Skip to content

3.5.0
Compare
Choose a tag to compare
@akallabeth akallabeth released this 16 Apr 19:32
· 100 commits to master since this release
3.5.0
This tag was signed with the committer’s verified signature.
akallabeth
GPG key ID: A49454A3FC909FD5
Learn about vigilant mode.
cab5add

This release focus is on squashing bugs.
The improved test coverage and ci builds revealed a number of previously
unnoticed issues we have addressed and we also got a report from
Evgeny Legerov of Kaspersky Lab identifying a number of out of bound reads
in decoder components and one very nasty out of bound write.

CVE:
CVE-2024-32041 [Low] OutOfBound Read in zgfx_decompress_segment
CVE-2024-32039 [Moderate] Integer overflow & OutOfBound Write in clear_decompress_residual_data
CVE-2024-32040 [Low] integer underflow in nsc_rle_decode
CVE-2024-32458 [Low] OutOfBound Read in planar_skip_plane_rle
CVE-2024-32459 [Low] OutOfBound Read in ncrush_decompress
CVE-2024-32460 [Low] OutOfBound Read in interleaved_decompress

Noteworthy changes:

  • location channel support #9981, #9984, #10065
  • bugfixes for report from Evgeny Legerov of Kaspersky Lab #10077
  • fuzzer tests from Evgeny Legerov of Kaspersky Lab #10078
  • bugfixes for coverty scanner #10066, #10068, #10069, #10070, #10075
  • clipboard and generic locking fixes #10076
  • split autoreconnect support from enabling it #10063
  • various nightly and workflow fixes #10064, #10058, #10062
  • always set wm-class to app_id #10051
  • refactored and simplified CMake #10046, #10047
  • fix relative mouse event sending #10010
  • improve and unify check for APIs used (POSIX, win32, mac, ...) #9995
  • fix termination for gateway connections #9985
  • fix drivestoredirect RDP file setting, ignore invalid #9989
  • drop IPP support #10038

For a complete and detailed change log since the last release run:
git log 3.5.0...3.4.0

Assets 10
0 Join discussion