← Go back to Riseup status

Windows RiseupVPN users need to upgrade to connect

December 28, 2021 at 4:45 PM UTC


Resolved after 861h 52m of downtime. February 2, 2022 at 2:37 PM UTC

Having trouble connecting to RiseupVPN and running Windows - time to upgrade!

If you are using Windows and are unable to connect to RiseupVPN, then you need to upgrade your client.

The reason for this requirement is because a low-risk vulnerability was discovered in the Qt Installer Framework, which is used by RiseupVPN which can be triggered on RiseupVPN release previous to 0.21.11. We consider the vulnerability to be low risk, because several conditions are needed to trigger the vulnerability (original installation in a non-standard path, plus a non-privileged malicious user having access to the machine to overwrite the openvpn executable).

Thanks to researchers at Tenable for originally reporting this bug this bug.

Last updated: December 28, 2021 at 4:45 PM UTC