New
xrdp v0.9.27
Release notes for xrdp v0.9.27 (2026/01/28)
General announcements
xrdp v0.9.x is end-of-life. New releases may happen when severe security vulnerabilities or critical bugs are found.
We have created a fund on Open Collective. Support us if you like xrdp! Direct donations to each developer via GitHub Sponsors are also welcomed.
Security fixes
- Unauthenticated RDP security scan finding / partial auth bypass (no CVE). Thanks to @txtdawg for reporting this.
- CVE-2025-68670: Improper bounds checking of domain string length leads to Stack-based Buffer Overflow
Bug fixes
- xrdp.ini manpage updated (#3158)
New features
No new features in this release.
Internal changes
- FreeBSD CI bumped to 14.3 (#3706)
- AC_C_CONST macro removed from configure.ac files (#3709)
Known issues
- On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
- xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)