OpenVPN ChangeLog
Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>
+2025.09.04 -- Version 2.7_beta1
+
+Arne Schwabe (1):
+ Check message id/acked ids too when doing sessionid cookie checks
+
+Frank Lichtenheld (27):
+ Update text of GPL to latest version from FSF
+ Update GPL header in all source files to current recommended version
+ Define a .clang-format file for the project
+ Disable clang-format for some code parts
+ Update git-pre-commit-uncrustify.sh to handle clang-format
+ GHA: enable -Werror for mbedTLS v3 and AWS LC builds
+ Reformat the whole project with clang-format
+ Fix build error with clang-cl on latest Windows SDK
+ clang-format: Switch to ColumnLimit 0
+ Add clang-format reformat commit to .git-blame-ignore-revs
+ Remove uncrustify config and reformat-all.sh
+ buffer: remove unused function buf_write_alloc_prepend
+ t_client.sh: Do not wait 3 seconds for OpenVPN to come up
+ Collect trivial conversion fixes
+ options: Fix --hash-size virtual argument
+ Clean up documentation for --tun-mtu-max
+ comp: Make sure comp flags are treated as unsigned
+ crypto: Make sure crypto flags are treated as unsigned
+ options: Make sure option types are treated as unsigned
+ route: Make sure various route flags are treated as unsigned
+ socket: Create socket_util with non-socket functions
+ Add new unit test module test_socket
+ socket_util: Clean up conversion warnings in add_in6_addr
+ manage: Make sure various management flags are treated as unsigned
+ forward: Make sure pip flags are treated as unsigned
+ options: Introduce atoi_constrained and review usages of atoi_warn
+ ssl_openssl: Fix type of sslopts argument to SSL_CTX_set_options
+
+Gert Doering (3):
+ Remove use of 'dh dh2048.pem' from sample configs, remove 'dh2048.pem' file
+ Introduce env variables to communicate desired gateway redirection to NM.
+ OpenVPN Release 2.7_beta1
+
+Gianmarco De Gregori (1):
+ dco: avoid printing mi prefix on debug messages
+
+Heiko Hund (1):
+ dns: fix systemd dns-updown script
+
+Ilia Shipitsin (1):
+ GHA: limit 'Deploy Doxygen documentation' to main repo only
+
+Lev Stipakov (3):
+ Log setting DNS via NRPT
+ dco-win: add support for multipeer stats
+ Refactor management bytecount tracking
+
+Marco Baffo (1):
+ PUSH_UPDATE message sender: enabling the server to send PUSH_UPDATE control messages
+
+Ralf Lici (3):
+ management: resync timer on bytecount interval change
+ dco_linux: validate tun interface before fetching stats
+ management: stop bytecount on client disconnection
+
+Samuli Seppänen (2):
+ Add sample FFDH parameters file and use that in t_server_null tests
+
+
2025.07.31 -- Version 2.7_alpha3
Antonio Quartulli (10):
implementation for OpenVPN 2.x is still under development.
See also: https://openvpn.github.io/openvpn-rfc/openvpn-wire-protocol.html
+PUSH_UPDATE server support (minimal)
+ new management interface commands ``push-update-broad`` and
+ ``push-update-cid`` to send PUSH_UPDATE option updates to all
+ clients ("there is a new DNS server") or only a specific client ID
+ ("privileges have changed, here's a new IP address"). See
+ doc/management-notes.txt
+
Support for user-defined routing tables on Linux
see the ``--route-table`` option in the manpage
PQE support for WolfSSL
+Two new environment variables have been introduced to communicate desired
+ default gateway redirection to plugins like Network Manager,
+ ``route_redirect_gateway_ipv4`` and ``route_redirect_gateway_ipv6``.
+ See the "Environmental Variables" section in the man page
+
Deprecated features
-------------------
server pushes DCO incompatible options), use the ``--disable-dco``
option.
+- Apply more checks to incoming TLS handshake packets before creating
+ new state - namely, verify message ID / acked ID for "valid range for
+ an initial packet". This fixes a problem with clients that float
+ very early but send control channel packet from the pre-float IP
+ (Github: OpenVPN/openvpn#704).
+
+- Use of ``--dh dh2048.pem`` in all sample configs has been replaced
+ with ``--dh none``. The ``dh2048.pem`` file has been removed, and
+ has been replaced with ``ffdhe2048.pem`` for the benefit of the
+ t_server_null test (to test all variants of ``--dh``).
+
+- the startup delay in ``t_client.sh`` has been reduced from 3s to 1s,
+ making a noticeable difference for setups with many tests.
+
+- changed from using ``uncrustify`` for code formatting and pre-commit checks
+ to ``clang-format``. This reformatted quite a bit of code, and requires
+ that regular committers change their pre-commit checks accordingly.
+
Overview of changes in 2.6
==========================
define([PRODUCT_TARNAME], [openvpn])
define([PRODUCT_VERSION_MAJOR], [2])
define([PRODUCT_VERSION_MINOR], [7])
-define([PRODUCT_VERSION_PATCH], [_alpha3])
+define([PRODUCT_VERSION_PATCH], [_beta1])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])
projects / thirdparty / openvpn.git / commitdiff
