OpenVPN Connect for Windows change log

Release notes for 3.4.4 (3412)

Release date: 8 February 2024

  • Fixed ELECTRON_RUN_AS_NODE vulnerability (CVE-2023-7245). Reported by Mykola Grymalyuk (RIPEDA Consulting)
  • Improved web authentication dialog
  • Fixed issue with environment variable in GUI
  • Fixed issue with empty Device ID reported to VPN server
  • Fixed issue when a system browser doesn't open during authentication with AS SAML on clean installed Windows 11
  • Fixed UI issues in High Contrast mode

Release notes for 3.4.3 (3337)

Release date: 7 December 2023

  • Dropped official support for Windows 8 (may still work but no support is provided for it anymore)
  • Promoted DCO feature to stable (no longer in beta)
  • Fixed security issue CVE-2023-4863 by updating relevant libraries
  • Fixed regression where DNS zones were not applied correctly
  • Improved handling of unwanted route added by Windows operating system
  • Updated handling of browser-based authentication - embedded browser and OPEN_URL no longer supported

Release notes for 3.4.2 (3160)

Release date: 24 August 2023

  • Fixed issue where some antivirus solutions could trigger a false positive report.

Release notes for 3.4.1 (3150)

Release date: 17 August 2023

  • Added support for "all" OS type (Windows and macOS) of environment variables for Access Server
  • Fixed connectivity issue using Dual-Stack IPv6/IPv4
  • Fixed issue where "pull" directive was incorrectly marked as incompatible option
  • Fixed issue where password input could lose focus
  • Various bug fixes and user experience improvements

Release notes for 3.4.0 (3121)

Release date: 10 July 2023

  • Added OpenVPN Data Channel Offload (DCO) support
  • Added support for environment variables for Access Server
  • Added ARM platform support via compatibility mode
  • Added "Security Level" setting
  • Updated OpenVPN 3 library to version 3.8.0
  • Updated OpenSSL library to version 3.0.8
  • Removed onboarding screens
  • Fixed security issue CVE-2022-3761 with checking web certificates during import process. Thanks to Mr. Ka Lok Wu of the Chinese University of Hong Kong for reporting this.
  • Fixed a bug when importing profile from a server with Let’s Encrypt certificate
  • Fixed the issue with numeric pad enter button not working
  • Fixed the issue with the installation process related to a lockfile present in TEMP folder
  • Various bug fixes and user experience improvements

Release notes for 3.3.7 (2979)

Release date: 16 February 2023

  • Updated information exchange for CloudConnexa users.

Release notes for 3.3.6 (2752)

Release date: 22 March 2022

  • OpenSSL updated to 1.1.1n (to address CVE-2022-0778)
  • Minor change for Web Authentication in a system browser

Release notes for 3.3.5 (2717)

Release date: 9 March 2022

  • Added import using Web Authentication in system browser
  • Added reporting of UUID device identifier as UV_UUID parameter

Release notes for 3.3.4 (2600)

Release date: 16 December 2021

  • Resolved a bug when importing CloudConnexa profiles

Release notes for 3.3.3 (2562)

Release date: 17 November 2021

  • Changed Web Auth flow to use external browser for authentication

Release notes for 3.3.2 (2475)

Release date: 7 October 2021

Release notes for 3.3.1 (2222)

Release date: 23 June 2021

  • Resolved a security issue related to OpenSSL configuration (CVE-2021-3613) reported by Xavier Danest

Release notes for 3.3.0 (2171)

Release date: 3 June 2021

  • Updated OpenVPN 3 library to 3.6.2 version.
  • Added captive portal detection: OpenVPN Connect notifies the user when a device is connected to a network with a captive portal enabled. This functionality is enabled by default and can be managed on the Settings screen in the app.
  • Added network loss detection: the VPN connection goes to a “pause” state when a network connection is lost, and automatically resumes the VPN session when the network is up.
  • Added command line interface. Refer to Command Line functionality for OpenVPN Connect.
  • Changes to software update functionality:
    • Added the ability to change the setting of the frequency of software update checks.
    • Added update checks frequency management by the admin using the directive to the profile: 0 is never; 1 is every day; 7 is once a week; and 30 is monthly. When a profile with this directive is bundled into the app, the app setting changes automatically. CONNECTV3_PREFERENCE_UPDATE_FREQUENCY=<0|1|7|30>
    • When a new version of the application is available, it becomes visible in the main menu of the app.
    • Added release notes to notification of application updates.
  • Added support for PKCS11 hardware tokens. Refer to Support of #PKCS11 physical tokens for OpenVPN Connect.
  • Replaced reconnect on reboot setting with launch options. A user can choose multiple options: startup application after OS reboot, connect with the latest connected profile, or connect only if a connection was active during the reboot (previously, behavior of “Reconnect on Reboot” setting).
  • Added external certificates on Windows 7: OpenVPN Connect supports importing and assigning an external PKCS12 identity to a profile for connection in Windows 7.
  • Added an Advanced Settings section. Settings that can break connectivity are hidden in the Advanced Settings section on the Settings screen.
  • Added colorful tray icons. The OpenVPN Connect tray icon with a color indication of connection state can be enabled on the Settings screen (default behavior on Windows 7 and Windows 8).
  • Removed the "force AES-CBC cipher" legacy compatibility option.
  • Various bug fixes and UX improvements.

Release date: 25 February 2021

  • Added support for deep linking and web authentication using system web browser
  • Removed optional wintun driver support

Release date: 30 October 2020

  • Minor changes for Web Auth flow
  • Added reporting UV_APP_VER values to the VPN server
  • Implemented a new way of profile bundling (distribution of MSI and profile as separate files)
  • Fixed an issue where an OpenVPN server could not be reached if it was not reachable through the default gateway
  • Fixed an issue where a large amount of routes pushed to the VPN client would cause the client to fail
  • Fixed issues with the display of the application version

Release date: 26 August, 2020

  • Added reporting UV_ASCLI_VER and UV_PLAT_REL values to the VPN server.
  • Fixed not prompting user for certificate approval under certain conditions.
  • Updated Wintun driver to v0.8.1 that contains a patch for a driver update issue.
  • Added installer routine that ensures presence of a particular Windows hotfix on Windows 7 machines (KB2921916).

Release date: 13 July, 2020

  • This is now a stable release and no longer considered beta software.
  • As part of the transition from Mbed TLS to OpenSSL the list of negotiable TLS cipher suites no longer includes weak cipher suites that lack forward secrecy support (DH/ECDH)
  • Switchover from Mbed TLS library to OpenSSL library
  • Support of TLS 1.3 version
  • Support signing with RSA-PSS signatures during TLS handshake
  • Update of OpenVPN3 library to OpenVPN core 3.5.6 version
  • Optional WinTun driver is available during installation
  • Implemented possibility to run VPN connection as system service
  • Improved stability and performance

  • Updated MbedTLS to 2.7.13 to resolve a security issue (CVE-2019-18222)

  • Fixed a failure of installation process on some operating systems with non-English localization

  • Implemented a fix for a security issue related to the location of installation files (CVE-2020-9442)

  • New profile import flow with WebAuth support
  • Added EULA license during installation
  • Added .ovpn file association
  • Added possibility to connect without external certificate when the client certificate is not required
  • Fixed connection with DUO authentication service
  • Fixed connection via server-locked profile with 2FA
  • Fixed proxy basic authentication
  • Fixed issue with long client-side scripts
  • Fixed issue with unquoted path privilege escalation reported by Yogesh Prasad (CVE-2014-5455)

  • New unified UI with 2 color scheme options
  • Dropped support of MD5 algorithm
  • Disabled tunnel compression by default (could be enabled back in the app settings)
  • Ability to add proxies for connection from within the app
  • Ability to manage external certificates directly from within the app (except in Windows 7 for the moment)
  • Separate screen with extended statistics of connection session
  • Log File with options to pause/resume, clear and save logs for sharing
  • Plenty of other settings like reconnect on reboot, seamless tunnel, IP/TLS versions etc.
  • Ability to create connect and disconnect shortcuts.