Mumble 1.3.4: A Critical Security and Stability Milestone is a vital maintenance and security release for the open-source, low-latency VoIP application Mumble . Released on January 10, 2021 , this version serves as a stable anchor for the "1.3" branch, primarily focusing on fixing critical vulnerabilities and performance regressions rather than introducing new front-facing features. Key Security Fixes and Improvements
: Prior to 1.3.4, the public server list lacked a whitelist for URL schemes in the website field. A malicious server could register with a crafted URL (e.g., non-http/https schemes) to trigger remote code execution when a user clicked the "Open Webpage" link. mumble 1.3.4
: Features a complex Access Control List (ACL) system for managing large communities. Known Limitations at the Time Mumble 1
Mumble 1.3.4 continued to refine the transition to PortAudio, a cross-platform audio I/O library. This change resolved long-standing issues with exclusive mode on Windows and improved compatibility with various Linux audio systems (PulseAudio/PipeWire). For users of version 1.3.4, this meant fewer crashes when unplugging headphones and smoother switching between audio devices. A malicious server could register with a crafted URL (e