Release notes for OpenVPN Connect on macOS

Dropped support of 10.13 High Sierra and 10.14 Mojave MacOS versions.

Implemented Device Posture Checks feature. (Businesses can now ensure that only devices that meet certain security standards access the network. This can help protect the network from unauthorized access and malware infections.)

Forced re-authentication support was added (interrupts VPN connection after x number of hours and forces user to re-authenticate).

Enhanced DNS stability and productivity.

Connection through proxy with basic auth is now allowed only with an “Insecure” security level.

Introduced support for external EC (elliptic serves signature algorithms) certificates.

Certificate validation added on Connection(not allowed to connect with expired certificates).

The “Import Profiles” screen has been updated.

Fixed an issue when the ARM version of the application didn't start.

Fixed the problem with routing to the 128.0.0.0/1 subnet.

The "Allow IPv6" setting is now changed to "Block IPv6" to better understand the setting's behavior.

The app now supports the CMD + W combination to close.

Other minor fixes and improvements.

Fixed an issue where users could not establish a VPN connection when connecting through a hotspot from an iOS device.

Fixed ELECTRON_RUN_AS_NODE vulnerability (CVE-2023-7245). Reported by Mykola Grymalyuk (RIPEDA Consulting).

Fixed an issue with an environment variable in GUI.

Fixed security issue CVE-2023-7224 regarding local code injection. This issue was reported by LOURCODE and Fatih ERDOĞAN.

Enabled a watchdog function to ensure DNS settings are kept intact.

Dropped support of OSX El Capitan and OSX Sierra.

Fixed security issue CVE-2023-4863 by updating relevant libraries.

Fixed regression where DNS zones were not applied correctly.

Updated handling of browser-based authentication — embedded browser and OPEN_URL no longer supported.

Fixed regression of wrong IV_HWADDR value in version 3.4.3.

Fixed issue where "pull" directive was incorrectly marked as incompatible option.

Added support for "all" OS type (Windows and macOS) of environment variables for Access Server.

Added support for environment variables for Access Server.

Added "Security Level" setting.

Updated OpenVPN 3 library to version 3.8.1.

Updated OpenSSL library to version 3.0.8.

Removed onboarding screens.

Fixed a bug when importing profile from a server with Let’s Encrypt certificate.

Fixed the issue with numeric pad enter button not working.

Fixed the issue with log screen scrolling in opposite direction.

Various bug fixes and user experience improvements.

Updated information exchange for CloudConnexa users.

Enabled a watchdog function to ensure DNS settings are kept intact.

Dropped support of OSX Yosemite.

Fixed security issue CVE-2022-3761 with checking web certificates during import process. Thanks to Mr. Ka Lok Wu of the Chinese University of Hong Kong for reporting this.

Fixed a bug when importing profile from a server with Let’s Encrypt certificate.

Added support for Apple Silicon chipset.

Added setting hide or show the icon in the Dock.

Added confirmation dialog during connection with external web authentication.

Fixed reporting of OpenVPN3 version as IV_VER variable.

Fixed issue with multiple notifications on macOS Ventura.

Fixed profile bundling on macOS 12.3.

OpenSSL updated to 1.1.1n (fix for CVE-2022-0778).

Fixed installation issue on macOS 12.3.

Minor change for Web Authentication in a system browser.

Known issue: bundled profiles do not work on macOS 12.3 - this is fixed in 3.3.6 release.

Added import using Web Authentication in system browser.

Added reporting of UUID device identifier as UV_UUID parameter.

Resolved a bug when importing CloudConnexa profiles.

Changed Web Auth flow to use external browser for authentication.

Fixed issue with application launch on macOS Monterey.

Dropped support of OSX Mavericks.

Added command line interface. Refer to Command-line Functionality (Windows) or Command-line Functionality (macOS).

Added support for PKCS11 hardware tokens. Refer to Connect and Authorize Hardware Tokens.

Updated OpenVPN 3 library to 3.6.3 version.

Added captive portal detection.

Added new functionality for software updates.

Replaced reconnect on reboot setting with launch options.

Added an Advanced Settings section.

Added colorful tray icons to show connection status.

Removed the “force AES-CBC cipher” legacy compatibility option.

Various bug fixes and UX improvements.

Fixed log file symlink creation process during install (CVE-2020-15075).

Added support for deep linking and web authentication using system web browser.

Bugfix for upgrade scenarios where a connection with a saved password might not work.

Fixed a bug when using 'Import from URL' with an OpenVPN Access Server.

Updated digital signatures.

This version adds support for OS X Big Sur.

Minor changes to the Web Auth flow.

Added reporting UV_APP_VER values to the VPN server.

Fixed issues with the display of the application version.

Minor fixes for OSX Big Sur.

Added reporting UV_ASCLI_VER and UV_PLAT_REL values to the VPN server.

Fixed not prompting user for certificate approval under certain conditions.

Fixed incorrect hardware address reporting.

As part of the transition from Mbed TLS to OpenSSL the list of negotiable TLS cipher suites no longer includes weak cipher suites that lack forward secrecy support (DH/ECDH).

Switchover from Mbed TLS library to OpenSSL library.

Support of TLS 1.3 version.

Support signing with RSA-PSS signatures during TLS handshake.

Update of OpenVPN3 library to OpenVPN core 3.5.6 version.

Improved stability and performance.

Updated MbedTLS to 2.7.13 to resolve a security issue (CVE-2019-18222).

New profile import flow with WebAuth support.

Added EULA license during installation.

Added .ovpn file association.

Added possibility to connect without external certificate when the client certificate is not required.

Fixed app crash when UI stucks with blank screen.

Fixed multiple re-connections in sleep mode.

Fixed connection with DUO authentication service.

Fixed connection via server-locked profile with 2FA.

Fixed issue with DNS configurations after disconnect.

Fixed proxy basic authentication.

Fixed issue with long client-side scripts.

Fixed a problem where the program would not respond properly during network unavailability.

Fixed profile import with server certificate expired or self-signed — added ability to accept or reject such certificate despite this problem.

Fixed password clearing during profile edit.

Fixed parsing of ca.crt as a separate file.

Fixed auth fail when username is not locked.

Showing proper core version in the connection logs.

Added descriptive error message for connection attempt via TAP-based profiles.

Fixed behavior of connection timeout with network unavailable.

Fixed connection logic via server-locked profile for users without auto-login privilege.

Fixed profiles sorting in tray by last connected.

Fixed static-challenge response logic.

Added confirmation on dialogs by enter key.

Added custom error message for users who trying to import auto-login profile without privilege.

Changed tray icon in order to show VPN connection status.

Changed order of settings in tray to be more logical.

Updated installer texts so the product name is mentioned properly.

This version drops support for macOS 10.8 Mountain Lion.

Dropped support of MD5 algorithm.

New unified UI with 2 color scheme options.

Disabled tunnel compression by default (could be enabled back in the app settings).

Ability to add proxies for connection from within the app.

Ability to manage external certificates directly from within the app.

Separate screen with extended statistics of connection session.

Log File with options to pause/resume, clear and save logs for sharing.

Plenty of other settings like reconnect on reboot, seamless tunnel, IP/TLS versions etc.