Releases · mullvad/mullvadvpn-app · GitHub

13 Feb 13:15

raksooo

2025.4 Latest

Latest

This release is for desktop only.

This release is identical to 2025.4-beta1.

Here is a list of all changes since last stable release 2025.3.

Fixed

Windows

Fix GUI crashing at launch on some systems.

Assets 18

MullvadVPN-2025.4.exe

209 MB 2025-02-13T10:58:02Z
MullvadVPN-2025.4.exe.asc

833 Bytes 2025-02-13T10:58:11Z
MullvadVPN-2025.4.pkg

216 MB 2025-02-13T10:58:12Z
MullvadVPN-2025.4.pkg.asc

833 Bytes 2025-02-13T10:58:21Z
MullvadVPN-2025.4_aarch64.rpm

80.8 MB 2025-02-13T10:58:22Z
MullvadVPN-2025.4_aarch64.rpm.asc

833 Bytes 2025-02-13T10:58:26Z
MullvadVPN-2025.4_amd64.deb

87.1 MB 2025-02-13T10:58:26Z
MullvadVPN-2025.4_amd64.deb.asc

833 Bytes 2025-02-13T10:58:30Z
MullvadVPN-2025.4_arm64.deb

81.6 MB 2025-02-13T10:58:31Z
MullvadVPN-2025.4_arm64.deb.asc

833 Bytes 2025-02-13T10:58:34Z
Source code (zip)

2025-02-12T15:24:54Z
Source code (tar.gz)

2025-02-12T15:24:54Z

11 Feb 14:37

raksooo

2025.4-beta1 Pre-release

Pre-release

This release is for desktop only.

Here is a list of all changes since last stable release 2025.3.

Fixed

Windows

Fix GUI crashing at launch on some systems.

Assets 18

07 Feb 12:52

raksooo

2025.3

This is a desktop only release.

Here's a list of all the changes since the last stable release 2025.2:

Added

Windows

Add support for Windows ARM64.

Changed

(Linux and macOS only) Update to DAITA v2. The main difference is that many different machines are
provided by relays instead of a bundled list. The bundled maybenot_machines file was removed.
Move changelog from a dialog to a separate view.
Reduce the setup time of PQ tunnels by pre-computing McEliece keys.
Change order of items in settings view to show DAITA and multihop at the top.
Update Electron from 30.0.4 to 33.4.0.

Fixed

(macOS and Windows only) Add the correct route when using obfuscation with Wireguard.

Assets 18

22 Jan 09:11

raksooo

2025.3-beta1 Pre-release

Pre-release

This release is for desktop only.

Here is a list of all changes since last stable release 2025.2.

Added

Windows

Add support for Windows ARM64.

Changed

(Linux and macOS only) Update to DAITA v2. The main difference is that many different machines are
provided by relays instead of a bundled list. The bundled maybenot_machines file was removed.
Update Electron from 30.0.4 to 33.2.1.
Move changelog from a dialog to a separate view.
Reduce the setup time of PQ tunnels by pre-computing McEliece keys.

Fixed

(macOS and Windows only) Add the correct route when using obfuscation with Wireguard.

Assets 18

08 Jan 11:52

faern

2025.2

This is a desktop only release.

Here's a list of all the changes since the last stable release 2025.1:

Fixed

Fix crash when Wireguard tunnel setup timed out.

Assets 16

03 Jan 10:34

pinkisemils

2025.1

This is a desktop only release.

Here's a list of all the changes since the last stable release 2024.8:

Added

Add a new access method: Encrypted DNS Proxy. Encrypted DNS proxy is a way to reach the API via
proxies. The access method is enabled by default.

macOS

Detect whether full disk access is enabled in the split tunneling view.
Add button to restart system service in split tunneling view. This can help mitigate edge-case
issues when enabling full disk access.

Changed

Replace the draft key encapsulation mechanism Kyber (round 3) with the standardized
ML-KEM (FIPS 203) dito in the handshake for Quantum-resistant tunnels.
Make Smart Routing override multihop if both are enabled. To manually set the entry relay,
explicitly enable the "Direct only" option in the DAITA settings.
Update maybenot from 1.1.3 to 2.0.1.

Windows

Enable quantum-resistant tunnels by default (when set to auto).

Fixed

Handle network switching better when using WG over Shadowsocks.
Fix multihop entry location list sometimes being shown when multihop is disabled.

macOS

Fix GUI getting stuck when opening the split tunneling view.
Fix packets being duplicated on LAN when split tunneling is enabled.
Fix DNS issues caused by forcibly using a local DNS resolver in all states.
Note that this fix is not present on macOS versions between 14.6 and 15.1.

Security

Windows

Block WSL/Hyper-V traffic in secured states (except the connected state). The normal firewall
(WFP) filters normally do not apply for VMs. This mitigates the issue by ensuring that it does not
leak (as easily) when the VPN tunnel is up. Previously, WSL would leak while in the blocked or
connecting state, or while lockdown mode was active.

Assets 16

20 Dec 16:03

android/2024.10-beta2

android/2024.10-beta2 Pre-release

Pre-release

Fixed

Update bundled relay list to address a UI bug in the filter screen.

Assets 4

19 Dec 10:23

android/2024.10-beta1

android/2024.10-beta1 Pre-release

Pre-release

Added

Add multihop which allows the routing of traffic through an entry and exit server, making it harder to trace.
Enable DAITA to route traffic through servers with DAITA support to enable the use of all servers together with DAITA. This behaviour can be disabled with the use of the "Direct only" setting.

Changed

Update to DAITA v2. The main difference is that many different machines are provided by relays instead of a bundled list.

Assets 4

09 Dec 17:49

android/2024.9

Here is a list of all changes since last stable release android/2024.8:

Added

Add a new access method: Encrypted DNS Proxy. Encrypted DNS proxy is a way to reach the API via proxies. The access method is enabled by default.

Changed

Improve animations so that they look better with predictive back.
Improve detection and logging of a potential rare in-app purchase limbo state.

Fixed

Fix a bug where the Android account expiry notifications would not be updated if the app was running in the background for a long time.
Fix ANR due to the tokio runtime being blocked by getaddrinfo when dropped.

Security

Remove alternative stack for fault signal handlers on unix based systems. It was implemented incorrectly and could cause stack overflow and heap memory corruption. Fixes audit issue MLLVD-CR-24-01.
Remove/disable unsafe signal code from fault signal handler on unix based systems. Fixes audit issue MLLVD-CR-24-02.

Assets 4

05 Dec 15:54

raksooo

2024.9-beta1 Pre-release

Pre-release

This release is for desktop only.

Here is a list of all changes since last stable release 2024.8.

Added

Add a new access method: Encrypted DNS Proxy. Encrypted DNS proxy is a way to reach the API via
proxies. The access method is enabled by default.

macOS

Detect whether full disk access is enabled in the split tunneling view.
Add button to restart system service in split tunneling view. This can help mitigate edge-case
issues when enabling full disk access.

Changed

Replace the draft key encapsulation mechanism Kyber (round 3) with the standardized
ML-KEM (FIPS 203) dito in the handshake for Quantum-resistant tunnels.
Make Smart Routing override multihop if both are enabled. To manually set the entry relay,
explicitly enable the "Direct only" option in the DAITA settings.
Update maybenot from 1.1.3 to 2.0.1.

Windows

Enable quantum-resistant tunnels by default (when set to auto).

Fixed

Handle network switching better when using WG over Shadowsocks.
Fix multihop entry location list sometimes being shown when multihop is disabled.

macOS

Fix packets being duplicated on LAN when split tunneling is enabled.
Fix DNS issues caused by forcibly using a local DNS resolver in all states.
Note that this fix is not present on macOS versions between 14.6 and 15.1.

Security

Windows

Block WSL/Hyper-V traffic in secured states (except the connected state). The normal firewall
(WFP) filters normally do not apply for VMs. This mitigates the issue by ensuring that it does not
leak (as easily) when the VPN tunnel is up. Previously, WSL would leak while in the blocked or
connecting state, or while lockdown mode was active.

Assets 14