ApexDC++ is, and always will be, free from all forms of malware. The project is managed and developed by veterans of the P2P world and as such we feel we are in touch with the opinions, wishes and requirements of our users.
We are pleased to announce the immediate availability of 1.6.2. This update fixes an exploit that allowed users to send malicious search requests to a hub, causing a large flood of UDP traffic to a specified IP address.
OpenCandy, the recommendation engine behind sponsored programs in the installer, has now been removed. You should no longer be offered any additional software when running the setup file. They were terrible at responding and it wasn't worth the compromise.
We're looking to include some minor improvements on the next version, so stay tuned for that.
Download: ApexDC++ 1.6.2
It's been too long since our last version - nearly two years!
We're pleased to announce 1.6.1 has been released and is available for immediate download. In this new version, we've focused on updating libs such as OpenSSL 1.0.2h (lots of security fixes), Inno Setup, Boost and MSVC 2015 Update 2.
Furthermore, we hope to have finally fixed the connectivity issues with encrypted connections and a rare crash when removing hubs from favourites. We no longer automatically add any hubs to favourites, as this has been removed in 1.6.1.
A full list of changes are available on here.
As 1.6.0 is so old, we strongly recommend upgrading to 1.6.1 as soon as possible.
Download: ApexDC++ 1.6.1
Update: The binary only slim package uploaded to SourceForge seems to have been corrupt, this has now been remedied. It might take some time for the new file to populate on all the mirrors, sorry for any inconvenience this may have caused.
The server move has already proved to be a positive change in terms of performance and financial costs. We are now running PHP 5.6 and switched over from MySQL to MariaDB to follow the original developers - there's an article on this to bring you up to speed.
Although releases have become less frequent, we do plan on catching up with the latest OpenSSL and DC++ security related exploits as soon as we can. Cologic provided an insightful article on some of the changes we're looking to include, alongside that pesky NMDC exploit.
We have released 1.6.0 to address some security issues regarding hub hijacking and upgraded to the latest OpenSSL 1.0.1i. The ADC-Fun.com hub domain was hijacked recently and therefore we have blocked this to prevent users connecting to this fraudulent hub. We have also changed the behaviour of the security settings page to ensure this won't happen again. Therefore, we highly recommend you upgrade to 1.6.0 as soon as possible.
Anybody experiencing connection issues on the previous versions using the adcs:// protocol should see this finally fixed in 1.6.0; thanks for your patience on this one.
Hope everyone's having a good Summer.
Download: ApexDC++ 1.6.0
We are pleased to announce immediate availability ApexDC++ 1.5.14, fixing security vulnerabilities found in the OpenSSL. The OpenSSL team had this to say about one of the vulnerabilities:
An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.
Therefore we advise all users on previous versions to upgrade to 1.5.14 immediately. The installer will provide a smooth upgrade without losing any settings or your queue.
Check out our full changelog for further details.
Download: ApexDC++ 1.5.14
SourceForge announced ApexDC won the May 2014 Project of the Month award earlier this month. This marks the first time a Direct Connect project has successfully achieved the award in recent years. The development team would like to thank everyone >who voted for the project.
We have published a maintenance release available for immediate download. 1.5.13 fixes a small set of issues that can in the worst case scenario render your installation of ApexDC effectively unusable. You can check out the full changelog here. We recommend that you update your version of ApexDC as soon as possible.
Download: ApexDC++ 1.5.13
Update: The voting period has ended, thank you for everyone who participated.
We have been, presumably randomly or based on recent activity, selected for the community choice vote for SourceForge May Project of the Month (fairly new thing they have been doing). If you have a SourceForge account look at the projects listed and vote as you will... or don't, it is really up to you. But it would be a shame for us not to say anything at all, considering this isn't likely to happen again any time soon. We have so far been a featured project (a weekly thing, for handful of projects at a time) twice within the last two or three years.
Direct Connect hasn't been prominently featured in any way in recent memory. It would be nice to make that happen, as well as an achievement for the project of course.
Update: We have re-released 1.5.12 to address an usability concern with the original release version, we apologize for any inconvenience this may cause.
We have published a maintenance release available for immediate download. 1.5.12 fixes the remainder of known issues for 1.5.10 and majority of known issues for 1.5.11. You can check out the full changelog here.
On April 8th, 2014 Microsoft officially ceased its consumer support for their Windows XP operating system, originally released in 2001. With the release of 1.5.11 it was brought to our attention that ApexDC can no longer run on all versions of Windows XP, more specifically installations that have not been upgraded with the last available service pack for the operating system (SP3). Unfortunately there is nothing we can do to address this problem and as such Service Pack 3 is the only supported version of XP for ApexDC going forward.
We will continue to provide binaries that can run on Windows XP Service Pack 3 as long as it is technically possible and otherwise feasible for us to do so. However, in practice this means that when it comes to ApexDC all support for Windows XP is likely end sometime later this year. This will also mean that support for old CPU's without SSE2 instructions will end at that time.
Download: ApexDC++ 1.5.12
Update: The release of 1.5.11 has been officially rolled out. Full changelog available now. If you haven't done so yet please head on over to the download page and update your installation of ApexDC right now.
This is a serious security vulnerability in the SSL/TLS library that can result in your private data being compromised without leaving any trace whatsoever. You can check for more specific details from the above links. Most commonly used DC clients are affected by this issue, including ApexDC. Earlier today (April 10th) DC++ released a fixed version but all versions of DC++ from 0.799 to 0.841 and their derivatives are vulnerable. The specific ApexDC versions affected are at least 1.5.3 through 1.5.10.
It is important to note that even if the DC++ base version differs from those listed above a client may still be vulnerable as long as it uses one of affected versions of OpenSSL. There is currently, however, no easy way for users to tell what specific version of OpenSSL is used by a particular client.
Reading this you may be thinking: But, I am not using SSL/TLS at all right, because I am only on NMDC hubs. This is actually not necessarily true because a select set of clients, such as StrongDC and its derivatives, including ApexDC implement an unnamed NMDC extension that allows TLS to be used for client to client connections between supporting clients. Thus making these clients also affected by this issue outside of ADC and ADCS..
Two hours ago, version 1.5.11 of ApexDC was uploaded to SourceForge and is listed as the latest download there. Likewise the download links on this site now also point to those files. Release announcement including full changelog and all that important information will be made available sometime on the 11th, but for now suffice to say 1.5.11 will fix the issue discussed here as well as a set of other issues found in 1.5.10.