Page 1 of 1

OpenVPN 2.4.11 released

Posted: Wed Apr 21, 2021 9:57 am
by samuli
The OpenVPN community project team is proud to release OpenVPN 2.4.11. It fixes two related security vulnerabilities (CVE-2020-15078) which under very specific circumstances allow tricking a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup. This release also includes other bug fixes and improvements. Updated OpenSSL and OpenVPN GUI are included in Windows installers.

A summary of the changes is available in Changes.rst, and a full list of changes is available here.

Source code and Windows installers can be downloaded from our download page. Debian and Ubuntu packages are available in the official apt repositories.

I you need help with this release please refer to our Getting help Wiki article.