mullvadvpn-app

Added

• Add Kyber1024 KEM algorithm into the Post-Quantum secure key exchange algorithm. This means the
  Quantum-resistant-tunnels feature now mixes both Classic McEliece and Kyber for added protection.
• Add notification dot to tray icon and system notification throttling.
• Add troubleshooting information to some in-app notifications.
• Add setting for quantum resistant tunnels to the desktop GUI.
• Enable TCP_NODELAY for the socket used by WireGuard over TCP. Improves latency and performance.

Changed

• Update the Post-Quantum secure key exchange gRPC client to use the stabilized
  PskExchangeV1 endpoint
• Add "auto" setting for the quantum-resistant tunnel feature, and make it the default. If it was
  previously set to off, it will now be set to auto instead. That currently means the same thing as
  "off", but this might change in the future.
• Update OpenVPN to 2.6.0 from 2.5.3.
• Update OpenSSL to 1.1.1t from 1.1.1j.
• Post-Quantum secure tunnels and multihop can now be used at the same time.

Windows

• Remove automatic fallback to wireguard-go. This is done as a first step before fully
  deprecating it on Windows.

Removed

• Remove port 443 as valid port for WireGuard over TCP. Keep only port 80 and 5001. The reason is
  to free up port 443 for other TCP based obfuscation later.

Fixed

• Fix close to expiry notification not showing unless app is opened once within the last three days
  in the desktop app.
• Retry if PQ PSK negotiation fails for any reason.
• Fix accumulated tunnel state notifications sometimes displayed after suspend.

This release is for desktop only.

Fixed

Windows

• Fix desktop app not quitting properly after switching from unpinned to pinned window.
• Fix service not starting when LSA protection is enabled (which is the default on Windows 11 22H2).
• Fix some issues with setting system DNS by using SetInterfaceDnsSettings when it's available (on
  Windows 10, version 1809 and above).

This release is for desktop only.

Here is a list of all changes since last stable release 2022.5.

Added

• Add quit button to tray context menu on Linux and Window.
• Add search bar to location list in desktop app.

Windows

• Remove all settings when the app is uninstalled silently.

Changed

• Update Electron from 19.0.13 to 21.1.1.

Fixed

• When a country is selected, and the constraints only match relays that are not included on the
  country level, select those relays anyway.
• Fix regression where WireGuard relays were connected to over OpenVPN after a couple of failed
  attempts, when the tunnel type was set to any.
• Fix missing connect timeout when connecting to a WireGuard relay over TCP.
• Fix failure to apply firewall rules that could occur when connecting timed out.
• Fix sorting of devices in the "too many devices"-view to properly sort on device creation time.

Windows

• Don't fail to show the mullvad-daemon help text if some of the default paths cannot be obtained.

macOS

• Fix fish shell completions when installed via Homebrew on Apple Silicon Macs.
• Improved reliability of the connectivity check workaround by adding an extra captive portal check
  domain.
• Show "Mullvad VPN" in the Login Items UI instead of "Amagicom AB".
• Detect whether users need to approve the launch daemon in the Login Items UI.

Linux

• Remove last filesystem dependency of early boot blocking unit.
• Ensure RPM package removes all application directories when uninstalled.
• Fix architecture field for ARM RPM builds so the app installs on Fedora based distros.

Windows

• Ignore adapters that have no valid GUID when removing obsolete Wintun interfaces during install.
  Previously, the installer would abort.
• Revert to using netsh for DNS config, as some Windows builds did not deal with changes correctly.
  TALPID_DNS_MODULE can be used to override this.
• Fix deadlock that could occur when the default route changed while initializing split tunneling.

Removed

macOS

• Remove ⌘Q shortcut.

Security

Windows

• DNS loopback traffic is no longer blocked. Note that local resolvers are still unable to forward
  queries to servers that would normally be blocked.

Fixed

• Fix sorting of devices in the "too many devices"-view to properly sort on device creation time.

macOS

• Improved reliability of the connectivity check workaround by adding an extra captive portal check
  domain.
• Show "Mullvad VPN" in the Login Items UI instead of "Amagicom AB".
• Detect whether users need to approve the launch daemon in the Login Items UI.

Added

• Add quit button to tray context menu on Linux and Window.
• Add search bar to location list in desktop app.

Windows

• Remove all settings when the app is uninstalled silently.

Changed

• Update Electron from 19.0.13 to 21.1.1.

Fixed

• When a country is selected, and the constraints only match relays that are not included on the
  country level, select those relays anyway.
• Fix regression where WireGuard relays were connected to over OpenVPN after a couple of failed
  attempts, when the tunnel type was set to any.
• Fix missing connect timeout when connecting to a WireGuard relay over TCP.
• Fix failure to apply firewall rules that could occur when connecting timed out.

macOS

• Fix fish shell completions when installed via Homebrew on Apple Silicon Macs.

Linux

• Remove last filesystem dependency of early boot blocking unit.
• Ensure RPM package removes all application directories when uninstalled.
• Fix architecture field for ARM RPM builds so the app installs on Fedora based distros.

Windows

• Ignore adapters that have no valid GUID when removing obsolete Wintun interfaces during install.
  Previously, the installer would abort.
• Revert to using netsh for DNS config, as some Windows builds did not deal with changes correctly.
  TALPID_DNS_MODULE can be used to override this.
• Fix deadlock that could occur when the default route changed while initializing split tunneling.

Removed

macOS

• Remove ⌘Q shortcut.

Security

Windows

• DNS loopback traffic is no longer blocked. Note that local resolvers are still unable to forward
  queries to servers that would normally be blocked.

Added

• Add privacy policy link in settings
• Add initial privacy consent which is showed on each start until approved

This release is for Android only. Here's a list of the changes since last stable release android/2022.1:

Added

Android

• Add device management to the Android app. This simplifies knowing which device is which and adds
  the option to log other devices out when the account already has five devices.

Changed

Android

• Lowered default MTU to 1280 on Android.
• Disable app icon badge for tunnel state notification/status.

Removed

Android

• Remove WireGuard view as it's no longer needed with the new way of managing devices.

Fixed

Android

• Fix unused dependencies loaded in the service/tile DI graph.
• Fix missing IPC message unregistration causing multiple copies of some messages to be received.
• Fix quick settings tile being unresponsive and causing crashes on some devices.
• Fix quick settings tile not working when the device is locked. It will now prompt the user to
  unlock the device before attempting to toggle the tunnel state.
• Fix crash when clicking in-app URL notifications.
• Fix tunnel info expansion state not remembered during pause and resume.
• Fix disabled login button on login failure. Instead, the login button will now still be enabled
  on login failures to let the user re-attempt the login.

Security

Android

• Prevent location request responses from being received outside the tunnel when in the connected
  state.

This release is for desktop only.

Here is a list of all changes since last stable release 2022.4.

Added

• Add obfuscation settings under "WireGuard settings".
• Add custom option to WireGuard port selector.

Windows

• The default VPN protocol is slowly being changed from OpenVPN to WireGuard.
  The app fetches the ratio between the protocols from the API.

Linux

• GUI: Add electron flags to run Wayland native if in a compositor/desktop known to work well
• Add ARM64 (aarch64) builds. This is the first release with Linux ARM support.

Changed

• Reject invalid WireGuard ports in the CLI.
• Reorganize settings into more logical categories.
• Upgrade wireguard-go to 20220703234212 (Windows: v0.5.3).
• Prune bridges far away from the selected relay.
• Stay connected when desktop app is killed or crashes. The only situation where the app now
  disconnects on quit is when the user presses the quit button.
• Update Electron from 18.0.3 to 19.0.13.
• Expand allowed range of multicast destinations to include all of 239.0.0.0/8 (administratively
  scoped addresses), when local network sharing is enabled.
• Default to selecting Sweden as the entry location when using WireGuard multihop. Previously,
  a random location was used.
• Experimental: Upgrade the support for quantum-resistant WireGuard tunnels to a newer protocol.

Windows

• Remove dependency on ipconfig.exe. Call DnsFlushResolverCache to flush the DNS cache.
• Upgrade Wintun to 0.14.1.

Linux

• The daemon binary and systemd unit file will now be placed in /usr/bin/ and
  /usr/lib/systemd/system respectively, to aid with starting the system service on systems where
  /opt isn't mounted during early boot.

Fixed

• Connect to TCP endpoints over IPv6 if IPv6 is enabled for WireGuard.
• Fix udp2tcp not working when quantum-resistant tunnels are enabled.
• Quit app gracefully if renderer process is killed or crashes.
• Enable reconnect in blocked state in desktop app.
• Fix error handling during device removal in the desktop app.
• Enable interface settings when app is logged out
• Fix 'mullvad status -v' to include the port of the endpoint when connecting over TCP.
• Check whether the device is valid when reconnecting from the error state.
• Stop reconnecting when the account has run out of time.

Windows

• Only use the most recent list of apps to split when resuming from hibernation/sleep if applying
  it was successful.
• Don't fail install if the device tree contains nameless callout driver devices.

Linux

• Don't prevent early boot service from running if logging to a file fails.
• Fix app crashing immediately when using some icon themes.

Security

• When the system service is being shut down and the target state is secured, maintain the
  blocking firewall rules. Unless it's possible to deduce that the system isn't shutting down and the
  system service is being stopped by the user intentionally. This is to prevent leaks that might
  occur during system shutdown. Fixes 2022 Mullvad app audit issue item MUL22-02.

Windows

• Upgrade win-split-tunnel driver to version 1.2.2.0. Fixes incomplete validation of input buffers
  that could result in out-of-bounds reads. Fixes 2022 Mullvad app audit issue item MUL22-01.

Linux

• Added traffic blocking during early boot, before the daemon starts, to prevent leaks in the case
  that the system service starts after a networking daemon has already configured a network
  interface.

Added

• Add custom option to WireGuard port selector.

Linux

• Add ARM64 (aarch64) builds. This is the first release with Linux ARM support.

Changed

• Experimental: Upgrade the support for quantum-resistant WireGuard tunnels to a newer protocol.

Fixed

Linux

• Fix app crashing immediately when using some icon themes.

Added

• Add obfuscation settings under "WireGuard settings".

Windows

• The default VPN protocol is slowly being changed from OpenVPN to WireGuard.
  The app fetches the ratio between the protocols from the API.

Linux

• GUI: Add electron flags to run Wayland native if in a compositor/desktop known to work well
• Add support for Linux ARM64. No installers are produced yet. But the source code can now
  be built for ARM64.

Changed

• Reject invalid WireGuard ports in the CLI.
• Reorganize settings into more logical categories.
• Upgrade wireguard-go to 20220703234212 (Windows: v0.5.3).
• Prune bridges far away from the selected relay.
• Stay connected when desktop app is killed or crashes. The only situation where the app now
  disconnects on quit is when the user presses the quit button.
• Update Electron from 18.0.3 to 19.0.13.
• Expand allowed range of multicast destinations to include all of 239.0.0.0/8 (administratively
  scoped addresses), when local network sharing is enabled.
• Default to selecting Sweden as the entry location when using WireGuard multihop. Previously,
  a random location was used.

Windows

• Remove dependency on ipconfig.exe. Call DnsFlushResolverCache to flush the DNS cache.
• Upgrade Wintun to 0.14.1.

Linux

• The daemon binary and systemd unit file will now be placed in /usr/bin/ and
  /usr/lib/systemd/system respectively, to aid with starting the system service on systems where
  /opt isn't mounted during early boot.

Fixed

• Connect to TCP endpoints over IPv6 if IPv6 is enabled for WireGuard.
• Fix udp2tcp not working when quantum-resistant tunnels are enabled.
• Quit app gracefully if renderer process is killed or crashes.
• Enable reconnect in blocked state in desktop app.
• Fix error handling during device removal in the desktop app.
• Enable interface settings when app is logged out
• Fix 'mullvad status -v' to include the port of the endpoint when connecting over TCP.
• Check whether the device is valid when reconnecting from the error state.
• Stop reconnecting when the account has run out of time.

Windows

• Only use the most recent list of apps to split when resuming from hibernation/sleep if applying
  it was successful.
• Don't fail install if the device tree contains nameless callout driver devices.

Security

• When the system service is being shut down and the target state is secured, maintain the
  blocking firewall rules. Unless it's possible to deduce that the system isn't shutting down and the
  system service is being stopped by the user intentionally. This is to prevent leaks that might
  occur during system shutdown. Fixes 2022 Mullvad app audit issue item MUL22-02.

Windows

• Upgrade win-split-tunnel driver to version 1.2.2.0. Fixes incomplete validation of input buffers
  that could result in out-of-bounds reads. Fixes 2022 Mullvad app audit issue item MUL22-01.

Linux

• Added traffic blocking during early boot, before the daemon starts, to prevent leaks in the case
  that the system service starts after a networking daemon has already configured a network
  interface.

Changed

Android

• Refresh device data when opening the account view to ensure the local data is up-to-date and that
  the device hasn't been revoked.
• Disable settings button during login.

Fixed

Android

• Fix crash sometimes occurring during account creation.
• Fix tunnel info expansion state not remembered during pause and resume.
• Fix crash during some view transitions.
• Fix disabled login button on login failure. Instead, the login button will now still be enabled
  on login failures to let the user re-attempt the login.

Added

Windows

• Windows daemon now looks up the MTU on the default interface and uses this MTU instead of the
  default 1500. The 1500 is still the fallback if this for some reason fails. This may stop
  fragmentation.

Fixed

Linux

• Fix issue where MTU could not be manually set in the app.
• Lower the max MTU from the automatic MTU detection down to 1380,
  which was the hardcoded default before the automatic detection was implemented.
  This solves issues where the physical interface MTU was set higher than it could
  actually transport.

Added

Android

• Add device management to the Android app. This simplifies knowing which device is which and adds
  the option to log other devices out when the account already has five devices.

Changed

Android

• Lowered default MTU to 1280 on Android.
• Disable app icon badge for tunnel state notification/status.

Removed

Android

• Remove WireGuard view as it's no longer needed with the new way of managing devices.

Fixed

Android

• Fix unused dependencies loaded in the service/tile DI graph.
• Fix missing IPC message unregistration causing multiple copies of some messages to be received.
• Fix quick settings tile being unresponsive and causing crashes on some devices.
• Fix quick settings tile not working when the device is locked. It will now prompt the user to
  unlock the device before attempting to toggle the tunnel state.
• Fix crash when clicking in-app URL notifications.

Security

Android

• Prevent location request responses from being received outside the tunnel when in the connected
  state.

This release is for desktop only.

This release is identical to 2022.3-beta3.

Fixed

• Fix showing incompatible relay filtering options in desktop app. The filtering options are now
  dependent on the other filters.

Windows

• Fix app occasionally getting stuck in the offline state after being suspended.

Linux

• Fixed incompatibility with newer kernel versions (5.19 and up).

Security

Windows

• Fix potential leak window when stopping the service and auto-connect is enabled and always
  require VPN is disabled. When stopped, usually due to a reboot, the daemon would disconnect
  before entering a blocking state.

This release is a small bugfix release that only affects Windows. Linux and macOS has no changes at all in this release, compared to 2022.3-beta1.

Fixed

Windows

• Fix DNS issue on non-English Windows installations. Don't parse the output of ipconfig.exe
  to determine if the tool succeeded.

Added

• Add option to filter relays by ownership in the desktop apps.
• Experimental: Add support for quantum-resistant PSK exchange to the CLI.

Linux

• Automatically attempt to detect and set the correct MTU for Wireguard tunnels.

Windows

• Add CLI command for listing excluded processes.

Removed

Linux

• Remove upstart init configuration files

Fixed

• Display consistent colors regardless of monitor color profile on desktop.
• Fix time added view displayed due to incorrect local clock.

Windows

• Be more scrupulous about removing temporary files used by the installer and uninstaller.
• Fix issue where local name resolution fails. This requires users to ensure that non-tunnel
  interfaces are configured correctly to use local custom DNS.
• Configure DNS correctly when the DNS client service is disabled or not responding.

This release is for desktop only.

Here is a list of all changes since last stable release 2022.1.

Added

• Extend DNS blocking with the following new categories: "Adult content" and "gambling".
• Obfuscate traffic to the Mullvad API using bridges if it cannot be reached directly.
• Add device management to desktop app. This simplifies knowing which device is which and adds the
  option to log out other devices when there are already 5 connected when logging in.
• Add tray icon tooltip with connection info in desktop app.
• Add relay and bridge constraints for restricting relay selection to rented or Mullvad-owned
  relays. Allows filtering servers by ownership in the CLI.
• Include creation timestamp for devices in the CLI.

Windows

• Detect mounting and dismounting of volumes, such as VeraCrypt volumes or USB drives,
  and exclude paths from the tunnel correctly when these occur. This sometimes only works
  when the GUI frontend is running.
• Add toggle for split tunneling state.

Changed

• Update settings format to v6.
• Move WireGuard TCP obfuscation settings into mullvad obfuscation command in CLI.
• Decrease the size of fonts, some icons and other design elements in the desktop app. This makes it
  possible to fit more into the same area and makes text easier to read.
• Don't block the tunnel state machine while starting the tunnel monitor. This also means that
  the machine will not transition directly from the disconnected to the disconnecting state
  if an error occurs.
• Change behavior of escape key in the desktop app. It now navigates backwards one step instead of
  to the main view. To navigate back to the main view Shift+Escape can be used.
• Update Electron from 16.0.4 to 18.0.3.
• Randomize bridge selection with a bias in favor of close bridges.
• Make login field keep previous value when submitting an incorrect account number in desktop app.
• Decrease the time it takes to connect to WireGuard relays by sending an ICMP packet immediately.
• Pause API interactions when the daemon has not been used for 3 days.
• Simplified output of mullvad status command.
• List devices on an account sorted by creation date, oldest to newest, instead of alphabetically.

Fixed

• Fix the sometimes incorrect time added text after adding time to the account.
• Fix scrollbar no longer responsive and usable when covered by other elements.
• Improve tunnel bypass for the API sometimes not working in the connecting state.
• Fix resource leak caused by location check.
• Fix issue where sockets didn't close after disconnecting from WireGuard servers over TCP
  by updating udp-over-tcp to 0.2.
• Parse old account history formats correctly when they are empty.
• Use suspend-aware timers for relay list updates and version checks on all platforms.
• Don't attempt to use bridges when using OpenVPN over UDP and bridge mode is set to auto.
• Use the entry endpoint when the relay selector fails to find a relay using the preferred
  constraints and the tunnel protocol is "any". Previously, the entry endpoint was ignored in this
  case.
• Fix logout failing if the API cannot be reached in the GUI.

Windows

• Fix "Open Mullvad VPN" tray context menu item not working after toggling unpinned window setting.
• Fix apps not always visible in split tunneling view after browsing for an app and then removing it
  from the excluded applications.
• Fix navigation resetting to main view when toggling the unpinned window setting.
• Log splitting event reason correctly.

macOS

• Fix thrashing due to DNS config monitoring.

Security

Windows

• Update split tunnel driver to 1.2.1.0. This fixes potential DNS leaks seen when excluding at least
  one application.

Added

• Include creation timestamp for devices in the CLI.

Changed

• List devices on an account sorted by creation date, oldest to newest, instead of alphabetically.

Fixed

• Fix logout failing if the API cannot be reached in the GUI.

Added

• Extend DNS blocking with the following new categories: "Adult content" and "gambling".
• Obfuscate traffic to the Mullvad API using bridges if it cannot be reached directly.
• Add device management to desktop app. This simplifies knowing which device is which and adds the
  option to log out other devices when there are already 5 connected when logging in.
• Add tray icon tooltip with connection info in desktop app.
• Add relay and bridge constraints for restricting relay selection to rented or Mullvad-owned
  relays.

Windows

• Detect mounting and dismounting of volumes, such as VeraCrypt volumes or USB drives,
  and exclude paths from the tunnel correctly when these occur. This sometimes only works
  when the GUI frontend is running.
• Add toggle for split tunneling state.

Changed

• Update settings format to v6.
• Move WireGuard TCP obfuscation settings into mullvad obfuscation command in CLI.
• Decrease the size of fonts, some icons and other design elements in the desktop app. This makes it
  possible to fit more into the same area and makes text easier to read.
• Don't block the tunnel state machine while starting the tunnel monitor. This also means that
  the machine will not transition directly from the disconnected to the disconnecting state
  if an error occurs.
• Change behavior of escape key in the desktop app. It now navigates backwards one step instead of
  to the main view. To navigate back to the main view Shift+Escape can be used.
• Update Electron from 16.0.4 to 18.0.3.
• Randomize bridge selection with a bias in favor of close bridges.
• Make login field keep previous value when submitting an incorrect account number in desktop app.
• Decrease the time it takes to connect to WireGuard relays by sending an ICMP packet immediately.
• Pause API interactions when the daemon has not been used for 3 days.
• Simplified output of mullvad status command.

Fixed

• Fix the sometimes incorrect time added text after adding time to the account.
• Fix scrollbar no longer responsive and usable when covered by other elements.
• Improve tunnel bypass for the API sometimes not working in the connecting state.
• Fix resource leak caused by location check.
• Fix issue where sockets didn't close after disconnecting from WireGuard servers over TCP
  by updating udp-over-tcp to 0.2.
• Parse old account history formats correctly when they are empty.
• Use suspend-aware timers for relay list updates and version checks on all platforms.
• Don't attempt to use bridges when using OpenVPN over UDP and bridge mode is set to auto.
• Use the entry endpoint when the relay selector fails to find a relay using the preferred
  constraints and the tunnel protocol is "any". Previously, the entry endpoint was ignored in this
  case.

Windows

• Fix "Open Mullvad VPN" tray context menu item not working after toggling unpinned window setting.
• Fix apps not always visible in split tunneling view after browsing for an app and then removing it
  from the excluded applications.
• Fix navigation resetting to main view when toggling the unpinned window setting.
• Log splitting event reason correctly.

macOS

• Fix thrashing due to DNS config monitoring.

Security

Windows

• Update split tunnel driver to 1.2.1.0. This fixes potential DNS leaks seen when excluding at least
  one application.