You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Package signing and update authenticity hardening for supported Linux packages.
Improved
App hardening from the Fable 5 audit, including WireGuard key validation, Control D API key log redaction, IPC exposure hardening, safer logging, installer argument redaction, and package/dependency handling fixes.
Windows helper IPC parameter validation to reduce local IPC attack surface.
Linux helper IPC/API hardening after EGL gid-check bypass review.
Windows IKEv2 connector stability to mitigate possible crashes.
macOS builds against Xcode 26.5 and enabled ARC for client-common Objective-C++ code.
Proxy Gateway privacy by no longer logging blocked destinations for HTTP and SOCKS gateway requests.
IP Stack preference wording to clarify it applies to WireGuard only.
Preferences title casing consistency.
Sign Up screen helper text styling under the Password and Email fields.
JSON/INI import consistency for proxy sharing and MAC spoofing settings.
Debug logs by removing false positives that could mislead automated log analysis on Windows.
Russian and Ukrainian translations in the desktop app, installer, and CLI from GitHub user WkdXeqtr.
Belarusian translations in the desktop app, installer, and CLI from GitHub user dubovy-achvelak.
Fixed
DLL planting vulnerability in the Windows bootstrapper and uninstaller.
Windows installer/updater staging TOCTOU allowing the privileged helper to copy from a different source path than the one it validated.
Local privilege escalation security vulnerability from app retaining SETGID capability after group switch on Linux.
Possible local privilege escalation chain involving external-link opening and OpenVPN directive validation bypass.
OpenVPN custom config filtering to handle embedded NULL/control characters consistently and reject unsafe directives.
OpenVPN custom config parsing to prevent commented-out route-nopull / route-noexec text from disabling automatic firewall handling.