Release notes for 1.1.

OpenVPN Connect Release notes for 1.1.16 build 74

Changes between 1.1.15 and 1.1.16:

* Fixed issue where context menu for profile delete, rename,
etc. functionality was missing on Android 5 "Lollipop"
devices.  To bring up the context menu, touch the
new edit button located to the right of the profile selector.

* App now includes an optimized build for new ARM64 devices.

* Updated icons to support higher display resolutions.

* Added Exclude Routes Emulation feature, for handling
"net_gateway" routes.

* Added Minimum TLS version preference.

* Fixed Android 5 issue where tapping on notification
failed to bring app to the foreground.

Known issues:

* Android 5.0.1 -- known bugs in Android ConnectivityManager may affect
network pause/resume/failover in the app.

OpenVPN Connect Release notes for 1.1.15 build 62

Changes between 1.1.14 and 1.1.15:

* Updated PolarSSL to fix CVE-2015-1182.

* The "Force AES-CBC ciphersuites" setting is now off by
default.  If you experience connection issues with this change,
you can easily turn it back on via the Preferences menu.

* Added AES-GCM cipher support.

* Library updates:
PolarSSL : 1.3.9a
Boost : 1.57.0

OpenVPN Connect Release notes for 1.1.14 build 56

Changes between 1.1.13 and 1.1.14:

* Disable "Seamless Tunnel" feature for devices running API level 19 (Android KitKat 4.4 - 4.4.2).

* Added CRL support (crl-verify directive).

* Updated PolarSSL to 1.3.7.

OpenVPN Connect Release notes for 1.1.13 build 53

Changes between 1.1.12 and 1.1.13:

* Known issue: Android 4.4 has many issues with VPN API. Be aware of these issues before you consider upgrading to 4.4:

https://code.google.com/p/android/issues/list?can=2&q=VpnService&colspec=ID+Type+Status+Owner+Summary+Stars&cells=tiles

* In addition to the standard OpenVPN core build for Android, we've added a new core build optimized for ARMv7-A processors. Newer devices will automatically select this build.

* Updated Android SDK, NDK:

SDK: adt-bundle-mac-x86_64-20131030

NDK: android-ndk-r9c

* Updated PolarSSL to 1.2.10.

* Known issue: In Android 4.4, the Android VPN API was modified so that VPN routes have absolute priority, even over local interfaces with more specific routes.  This change affects all VPN apps that use the Android VPN API.

* Added app flag android:allowBackup="false" to prevent app data such as profiles and encrypted credentials from being backed up.  This is seen as a security safeguard to prevent an attacker with physical access to the device from being able to easily extract profiles or encrypted credentials through Android's standard backup capabilities.

* Added new dialog that appears before the Android certificate selection dialog that allows profile to be connected without a client certificate, or allows user to continue (as before) to Android certificate selection dialog.

* Added "Force AES-CBC ciphersuites" preference.  This option constrains the OpenVPN TLS negotiation to one of two standard AES-CBC ciphersuites and is provided as a compatibility option when connecting to servers that use legacy SSL implementations.

* Added support for "http-proxy" and "http-proxy-option" directives in the profile.  Note that these directives are currently only supported in the main profile, outside of <connection> blocks. Also note that OpenVPN proxy settings set through the UI always have priority over proxy directives given in the profile.

* Added additional PKCS#1 signature methods.  This may fix an issue where the following error is seen in the log:

"PolarSSLContext::epki_sign unrecognized parameters, mode=1 hash_id=11 hashlen=32"

* Allow importing of profiles where auth-user-pass directive references an external creds file.

* Allow importing of profiles originally created for Windows that reference external files (such as ca, cert, and key directives)

using paths that contain backslashes as path separators.

* Added LZ4 compression support.

* Report client app name/version to server via IV_GUI_VER parameter.