Added
- Add obfuscation settings under "WireGuard settings".
Windows
- The default VPN protocol is slowly being changed from OpenVPN to WireGuard.
The app fetches the ratio between the protocols from the API.
Linux
- GUI: Add electron flags to run Wayland native if in a compositor/desktop known to work well
- Add support for Linux ARM64. No installers are produced yet. But the source code can now
be built for ARM64.
Changed
- Reject invalid WireGuard ports in the CLI.
- Reorganize settings into more logical categories.
- Upgrade wireguard-go to 20220703234212 (Windows: v0.5.3).
- Prune bridges far away from the selected relay.
- Stay connected when desktop app is killed or crashes. The only situation where the app now
disconnects on quit is when the user presses the quit button. - Update Electron from 18.0.3 to 19.0.13.
- Expand allowed range of multicast destinations to include all of
239.0.0.0/8
(administratively
scoped addresses), when local network sharing is enabled. - Default to selecting Sweden as the entry location when using WireGuard multihop. Previously,
a random location was used.
Windows
- Remove dependency on
ipconfig.exe
. CallDnsFlushResolverCache
to flush the DNS cache. - Upgrade Wintun to 0.14.1.
Linux
- The daemon binary and systemd unit file will now be placed in
/usr/bin/
and
/usr/lib/systemd/system
respectively, to aid with starting the system service on systems where
/opt
isn't mounted during early boot.
Fixed
- Connect to TCP endpoints over IPv6 if IPv6 is enabled for WireGuard.
- Fix udp2tcp not working when quantum-resistant tunnels are enabled.
- Quit app gracefully if renderer process is killed or crashes.
- Enable reconnect in blocked state in desktop app.
- Fix error handling during device removal in the desktop app.
- Enable interface settings when app is logged out
- Fix 'mullvad status -v' to include the port of the endpoint when connecting over TCP.
- Check whether the device is valid when reconnecting from the error state.
- Stop reconnecting when the account has run out of time.
Windows
- Only use the most recent list of apps to split when resuming from hibernation/sleep if applying
it was successful. - Don't fail install if the device tree contains nameless callout driver devices.
Security
- When the system service is being shut down and the target state is secured, maintain the
blocking firewall rules. Unless it's possible to deduce that the system isn't shutting down and the
system service is being stopped by the user intentionally. This is to prevent leaks that might
occur during system shutdown. Fixes 2022 Mullvad app audit issue itemMUL22-02
.
Windows
- Upgrade win-split-tunnel driver to version 1.2.2.0. Fixes incomplete validation of input buffers
that could result in out-of-bounds reads. Fixes 2022 Mullvad app audit issue itemMUL22-01
.
Linux
- Added traffic blocking during early boot, before the daemon starts, to prevent leaks in the case
that the system service starts after a networking daemon has already configured a network
interface.