Just a general question:
I've happily used Qbittorrent for years - my well-deserved thanks to all involved! But there are a couple of bugs that make the new version unusable for anyone who uses it like I do - mostly with a private tracker.
The first is the wildly inaccurate reporting of peers - the UI shows hundreds, when the actual number is generally zero, and occasionally one (these are all old Asian movies). The second is that the "last activity" info is always wrong, in a broken sort of way. It's all important info if you're managing your interaction with a private tracker and its other members.
So my question is: are the security risks greater when using older versions? Threats evolve and mutate, and there's constant advice from everywhere to make sure software is up to date. But I want to re-install 3.3.3, simply because it works. I'm pretty sure 3.3.4 was when the hundreds-of-peers problem started.
So are there greater risks, whether generic and statistical or specific and known, with using older versions of Qbittorrent?
Thanks in advance.
Older versions and security
-
Switeck
Re: Older versions and security
There's a few old VPN and proxy issues in 1+ year old versions...and some even worse ones in recent versions.
Those issues are being sorted out still, so maybe qBT v4.0.5 and later will actually have a properly working kill switch for VPN.
There's also a few crashes with older versions that have been fixed or at least reduced. Not so much security issues themselves, but usability ones.
I've seen the misreported peers/seeds issue -- I've got a seeding torrent on qBT v4.0.4 that reports 1-3 connected seeds and 5-20 connected peers when really there's not quite as many connected REAL peers.
Those issues are being sorted out still, so maybe qBT v4.0.5 and later will actually have a properly working kill switch for VPN.
There's also a few crashes with older versions that have been fixed or at least reduced. Not so much security issues themselves, but usability ones.
I've seen the misreported peers/seeds issue -- I've got a seeding torrent on qBT v4.0.4 that reports 1-3 connected seeds and 5-20 connected peers when really there's not quite as many connected REAL peers.
-
Peter
- Administrator
- Posts: 3049
- Joined: Wed Jul 07, 2010 6:14 pm
Re: Older versions and security
[quote="miv"]So are there greater risks, whether generic and statistical or specific and known, with using older versions of Qbittorrent?
[/quote]
As Switeck said, VPN/SOCKS5 wise there may be some stuff (though I have been using both since v2 on Linux, FreeBSD, Windows and never had any leak or issues whatsoever).
Security wise, as long as there is no exploit (public), the answer is, we don't know. We can't tell. If there will be a huge security vulnerability in the client, I am sure the release notes will say that the new version is a security fix. This happened once in the past IIRC.
That said, if the attackers will not share the exploit, we will never know. Then again, the only attack surface for qBittorrent is the webUI, so if you use it with a VPN (OpenVPN, SoftEther, router's vpn, whatever), you *should* be 100% safe.
[/quote]
As Switeck said, VPN/SOCKS5 wise there may be some stuff (though I have been using both since v2 on Linux, FreeBSD, Windows and never had any leak or issues whatsoever).
Security wise, as long as there is no exploit (public), the answer is, we don't know. We can't tell. If there will be a huge security vulnerability in the client, I am sure the release notes will say that the new version is a security fix. This happened once in the past IIRC.
That said, if the attackers will not share the exploit, we will never know. Then again, the only attack surface for qBittorrent is the webUI, so if you use it with a VPN (OpenVPN, SoftEther, router's vpn, whatever), you *should* be 100% safe.