Mumble 1.2.9

Posted on June 11, 2015 by mkrautz

The Mumble team has released version 1.2.9 of the Mumble VoIP application. Version 1.2.9 is a maintenance release in the stable 1.2-series of Mumble.

This release contains a couple of bug fixes to the Mumble client and contains updates to various Mumble dependencies, most prominently OpenSSL (1.0.1n) and Qt 4.8 (latest from Git). It is also the first release in the 1.2.x series that enables TLS 1.2 and modern TLS cipher suites.

If you are using one our packaged static Murmur servers, or Murmur on Windows, or any of our packaged Mumble client packages we advise you to update to get the latest security fixes from our dependencies.

Changes in this release:

  • OpenSSL has been updated to 1.0.1n.
  • Qt 4.8 has been synced to the latest sources from Git.
  • Mumble and Murmur now use TLS 1.2 if the server/client combination allows it.
  • Mumble and Murmur now prefer ECDHE + AES-GCM cipher suites if possible, providing Perfect Forward Secrecy.

For a source-level changelog, please see https://github.com/mumble-voip/mumble/compare/1.2.8…1.2.9

All of these changes are already available in our snapshot builds (the 1.3.x series), so if you like living on the bleeding edge and want to help out with Mumble development, feel free to check out our development snapshots at http://mumble.info/.

The TLS 1.2 support in our binary packages is backported from Qt 5. Unfortunately, that means that if you are using Mumble from a package manager, you’re not going to get a TLS 1.2-enabled build.

Our backported patches to Qt 4 are available at:

https://github.com/mumble-voip/mumble-developers-qt/commit/a02610cf11395896bb0fd06725bc7545b80bd7fe

https://github.com/mumble-voip/mumble-developers-qt/commit/2e23c3b6af5f820e56d08c7aad9129d74f609f40

We do not advise distributions to pick up these patches as-is. In particular, they change the meaning of QSsl::TlsV1 to mean ‘TLS 1.0 or later’. This is not desirable to the vast majority of software out there — but it works for Mumble’s binary packages. If there are any distributions out there willing to carry this diff to their Qt 4 packages to allow TLS 1.2 support for Mumble 1.2.9, we’re willing to prepare a more fitting patch to Qt 4.8 that implements the behavior of “QSsl::TlsV1_0OrLater” from the upcoming Qt 5.5 release.

For this release, we’re also providing binaries on GitHub. Enjoy!

The Mumble team