2019.1-beta1

Added

• Handle "block when disconnected" extra kill-switch level in the GUI, showing the disconnected
  state as blocked when appropriate and also having a toggle switch for the setting in the Advanced
  Settings screen.
• Add a drop-down warning to notify the user when the account credits are running low.
• Allow the 169.254.0.0/16 private network in addition to the other networks allowed when local
  network sharing is enabled.
• Improve the confirmation dialog when submitting a bug report without an email specified.

macOS

• Add a monochromatic tray icon option for the GUI.

Linux

• Detect if the computer is offline. If so, don't sit in a reconnect loop, instead block and show
  an error message.
• Add a toggle switch to allow the app to start minimized on Linux, so that only the tray icon is
  initially visible.

Changed

• Disable buttons and menus that open external links when the app knows that there is no internet
  connection.
• The auto-start and auto-connect toggles in the GUI have been reworked so that auto-connect
  configures the GUI to automatically connect when it starts and so that it will only auto-connect
  on boot when both settings are set.

Fixed

• Stop GUI from glitching during the short reconnect state.
• Dismiss notifications automatically after four seconds in all platforms.
• Fix error printed from the CLI when issuing relay update.
• Fix relay list update interval. Should now handle sleep better.
• Prevent GUI from sending connect commands to the daemon every time it establishes a connection to
  it. Only send connect once (if auto-connect is enabled.)
• Prevent possible reconnect loop where the GUI would indefinitely reconnect to the daemon.
• Fix the bug which enabled users to return to the login view if they went to settings while
  logging in.
• Handle in the GUI, if something external changes the account token in the daemon. I.e. triggered
  by CLI unsetting or resetting it.

Linux

• Fix Debian package not upgrading properly due to a bug in the post-remove script.
• Wait for NetworkManager and systemd-resolved services to start before daemon starts on platforms
  with systemd and those two services. Prevents the daemon from using the wrong DNS API.

Windows

• Gracefully block when TAP adapter is missing or disabled, instead of retrying to connect.

Security

Linux

• Poll netfilter to verify firewall rules were added correctly. On Ubuntu 14.04 netfilter did not
  return any error, but it also ignored the rules the daemon tried to add.

2018.6

This release is identical to 2018.6-beta1

2018.6-beta1

Added

• CLI command relay update that triggers an update of the relay list in the daemon.
• Add extra level of kill-switch called "block when disconnected". Blocks all network traffic even
  in the disconnected state. Not activated by default and can be changed via the CLI subcommand
  block-when-disconnected.
• Ability to debug firewall rules on macOS with the TALPID_FIREWALL_DEBUG variable.

macOS

• Detect if the computer is offline. If so, don't sit in a reconnect loop, instead block and show
  an error message.

Windows

• Install tray icon in visible part of the notification area.

Changed

• Split DNS management from Firewall management to allow restoring DNS earlier and showing more
  detailed errors to users.

Fixed

• Cancel pending system notifications when the app becomes visible.
• Transition to connected state after all routes are configured. Avoids problems with reaching the
  internet directly after the app says it's connected.
• Disable keep alive on API RPC requests. Should stop reuse of invalid sockets after tunnel state
  changes.

macOS

• Fix permissions on log dir so problem-report tool has permission to read daemon logs.

Windows

• Use proper app id in the registry. This avoids false-positives with certain anti-virus software.
• Handle sleep/resume events to quickly restore the tunnel when the machine wakes up.
• Add default route to fix NLA issues (Microsoft Store/Office/etc say the machine is offline).
• Update installer to not rely on WMI when enumerating network adapters.
• Increase timeout waiting for OpenVPN to shut down cleanly.
• Sign the bundled openvpn.exe binary. Should make some anti-virus software complain less.

2018.5

Changed

• Replace OpenVPN root CA certificate bundled with the app to the new Mullvad root CA.

Fixed

Linux

• Improve packaging on RPM based distros by re-enabling the daemon after an upgrade

2018.5-beta1

Added

• Fall back and try to connect over TCP port 443 if protocol is set to automatic and two attempts
  with UDP fail in a row. If that also fails, alternate between UDP and TCP with random ports.
• Add new system and in-app notifications to inform the user when the app becomes outdated,
  unsupported or may have security issues.
• Allow the user to view the relay in/out IP address in the GUI.
• Add OpenVPN proxy support via CLI.
• Allow DHCPv6 in the firewall.

Fixed

• Pick new random relay for each reconnect attempt instead of just retrying with the same one.
• Make the problem-report tool fall back to the bundled API IP if DNS resolution fails.

macOS

• Correctly backup and restore search domains and other DNS settings.

Linux

• Disable GPU acceleration on Linux to fix App on Ubuntu 14.04 and other older distributions.
• Improve DNS management detection. Evaluates which way the system handles DNS before each new
  VPN tunnel is established instead of only on computer boot.
• Set DNS search domain when using the systemd-resolved. Makes it work on Ubuntu 18.10.

Windows

• Fix crash on Windows 7 when closing installer.

Security

Linux

• Block all traffic to DNS servers other than the correct one in the tunnel. Stops potential DNS
  leaks when "Local network sharing" was enabled and DNS management failed.

2018.4

Fixed

• Fix so changing the OpenVPN mssfix setting triggers setting up a new tunnel with the new setting.

2018.4-beta3

Fixed

• Place Mssfix setting inside scrollable area.
• Fix so mssfix can be unset. Previously emptying the textbox did nothing.

Linux

• The app will have its window resized correctly when display scaling settings are changed. This
  should also fix bad window behaviour on startup.
• Fixed systemd-resolved DNS management. Skip using it as the DNS manager if it's running in
  consumer mode.

2018.4-beta2

Added

• Allow configuration of OpenVPN mssfix option with GUI (under Advanced Settings).

Windows

• Monitor and enforce IPv6 DNS settings on network interfaces (previously IPv4-only).

Linux

• Add support for DNS configuration using systemd-resolved and NetworkManager.

Changed

• Auto-hide scrollbars on macOS only, leaving them visible on other platforms.
• Instead of showing the public IP of the device in the UI, we show the hostname of the VPN server
  the app is connected to. Or nothing if not connected anywhere.
• Passing --connect-timeout 30 to OpenVPN to decrease the time the daemon
  will wait until it tries to reconnect again in the case of a broken TCP connection.
• Increase timeout parameter to OpenVPN from 15 to 20 seconds. Should make active VPN tunnels drop
  less frequent when on unstable networks.
• Reduce the transparency of "blocking internet" banner to increase the text readability.
• Make the quit button visible without needing to scroll down in the settings view.

Linux

• Move CLI binary to /usr/bin/ as to have the CLI binary in the user's PATH by default.

Removed

• Remove --comp-lzo argument to OpenVPN. Disables any possibility of establishing a VPN tunnel
  with compression.

Fixed

Windows

• Use different method for identifying network interfaces during installation. Should solve some
  installation errors.
• Properly restore DNS settings on network interfaces. Fixes issue #352.

2018.4-beta1

Added

• Allow packets to the fe80::/10 and fe02::/16 IPv6 networks when local network sharing is enabled.
  Should allow IPv6 over the LAN, and mDNS host discovery which in turn should allow Apple AirDrop
  and Handover among other IPv6 based LAN discovery services.

Linux

• Add support for DNS configuration using resolvconf.

Changed

• Logging in no longer requires a connection with the Mullvad API server.
• Replace repeated Disconnecting followed by Connecting notifications with a single
  Reconnecting notification.

Fixed

• Don't temporarily show the unsecured state in the GUI when the app is reconnecting or blocking.
• Periodically update list of relays in the GUI.
• Redact IPv6 address that start or end with double colons in problem reports.
• Improve tray icon response time by disabling the double click handling.

Security

• Prevent Electron from executing/navigating to files being drag-and-dropped onto the app GUI. This
  fixes MUL-01-001

2018.3

Changed

macOS

• Move the CLI binary (mullvad) back into the Resources/ directory. A bug caused the app to not
  be signed if it was placed in the app root directory.

Security

Windows

• Lock the installation directory to C:\Program Files\Mullvad VPN. This prevents potential local
  privilege escalation by ensuring all binaries executed by the SYSTEM user, as part of the
  Mullvad system service, are stored where unprivileged users can't modify them.