github Windscribe/Desktop-App v2.22.9
on GitHub

3 hours ago

Added

  • A 'ports' command to the CLI.
  • Belarusian (Taraškievica) localization. Community contribution by dubovy-achvelak.
  • Support for the new server list v2 API.

Improved

  • Filtering of potentially malicious directives in OpenVPN custom configs to prevent a local privilege escalation.
  • "No P2P" icon to display per-city (datacenter) instead of per-country in the locations list.
  • BFE service status detection on Windows when SCM access is restricted from unelevated processes.
  • WireGuard PersistentKeepalive to use a value of 25 on all platforms.
  • HTTP ping to use IP address rather than hostname.
  • Field validation for custom WireGuard config import.
  • Non-critical scriptlet commands on Linux to be optional to prevent failures when reinstalling or upgrading.

Fixed

  • Possible local privilege escalation in the helper due to insufficient parameter validation before executing shell commands on macOS and Linux. We thank Johan Wahyudi for responsibly disclosing this issue.
  • IPC frame bounds checking to reject malformed or oversized messages.
  • Security vulnerability in ctrld command argument processing on macOS and Linux.
  • WireGuard custom config IP/CIDR validation to prevent command injection via crafted .conf files on Linux.
  • Command injection in CLI update handler on Linux.
  • Possible local privilege escalation and TOCTOU exploits in the macOS helper and installer.
  • Possible local privilege escalation and TOCTOU exploits in the Linux helper.
  • Potential privilege escalation during app update process on Linux.
  • WireGuard service may start then terminate immediately in a loop after wake from sleep on Windows.
  • Possible app crash when initiating an IKEv2 connection on Windows.
  • Potential deadlock at app start.
  • Factory reset does not fully reset preferences on macOS.
  • Call continuity doesn't work with firewall enabled on macOS.
  • OpenVPN TCP fails to connect when LAN proxy feature is enabled on macOS.
  • Multicast traffic not working on split tunneled apps on macOS.
  • Server sub-menus for the locations list in the OS tray menu should have a delay before being displayed.
  • Protocol indicates "WireGuard" while disconnected and selected location is an OpenVPN custom config.
  • WireGuard key limit dialog overlaps notification banners on app launch.
  • Standard/hashed login text overlaps when language set to Belarusian.
  • wsnet receiving system language rather than user's preferred language.
  • News feed title is clipped and entry height miscalculated when entry is expanded.
  • Location list hover states broken after clicking main window.
  • Third-party custom config may no longer pass tunnel test.
  • Dropdown menus in Preferences scrolling to the wrong position.
  • El Salvador flag icon.
  • App does not consistently connect to the specific server that has the user's pinned IP.
  • Purchased ALC locations cannot be selected.
  • Unnecessary VPN reconnection when switching between WiFi access points on the same network on macOS and Linux.
  • An app crash when on macOS when all app sessions are cleared via the website account page.
  • A potential crash while reinstalling the app on macOS.
  • A crash when interacting with credential fields on macOS.
  • P2P indicators not shown for premium locations.
  • Cannot connect to purchased individual locations because the UI shows them as premium-only.
  • Cannot connect with custom configs requiring credentials.
  • Bridge API session tokens not being cleared during logout and persistent settings cleanup.
  • Potential use-after-free crash when API handles outlive global wsnet teardown.
  • Advanced parameters not parsed after being written on Linux.
  • WireGuard reconnect fails after plan downgrade until app restart.
  • Protocol Tweaks toggle not enabling during fresh install on a Russian network.
  • Location nickname may be corrupted when best location changes.
  • Incorrect knowledge base URL in Help window.
  • Change protocol screen maximizes vertically after moving it.
  • Linux CLI does not log the user out when all active sessions are deleted from the account.
  • DNS manager may misdetect as resolvconf on Ubuntu when it should be NetworkManager.
  • Linux Dockerfile build tool downloads not hash verified.

Updated

  • Qt 6.11.0.
  • cURL 8.18.0.
  • OpenSSL 3.6.1.
  • OpenVPN DCO driver 2.8.2.
  • ctrld to 1.5.0.

GUI Installer Hashes

Installer SHA-256 hash
Windows amd64 51adad2fed021c1c820e3cb6e3b8f0ae0c7a4240077be8e1b904e91ae4c919df
Windows arm64 d2a5075262624391844c947de5243d85cbf0d6f7689a346dcbd7907d2e029011
macOS universal e30254157d0c12853f76064d1db4b94ff992fe3fadf2f097941705da8c5f3980
Ubuntu amd64 d1748eaff4df11540dd797859531c42c18b67613326c838d23f6f7c378b284ab
Ubuntu arm64 942f549f724d219feec9f6152ee2eeccee247c18c845bb8aaee00f66e66a576c
Fedora amd64 8d7613fd302a376f868d382bab624a55e98f3b8b7a7f9b2470cc1929d4573d57
Fedora arm64 905185dae680a3d61f9ee726c25d2271eff26046d01db807411e302b7592efee
OpenSUSE amd64 fd6a80febfa560eadfdaa9503e24c41e7fdd611878f048d9ba2c5e8080ae87a2
Arch Linux amd64 d7b2f4319f788b5698e113e51aa009cfaf01ea7a45d2574fa2d9ee0901c70f0c

CLI Installer Hashes

Installer SHA-256 hash
Ubuntu CLI amd64 070d902220c920a476e8bf47e1f2089eda81cd8e8d29206bc4810b00d6b47ff2
Ubuntu CLI arm64 c8a9af6eb08ac00c2266e395b23b6c80adc4d05c4e8e66c32c66d02216850e5e
Fedora CLI amd64 770eeb95e8a491adec42d270863c17d63b9442eb9a23e168d050673ea48352b8
Fedora CLI arm64 c9458e9840fdab431ad84ab981340c358c0d1649f691009e401d69e2e11031da
OpenSUSE CLI amd64 ec747142d94234febb4bec7396a80dbe1d7d025130b1c4d14a7fac70940bc7a4
Arch Linux CLI amd64 f817bf3899ba54e0be6be64f37e1dfc3ee42f587ee1feea95cf21fd75afd14ac
Check out latest releases or
releases around Windscribe/Desktop-App v2.22.9

Don't miss a new Desktop-App release

NewReleases is sending notifications on new releases.

Get notifications