Our latest release blocked a class of VPN leaks via multicast packets discovered by our community. Unfortunately, end-of-life Pixel 4a (5G), Pixel 5 and Pixel 5a have an upstream kernel bug that's causing it to break compatibility with IPv6-only carriers. We're dealing with it.
We're hardly getting any testing feedback for the end-of-life devices which led to this issue slipping into the Stable channel. Our extended support for 5th gen devices will become legacy extended support after Android 15 meaning they won't get these kinds of changes anymore.
Our extended support releases have only ever been planned for the legacy Pixel 5a and earlier with less than 5 years of support from launch. We provide extended support until the first yearly release not supporting them and then switch to a legacy extended support branch.
We likely should have only provided legacy extended support releases via a legacy branch as soon as devices were end-of-life. Extended support encourages people to stick with insecure end-of-life devices and lead to regressions like this but we caught previous ones before Stable.
We're providing one final extended support release for 5th generation Pixels reverting these changes and then they're becoming legacy extended support. This would have happened in October with the stable release of Android 15 regardless, so it makes very little difference.
Separately from this, our multicast leak prevention is causing minor app compatibility issues due to apps trying to use multicast when a VPN is enabled with leak blocking and then not catching the SecurityException which the low-level EPERM error is being converted into for them.
We'll be making a release today reverting our multicast leak prevention for all devices and will begin work fixing the minor app compatibility issues to ship it again.
5th gen will be switched to legacy extended support a few weeks early to work around the old Linux kernel bugs.
Main app compatibility issue is with the DuckDuckGo app's "App Tracking Prevention" feature based on a VPN service. If you use that feature and upgraded to our cancelled 2024091700 release, that's the issue you're having. Likely an app bug, but we'll make sure it works next time.
There may also be compatibility issues with IPv6-only Wi-Fi networks. We're working on resolving this too. We were treating this as security patches and unfortunately we didn't get any reports of any app or network compatibility issues during the 20 hours of public Beta testing.