@@ -1,6 +1,38 @@

 OpenVPN ChangeLog

 Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net>

+2024.03.20 -- Version 2.6.10

+

+Christoph Schug (1):

+      Update documentation references in systemd unit files

+

+Frank Lichtenheld (6):

+      Fix typo --data-cipher-fallback

+      samples: Remove tls-*.conf

+      check_compression_settings_valid: Do not test for LZ4 in LZO check

+      t_client.sh: Allow to skip tests

+      Update Copyright statements to 2024

+      GHA: general update March 2024

+

+Lev Stipakov (4):

+      win32: Enforce loading of plugins from a trusted directory

+      interactive.c: disable remote access to the service pipe

+      interactive.c: Fix potential stack overflow issue

+      Disable DCO if proxy is set via management

+

+Martin Rys (1):

+      openvpn-[client|server].service: Remove syslog.target

+

+Max Fillinger (1):

+      Remove license warning from README.mbedtls

+

+Selva Nair (1):

+      Document that auth-user-pass may be inlined

+

+wellweek (1):

+      remove repetitive words in documentation and comments

+

+

 2024.02.11 -- Version 2.6.9

 Arne Schwabe (15):

@@ -1,3 +1,54 @@

+Overview of changes in 2.6.10

+=============================

+Security fixes

+--------------

+- CVE-2024-27459: Windows: fix a possible stack overflow in the

+  interactive service component which might lead to a local privilege

+  escalation.

+  Reported-by: Vladimir Tokarev <vtokarev@microsoft.com>

+

+- CVE-2024-24974: Windows: disallow access to the interactive service

+  pipe from remote computers.

+  Reported-by: Vladimir Tokarev <vtokarev@microsoft.com>

+

+- CVE-2024-27903: Windows: disallow loading of plugins from untrusted

+  installation paths, which could be used to attack openvpn.exe via

+  a malicious plugin.  Plugins can now only be loaded from the OpenVPN

+  install directory, the Windows system directory, and possibly from

+  a directory specified by HKLM\SOFTWARE\OpenVPN\plugin_dir.

+  Reported-by: Vladimir Tokarev <vtokarev@microsoft.com>

+

+Bug fixes

+---------

+- Windows: if the win-dco driver is used (default) and the GUI requests

+  use of a proxy server, the connection would fail.  Disable DCO in

+  this case.  (Github: #522)

+

+- Compression: minor bugfix in checking option consistency vs. compiled-in

+  algorithm support

+

+- systemd unit files: remove obsolete syslog.target

+

+User visible changes

+--------------------

+- Update copyright notices to 2024

+

+New features

+------------

+- t_client.sh can now run pre-tests and skip a test block if needed

+  (e.g. skip NTLM proxy tests if SSL library does not support MD4)

+

+Documentation

+-------------

+- remove license warnings about mbedTLS linking (README.mbedtls)

+

+- update documentation references in systemd unit files

+

+- sample config files: remove obsolete tls-*.conf files

+

+- document that auth-user-pass may be inlined

+

+

 Overview of changes in 2.6.9

 ============================

@@ -3,7 +3,7 @@ define([PRODUCT_NAME], [OpenVPN])

 define([PRODUCT_TARNAME], [openvpn])

 define([PRODUCT_VERSION_MAJOR], [2])

 define([PRODUCT_VERSION_MINOR], [6])

-define([PRODUCT_VERSION_PATCH], [.9])

+define([PRODUCT_VERSION_PATCH], [.10])

 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR])

 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]])

 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])