Mumble 1.2.17

The Mumble team has released version 1.2.17 of the Mumble VoIP application. Version 1.2.17 is a bugfix and security release in the stable 1.2-series of Mumble.

This version of Mumble updates our binary packages to use OpenSSL 1.0.2i (from 1.0.1t) due to the OpenSSL Security Advisory 20160922. Other dependencies have also been updated.

Continue reading

Posted in News, Release, Security | Leave a comment

Mumble 1.2.16

The Mumble team has released version 1.2.16 of the Mumble VoIP application. Version 1.2.16 is a bugfix and security release in the stable 1.2-series of Mumble.

This version of Mumble updates our binary packages to use OpenSSL 1.0.1t due to the OpenSSL Security Advisory 20160503.

Continue reading

Posted in News, Release, Security | Leave a comment

Mumble 1.2.15

The Mumble team has released version 1.2.15 of the Mumble VoIP application. Version 1.2.15 is a bugfix release in the stable 1.2-series of Mumble.

Continue reading

Posted in News, Release | Leave a comment

Mumble 1.2.14

The Mumble team has released version 1.2.14 of the Mumble VoIP application. Version 1.2.14 is a bugfix release in the stable 1.2-series of Mumble.

Continue reading

Posted in News, Release | Leave a comment

Mumble 1.2.13

The Mumble team has released version 1.2.13 of the Mumble VoIP application. Version 1.2.13 is a security release in the stable 1.2-series of Mumble.

Continue reading

Posted in News, Release, Security | 1 Comment

Mumble 1.2.12

The Mumble team has released version 1.2.12 of the Mumble VoIP application. Version 1.2.12 is a bugfix release in the stable 1.2-series of Mumble.

Continue reading

Posted in News, Release | Leave a comment

Mumble 1.2.11

The Mumble team has released version 1.2.11 of the Mumble VoIP application. Version 1.2.11 is a bugfix and security release in the stable 1.2-series of Mumble.

Continue reading

Posted in News, Release, Security | 1 Comment

Mumble 1.2.10

The Mumble team has released version 1.2.10 of the Mumble VoIP application. Version 1.2.10 is a security release in the stable 1.2-series of Mumble.

This release updates OpenSSL to 1.0.1p. This version of OpenSSL fixes "Alternative chains certificate forgery" (CVE-2015-1793).
There are no source changes to Mumble itself in this build. The version bump is only relevant to our binary releases.

We recommend all users upgrade immediately.

You can download this release on GitHub. Enjoy!

The Mumble team

Posted in News, Release, Security | 2 Comments

Mumble 1.2.9

The Mumble team has released version 1.2.9 of the Mumble VoIP application. Version 1.2.9 is a maintenance release in the stable 1.2-series of Mumble.

This release contains a couple of bug fixes to the Mumble client and contains updates to various Mumble dependencies, most prominently OpenSSL (1.0.1n) and Qt 4.8 (latest from Git). It is also the first release in the 1.2.x series that enables TLS 1.2 and modern TLS cipher suites.

If you are using one our packaged static Murmur servers, or Murmur on Windows, or any of our packaged Mumble client packages we advise you to update to get the latest security fixes from our dependencies.

Changes in this release:

OpenSSL has been updated to 1.0.1n.

Qt 4.8 has been synced to the latest sources from Git.

Mumble and Murmur now use TLS 1.2 if the server/client combination allows it.

Mumble and Murmur now prefer ECDHE + AES-GCM cipher suites if possible, providing Perfect Forward Secrecy.

For a source-level changelog, please see https://github.com/mumble-voip/mumble/compare/1.2.8…1.2.9

All of these changes are already available in our snapshot builds (the 1.3.x series), so if you like living on the bleeding edge and want to help out with Mumble development, feel free to check out our development snapshots at http://mumble.info/.

The TLS 1.2 support in our binary packages is backported from Qt 5. Unfortunately, that means that if you are using Mumble from a package manager, you’re not going to get a TLS 1.2-enabled build.

Our backported patches to Qt 4 are available at:

https://github.com/mumble-voip/mumble-developers-qt/commit/a02610cf11395896bb0fd06725bc7545b80bd7fe
https://github.com/mumble-voip/mumble-developers-qt/commit/2e23c3b6af5f820e56d08c7aad9129d74f609f40

We do not advise distributions to pick up these patches as-is. In particular, they change the meaning of QSsl::TlsV1 to mean ‘TLS 1.0 or later’. This is not desirable to the vast majority of software out there — but it works for Mumble’s binary packages. If there are any distributions out there willing to carry this diff to their Qt 4 packages to allow TLS 1.2 support for Mumble 1.2.9, we’re willing to prepare a more fitting patch to Qt 4.8 that implements the behavior of “QSsl::TlsV1_0OrLater” from the upcoming Qt 5.5 release.

For this release, we’re also providing binaries on GitHub. Enjoy!

The Mumble team

Posted in News, Release, Security | 1 Comment

New forums and wiki

As you might have already noticed we changed the hosting for our wiki as well as the forums. Especially if our previous forums hosted at SourceForge gave you trouble or the slow loading when editing the wiki made you sad this is the time to take another look.

You can find the forums on http://forums.mumble.info . The wiki as usual can be reached via http://www.mumble.info .

Continue reading

Posted in Community, News | 2 Comments