Releases: mullvad/mullvadvpn-app
Releases · mullvad/mullvadvpn-app
2024.8
This release is for desktop only.
This release addresses issues identified in a recent audit. Here is a list of all changes since last stable release 2024.7.
Security
- Remove invalidly set up alternative stack for fault signal handlers on unix based systems. This prevents potential stack overflow and heap memory corruption. Fixes audit issue
MLLVD-CR-24-01. - Remove/disable not signal safe code from fault signal handler on unix based systems. Fixes audit issue
MLLVD-CR-24-02.
Windows
- Fix issue where the installer would allow any executable named
taskkill.exein the working directory to run as admin. This fixes audit issueMLLVD-CR-24-06.
Linux
- Prevent attackers able to send ARP requests to the device running Mullvad from figuring out the in-tunnel IP. Fixes 2024 audit issue
MLLVD-CR-24-03.
android/2024.9-beta1
android/2024.9-beta1
This tag was signed with the committer’s verified signature.
8ea75e5
This commit was signed with the committer’s verified signature.
Added
- Add a new access method: Encrypted DNS Proxy. Encrypted DNS proxy is a way to reach the API via
proxies. The access method is enabled by default.
Changed
- Animation has been changed to look better with predictive back.
Fixed
- Fix a bug where the Android account expiry notifications would not be updated if the app was
running in the background for a long time. - Fix ANR due to the tokio runtime being blocked by
getaddrinfowhen dropped.
android/2024.8
android/2024.8
This tag was signed with the committer’s verified signature.
e31ffe6
This commit was signed with the committer’s verified signature.
Here is a list of all changes since last stable release android/2024.7:
Added
- Add feature indicators to the main view along with redesigning the connection details.
- Add new "Connect on device start-up" setting for devices without system VPN settings.
- Add a confirmation dialog shown when creating a new account if there's already an existing
account in the account history of the login screen.
Changed
- Replace the draft key encapsulation mechanism Kyber (round 3) with the standardized
ML-KEM (FIPS 203) dito in the handshake for Quantum-resistant tunnels. - Move version information and changelog to a new app info screen.
- Update icons to material design.
Fixed
- Fix the account number input keyboard being broken on Amazon FireStick by adding a workaround.
This should eventually be fixed by Amazon since the FireStick behavior is broken. - Improve connection stability when roaming while using Shadowsocks.
- Fix MTU calculation to avoid connectivity issues when using some specific settings.
- Fix unlabeled icon buttons for basic accessibility with screen readers.
2024.7
This release is for desktop only.
This release is identical to 2024.7-beta1.
Here is a list of all changes since last stable release 2024.6.
Fixed
macOS
- Fix DNS not working due to broken PF redirect.
2024.7-beta1
2024.7-beta1
This tag was signed with the committer’s verified signature.
raksooo
Oskar Nyberg
This release is for desktop only.
Here is a list of all changes since last stable release 2024.6.
Fixed
macOS
- Fix DNS not working due to broken PF redirect.
android/2024.8-beta2
android/2024.8-beta2
This tag was signed with the committer’s verified signature.
6c158a0
This commit was signed with the committer’s verified signature.
Fixed
- Improve connection stability when roaming while using Shadowsocks.
- Fix incorrect MTU calculation to avoid connectivity issues when using obfuscation.
2024.6
This release is for desktop only.
Here is a list of all changes since last stable release 2024.5:
Added
- Add WireGuard over Shadowsocks obfuscation. It can be enabled in "WireGuard settings". This will
also be used automatically when connecting fails with other methods. - Add feature indicators to the main view along with redesigning the connection details.
- Add "Smart Routing" feature which simplifies connecting to DAITA-enabled relays.
Changed
- Never use OpenVPN as a fallback protocol when any of the following features is enabled:
multihop, quantum-resistant tunnels, or DAITA. - Improved output format of
mullvad statuscommand, which now also prints feature indicators. - Move DAITA and multihop to the root settings view along with moving multihop into a dedicated
view with more information.
macOS
- Disable split tunnel interface when disconnected. This prevents traffic from being sent through
the daemon when the VPN is disconnected. - Enable IPv6 by default. This fixes DNS and routing being broken on some systems.
- Proxy DNS queries through a local resolver.
Fixed
Linux
- Set tunnel name to
wg0-mullvadfor userspace WireGuard.
macOS
- Exclude programs when executed using a relative path from a shell.
- Reduce packet loss when using split tunneling.
- Don't block fragmented packets in the PF firewall. Fixes various issues relating to connecting
(and general instability) when IP fragmentation is present. - Fix Apple services not working by forcing stray connections out through the VPN tunnel. This fix
only applies to Wireguard, OpenVPN is still affected. - Disable DNS redirect when custom DNS is set to localhost.
New Contributors
- @dpaoliello made their first contribution in #6315
- @magnus-lindstrom made their first contribution in #6632
- @lamtrinhdev made their first contribution in #6670
- @arunsathiya made their first contribution in #5860
Contributors
dpaoliello, arunsathiya, and 2 other contributors
Assets 14
android/2024.8-beta1
android/2024.8-beta1
This tag was signed with the committer’s verified signature.
f482e3b
This commit was signed with the committer’s verified signature.
Added
- Add feature indicators to the main view along with redesigning the connection details.
- Add new "Connect on device start-up" setting for devices without system VPN settings.
- Add a confirmation dialog shown when creating a new account if there's already an existing account in the account history of the login screen.
Changed
- Replace the draft key encapsulation mechanism Kyber (round 3) with the standardized ML-KEM (FIPS 203) dito in the handshake for Quantum-resistant tunnels.
- Move version information and changelog to a new app info screen.
- Update icons to material design.
Fixed
- Fix unlabeled icon buttons for basic accessibility with screen readers.
android/2024.7
android/2024.7
This tag was signed with the committer’s verified signature.
9d745c8
This commit was signed with the committer’s verified signature.
Here is a list of all changes since last stable release android/2024.6:
Fixed
- Fix a bug where tunnel obfuscation (UDP-over-TCP or Shadowsocks) only worked in combination with either DAITA or quantum-resistant tunnels, but only after the initial tunnel negotiation used for both DAITA and quantum-resistant tunnels. This combination of issues made the obfuscation methods effectively unusable behind restrictive firewalls regardless of setting combination.
android/2024.6
android/2024.6
This tag was signed with the committer’s verified signature.
2a33377
This commit was signed with the committer’s verified signature.
Here is a list of all changes since last stable release android/2024.5:
Fixed
- Fix rare crash related to an upcoming feature (feature indicators).