You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Custom SNI support for stunnel/wstunnel anti-censorship connections.
Cross-platform diagnostics for API connectivity login failures so logs can better distinguish DNS, routing, proxy, IPv4/IPv6, and local security-policy failures.
Improved
The Windows IKEv2 connector. A complete rewrite of the code to improve connection setup speed and connection robustness.
Anti-censorship startup and failover by supporting parallel backup domain testing in wsnet.
Firewall behavior consistency across platforms and firewall modes.
Linux firewall implementation by replacing iptables shell calls with libnftables.
Linux split tunneling so non-tunneled apps can preserve ISP IPv6 on native dual-stack networks while tunneled apps remain leak-protected.
Always On/Always On+ firewall handling with Allow LAN Traffic by disabling risky LAN allowance on mode enable and warning when LAN traffic is explicitly re-enabled.
macOS installer/update code paths and installer flow.
Linux firewall/routing fwmark handling by centralizing fwmark use and avoiding incorrect WireGuard mark behavior.
Hardening for elevated executables using Windows process mitigation APIs where applicable.
Windows compiler and linker security hardening, including Control Flow Guard and related mitigation settings.
Windows build targeting to Windows 10 2004 so newer Windows APIs can be used without changing the minimum install version.
Split tunneling error handling so startup failures can show the usual Split Tunneling failed alert on macOS.
Objective-C memory management consistency by enabling ARC uniformly across the project.
CLI-only behavior by automatically watching config file changes instead of requiring windscribe-cli preferences reload.
Dependency build integrity by pinning or verifying wstunnel and AmneziaWG prebuilt source dependencies.
Fixed
Security audit findings covering macOS signature validation, Windows WireGuard config permissions, local IPC robustness, AmneziaWG input validation, and sensitive logging paths.
Static IP OpenVPN/TCP connections prompting for credentials instead of supplying stored Static IP credentials internally.
Remembered credentials for external .ovpn custom configs not being persisted immediately across restart/reboot.
Polish free-data counter text overlapping the upgrade CTA and locations-list chevron.
Hashed-login failures caused by user accidentally including leading/trailing whitespace in their input.
WireGuard connection mode unavailable when Always On+ firewall mode is enabled and cached WireGuard connection information is available.
c-ares Windows DNS server detection regression that could leave only 127.0.0.1:53 and cause DNS resolution failures.
The Windscribe service getting stuck in the stop pending state when a stop is requested while the desktop app is running on Windows.
A possible crash when enabling Secure Hotspot after connecting the VPN on Windows.
A rare crash when launching at startup before macOS screen information is available.
Linux firewall block rule ordering so Windscribe's kill-switch block path takes precedence over UFW/third-party allow rules.
openSUSE Tumbleweed RPM install failure related to the libcap-progs dependency path.
Allow LAN traffic not applying correctly to IPv6 LAN and multicast traffic while connected on Windows.
Missing warning when split tunneling is enabled while the macOS split tunneling extension has been manually disabled.
Allow LAN traffic IPv6 behavior on macOS so ULA and multicast traffic are blocked on the VPN interface while remaining reachable on the physical LAN.
Updated
cURL to 8.21, c-ares to 1.34.7, OpenVPN to 2.7.5, OpenSSL to 4.0.1, and wsnet to 1.5.27 for security updates.