The Mumble team has released version 1.2.9 of the Mumble VoIP application. Version 1.2.9 is a maintenance release in the stable 1.2-series of Mumble.
This release contains a couple of bug fixes to the Mumble client and contains updates to various Mumble dependencies, most prominently OpenSSL (1.0.1n) and Qt 4.8 (latest from Git). It is also the first release in the 1.2.x series that enables TLS 1.2 and modern TLS cipher suites.
If you are using one our packaged static Murmur servers, or Murmur on Windows, or any of our packaged Mumble client packages we advise you to update to get the latest security fixes from our dependencies.
Changes in this release:
OpenSSL has been updated to 1.0.1n.
Qt 4.8 has been synced to the latest sources from Git.
Mumble and Murmur now use TLS 1.2 if the server/client combination allows it.
Mumble and Murmur now prefer ECDHE + AES-GCM cipher suites if possible, providing Perfect Forward Secrecy.
For a source-level changelog, please see https://github.com/mumble-voip/mumble/compare/1.2.8
All of these changes are already available in our snapshot builds (the 1.3.x series), so if you like living on the bleeding edge and want to help out with Mumble development, feel free to check out our development snapshots at http://mumble.info/
The TLS 1.2 support in our binary packages is backported from Qt 5. Unfortunately, that means that if you are using Mumble from a package manager, you’re not going to get a TLS 1.2-enabled build.
Our backported patches to Qt 4 are available at:https://github.com/mumble-voip/mumble-d ... 45b80bd7fehttps://github.com/mumble-voip/mumble-d ... d74f609f40
We do not advise distributions to pick up these patches as-is. In particular, they change the meaning of QSsl::TlsV1 to mean ‘TLS 1.0 or later’. This is not desirable to the vast majority of software out there — but it works for Mumble’s binary packages. If there are any distributions out there willing to carry this diff to their Qt 4 packages to allow TLS 1.2 support for Mumble 1.2.9, we’re willing to prepare a more fitting patch to Qt 4.8 that implements the behavior of “QSsl::TlsV1_0OrLater” from the upcoming Qt 5.5 release.
For this release, we’re also providing binaries on GitHub. Enjoy!
The Mumble team