diff --git a/CHANGES b/CHANGES
index 416a825e62..cccf707a8b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,8 @@
 
+2.6-354 | 2019-05-29 09:46:19 -0700
+
+  * Add weird: "RDP_channels_requested_exceeds_max" (Vlad Grigorescu)
+
 2.6-352 | 2019-05-28 17:57:36 -0700
 
   * Reduce data copying in Broker message processing (Jon Siwek, Corelight)
diff --git a/NEWS b/NEWS
index 67f611a080..4de34ba8e8 100644
--- a/NEWS
+++ b/NEWS
@@ -80,7 +80,8 @@ New Functionality
   also allowed when specifying patterns used in signature files.
 
 - Add a new "client_channels" field to rdp.log based on data parsed from
-  the Client Network Data (TS_UD_CS_NET) packet.
+  the Client Network Data (TS_UD_CS_NET) packet.  The channel list is also
+  available in a new event, "rdp_client_network_data".
 
 Changed Functionality
 ---------------------
diff --git a/VERSION b/VERSION
index 0eeddbc5fc..d5ac3ab285 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.6-352
+2.6-354
diff --git a/doc b/doc
index 6473776663..4415d43650 160000
--- a/doc
+++ b/doc
@@ -1 +1 @@
-Subproject commit 6473776663085c9a72c875d3df6d3c3db05cf0e3
+Subproject commit 4415d43650f0dd2039f639c814a95d10deac8422
diff --git a/scripts/base/protocols/rdp/main.zeek b/scripts/base/protocols/rdp/main.zeek
index 4f55ad6389..11148de27c 100644
--- a/scripts/base/protocols/rdp/main.zeek
+++ b/scripts/base/protocols/rdp/main.zeek
@@ -201,6 +201,9 @@ event rdp_client_network_data(c: connection, channels: ClientChannelList)
 	for ( i in channels )
 		# Remove the NULs at the end
 		c$rdp$client_channels[i] = gsub(channels[i]$name, /\x00+$/, "");
+
+	if ( |channels| > 31 )
+		Reporter::conn_weird("RDP_channels_requested_exceeds_max", c, fmt("%s", |channels|));
 	}
 
 event rdp_gcc_server_create_response(c: connection, result: count) &priority=5