Merge pull request #2464 from metalefty/v0.9-release

Release v0.9.21
neutrinolabs · Dec 10, 2022 · 83a4d55 · 83a4d55
2 parents faa7021 + a4e8399
commit 83a4d55
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 2 deletions.
diff --git a/NEWS.md b/NEWS.md
@@ -1,3 +1,46 @@
+# Release notes for xrdp v0.9.21 (2022/12/10)
+
+## General announcements
+* Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.
+
+## Security fixes
+
+This update is recommended for all xrdp users and provides following important security fixes:
+
+* [CVE-2022-23468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23468)
+* [CVE-2022-23477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23477)
+* [CVE-2022-23478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23478)
+* [CVE-2022-23479](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23479)
+* [CVE-2022-23480](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23480)
+* [CVE-2022-23481](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23481)
+* [CVE-2022-23483](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23483)
+* [CVE-2022-23482](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23482)
+* [CVE-2022-23484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23484)
+* [CVE-2022-23493](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23493)
+
+These security issues are reported by [Team BT5 (BoB 11th)](https://github.com/Team-BT5). We appreciate their great help with making and reviewing patches.
+
+## New features
+* openSuSE Tumbleweed move to /usr/lib/pam.d is now supported in the installation scripts (#2413)
+* VNC backend session now supports extra mouse buttons 6, 7 and 8 (#2426)
+
+## Bug fixes
+* Passwords are no longer left on the heap in sesman (#1599 #2439)
+* Set permissions on pcsc socket dir to owner only (#2454 #2460)
+
+## Internal changes
+* CI updates to cope with github upgrades (#2395)
+
+## Changes for packagers or developers
+Nothing this time.
+
+## Known issues
+
+* On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
+* xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)
+
+-----------------------
+
 # Release notes for xrdp v0.9.20 (2022/09/15)
 
 ## General announcements
@@ -278,7 +321,7 @@ These changes are likely to impact operating system package builders and those b
 * Minor manpage fixes #1611
 
 ## Other changes
-* CI error fixes 
+* CI error fixes
 * Introduce cppcheck
 
 ## Known issues

diff --git a/configure.ac b/configure.ac
@@ -1,7 +1,7 @@
 # Process this file with autoconf to produce a configure script
 
 AC_PREREQ(2.65)
-AC_INIT([xrdp], [0.9.20], [[email protected]])
+AC_INIT([xrdp], [0.9.21], [[email protected]])
 AC_CONFIG_HEADERS(config_ac.h:config_ac-h.in)
 AM_INIT_AUTOMAKE([1.7.2 foreign])
 AC_CONFIG_MACRO_DIR([m4])