github TokTok/qTox v1.18.0
on GitHub

latest releases: nightly, v1.18.3, v1.18.3-rc.1...
8 months ago

Release Notes

Happy New Year 2025!

It's taken us some time, but we're finally here. We hope you enjoy our new and updated qTox v1.18.0. Many bugs, especially around video calls, have been fixed. We also bring some performance improvements, but most importantly, the RCE fear is over.

There have been many rumours about remote code execution attacks on qTox for the past 2 years. Although nobody has ever actually been able to demonstrate any of them working, we've done a deep dive audit on the relevant security aspects of the areas of potential vulnerability and have made a number of changes:

  • We've completely rewritten the notification system from scratch. We now use the built-in Qt system tray notifications on all systems. Additionally, on Linux, we use the Freedesktop notification system directly (you can turn this off if it doesn't work or you're afraid we've made a mistake) instead of going through an unaudited third party library.
  • We've put additional filtering in place for any incoming text messages from the Tox network, including friend request messages. We now filter out any non-printable characters. This may break certain newer emojis such as a skin-toned handshake emoji (🤝🏾) on older systems (from 2022 or earlier). If you use our provided binaries, it should just work, as we build our binaries with the latest Qt version and dependencies.
  • We've hardened some of the low level load/store functions used for settings. There almost certainly wasn't a vulnerability here, but they can no longer be abused directly if there ever will be.

We have, as a side effect, also upgraded the toxcore used in the (windows) release. There are a great number of outdated toxcore nodes still present in the network, holding back new feature adoption such as the new group chats with moderation capabilities.

Check out the release candidates' release notes as well for a full list of changes since the 1.17.6.

As always, report any bugs or issues you find or features you'd like to see to our issue tracker. We've got a long way to go, but we're come a long way as well. Enjoy the release!

Important

Please back up your database and tox save files before upgrading. The upgrade should be smooth, but just to be safe, make sure there are backups.

Important

UPDATE: The current release binaries unfortunately claim to be unstable non-release binaries (reported in #355). This problem is now fixed (#356) but won't be available until the v1.18.1 release. Don't worry about it claiming being unstable. The binaries are good if they match the signature and checksum from the download page.

Features

  • add appimage back to ci @Green-Sky (#306)
  • Add many missing emojis from the smiley packs. @iphydf (#232)
  • Add DBus desktop notification support. @iphydf (#209)
  • Add caps-lock indicator in password edit on macOS. @iphydf (#213)
  • Add a Qt object tree view in the debug widget. @iphydf (#158)
  • Add system tray notification support. @iphydf (#153)
  • Add desktop notifications support on Linux. @iphydf (#98)
  • Add debug log view. @iphydf (#119)
  • Add new translations: Bengali, Latvian, Flemish, Vietnamese. @iphydf (#114)

Performance improvements

Bug Fixes

  • Avoid occasional crash when changing video devices or closing qTox. @iphydf (#312)
  • Harden the persistence/serialization functions. @iphydf (#335)
  • Fix uninitialised read in contact circle widget. @iphydf (#314)
  • Don't crash when closing the app after logout. @iphydf (#308)
  • Don't crash on logout. @iphydf (#305)
  • Avoid hanging when capture device permissions denied on macOS. @iphydf (#300)
  • Fix occasional deadlock in ending a video call. @iphydf (#278)
  • Disable video device selection box during call. @iphydf (#284)
  • Make sure camera access is gained on macOS before calling. @iphydf (#283)
  • Make camera input work again on macOS. @iphydf (#267)
  • Don't crash on quit during AV call. @iphydf (#274)
  • Use the last /src/ to find the source root. @iphydf (#237)
  • Show actual smileys in the smileypack selector. @iphydf (#231)
  • cmake file dependencies @Monsterovich (#206)
  • Fix two memory leaks. @iphydf (#205)
  • Fix use-after-free when closing qTox during a call. @iphydf (#192)
  • Typo fix unavaliable -> unavailable. @iphydf (#176)
  • Allow building qtox without update check. @iphydf (#161)
  • memory error on exit @Green-Sky (#159)
  • Correct the tab completion regex so it works with Qt6. @iphydf (#150)
  • Only allow printable characters in incoming messages. @iphydf (#148)
  • Fix use-after-free bug in desktop notifications. @iphydf (#135)
  • Add Caucasian Albanian Script writing system mapping. @iphydf (#130)
  • remove extra newline in log @Green-Sky (#121)
  • Do a better job of anonymising the log output. @iphydf (#94)
  • Make checkboxes more visible on wayland. @iphydf (#105)
  • Don't create huge font weights in themes. @iphydf (#95)
  • Fixed the style selector in UI settings. @iphydf (#96)
  • Don't show unicode replacement boxes on unsupported languages. @iphydf (#97)

Documentation

Maintenance (Grunt tasks)

Maintenance (Code cleanup)

  • Use version.h in cmake build as well. @iphydf (#339)
  • Ensure VideoFrame memory is never leaked. @iphydf (#322)
  • Don't use deprecated spelling of tox enums. @iphydf (#323)
  • Add ffmpeg logging. @iphydf (#318)
  • Add openal logging and audio log category. @iphydf (#317)
  • Normalise audio to -1.0 dB. @iphydf (#316)
  • Don't connect to NULL window handle's signals. @iphydf (#315)
  • Add dep name in the log message file path on macOS. @iphydf (#311)
  • Fix compilation for Android 7. @iphydf (#309)
  • Clarify what the "blacklist" does in privacy. @iphydf (#285)
  • Fix spelling mistakes in the code. @iphydf (#282)
  • Remove unused C code. @iphydf (#286)
  • Ensure message structs don't have uninitialised members. @iphydf (#272)
  • Use mutex lockers where possible in video frame handling. @iphydf (#275)
  • Remove most uses of goto. @iphydf (#262)
  • Remove unnecessary path cleaner in tox logger. @iphydf (#266)
  • Ensure that all emoticons at least map to themselves. @iphydf (#260)
  • Make the tongue emoji :P output 😛 instead of 😋. @iphydf (#264)
  • Avoid string concatenation in log output. @iphydf (#258)
  • Remove duplication of widget IDs. @iphydf (#252)
  • Remove unnecessary inheritance of Chatroom. @iphydf (#253)
  • Avoid contextless connect. @iphydf (#248)
  • Reduce amount of implicit casting in signals/slots. @iphydf (#249)
  • Remove ASCII versions of smiley packs. @iphydf (#233)
  • Remove duplicate definition of DECLARE_SIGNAL. @iphydf (#235)
  • Avoid double spaces in logging. @iphydf (#226)
  • Use consistent nomenclature for "full screen". @iphydf (#210)
  • Reduce repetition in Android build workflow. @iphydf (#222)
  • Sort Qt resource files by filename. @iphydf (#214)
  • Stop loading smileypack in a separate thread. @iphydf (#215)
  • Use consistent nomenclature for "macOS". @iphydf (#212)
  • Some random warning cleanups and some typo fixes. @iphydf (#198)
  • Prefix multi-line log messages with the same timestamp. @iphydf (#199)
  • Avoid logging QString as format. @iphydf (#122)
  • Remove now unused DESKTOP_NOTIFICATIONS from cmake preset. @iphydf (#189)
  • Remove most of the leftovers from toxext. @iphydf (#186)
  • Use tox core "length" functions instead of constants. @iphydf (#174)
  • Another typo fix, avaliable -> available. @iphydf (#178)
  • Add system tray notification support. @iphydf (#153)
  • Use function pointer slots instead of old style strings. @iphydf (#151)
  • Fix typo in spellcheck CMake option. @Chiitoo (#146)
  • Reformat all the cmake files with cmake-format. @iphydf (#132)
  • Add spdx license header to our only ObjC++ file. @iphydf (#124)
  • Remove tox extension message support. @iphydf (#116)
  • Don't use <header.h> for local includes. @iphydf (#72)
  • Unify source to have prefix-const everywhere. @iphydf (#73)
  • Make tox error code logging originate from calling code. @iphydf (#117)
  • Delete docker image actions. @iphydf (#115)
  • Make filesform.h and toxuri.cpp parseable by Linguist. @iphydf (#111)
  • Delete buildscripts now they have moved to the dockerfiles repo @iphydf (#106)
  • Fix typo "groupOnlyNotfiyWhenMentioned" @Pigpog (#93)
  • Minimise direct dependencies on core.h. @iphydf (#70)
  • Delete all qt5 version checks. @iphydf (#62)
  • Delete compatibility recursive mutex. @iphydf (#60)
  • Move all license headers in .h files to SPDX; run clang-format. @iphydf (#58)
  • Move all license headers in C++ source files to SPDX; run clang-format. @iphydf (#55)
  • More deprecation fixes. @iphydf (#53)
  • Fix a few more deprecation warnings. @iphydf (#52)
  • Update more deprecated stuff @Green-Sky (#51)
  • remove usage of a private field @Green-Sky (#42)

Maintenance (Refactoring)

  • Move common python code into a library; add RCs to changelog. @iphydf (#330)
  • Add logging category to debug log. @iphydf (#256)
  • Add logging category for tox logger output. @iphydf (#265)
  • Remove the need for <filesystem> in logging. @iphydf (#229)
  • Make code less dependent on the Settings object. @iphydf (#110)
  • Rename Group Chat to Conference @Pigpog (#92)
  • Migrate to Qt6. @iphydf (#49)

Maintenance (Tests)

  • Add a fuzz test for the remaining 2 serialize functions. @iphydf (#336)
  • Update loginscreen UI test golden image. @iphydf (#302)
  • Re-enable tests on windows. @iphydf (#154)
  • Make the invalid proxy test less flaky. @iphydf (#197)

Maintenance (Code style)

  • Reformat CHANGELOG.md with markdown formatter. @iphydf (#326)
  • Format Objective C++ files with clang-format. @iphydf (#257)
  • Reformat SQL query code a bit to reduce right-alignment. @iphydf (#125)
Check out latest releases or
releases around TokTok/qTox v1.18.0

Don't miss a new qTox release

NewReleases is sending notifications on new releases.

Get notifications