Changes.rst has not received an "2.7_beta2" section - it has the
"highlevel" overview of what is new in 2.7, but for alpha/beta releases
it's better to look at git log to see what has been added/fixed.
Notable changes beta1 -> beta2 are:
- even more of signed/unsigned related warnings have been fixed
- #pragmas have been added to all to-be-fixed source files, so we can
now always enable -Wconversion to see if new code brings new warnings
(and the CI infra builds with -Werror)
- add proper input sanitation to DNS strings to prevent an attack
coming from a trusted-but-malicous OpenVPN server (CVE: 2025-10680,
affects unixoid systems with --dns-updown scripts and windows using
the built-in powershell call)
- greatly improved event log handling for the Windows interactive service
- this brings build system changes and a new openvpnservmsg.dll
- bugfixes when using multi-socket on windows
(properly recognize that TCP server mode does not work with DCO,
properly handle TCP multi-socket server setups without DCO)
- bring back configuring of IPv4 broadcast addresses on Linux
(also backported to 2.6.15)
- Rename Fox Crypto to Sentyron in copyright notices
- Switch test_ssl certificate from RSA 2048 to secp384r1
(so "make check" runs with OpenSSL set to @SECLEVEL=3)
- repair "--dhcp-option DNS" setting in combination with DHCP (TAP)
or --up scripts (GH issue #839, #840)
- clean up MI prefix handling
- replace all assert() calls with OpenVPN ASSERT()
projects / thirdparty / openvpn.git / commit
