It's only changing the default setting after install. By default, UPnP is enabled, so the web interface may be enabled to the public with default creds. Attackers have been using this to run arbitrary executables for the past year or two.
Users can still choose to enable it. Either through the UI or config file. In the headless install (qbittorrent-nox), users can change it via the web interface locally or through the config file. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2071493 Title: UPnP should be turned off by default on focal & jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qbittorrent/+bug/2071493/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
