Difference between revisions of "1.2.9"

From Mumble Wiki
Jump to: navigation, search
(Improve formatting)
Line 1: Line 1:
The Mumble team has released version 1.2.9 of the Mumble VoIP application. Version 1.2.9 is a maintenance release in the stable 1.2-series of Mumble.
+
Version 1.2.9 is a maintenance release in the stable 1.2-series of Mumble and the successor of Mumble [1.2.8].
  
 +
=== Summary ===
 
This release contains a couple of bug fixes to the Mumble client and contains updates to various Mumble dependencies, most prominently OpenSSL (1.0.1n) and Qt 4.8 (latest from Git). It is also the first release in the 1.2.x series that enables TLS 1.2 and modern TLS cipher suites.
 
This release contains a couple of bug fixes to the Mumble client and contains updates to various Mumble dependencies, most prominently OpenSSL (1.0.1n) and Qt 4.8 (latest from Git). It is also the first release in the 1.2.x series that enables TLS 1.2 and modern TLS cipher suites.
  
 
If you are using one our packaged static Murmur servers, or Murmur on Windows, or any of our packaged Mumble client packages we advise you to update to get the latest security fixes from our dependencies.
 
If you are using one our packaged static Murmur servers, or Murmur on Windows, or any of our packaged Mumble client packages we advise you to update to get the latest security fixes from our dependencies.
  
Changes in this release:
+
=== Changes in this release: ===
  
OpenSSL has been updated to 1.0.1n.
+
* OpenSSL has been updated to 1.0.1n.
 +
* Qt 4.8 has been synced to the latest sources from Git.
 +
* Mumble and Murmur now use TLS 1.2 if the server/client combination allows it.
 +
* Mumble and Murmur now prefer ECDHE + AES-GCM cipher suites if possible, providing Perfect Forward Secrecy.
  
Qt 4.8 has been synced to the latest sources from Git.
 
 
Mumble and Murmur now use TLS 1.2 if the server/client combination allows it.
 
 
Mumble and Murmur now prefer ECDHE + AES-GCM cipher suites if possible, providing Perfect Forward Secrecy.
 
  
 
For a source-level changelog, please see https://github.com/mumble-voip/mumble/compare/1.2.8...1.2.9
 
For a source-level changelog, please see https://github.com/mumble-voip/mumble/compare/1.2.8...1.2.9
Line 28: Line 27:
 
We do not advise distributions to pick up these patches as-is. In particular, they change the meaning of QSsl::TlsV1 to mean ‘TLS 1.0 or later’. This is not desirable to the vast majority of software out there — but it works for Mumble’s binary packages. If there are any distributions out there willing to carry this diff to their Qt 4 packages to allow TLS 1.2 support for Mumble 1.2.9, we’re willing to prepare a more fitting patch to Qt 4.8 that implements the behavior of “QSsl::TlsV1_0OrLater” from the upcoming Qt 5.5 release.
 
We do not advise distributions to pick up these patches as-is. In particular, they change the meaning of QSsl::TlsV1 to mean ‘TLS 1.0 or later’. This is not desirable to the vast majority of software out there — but it works for Mumble’s binary packages. If there are any distributions out there willing to carry this diff to their Qt 4 packages to allow TLS 1.2 support for Mumble 1.2.9, we’re willing to prepare a more fitting patch to Qt 4.8 that implements the behavior of “QSsl::TlsV1_0OrLater” from the upcoming Qt 5.5 release.
  
For this release, we’re also providing binaries on [https://github.com/mumble-voip/mumble/releases/tag/1.2.9 GitHub]. Enjoy!
+
For this release, we’re also providing binaries on [https://github.com/mumble-voip/mumble/releases/tag/1.2.9 GitHub].
 
 
The Mumble team
 

Revision as of 21:17, 19 June 2015

Version 1.2.9 is a maintenance release in the stable 1.2-series of Mumble and the successor of Mumble [1.2.8].

Summary

This release contains a couple of bug fixes to the Mumble client and contains updates to various Mumble dependencies, most prominently OpenSSL (1.0.1n) and Qt 4.8 (latest from Git). It is also the first release in the 1.2.x series that enables TLS 1.2 and modern TLS cipher suites.

If you are using one our packaged static Murmur servers, or Murmur on Windows, or any of our packaged Mumble client packages we advise you to update to get the latest security fixes from our dependencies.

Changes in this release:

  • OpenSSL has been updated to 1.0.1n.
  • Qt 4.8 has been synced to the latest sources from Git.
  • Mumble and Murmur now use TLS 1.2 if the server/client combination allows it.
  • Mumble and Murmur now prefer ECDHE + AES-GCM cipher suites if possible, providing Perfect Forward Secrecy.


For a source-level changelog, please see https://github.com/mumble-voip/mumble/compare/1.2.8...1.2.9

All of these changes are already available in our snapshot builds (the 1.3.x series), so if you like living on the bleeding edge and want to help out with Mumble development, feel free to check out our development snapshots at http://mumble.info/.

The TLS 1.2 support in our binary packages is backported from Qt 5. Unfortunately, that means that if you are using Mumble from a package manager, you’re not going to get a TLS 1.2-enabled build.

Our backported patches to Qt 4 are available at:

https://github.com/mumble-voip/mumble-developers-qt/commit/a02610cf11395896bb0fd06725bc7545b80bd7fe https://github.com/mumble-voip/mumble-developers-qt/commit/2e23c3b6af5f820e56d08c7aad9129d74f609f40

We do not advise distributions to pick up these patches as-is. In particular, they change the meaning of QSsl::TlsV1 to mean ‘TLS 1.0 or later’. This is not desirable to the vast majority of software out there — but it works for Mumble’s binary packages. If there are any distributions out there willing to carry this diff to their Qt 4 packages to allow TLS 1.2 support for Mumble 1.2.9, we’re willing to prepare a more fitting patch to Qt 4.8 that implements the behavior of “QSsl::TlsV1_0OrLater” from the upcoming Qt 5.5 release.

For this release, we’re also providing binaries on GitHub.