DC++ 0.866

DC++ 0.866 is out. This release fixes a serious issue that allows remote denial of service attacks (ability to freeze the client remotely by any user of the connected hubs).  Besides the hardened security, version 0.866 also improves UPnP port mapping which might fix certain issues with the automatic connectivity setup.

The details of the vulnerability will be disclosed as soon as 0.866 or any forthcoming DC++ release is marked as stable.

DC++ 0.865 is out and marked as stable

DC++ 0.865 has been released with zlib and OpenSSL libraries have been updated. The compression issue found in the previous version has been fixed therefore upgrading to version 0.865 is highly recommended.

DC++ 0.864

DC++ 0.864, along with changes in share filtering and an addition of testing notifications, fixes a stability issue regarding processing of search results. The issue is introduced in the previous release so immediate upgrade for users running version 0.863 is highly recommended.

Edit:

Tests with the 0.864 version of DC++ have uncovered a transfer issue (see https://bugs.launchpad.net/dcplusplus/+bug/1656050) so the release has been removed. It never made it to the “stable” status.

Please keep using version 0.863 for now.

DC++ 0.863

DC++ 0.863, along with minor changes, fixes a stability issue in the 32-bit builds. Furthermore it contains additional optimizations for the benefit of users running DC++ on 32-bit operating systems. DC++ needs SSE3 support from this release on which means it requires Intel Core or AMD A64 X2 or newer CPUs to run. Some steppings of older processors will still work though.

Immediate upgrade for users running 32-bit operating systems is highly recommended.

DC++ 0.861

The first new DC++ release in more than a year, version 0.861, brings plenty of enhancements and security updates. The following are the list of key fixes and improvements over version 0.851:

  • Just like as in the previous major release, version 0.850, there are new functions that has been requested by the users through the bug tracker. Such features are an option for autostart DC++ when Windows starts, quick-check hubs with encrypted connections in Search frame, search capability in the Notepad window, hub connectivity status icon in the public hub list and a text encoding setting for favorite NMDC hubs.
  • We’ve improved Windows 10 compatibility by fixing a visual bug in the chat and updating the UPnP mapper. The latter may fix reported issues with automatic connectivity setup under Windows 10.
  • Added an icon toolbar to the Download queue to make the control of the downloads and priorities easier.
  • Fixed security issues related to OpenSSL and also problems with keyprint validation and secure transfers.
  • As like any program that displays clickable links from outside sources should do, now DC++ also introduces a whitelist of URIs that it allows to be directly opened without an user prompt. It means that a confirmation dialog will appear before the actual opening of any type of links that’s not whitelisted. This prevents accidental launching of any 3rd party software that is registered to certain URIs in the system and might be used to exploit existing vulnerabilities or execute arbitrary code. The URI whitelist is freely configurable in the settings dialog. We’d like to thank Kacper Rybczynski for pointing out this issue and for working with us to help protect DC++ users.
  • There’s a new structure for manual connectivity settings and lots of new options available to fine tune IPv6 connectivity. The automatic connectivity setup now enables IPv6 connectivity if the bound network interface is assigned with a public v6 IP address. Note that all parts of the IPv6 connectivity is in an early beta stage and prone to failures and that v6 connections are only supported to ADC hubs and between ADC hub users.
  • With version 0.860, DC++ has ended Windows XP support and requires Windows Vista as a minimum Windows version to run. This has enabled a lot of cleaning in the code which also results performance improvements.
  • Version 0.861 introduces more significant performance improvements by being compiled with the latest MinGW technology as well as by requiring SSE2 CPU support. The latter brings extra preformance boost to 32-bit builds of DC++ in several areas, notably in the speed of hashing, download queue matching and respond to searches. This also means that DC++ requires Intel Pentium 4 / AMD Athlon64 or newer processors from now.

The list of complete changes with links to the discussions in the bug tracker are available here. Due to the nature of fixes an immediate upgrade from earlier versions of DC++ is highly recommended.

DC++ 0.851

A new security & stability update of DC++ has been released today.

There are no user visible new features this time; besides the latest OpenSSL security fixes and hardening secure connection further by disallowing weak ciphersuites this DC++ version largely focuses on mitigating malicious situations where DC++ can be used for distributed denial of service (DDoS) attacks when beeing logged in to certain malevolent NMDC hubs.

Please note that most, if not all previous DC++ versions are affected of this problem therefore this release is highly recommended for everyone still using any older DC++ versions. Once all maintained NMDC hub software implements the mitigation for this problem it is highly probable that many existing hubs will require this DC++ release as the minimum version to use.

If no critical issues found, DC++ 0.851 should be marked as the new stable DC++ release within a short period of time.

For the complete list of changes in version 0.851, please explore the changelog.

DC++ 0.850

The first new DC++ release in the last nine months, version 0.850 fixes and hardens security related functions further notably to avoid all popular TLS exploits emerged since last April.

This release also contains stability and performance updates of various 3rd party libraries and improvements of the latest version of the compiler.

For complete list of fixes and upgraded libraries, please explore the changelog items and the linked bug discussions.