #6624: Added support for xwayland keyboard grab * #6492: Added clipboard CB_HUGE_FILE_SUPPORT_ENABLED flag * #6428: Improve NLA error code logging. * #6416: Http gateway message support * #6753: List of pull requests to backport for stable-next For a complete and detailed change log since the last release run: git log 2.2.0..2.3.0 # 2020-07-20 Version 2.2.0 Important notes: * CVE-2020-15103 - Integer overflow due to missing input sanitation in rdpegfx channel Noteworty changes: * fix: memory leak in nsc * urbdrc * some fixes and improvements * build * use cmake to detect getlogin_r * improve asan checks/detection * server/proxy * new: support for heartbeats * new: support for rail handshake ex flags * fix: possible race condition with redirects Fixed issues: * #6263 Sound & mic - filter GSM codec for microphone redirection * #6335: windows client title length * #6370 - "Alternate Secondary Drawing Order UNKNOWN" * #6298 - remoteapp with dialog is disconnecting when it loses focus * #6299 - v2.1.2: Can't connect to Windows7 For a complete and detailed change log since the last release run: git log 2.1.2..2.2.0 # 2020-06-22 Version 2.1.2 Important notes: * CVE-2020-4033 Out of bound read in RLEDECOMPRESS * CVE-2020-4031 Use-After-Free in gdi_SelectObject * CVE-2020-4032 Integer casting vulnerability in `update_recv_secondary_order` * CVE-2020-4030 OOB read in `TrioParse` * CVE-2020-11099 OOB Read in license_read_new_or_upgrade_license_packet * CVE-2020-11098 Out-of-bound read in glyph_cache_put * CVE-2020-11097 OOB read in ntlm_av_pair_get * CVE-2020-11095 Global OOB read in update_recv_primary_order * CVE-2020-11096 Global OOB read in update_read_cache_bitmap_v3_order * Gateway RPC fixes for windows * Fixed resource fee race resulting in double free in USB redirection * Fixed wayland client crashes * Fixed X11 client mouse mapping issues (X11 mapping on/off) * Some proxy related improvements (capture module) * Code cleanup (use getlogin_r, ...) For a complete and detailed change log since the last release candidate run: git log 2.1.1..2.1.2 # 2020-05-20 Version 2.1.1 Important notes: * CVE: GHSL-2020-100 OOB Read in ntlm_read_ChallengeMessage * CVE: GHSL-2020-101 OOB Read in security_fips_decrypt due to uninitialized value * CVE: GHSL-2020-102 OOB Write in crypto_rsa_common * Enforce synchronous legacy RDP encryption count (#6156) * Fixed some leaks and crashes missed in 2.1.0 * Removed dynamic channel listener limits * Lots of resource cleanup fixes (clang sanitizers) * A couple of performance improvements * Various small annoyances eliminated (typos, prefilled username for windows client, ...) For a complete and detailed change log since the last release candidate run: git log 2.1.0..2.1.1 # 2020-05-05 Version 2.1.0 Important notes: * fix multiple CVEs: CVE-2020-11039, CVE-2020-11038, CVE-2020-11043, CVE-2020-11040, CVE-2020-11041, CVE-2020-11019, CVE-2020-11017, CVE-2020-11018 * fix multiple leak and crash issues (#6129, #6128, #6127, #6110, #6081, #6077) Noteworthy features and improvements: * Fixed sound issues (#6043) * New expert command line options /tune and /tune-list to modify all client settings in a generic way. * Fixes for smartcard cache, this improves compatibility of smartcard devices with newer smartcard channel. * Shadow server can now be instructed to listen to multiple interfaces. * Improved server certificate support (#6052) * Various fixes for wayland client (fullscreen, mouse wheel, ...) * Fixed large mouse pointer support, now mouse pointers > 96x96 pixel are visible. * USB redirection command line improvements (filter options) * Various translation improvements for android and ios clients For a complete and detailed change log since the last release candidate run: git log 2.0.0..2.1.0 # 2020-04-09 Version 2.0.0 Important notes: * fix multiple CVEs: CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11524 CVE-2020-11525 CVE-2020-11526 * fix multiple other security related issues (#6005, #6006, #6007, #6008, #6009, #6010, #6011, #6012, #6013) * sha256 is now used instead of sha1 to fingerprint certificates. This will invalidate all hosts in FreeRDP known_hosts2 file and causes a prompt if a new connection is established after the update Noteworthy features and improvements: * First version of the RDP proxy was added (#5372) - thanks to @kubistika * Smartcard received some refactoring. Missing functions were added and input validation was improved (#5884) * A new option /cert that unifies all certificate related options (#5880) The old options (cert-ignore, cert-deny, cert-name, cert-tofu) are still available but marked as deprecated * Support for Remote Assistance Protocol Version 2 [MS-RA] * The DirectFB client was removed because it was unmaintained * Unified initialization of OrderSupport * Fix for licensing against Windows Server 2003 * Font smoothing is now enabled per default * Flatpack support was added * Smart scaling for Wayland using libcairo was added (#5215) * Unified update->BeginPaint and update->EndPaint * An image scaling API for software drawing was added * Rail was updated to the latest spec version 28.0 * Support for H.264 in the shadow server is now detected at runtime * Add mask= option for /gfx and /gfx-h264 (#5771) * Code reformatting (#5667) * A new option /timeout was added to adjust the TCP ACK timeout (#5987) For a complete and detailed change log since the last release candidate run: git log 2.0.0-rc4..2.0.0 # 2018-11-19 Version 2.0.0-rc4 FreeRDP 2.0.0-rc4 is the fifth release candidate for 2.0.0. Although it mainly addresses security and stability there are some new features as well. Noteworthy features and improvements: * fix multiple reported CVEs (#5031) * gateway: multiple fixes and improvements (#3600, #4787, #4902, #4964, #4947, #4952, #4938) * client/X11: support for rail (remote app) icons was added (#5012) * licensing: the licensing code was re-worked. Per-device licenses are now saved on the client and used on re-connect. WARNING: this is a change in FreeRDP behavior regarding licensing. If the old behavior is required, or no licenses should be saved use the new command line option +old-license (#4979) * improve order handling - only orders that were enabled during capability exchange are accepted (#4926). WARNING and NOTE: some servers do improperly send orders that weren't negotiated, for such cases the new command line option /relax-order-checks was added to disable the strict order checking. If connecting to xrdp the options /relax-order-checks *and* +glyph-cache are required. * /smartcard has now support for substring filters (#4840) for details see https://github.com/FreeRDP/FreeRDP/wiki/smartcard-logon * add support to set tls security level (for openssl >= 1.1.0) - default level is set to 1 - the new command line option /tls-seclevel:[LEVEL] allows to set a different level if required * add new command line option /smartcard-logon to allow smartcard login (currently only with RDP security) (#4842) * new command line option: /window-position to allow positioning the window on startup (#5018) * client/X11: set window title before mapping (#5023) * rdpsnd/audin (mostly server side) add support for audio re-sampling using soxr or ffmpeg * client/Android: add Japanese translation (#4906) * client/Android: add Korean translation (#5029) For a complete and detailed change log since the last release candidate run: git log 2.0.0-rc3..2.0.0-rc4 # 2018-08-01 Version 2.0.0-rc3 FreeRDP 2.0.0-rc3 is the fourth release candidate for 2.0.0. For a complete and detailed change log since the last release candidate run: git log 2.0.0-rc2..2.0.0-rc3 Noteworthy features and improvements: * Updated and improved sound and microphone redirection format support (AAC) * Improved reliability of reconnect and redirection support * Fixed memory leaks with +async-update * Improved connection error reporting * Improved gateway support (various fixes for HTTP and RDG) * SOCKS proxy support (all clients) * More reliable resolution switching with /dynamic-resolution (MS-RDPEVOR) (xfreerdp) Fixed github issues (excerpt): * #1924, #4132, #4511 Fixed redirection * #4165 AAC and MP3 codec support for sound and microphone redirection * #4222 Gateway connections prefer IP to hostname * #4550 Fixed issues with +async-update * #4634 Comment support in known_hosts file * #4684 /drive and +drives don't work togehter * #4735 Automatically reconnect if connection timed out waiting for user interaction See https://github.com/FreeRDP/FreeRDP/milestone/9 for a complete list. # 2017-11-28 Version 2.0.0-rc2 FreeRDP 2.0.0-rc2 is the third release candidate for 2.0.0. For a complete and detailed change log since the last release candidate run: git log 2.0.0-rc1..2.0.0-rc2 Noteworthy features and improvements: * IMPORTANT: add support CredSSP v6 - this fixes KB4088776 see #4449, #4488 * basic support for the "Video Optimized Remoting Virtual Channel Extension" (MS-RDPEVOR) was added * many smart card related fixes and cleanups #4312 * fix ccache support * fix OpenSSL 1.1.0 detection on Windows * fix IPv6 handling on Windows * add support for memory and thread sanitizer * support for dynamic resloution changes was added in xfreerdp #4313 * support for gateway access token (command line option /gat) was added * initial support for travis-ci.org was added * SSE optimization version of RGB to AVC444 frame split was added * build: -msse2/-msse3 are not enabled globally anymore Fixed github issues (excerpt): * #4227 Convert settings->Password to binary blob * #4231 freerdp-2.0.0_rc0: 5 tests failed out of 184 on ppc * #4276 Big endian fixes * #4291 xfreerdp “Segmentation fault” when connecting to freerdp-shadow-cli * #4293 [X11] shadow server memory corruption with /monitors:2 #4293 * #4296 drive redirection - raise an error if the directory can't be founde * #4306 Cannot connect to shadow server with NLA auth: SEC_E_OUT_OF_SEQUENCE * #4447 Apple rpath namespace fixes * #4457 Fix /size: /w: /h: with /monitors: (Fix custom sizes) * #4527 pre-connection blob (pcb) support in .rdp files * #4552 Fix Windows 10 cursors drawing as black * smartcard related: #3521, #3431, #3474, #3488, #775, #1424 See https://github.com/FreeRDP/FreeRDP/milestone/8 for a complete list. # 2017-11-28 Version 2.0.0-rc1 FreeRDP 2.0.0-rc1 is the second release candidate for 2.0.0. For a complete and detailed change log since the last release candidate run: git log 2.0.0-rc0..master Noteworthy features and improvements: * support for FIPS mode was added (option +fipsmode) * initial client side kerberos support (run cmake with WITH_GSSAPI) * support for ssh-agent redirection (as rdp channel) * the man page(s) and /help were updated an improved * build: support for GNU/kFreeBSD * add support for ICU for unicode conversion (-DWITH_ICU=ON) * client add option to force password prompt before connection (/from-stdin[:force]) * add Samsung DeX support * extend /size to allow width or height percentages (#4146) * add support for "password is pin" * clipboard is now enabled per default (use -clipboard to disable) Fixed github issues (excerpt): * #4281: Added option to prefer IPv6 over IPv4 * #3890: Point to OpenSSL doc for private CA * #3378: support 31 static channels as described in the spec * #1536: fix clipboard on mac * #4253: Rfx decode tile width. * #3267: fix parsing of drivestoredirect * #4257: Proper error checks for /kbd argument * #4249: Corruption due to recursive parser * #4111: 15bpp color handling for brush. * #3509: Added Ctrl+Alt+Enter description * #3211: Return freerdp error from main. * #3513: add better description for drive redirection * #4199: ConvertFindDataAToW string length * #4135: client/x11: fix colors on big endian * #4089: fix h264 context leak when DeleteSurface * #4117: possible segfault * #4091: fix a regression with remote program See https://github.com/FreeRDP/FreeRDP/milestone/7 for a complete list. 2012-02-07 Version 1.0.1 FreeRDP 1.0.1 is a maintenance release to address a certain number of issues found in 1.0.0. This release also brings corrective measures to certificate validation which were required for inclusion in Ubuntu. * Certificate Validation * Improved validation logic and robustness * Added validation of certificate name against hostname * Token-based Server Redirection * Fixed redirection logic * HAProxy load-balancer support * xfreerdp-server * better event handling * capture performance improvements * wfreerdp * Fix RemoteFX support * Fix mingw64 compilation * libfreerdp-core: * Fix severe TCP sending bug * Added server-side Standard RDP security 2012-01-16 Version 1.0.0 License: FreeRDP 1.0 is the first release of FreeRDP under the Apache License 2.0. The FreeRDP 1.x series is a rewrite, meaning there is no continuity with the previous FreeRDP 0.x series which were released under GPLv2. New Features: * RemoteFX * Both encoder and decoder * SSE2 and NEON optimization * NSCodec * RemoteApp * Working, minor glitches * Multimedia Redirection * ffmpeg support * Network Level Authentication (NLA) * NTLMv2 * Certificate validation * FIPS-compliant RDP security * new build system (cmake) * added official logo and icon New Architecture: * libfreerdp-core * core protocol * highly portable * both client and server * libfreerdp-cache * caching operations * libfreerdp-codec * bitmap decompression * codec encoding/decoding * libfreerdp-kbd * keyboard mapping * libfreerdp-channels * virtual channel management * client and server side support * libfreerdp-gdi * extensively unit tested * portable software GDI implementation * libfreerdp-rail * RemoteApp library * libfreerdp-utils * shared utility library FreeRDP Clients: * client/X11 (xfreerdp) * official client * RemoteApp support * X11 GDI implementation * client/DirectFB (dfreerdp) * DirectFB support * software-based GDI (libfreerdp-gdi) * client/Windows (wfreerdp) * Native Win32 support FreeRDP Servers (experimental): * server/X11 (xfreerdp-server) * RemoteFX-only * no authentication * highly experimental * keyboard and mouse input supported Virtual Channels: * cliprdr (Clipboard Redirection) * rail (RemoteApp) * drdynvc (Dynamic Virtual Channels) * audin (Audio Input Redirection) * alsa support * pulse support * tsmf (Multimedia Redirection) * alsa support * pulse support * ffmpeg support * rdpdr (Device Redirection) * disk (Disk Redirection) * parallel (Parallel Port Redirection) * serial (Serial Port Redirection) * printer (Printer Redirection) * CUPS support * smartcard (Smartcard Redirection) * rdpsnd (Sound Redirection) * alsa support * pulse support