µTorrent 2.0.4 released

[Firon 3]

There is a DLL vulnerability in all versions of Windows affecting a great deal of software applications. Subsequently, attack code targeting the μTorrent client surfaced on a third-party website, and while so far no attacks have been reported to us, we have released μTorrent 2.0.4 to fix this vulnerability. The new client disables loading of DLLs from the current working directory and prevents this exploit from functioning. More information about the exploit can be found here: http://www.reuters.com/article/idUS2168761020100825

We take our user's security very seriously, and we sincerely apologize for any inconvenience.

Release notes:

• Fix reported DLL exploit
  

Download it now!

-- 2010-10-07: Version 2.0.4 (build 22450)

- Fix: uTP EACK vulnerability

-- 2010-09-24: Version 2.0.4 (build 22150)

- Fix: uTP ack-timer wrapping issue

- Fix: transfer cap doesn't update unless uTorrent is running

-- 2010-08-28: Version 2.0.4 (build 21586)

- Fix: tracker retry interval bug

-- 2010-08-26: Version 2.0.4 (build 21515)

- Fix: make survey links never show up on XP

- Fix: started and stopped events now correctly sent to torrents with multiple tracker tiers.

-- 2010-08-25: Version 2.0.4 (build 21431)

- Fix: fixed DLL hijack exploit

- Change: add bold text for Ask toolbar offer

- Fix: added groupbox in bandwidth settings

- Fix: Fixed size of static text in transfer cap setting pane to be translatable

- Fix: Fixed peer exchange exploit

- Fix: Safari 5 compatibility for WebUI

- Fix: WebUI security improvements

[moogly 0]

Is the automatic update immediate? Or in few days as usual?

[Firon 3]

We will autoupdate either later tonight or tomorrow morning. We skipped the beta process for this release because this is more or less the same code that was in BTML 7.0, which has been out for a while now.

[sbbz2004 0]

I'll update to the latest version right now.

[rafi 194]

I'm disappointed to see that you did publish 2.04, yet, didn't take this opportunity to back-port and include most desired and promised functional fixes you did on 2.2 in it.

Even small things that were talked about pre 2.2, like the cancellation of double add-torrent dialog-control and such.

I suggest you review those changes and put them in as well. there is still time !

[Firon 3]

No, we are not backporting anything. 2.2 is slated as the next stable, so the 2.0.x line will get nothing but critical fixes. There will probably not be any more releases of 2.0.x, barring some huge problem coming up within the next month and a half or so.

[rafi 194]

I see...

- Change: add bold text for Ask toolbar offer

- Fix: added groupbox in bandwidth settings

- Fix: Fixed size of static text in transfer cap setting pane to be translatable

- Fix: Safari 5 compatibility for WebUI

VERY critical indeed..

I am aware of the logic behind it, but hey, what am I asking for ?

-- 2010-08-10: Version 2.2 Beta (build 21090)

- Change: remove the "always show add dialog" and merge its functionality with the "show add dialog"

Fix something that was screwed up in the first place, and is already fixed. A bit of flexibility will not kill you guys...

[Sunstep 0]

Uploaded with ImageShack.us

[Firon 3]

The survey problem isn't new to 2.0.4. It seems like we neglected to backport the fix for that, so I'll be doing a re-release of 2.0.4 later (and autoupdate it while I'm at it).

[paintball9 0]

Will 2.2 and 3.0 be receiving the DLL fix in the near future as well?

[Firon 3]

Yes, the next releases will have the fix, as will today's release of BitTorrent 7.0.

[Firon 3]

New release of 2.0.4 up + autoupdate enabled.

[saintsoh 0]

i noticed a tracker(bakabt.com) don't allow this 2.0.4 ut client to dl but allow earlier versions.

wat can be the reason?

[acmodeu 0]

It means that this version is not in the list of the allowed clients on the tracker. Wait until owners update it.

[rafi 194]

Will the "Help file not working " issue require another update ?

[Firon 3]

You should tell tracker admins that it is important to allow this release as quickly as possible.

Will the "Help file not working " issue require another update ?

No. It's already been fixed.

[Southrop 0]

i noticed a tracker(bakabt.com) don't allow this 2.0.4 ut client to dl but allow earlier versions.

wat can be the reason?

Southrop from BakaBT here to give you an update.

We simply hadn't updated our whitelist at the time. 2.0.4 has been whitelisted for a few hours now. We will probably remove older versions from the whitelist in the near future to ensure the safety of our users.

Thanks to the uTorrent Dev Team for rolling out an update for the security issue so quickly!

You should tell tracker admins that it is important to allow this release as quickly as possible.

I'm in agreement with this opinion. I've been personally posting in trackers that I don't regularly use to petition for 2.0.4 to be whitelisted.

[znx 0]

Firon, just sent you an email about this > contal...@hotm

[gazzyk1ns 0]

Thanks for the continued updates to the 2.0.x branch, it's appreciated - I felt the need to say that after registering almost solely to moan about the 2.2 branch. It's quite reassuring, after I was getting a bit worried about the future of µTorrent development.

[Firon 3]

Well, 2.0.x is probably not going to have any more releases, barring some exceptional case.

[rafi 194]

maybe 2.04 is a good opportunity to 're-use' the good old notification thread that is forgotten since 1.8.5 ...

http://forum.utorrent.com/viewtopic.php?pid=434359#p434359

[saintsoh 0]

global ul limiting not working.

i've low 256kb/s upload n set limit to 10kB/s, ul went as high as 40kB/s.

[saintsoh 0]

i noticed a tracker(bakabt.com) don't allow this 2.0.4 ut client to dl but allow earlier versions.

wat can be the reason?

Southrop from BakaBT here to give you an update.

We simply hadn't updated our whitelist at the time. 2.0.4 has been whitelisted for a few hours now. We will probably remove older versions from the whitelist in the near future to ensure the safety of our users.

Thanks to the uTorrent Dev Team for rolling out an update for the security issue so quickly!

You should tell tracker admins that it is important to allow this release as quickly as possible.

I'm in agreement with this opinion. I've been personally posting in trackers that I don't regularly use to petition for 2.0.4 to be whitelisted.

thanks for the update, pls don't wipe out the old versions from your whitelist until 2.0.x is as stable as 1.8.5.

[DreadWingKnight 310]

thanks for the update, pls don't wipe out the old versions from your whitelist until 2.0.x is as stable as 1.8.5.

So you want to encourage users to remain vulnerable to the exploit that 2.0.4 fixes?

We really don't want to encourage that.

[saintsoh 0]

thanks for the update, pls don't wipe out the old versions from your whitelist until 2.0.x is as stable as 1.8.5.

So you want to encourage users to remain vulnerable to the exploit that 2.0.4 fixes?

We really don't want to encourage that.

not every hackers know how2exploit dll.

u can't tell it is 100% secure even it is safe guarded.

every users want is a stable client even it is an old version.

simply say why most r still using xp not upgrading to win7 because it is stable.