[Openvpn-devel] OpenVPN 2.7_rc2 released

Tue, 18 Nov 2025 10:51:25 -0800 

The OpenVPN community project team is proud to release OpenVPN 2.7_rc2.

This is the second release candidate for the feature release 2.7.0.

Security fixes:

* CVE-2025-12106: IPv6 address parsing: fix buffer overread on invalid input
* CVE-2025-13086: HMAC verification check: fix incorrect memcmp() call

Important bug fixes since 2.7_rc1:

* even more type conversion related warnings have been fixed
* DCO FreeBSD improvements:
    * improving debug messages (verb 6)
    * implement client-side counter handling
    * repair --inactive (and document shortcomings)
    * repair handling of DCO disconnection notifications in --client mode
* Windows/Service improvements, hardening, bugfixes
    * fix DNS address list generation (if 3 or more --dns addresses in use)
    * fix DNS server undo_list
    * disallow "stdin" as config name unless user has OpenVPN admin privs
    * fix compilation errors with MSVC v19
    * iservice: improve validation of config path (pathcc lib)
         * [NOTE: this breaks OpenVPN compatibility with Windows 7]
    * tapctl: refactor, improve output, change driver default to ovpn-dco
    * iservice: when restoring iface metrics, enforce correct ifindex
* improve cmocka unit test assert() handling
* PUSH_UPDATE server: fix reporting of client IPs in ``status`` output after 
pushing a new IPv4/IPv6 address to client
* AEAD cipher safety margins: fix calculation of AEAD blocks in use (old code 
would undercount blocks)
* fix invalid pointer creation / memory overread in tls_pre_decrypt
* deprecate ``--opt-verify`` (change into no-op + warning)

More details can be found in the Changes document:

<https://github.com/OpenVPN/openvpn/blob/master/Changes.rst>

Source code and Windows installers can be downloaded from our download page:

<https://openvpn.net/community-downloads/>

Packages for Debian, Ubuntu, Fedora, RHEL, and openSUSE are available in the 
various
official Community repositories:

<https://community.openvpn.net/Pages/OpenVPN%20software%20repos>

Kind regards,
Yuriy Darnobyt
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel














    











					Reply via email to