Release notes for xrdp v0.10.6.1 (2026/07/06)
General announcements
This release fixes 10 vulnerabilities and 1 regression introduced by a vulnerability fix in the previous release.
If you like xrdp, please consider sponsoring or donating to the project. We accept financial contributions through Open Collective, and direct donations to individual developers via GitHub Sponsors are also welcome.
Security fixes
- CVE-2026-41252
- CVE-2026-41521
- CVE-2026-44178
- CVE-2026-42218
- CVE-2026-44978
- CVE-2026-54538
- CVE-2026-55238
- CVE-2026-55626
- CVE-2026-55639
- CVE-2026-55645
New features
None
Bug fixes
- regression: Fix SEGV in xrdp when running over TLS (#3793)
Internal changes
- CI: Switch FreeBSD CI from Cirrus CI to GitHub Actions (#3800)
Changes for users
None
Changes for packagers or developers
- (from v0.10.3) The
--enable-utmpneeds to be added to enable UTMP support. - (from v0.10.3) The config file subdirectory (
xrdppart of/etc/xrdp) can now be configured (#3369) - (from v0.10.3) Packagers using TigerVNC to provide the Xvnc backend may wish to configure the 'Xvnc over UDS' session type as a default by using a
code=1line in xrdp.ini. Instructions are provided in the released xrdp.ini file. - The unfinished PIV smartcard support is now disabled by default, but can be re-enabled by adding
--enable-smartcardto the configure command. Because of possible security issues with this code, this should only be done by developers working in non-production environments (#3759)