If you believe you have found a vulnerability or security issue in one of our OpenVPN products, we appreciate a report with the related details.
Such reports should be sent ENCRYPTED to firstname.lastname@example.org using our PGP key with the fingerprint: F554 A368 7412 CFFE BDEF E0A3 12F5 F7B4 2F2B 01E7
We do acknowledge that it may in some cases take time before a release is made available. There are various reasons for that, which is related to vulnerability severity and how that is related to ongoing release work and how many products the issue may affect. This is not an attempt from us to delay a resolution but to ensure the required modifications have the proper quality, resolve the issue, and do not introduce regressions.
We thank you for being patient and for working with us towards a resolution.