FreeRDP 3.29.0 security update resolves 22 advisories
FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license, and it runs on a large share of workstations and servers through the many tools built on it. The 3.29.0 version is a security, bugfix, and maintenance update that resolves 22 advisories.

What the fixes address
The commits read as hardening work spread across the codebase. Several patches add bounds and length checks to media and channel code, including AV1 decode output limits, region rectangle checks that match existing AVC handling, and an H.264 decoder correction for a surface dimension mismatch. The camera channel gained data validity checks and a fix for how it reads a config descriptor.
Cryptographic and connection paths drew attention as well. One patch makes the core reject a short server random value during key establishment. Another improves handling of embedded null bytes in X.509 certificate processing. The update adds endpoint FedAuth token authentication and a server response size check in the Windows client. Resource limits and general runtime hardening fill out the security commits.
The work reaches clients on many platforms. This cycle also brought iOS build fixes, Android build corrections, and clipboard MIME format handling in the SDL client.
A quick release cadence
FreeRDP has been shipping often. Version 3.29.0 arrived a week after 3.28.0, and earlier releases came out every few weeks through the spring. Version 3.28.0 was a feature and bugfix release, with a revived iOS client and a new server-side smartcard API. Version 3.29.0 centers on security, the outcome of what maintainer Armin Novak called “a very rigorous review since our last release by a couple of security researchers.”
The library serves as the RDP engine inside many downstream tools. A weakness in a widely embedded component reaches far past the project’s own users, which raises the value of a coordinated batch of fixes like this one.
Anyone running FreeRDP or software built on it can pull the 3.29.0 archive from the project’s release server.