Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add 2024 security audit report and accompanying documentation #7323

Merged
merged 1 commit into from
Dec 11, 2024
Merged

Add 2024 security audit report and accompanying documentation #7323

merged 1 commit into from
Dec 11, 2024

Conversation

faern
Copy link
Member

@faern faern commented Dec 11, 2024
edited by richard-mullvad
Loading

The 2024 app audit has been completed, we have fixed the found issues, I have written responses to all the findings. This PR adds the audit report and our summary of the audit to the audit/ directory as usual.

This PR also updates changelog and known issues documents to link into the audit document where relevant. Please notify me if there are more places where it makes sense to provide cross-links.

We will blog about this audit after this PR has been merged, so the blog can link back to these documents. The plan is that this should happen today.

This change is Reviewable

pinkisemils
pinkisemils approved these changes Dec 11, 2024
View reviewed changes
Copy link
Collaborator

@pinkisemils pinkisemils left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 6 of 6 files at r1, all commit messages.
Reviewable status: :shipit: complete! all files reviewed, all discussions resolved

audits/2024-12-10-X41-D-Sec.md line 208 at r1 (raw file):

Attacks like these are not specific to Mullvad VPN. The attack simply relies on core
internet functionality and pattern matching. The threat model defined in the report makes
it clear that a too powerful attacker who can observe and manipulate internet traffic

Nit: I'd use powerful enough instead of a too powerful here.

pinkisemils
pinkisemils previously approved these changes Dec 11, 2024
View reviewed changes
Copy link
Collaborator

@pinkisemils pinkisemils left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:lgtm:

Reviewable status: :shipit: complete! all files reviewed, all discussions resolved

raksooo
raksooo previously approved these changes Dec 11, 2024
View reviewed changes
Copy link
Member

@raksooo raksooo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:lgtm:

Reviewed 3 of 6 files at r1, all commit messages.
Reviewable status: :shipit: complete! all files reviewed, all discussions resolved

@faern faern dismissed stale reviews from raksooo and pinkisemils via ffdbd0f December 11, 2024 12:30
@faern faern force-pushed the audit-2024 branch 4 times, most recently from 2fb081d to 16abbb2 Compare December 11, 2024 12:41
@faern faern merged commit 28cb218 into main Dec 11, 2024
9 of 10 checks passed
@faern faern deleted the audit-2024 branch December 11, 2024 12:43
@faern faern mentioned this pull request Dec 12, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pinkisemils pinkisemils pinkisemils left review comments

@raksooo raksooo raksooo left review comments

@albin-mullvad albin-mullvad Awaiting requested review from albin-mullvad

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@faern @raksooo @pinkisemils