This is an automated archive made by the Lemmit Bot.

The original was posted on /r/linustechtips by /u/Mister08 on 2024-11-04 17:42:31+00:00.


A critical vulnerability in qBittorrent, impacting functions like RSS feeds, .torrent downloads, and searches, was recently patched after 14 years of ignored SSL certificate validation errors. This flaw, now assigned CVE-2024-51774, left users vulnerable to Remote Code Execution (RCE) attacks via Man-in-the-Middle (MITM) and DNS spoofing. Users are urged to update manually to the patched version 5.0.1 for security.

Should you choose to stick with qBittorrent, and update, do it via their website not via the in-app downloader! you cannot trust a potentially compromised piece of software to give you an unmolested, clean copy as an update.