| Version | Change log |
| OpenVPN 2.6.13 I001 Jan 16, 2025 |
Feature changes: on non-windows clients (MacOS, Linux, Unix) send "release" string from uname() call as IV_PLAT_VER to server - while highly OS specific this is still helpful to keep track of OS versions used on the client side (#637) Windows: protect cached username, password and token in client memory (using the CryptProtectMemory() windows API) Windows: use new API to get dco-win driver version from driver (newly introduced non-exclusive control device) (OpenVPN/ovpn-dco-win#76) Linux: pass --timeout=0 argument to systemd-ask-password, to avoid default timeout of 90 seconds ("console prompting also has no timeout") (#649) Security fixes: improve server-side handling of clients sending usernames or passwords longer than USER_PASS_LEN - this would not result in a crash, buffer overflow or other security issues, but the server would then misparse incoming IV variables and produce misleading error messages. Notable bug fixes: FreeBSD DCO: fix memory leaks in nvlist handling (#636) purge proxy authentication credentials from memory after use (if --auth-nocache is in use) |
| OpenVPN 2.6.12 I001 Jul 18, 2024 |
Bug fixes: the fix for CVE-2024-5594 (refuse control channel messages with nonprintable characters) was too strict, breaking user configurations with AUTH_FAIL messages having trailing CR/NL characters. This often happens if the AUTH_FAIL reason is set by a script. Strip those before testing the command buffer (github #568). Also, add unit test. Http-proxy: fix bug preventing proxy credentials caching (trac #1187) Windows MSI changes since 2.6.11: Built against OpenSSL 3.3.1 Included openvpn-gui updated to 11.50.0.0 Update Italian language (github #696) |
| OpenVPN 2.6.11 Jun 24, 2024 | |
| OpenVPN 2.6.10 Mar 20, 2024 | |
| OpenVPN 2.6.9 Feb 13, 2024 | |
| OpenVPN 2.6.8 Nov 19, 2023 | |
| OpenVPN 2.6.7 Nov 10, 2023 | |
| OpenVPN 2.6.6 Aug 18, 2023 | |
| OpenVPN 2.6.5 Jun 14, 2023 | |
| OpenVPN 2.6.4 May 11, 2023 |
