- 🔧 Platforms, build and packaging:
- Security:
- RCE: URL parsing subversion
- don't download to
$HOMEas fallback - never download to a dot file
- restrict which types of URLs can be opened
- verify download path stays within the download directory
- ensure auto-accepted file download matches the request
- harden requested file response validation
- only load pillow if needed
- ensure that the server only uses one of the allowed encodings
- no longer enable control channel on clients by default
- validate untrusted mDNS record fields before building connection URIs
- Major:
- Minor:
- gsettings lookup always failed in desktop servers
- ssh proxied connections used the wrong config
- error handling in fdproxy
- encode client fails to use
mmaptransfers - keyboard errors with X11 servers missing the Xkb extension
- internal errors updating av-sync delay
- mmap write errors should fall through
- safer network capability parsing
- don't send raw xpm icons
- workarea calculations could fail
- experimental client backends failed to use jpeg
monitormode is desktop-like for clients
- 📁 File-transfers:
- 🌈 Encodings:
- 💄 Cosmetic:
- no need to try to use invalid displayfd values
- socket directory double-quoted in runner script
- message shows incorrect mmap limit
- logging error when notification icon parsing fails
- notification theme icon default size + fixup test
- remove legacy unused file
- remove bogus statements
- match method signature
- planar data debug logging errors
- remove duplicated keys, add missing one
- incorrect metadata used for debug logging
- webcam handshake function