2020.6-beta1

This release is Android only.

Added

• Show system notification when account has expired.
• Add fish shell completions for the mullvad CLI.
• Reconnect with a new key when WireGuard key is rotated automatically, previously the tunnel would
  time out before reconnecting.

Linux

• Add split tunnelling menu under advanced settings in Linux app.

Android

• Add split-tunnelling, allowing apps to be configured to be excluded from the tunnel.
• Add localized app messages.

Changed

• Upgrade from Electron 7 to Electron 8.
• Change version string parsing to never suggest the user to upgrade to an older version.
• Make connectivity checker more resilient to suspension.
• Make uninstaller on desktop platforms attempt to remove WireGuard keys from accounts.
• Make important notifications not timeout on macOS and remain in the notification list on Linux.
• Add exponential backoff to relay list downloader.
• Display the original block reason in the non-blocking error state, and why applying the blocking
  policy failed.
• Don't show account time expired notification for newly created accounts.

Android

• Show a system notification when the account time will soon run out.
• Changed how the Select Location screen scrolls so that more items can be viewed at the same time.

Windows

• Upgrade Wintun from 0.7 to 0.8.1.
• Display causes of firewall errors in the GUI.

Linux

• Allow users to specify net_cls controller mountpoint via TALPID_NET_CLS_MOUNT_DIR. The
  specified mountpoint will only be used if the controller isn't mounted already.

Fixed

• Fix connectivity monitor for WireGuard not disconnecting from a relay when connectivity is lost.
• Forward firewall errors to the GUI in the connecting state, instead of showing a generic message
  about failing to start the tunnel.

Windows

• Fix window flickering by disabling window animations.
• Fix WireGuard not connecting if IPv6 is disabled in the adapter or OS. libwg would time out
  waiting for an IPv6 interface to become available.

Android

• Fix Connect screen sometimes becoming unusually tall. This ended up causing the screen to be
  scrolled up and made the UI elements unable to be seen until the user scrolled down.
• Fix connect action from quick-settings tile or notification sometimes opening the UI instead of
  connecting.
• Fix notification sometimes not being dismissible.
• Fix toggle switch sometimes getting stuck.

Linux

• Fix systemd-resolved DNS management by not parsing /etc/resolv.conf.
• Fix issue where DNS configuration would not be reset when NetworkManager was used and the daemon
  was stopped ungracefully. This persisted after reboots.

2020.5

Added

• Add Korean, Polish and Thai languages to the desktop app.

The rest is identical to 2020.5-beta2, see that change log for all changes since last stable release.

2020.5-beta2

Added

Android

• Add buttons to buy credit and redeem voucher in Account screen.
• Show a notification banner warning when the account time will soon run out.

Changed

• Send an ICMP reject message or TCP reset packet when blocking outgoing packets to prevent
  timeouts.

macOS

• Use SCNetworkReachability to help determine connectivity of host. Helps bring the app online
  faster when the computer wakes up from sleep.

Android

• Show the remaining account time in the Settings screen in days if it's less than 3 months.
• Prevent commands to connect or disconnect to be sent when the device is locked.
• Make all screens scrollable to better handle small screens and split-screen mode.

Fixed

• Show both WireGuard and OpenVPN servers in location list when protocol is set to automatic on
  Linux and macOS.
• Fix missing in app notification about unsupported version.
• Prevent auto-connect on login if the account is out of time.
• Fix race that caused WireGuard key upload to fail which could cause the "too many keys" error and
  the tunnel to invalidly fall back to OpenVPN.

Android

• Fix crash when that happened sometimes when the app tried to start the daemon service on recent
  Android versions.
• Fix quitting the app sometimes failing.
• Fix WireGuard key status events being lost by the UI, causing stale information to be shown.
• Fix time left in account not showing in settings screen.
• Fix attempt to connect when the app doesn't have the VPN permission.
• Fix crash that happened sometimes when the WireGuard key was loaded too quickly.
• Fix crash when entering split-screen mode whilst on the Report a Problem screen.
• Fix invalid back stack history when connection to service is lost and the app returns to the
  launch screen.
• Fix app leaving settings screen when entering split-screen mode.
• Fix app sometimes leaving Welcome screen prematurely after creating an account.

Windows

• Fix race in network adapter monitor that could result in data corruption and crashes.
• Upgrade miow dependency to stop daemon from crashing when the management interface named pipes
  were accessed with accesschk.exe and some web browsers.
• Fix race that may rarely occur during install when obtaining the GUID of a newly created TAP
  adapter.

Security

• Tighten the firewall rules that were allowing traffic to the relay server over the physical
  network interface. On Linux and macOS now only processes running under root are allowed to send
  traffic to this port and IP. On Windows only the Mullvad VPN binaries are allowed to send.
  This fixes audit ticket MUL-02-002.

Windows

• Tighten the firewall rule allowing traffic on port 53 to the relay server IP on the physical
  interfaces if the VPN tunnel is established on port 53 to only allow UDP. This fixes
  audit ticket MUL-02-004.
• Deny access to the management interface named pipe for the NT AUTHORITY\NETWORK group.
  This makes the named pipe no longer accessible under the IPC$ network share.
  This fixes audit ticket MUL-02-007.

Android

• Ignore touch events when another view is shown on top of the app in order to prevent tapjacking
  attacks. Fixes audit ticket MUL-02-003.
• Prevent screens showing potentially sensitive data from being recorded. Fixes audit
  ticket MUL-02-003.

2020.5-beta1

This release is Android only

Added

• Add a new Let's Encrypt root certificate.

Android

• Add possibility to create account from the login screen.
• Add welcome screen for newly created accounts.
• Allow submitting voucher codes to add time to the account.
• Add Out Of Time screen for user to add more time to account once it expires.

Changed

• Move location of the account data (including the WireGuard keys), so that it isn't lost when the
  system cache is cleaned.
• Rename "Block when disconnected" setting to "Always require VPN" and add additional explanation
  of the setting.
• Embed TLS certificates used for HTTPS into the binary rather than loading them from disk at
  runtime.
• Ignore case when setting the relay or bridge location in the CLI.
• Upgrade OpenVPN from 2.4.8 to 2.4.9 and the OpenSSL version it uses from 1.1.1d to 1.1.1g.
• Upgrade shadowsocks-rust to version 1.8.10.
• Always enable the beta program when running a beta version.
• Increase relay list download failure retry interval from 5 to 15 minutes. And from 5 seconds
  to 15 minutes for the WireGuard key rotation retry interval.

Android

• Adjust the minimum supported Android version to correctly reflect the supported versions decided
  in 2020.4-beta2. The app will now only install on Android 7 and later (API level 24).

Fixed

Android

• Fix crash when leaving WireGuard Key screen while key is still verifying.
• Fix crash that sometimes happens right after some other unrelated crash.
• Fix app not connecting when pressing the notification or quick-settings tile when the service
  isn't running. It would previously just open the app UI and stay in the disconnected state.
• Fix crash when requesting to connect from notification or quick-settings tile.
• Fix version update notifications not appearing.
• Fix UI losing any settings updates that happen after leaving the app and then coming back.
• Fix account expiration date disappearing in some circumstances.
• Fix notification reappearing after quitting the application.
• Retry when fetching account expiration fails.

2020.4

This release is for desktop only. This release is identical to 2020.4-beta4.

For the changes since last stable release see the changelogs for all the betas since then:

• 2020.4-beta1.
• 2020.4-beta2.
• 2020.4-beta3.
• 2020.4-beta4.

2020.4-beta4

Fixed

• Fix bogus or absent update notifications on the desktop app due to incorrect deserialization of a
  struct sent from the daemon.

Android

• App will now use packaged relay list if it's newer than the cached one.
• Fix relay list sort order

Windows

• Remove all log files on uninstall. Clear install.log on upgrades.

2020.4-beta3

Added

• Add shell completions for the mullvad CLI. Installed for bash and zsh on Linux and zsh on macOS.

Changed

• Downgrade to Electron 7 due to issues with tray icon in Electron 8.
• Use rustls instead of OpenSSL for TLS encryption to the API and GeoIP location service.

Windows

• When required, attempt to enable IPv6 for network adapters instead of failing.

Android

• Update the WireGuard Key screen so that it looks the same as on the desktop app. It is now reached
  through the Advanced settings screen.

Fixed

• Enable IPv6 in WireGuard regardless of the specified MTU value, previously IPv6 was disabled if
  the MTU was below 1380.

Windows

• Improve offline detection logic.
• Enable missing IPv6 interface on the WireGuard TUN adapter when it has been disabled.

Android

• Change button colors on problem report no email confirmation dialog to match the desktop version.
• Fix crash when attempting to run app from the non-default location, such as the SD card or from a
  different user profile.

Security

macOS

• Ship native Node modules unpacked to prevent malware checks by macOS on each run. The malware
  checks delayed app startup when "block when disconnected" was enabled and performed system network
  requests to Apple.

Android

• Fix failure to create tunnel when app is started with auto-connect enabled. This would sometimes
  lead to a traffic leak.

2020.4-beta2

This release is desktop (Windows, macOS and Linux) only.

Please note that a lot of desktop changes happened in 2020.4-beta1 but the binaries were never published. So see that changelog also for the full list of changes since the last desktop release.

Added

• Add possibility to create account in the desktop app.
• Add possibility to pay with voucher in the desktop app.

Android

• Add WireGuard MTU setting.

Changed

• Allow fc00::/7 instead of fd00::/8 in the firewall when local network sharing is enabled.
  Should unblock all unique local addresses.
• Upgrade from Electron 7 to Electron 8.
• Formalize what operating system versions we support in the readme. In practice
  this means dropped support for Android 5 and 6 and Fedora 28 and 29 right away, Ubuntu 16.04
  support will end as soon as Ubuntu 20.04 comes out.

Windows

• Windows 7 only: Address packet loss issues with OpenVPN on some systems by reverting the TAP
  adapter driver to an older NDIS 5 driver.

ios/2020.1

Initial release for iOS (iPhone). Supports...

• Establishing WireGuard tunnels
• Selecting and changing location and servers
• See account expiry
• Purchase more VPN time via in-app purchases
• See the current WireGuard key in use and how long it has been used
• Generate a new WireGuard key to replace the old

2020.4-beta1

This release is Android only

Added

• Add signal handlers on Linux, macOS and Android to better log critical faults with the daemon.
• Add WireGuard MTU setting to desktop app.
• Add option to receive notifications about new beta releases.

Android

• Add option to enable auto-connecting behavior
• Include an initial relay list in the APK so that the app can connect to the VPN even if it fails
  to connect to the API after it is installed.
• Add a reconnect button to disconnect and connect again without closing the tunnel device to avoid
  leaking any data during the reconnection.
• Add quick settings tile to control the tunnel state.
• Enable IPv6 traffic through the tunnel.

Changed

• Prefer WireGuard when tunnel protocol is set to auto on Linux and MacOS.
• Wait for tunnel state machine to properly shut down, cleaning up the firewall properly on Windows
  during the daemon shutdown.
• Switch to new logo.
• Show better message when the app failed to block all connections after an error.

Fixed

• Fix bug that could lead to Javascript error dialog to appear upon the desktop app termination.
• Fix rendering glitch in the map and improve the map's resource usage.

macOS

• Fix firewall rules to properly handle DNS requests over TCP when "Local network sharing" is
  disabled. Previously DNS requests over TCP would timeout.

Android

• Fix notification action button not working when requesting to connect the tunnel after being
  disconnected for a long time.
• Make the settings screen scrollable, so that the quit button is reachable on small screens.
• Fix connectivity listener leak causing possible battery usage increase.
• Fix crash that could sometimes happen when restarting the background service.
• Fix incorrect location information sometimes shown in main screen.

Windows

• Fix bug where failing to initialize the route manager could cause the daemon to get stuck in a
  blocked state. This only affected WireGuard.

Security

• When upgrading or reinstalling while connected, exit the daemon in a blocking state to prevent
  unintended leaks. This only affects upgrades from this release.

Windows

• Fix issue in daemon where the block_when_disconnected setting was sometimes not honored when
  stopping the daemon. I.e. traffic could flow freely after the daemon was stopped.

Android

• Fix issue where IPv6 traffic could leak outside of the tunnel.