The OpenVPN community project team is proud to release OpenVPN 2.7_rc5.
This is the fifth release candidate for the feature release 2.7.0.
Security fixes:
* CVE-2025-15497: in epoch key handling (an authenticated remote system
can send a valid OpenVPN data packet that triggers an edge case
where a too-strict check would trigger an ASSERT(), exiting OpenVPN)
Important bug fixes since 2.7_rc4:
* remove "resolve --remote on incoming TCP connects on --tcp-server"
code base, because that did not work in a long time (since 2.4) and
is seen as too obscure and too complicated to rescue.
* repair interaction between DCO and persist-tun after reconnection
(in this case the client side would fail to set up the DCO event
handler, and not notice further --ping timeouts - GH: #947)
* remove ENABLE_X509ALTUSERNAME conditional, always enabling
"configure --enable-x509-alt-username". Effectively no change in
code size, and one less build variant to maintain and test (GH:
OpenVPN/openvpn#917).
* require "script-security 2" when using `--dev unix:<program>`
* socks client: fix and improve various code parts
* configure etc: drop support for systemd 216 and older, adapt
other checks to reflect modern systemd setups
* fix unit test building with libcmocka 2.0+
* fix Android build warnings about unused variables/methods
* allow --test-crypto to run without --secret
(prepare for removal of --secret after 2.7)
* improve WolfSSL build compatibility
More details can be found in the Changes document:
<https://github.com/OpenVPN/openvpn/blob/master/Changes.rst>
Source code and Windows installers can be downloaded from our download page:
<https://openvpn.net/community-downloads/>
Packages for Debian, Ubuntu, Fedora, RHEL, and openSUSE are available in the
various
official Community repositories:
<https://community.openvpn.net/Pages/OpenVPN%20software%20repos>
Kind regards,
Yuriy Darnobyt
_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users
