May 31, 2009 | ||
---|---|---|
View d7fa38f
Update copyright to 2009.james authored on 2009/05/31 06:38:49 |
November 20, 2008 | ||
---|---|---|
View 7bb9f5a
Fixed issue introduced in 2.1_rc14 that may cause a segfault when a --plugin module is used.james authored on 2008/11/20 03:07:52 |
November 17, 2008 | ||
---|---|---|
View a828135
* Added additional method parameter to --script-security to preserve backward compatibility with system() call semantics used in OpenVPN 2.1_rc8 and earlier. To preserve backward compatibility use:james authored on 2008/11/17 13:28:07 |
October 15, 2008 | ||
---|---|---|
View 51f7b84
Added additional warning messages about --script-security 2 or higher being required to execute user-defined scripts or executables.james authored on 2008/10/15 17:20:21 |
October 6, 2008 | ||
---|---|---|
View 367ed08
Copyright notice changed to reflect change in name of Telethra to OpenVPN Technologies.james authored on 2008/10/06 16:33:45 |
September 30, 2008 | ||
---|---|---|
View bb564a5
Management interface can now listen on a unix domain socket, for example:james authored on 2008/09/30 15:11:38 |
September 6, 2008 | ||
---|---|---|
View b8fb090
2.1_rc8 and earlier did implicit shell expansion on script arguments since all scripts were called by system(). The security hardening changes made to 2.1_rc9 no longer use system(), but rather use the safer execve or CreateProcess system calls. The security hardening also introduced a backward incompatibility with 2.1_rc8 and earlier in that script parameters were no longer shell-expanded, so for example:james authored on 2008/09/06 18:42:17 |
July 27, 2008 | ||
---|---|---|
View 70899be
Added a warning message when passwords are cached in memory.james authored on 2008/07/27 09:43:49 |
||
View b4073a7
Perform additional input validation on options pulled by client from server. Fixes --iproute vulnerability.james authored on 2008/07/27 08:08:29 |
July 26, 2008 | ||
---|---|---|
View 5a2e9a2
Completely revamped the system for calling external programs and scripts:james authored on 2008/07/26 16:27:03 |
July 19, 2008 | ||
---|---|---|
View d1dcc3e
Added a warning when plugins are specified without an absolute pathname.james authored on 2008/07/19 08:49:50 |
July 18, 2008 | ||
---|---|---|
View ddad0a8
gen_path will no longer silently truncate the generated filename at 256 bytes.james authored on 2008/07/18 09:55:59 |
||
View 222f084
Modified create_temp_filename to create unpredictable filenames.james authored on 2008/07/18 09:32:40 |
||
View 093e7eb
Previously, OpenVPN might log a client's auth-user-pass password if the verbosity was set to a high debug level such as 7 or higher. Normally this would only be used by developers. Now, even at high debug levels, the password will not be output.james authored on 2008/07/18 08:31:16 |
||
View 73b7e69
gen_path now rejects filenames that match Windows device names such as CON, NUL, LPT1, etc.james authored on 2008/07/18 07:41:15 |