Hi there, and thanks for the issue report.

Unfortunately this is not an issue for headless clients and we would hardly consider this bug critical.

I understand the concern and the desire to upgrade. The Swizzin team has assessed the report and disagree with the level of concern that has been levied against older versions of qbittorrent at this time, especially the headless client on Linux:

1. The first issue related to Python is a specific issue to Windows
2. There is no auto update mechanism in the nox version which renders this path to exploitation null
3. The RSS feed issue may bear some weight; however this would need to be configured by you to begin with
4. Maxmind itself would need to be compromised for the final concern and is simply a theoretical possibly rather than a currently realistic attack vector

Finally, the issue at play is a MITM attack and not a RCE. This has been miscategorized by the author of the article and has been spread online.

Additionally, there are far more concerning reports to me of memory leaks in 5.0, which could be far worse than the implications of simply using RSS feeds at this time.

The upgrade to qbittorrent will come at in due time; however it will not be rushed out due to fear mongering and sensationalized allegations against qbit, where the majority of concerns are currently moot.

If you have any questions on the subject, please forward them to our discord for further discussion.

Hello. What manipulations need to be done to update to 5.0.

I get this error

Ubuntu 24
ERROR The cmake build of libtorrent did not complete successfully

Can you supply installer logs? There weren't actually any changes to the libtorrent compile in the changes.

I get an error when trying to update from 4.6.7 to 5.0.1

/usr/include/c++/13/array:109:55: note: at offset [12, 20] into destination object ‘std::array<unsigned int, 5>::_M_elems’ of size 20
/usr/include/c++/13/array:109:55: note: at offset [44, 9223372036854775804] into destination object ‘std::array<unsigned int, 5>::_M_elems’ of size 20
In static member function ‘static constexpr _OI std::__copy_move<false, false, std::random_access_iterator_tag>::__copy_m(_II, _II, _OI) [with _II = const char*; _OI = unsigned char*]’,
inlined from ‘constexpr _OI std::__copy_move_a2(_II, _II, _OI) [with bool _IsMove = false; _II = const char*; _OI = unsigned char*]’ at /usr/include/c++/13/bits/stl_algobase.h:506:30,
inlined from ‘constexpr _OI std::__copy_move_a1(_II, _II, _OI) [with bool _IsMove = false; _II = const char*; _OI = unsigned char*]’ at /usr/include/c++/13/bits/stl_algobase.h:533:42,
inlined from ‘constexpr _OI std::__copy_move_a(_II, _II, _OI) [with bool _IsMove = false; _II = const char*; _OI = unsigned char*]’ at /usr/include/c++/13/bits/stl_algobase.h:540:31,
inlined from ‘constexpr _OI std::copy(_II, _II, _OI) [with _II = const char*; _OI = unsigned char*]’ at /usr/include/c++/13/bits/stl_algobase.h:633:7,
inlined from ‘bool libtorrent::extract_peer_info(const bdecode_node&, peer_entry&, error_code&)’ at /tmp/libtorrent/src/http_tracker_connection.cpp:473:13:
/usr/include/c++/13/bits/stl_algobase.h:388:25: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=]
388 | __result = __first;
| ~~~~~~~~~~^~~~~~~~~~
/usr/include/c++/13/array: In function ‘bool libtorrent::extract_peer_info(const bdecode_node&, peer_entry&, error_code&)’:
/usr/include/c++/13/array:109:55: note: at offset [45, 9223372036854775805] into destination object ‘std::array<unsigned int, 5>::_M_elems’ of size 20
109 | typename __array_traits<_Tp, _Nm>::_Type _M_elems;
| ^~~~~~~~
/usr/include/c++/13/array:109:55: note: at offset [13, 20] into destination object ‘std::array<unsigned int, 5>::_M_elems’ of size 20
/usr/include/c++/13/array:109:55: note: at offset [45, 9223372036854775805] into destination object ‘std::array<unsigned int, 5>::_M_elems’ of size 20
In static member function ‘static constexpr _OI std::__copy_move<false, false, std::random_access_iterator_tag>::__copy_m(_II, _II, _OI) [with _II = const char; _OI = unsigned char]’,
inlined from ‘constexpr _OI std::__copy_move_a2(_II, _II, _OI) [with bool _IsMove = false; _II = const char*; _OI = unsigned char*]’ at /usr/include/c++/13/bits/stl_algobase.h:506:30,
inlined from ‘constexpr _OI std::__copy_move_a1(_II, _II, _OI) [with bool _IsMove = false; _II = const char*; _OI = unsigned char*]’ at /usr/include/c++/13/bits/stl_algobase.h:533:42,
inlined from ‘constexpr _OI std::__copy_move_a(_II, _II, _OI) [with bool _IsMove = false; _II = const char*; _OI = unsigned char*]’ at /usr/include/c++/13/bits/stl_algobase.h:540:31,
inlined from ‘constexpr _OI std::copy(_II, _II, _OI) [with _II = const char*; _OI = unsigned char*]’ at /usr/include/c++/13/bits/stl_algobase.h:633:7,
inlined from ‘bool libtorrent::extract_peer_info(const bdecode_node&, peer_entry&, error_code&)’ at /tmp/libtorrent/src/http_tracker_connection.cpp:473:13:
/usr/include/c++/13/bits/stl_algobase.h:388:25: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=]
388 | *__result = *__first;
| ~~~~~~~~~~^~~~~~~~~~
/usr/include/c++/13/array: In function ‘bool libtorrent::extract_peer_info(const bdecode_node&, peer_entry&, error_code&)’:
/usr/include/c++/13/array:109:55: note: at offset [46, 9223372036854775806] into destination object ‘std::array<unsigned int, 5>::_M_elems’ of size 20
109 | typename __array_traits<_Tp, _Nm>::_Type _M_elems;
| ^~~~~~~~
/usr/include/c++/13/array:109:55: note: at offset [14, 20] into destination object ‘std::array<unsigned int, 5>::_M_elems’ of size 20
/usr/include/c++/13/array:109:55: note: at offset [46, 9223372036854775806] into destination object ‘std::array<unsigned int, 5>::_M_elems’ of size 20
[50/156] Building CXX object CMakeFiles/torrent-rasterbar.dir/src/http_seed_connection.cpp.o
[51/156] Building CXX object CMakeFiles/torrent-rasterbar.dir/src/ip_notifier.cpp.o
[52/156] Building CXX object CMakeFiles/torrent-rasterbar.dir/src/ip_voter.cpp.o
ninja: build stopped: subcommand failed.
�[2m[Fri Nov 15 22:05:52]�(B�[m �[31m�[1mERROR The cmake build of libtorrent did not complete successfully�(B�[m
�[2m[Fri Nov 15 22:05:52]�(B�[m �[31m�[3m Please consult the above and/or check the log (less -R +G /root/logs/swizzin.log)�(B�[m

I have the same message in my compile logs and my build is fine. Can you supply more logs? You should be able to attach files to the issue

After 6 unsuccessful update, as you can see in the log, I have Ubuntu 24 version C++ 13, I tried to update C++ 13 to the new version C++ 14. Now I ran box upgrade qbittorrent again and the installation was successful

Thank you for your quick response, maybe this information will help in the future