The OpenVPN community project team is proud to release OpenVPN 2.4.9. It can be downloaded from here:
<https://openvpn.net/community-downloads/> This is primarily a maintenance release with bugfixes and improvements. This release also fixes a security issue (CVE-2020-11810, trac #1272) which allows disrupting service of a freshly connected client that has not yet not negotiated session keys. The vulnerability cannot be used to inject or steal VPN traffic. A summary of all included changes is available here: <https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst> A full list of changes is available here: <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24> Please note that LibreSSL is not a supported crypto backend. We accept patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if newer versions of LibreSSL break API compatibility we do not take responsibility to fix that. Also note that Windows installers have been built with NSIS version that has been patched against several NSIS installer code execution and privilege escalation problems: <https://community.openvpn.net/openvpn/wiki/NSISBug1125> Based on our testing, though, older Windows versions such as Windows 7 might not benefit from these fixes. We thus strongly encourage you to always move NSIS installers to a non-user-writeable location before running them. Our long-term plan is to migrate to using MSI installers instead. Compared to OpenVPN 2.3 this is a major update with a large number of new features, improvements and fixes. Some of the major features are AEAD (GCM) cipher and Elliptic Curve DH key exchange support, improved IPv4/IPv6 dual stack support and more seamless connection migration when client's IP address changes (Peer-ID). Also, the new --tls-crypt feature can be used to increase users' connection privacy. OpenVPN GUI bundled with the Windows installer has a large number of new features compared to the one bundled with OpenVPN 2.3. One of major features is the ability to run OpenVPN GUI without administrator privileges. For full details, look here: <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24> The new OpenVPN GUI features are documented here: <https://github.com/OpenVPN/openvpn-gui> Please note that OpenVPN 2.4 installers will not work on Windows XP. For generic help use these support channels: Official documentation: <http://openvpn.net/index.php/open-source/documentation/howto.html> Wiki: <https://community.openvpn.net> Forums: <https://forums.openvpn.net> User mailing list: <http://sourceforge.net/mail/?group_id=48978> User IRC channel: #openvpn at irc.freenode.net Please report bugs and ask development questions here: Bug tracker and wiki: <https://community.openvpn.net> Developer mailing list: <http://sourceforge.net/mail/?group_id=48978> Developer IRC channel: #openvpn-devel at irc.freenode.net (requires Freenode registration) Samuli
Antonio Quartulli (1):
socks: use the right function when printing struct openvpn_sockaddr
Arne Schwabe (3):
Fetch OpenSSL versions via source/old links
Fix OpenSSL error stack handling of tls_ctx_add_extra_certs
Fix OpenSSL 1.1.1 not using auto elliptic curve selection
Gert Doering (1):
Preparing release v2.4.9 (ChangeLog, version.m4, Changes.rst)
Lev Stipakov (4):
Fix broken fragmentation logic when using NCP
Fix building with --enable-async-push in FreeBSD
Fix broken async push with NCP is used
Fix illegal client float (CVE-2020-11810)
Maxim Plotnikov (1):
OpenSSL: Fix --crl-verify not loading multiple CRLs in one file
Santtu Lakkala (1):
Fix OpenSSL private key passphrase notices
Selva Nair (7):
Swap the order of checks for validating interactive service user
Move querying username/password from management interface to a function
When auth-user-pass file has no password query the management interface
(if available).
Fix possibly uninitialized return value in GetOpenvpnSettings()
Fix possible access of uninitialized pipe handles
Skip expired certificates in Windows certificate store
Allow unicode search string in --cryptoapicert option
Tom van Leeuwen (1):
mbedTLS: Make sure TLS session survives move
WGH (1):
docs: Add reference to X509_LOOKUP_hash_dir(3)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
