Features Pricing Explore Docs

Sign In Get Started

Unclaimed project

Are you a maintainer of openvpn? Claim this project to take control of your public changelog and roadmap.

Claim this project

Changelog

openvpn

OpenVPN is an open source VPN daemon

OpenVPN/openvpn·

13k3.3kCNOASSERTION

securityvpn

Last updated 4 days ago

Changelog Roadmap

Product

Features
Pricing
Templates
Explore

Compare

vs Beamer
vs Canny
vs LaunchNotes

Resources

Documentation
Blog
About

Legal

Privacy
Terms

© 2026 AnnounceHQ. All rights reserved.

More C Projects

scrcpy

Display and control your Android device

C

netdata

The fastest path to AI-powered full stack observability, even for lean teams.

C

redis

For developers, who are building real-time data-driven applications, Redis is the preferred, fastest, and most feature-rich cache, data structure server, and document and vector query engine.

C

curl

A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, MQTTS, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS and WSS. libcurl offers a myriad of powerful features

View all C projects →

v2.6.16 - openvpn Release Notes | AnnounceHQ

Back to changelog

NewNovember 18, 2025

v2.6.16

Security fixes:

CVE-2025-13086: Fix memcmp check for the hmac verification in the 3way handshake. This bug renders the HMAC based protection against state exhaustion on receiving spoofed TLS handshake packets in the OpenVPN server inefficient.

Bug fixes:

fix invalid pointer creation in tls_pre_decrypt() - technically this is a memory over-read issue, in practice, the compilers optimize it away so no negative effects could be observed.
Windows: in the interactive service, fix the "undo DNS config" handling.
Windows: in the interactive service, disallow using of "stdin" for the config file, unless the caller is authorized OpenVPN Administrator
Windows: in the interactive service, change all netsh calls to use interface index and not interface name - sidesteps all possible attack avenues with special characters in interface names.
Windows: in the interactive service, improve error handling in some "unlikely to happen" paths.

auth plugin/script handling: properly check for errors in creation on $auth_failed_reason_file (arf).

for incoming TCP connections, close-on-exec option was applied to the wrong socket fd, leaking socket FDs to child processes.

sitnl: set close-on-exec flag on netlink socket

ssl_mbedtls: fix missing perf_pop() call (optional performance profiling)

Windows Client: Community MSI installer for Windows client can be found at Community Downloads.

Linux Packages: Instructions for installing community-maintained Linux packages can be found in the Community Wiki.

Full Changelog: https://github.com/OpenVPN/openvpn/compare/v2.6.15...v2.6.16