The OpenVPN community project team is proud to release OpenVPN 2.4.11. It fixes two related security vulnerabilities (CVE-2020-15078) which under very specific circumstances allow tricking a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup. This release also includes other bug fixes and improvements. Updated OpenSSL and OpenVPN GUI are included in Windows installers.
A summary of the changes is available in Changes.rst, and a full list of changes is available here.
Source code and Windows installers can be downloaded from our download page. Debian and Ubuntu packages are available in the official apt repositories.
I you need help with this release please refer to our Getting help Wiki article.
Announcements from OpenVPN involving bugs, updates, and new features.
1 post • Page 1 of 1