On Mon, 2022-04-18 at 17:01 +0000, Harrison, Samantha R CIV (USA) wrote: > Hello, > > Do you have a webpage or chart that describes end-of-life dates for various > versions of Openconnect? I am working to get Openconnect approved for my > work environment, and doing so requires some proof of vendor support.
Hi, OpenConnect development just isn't really that exciting, and it's generally best to just use the latest version. We strive for compatibility with various proprietary vendors' VPN protocols, and most of the bugs we have are around that compatibility — having to add new functionality as VPN servers get upgraded to new versions, and users need to use new features especiallty for authentication (for example, they're all upgrading to SAML these days). Since those are *features* rather than strictly bug fixes, they generally wouldn't be candidates for backporting to an older release branch *anyway*. But they're just as important for users who can't continue to use OpenConnect without the ugprade. We also operate in an unprivileged mode when run in the recommended integrated configuration — unlike many of the VPN vendors' own proprietary third-party tools which run various parts as root. Which means our security exposure for actual *bugs* of that kind is lower. Overally this means that I think we've basically done a 'bugfix release' that isn't from the master branch only *once* in OpenConnect's history; the v5.03 release while we were working on a bunch of new things in master which eventually became v6.00. That said, OpenConnect is also packaged as an integrated part of most major Linux distributions, and *they* have policies about not "upgrading to a new major version" within the lifetime of a given version of the distribution, regardless of the above reasons why they probably ought to do so. So the distribution vendor generally does backport any necessary fixes (and sometimes, if I can persuade them, functionality improvements) to the packages that they ship. So Fedora 34, for example, is still on OpenConnect 8.10 but has a couple of patches on top: https://src.fedoraproject.org/rpms/openconnect/tree/f34 Ultimately, the answer to your question is that OpenConnect as part of a given Linux distribution is supported for as long as that distribution is. If your question was about OSX, Windows, Android, *BSD or other supported platforms... let me know and I'll try to answer more usefully :)
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
