You are here

qBitTorrent 5.0.0 vulnerability

3 posts / 0 new
Last post
WirlyWirly
Offline
Last seen: 3 days 16 hours ago
Joined: 2020-07-11 19:35
qBitTorrent 5.0.0 vulnerability

Hello,

It was recently found out that there's a longstanding vulnerability in qBitTorrent. I won't pretend to understand what it all means, but the gist of it is that everyone should update to 5.0.1 ASAP. It'd be great if the portableapps version was also updated to protect its users.

"In qBittorrent, the DownloadManager class has ignored every SSL certificate validation error that has ever happened, on every platform, for 14 years and 6 months since April 6 2010 with commit 9824d86. The default behaviour changed to verifying on October 12 2024 with commit 3d9e971. The first patched release is version 5.0.1, released 2 days ago."

source: https://sharpsec.run/rce-vulnerability-in-qbittorrent/

John T. Haller
John T. Haller's picture
Offline
Last seen: 2 hours 43 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Updated

Thanks for the heads up. It's been updated. In the future, when an out of date app has a security issue, please mention it in the Outdated Apps Thread linked from the Development and Support sections.

Sometimes, the impossible can become possible, if you're awesome!

WirlyWirly
Offline
Last seen: 3 days 16 hours ago
Joined: 2020-07-11 19:35
Thank you!

Will do, thank you for the quick update! I didn't realize there was such a thread, this was simply where I was redirected from the qBitTorrent app page.

Log in or register to post comments