In an article [1], OpenVPN developer Gert Doering is quoted as saying: "What you want to do from OpenVPN’s point of view is to ensure that you’re not using a 2.2.x version anymore, *and* that you just do not run your scripts using bash"
Is there a problem with 2.2.1 generally, or just with the Windows versions? I assumed from Gert's quote that 2.2.1 is vulnerable (to something), so I removed it from the most recent version of Tunnelblick so it includes only 2.3.4. But that is causing problems for a few users [2], [3], so I may add it back in the next release if it is "safe". (Tunnelblick can contain multiple versions of OpenVPN; the user chooses which one to use.) But was Gert really warning not to use the **Windows** versions of 2.2.x (because of the Heartbleed vulnerability in the OpenSSL built into the Windows versions)? [1] http://threatpost.com/openvpn-vulnerable-to-shellshock-bash-vulnerability [2] https://groups.google.com/d/msg/tunnelblick-discuss/E3lvdPP7JK4/UB_mKxcz9xcJ [3] https://groups.google.com/forum/#!msg/tunnelblick-discuss/iYhhM5RRWYI/2j6mL0s-11cJ ------------------------------------------------------------------------------ Slashdot TV. Videos for Nerds. Stuff that Matters. http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
