)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"change_message_id":"2b4127fed3f0a5a96c7a703f06f225875efef6d6","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"d94fd4e6_8f3fba03","updated":"2025-05-27 07:18:35.000000000","message":"Shall we mention webauth/saml support to PLAP? The implementation is fully in openvpn-gui and also part of the latest 2.6 releases.\n\nhttps://github.com/OpenVPN/openvpn-gui/issues/687","commit_id":"6567e3460305d107c3b8bd25f2b45a63456592c6"},{"author":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"change_message_id":"81d1c34c9eb9f28080fcf1bacd3c6d2a2c3dc728","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":1,"id":"71c534b4_f329a6c9","updated":"2025-05-26 21:07:40.000000000","message":"went through \"git log\", found a few things that I found noteworthy.  Too tired for good tests right now.","commit_id":"6567e3460305d107c3b8bd25f2b45a63456592c6"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"53653f4dc92bc133dcea2eb09948f07878d3c6a6","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"ef831b91_ba3c2cb2","in_reply_to":"71c534b4_f329a6c9","updated":"2025-05-27 09:27:21.000000000","message":"Done","commit_id":"6567e3460305d107c3b8bd25f2b45a63456592c6"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"fce700e0f0ffc4c045376fc0665726526d53e5ea","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"cdef9b05_61b4a2a2","in_reply_to":"d94fd4e6_8f3fba03","updated":"2025-05-27 11:35:05.000000000","message":"Since it is already released in 2.6 I don\u0027t think it fits here.","commit_id":"6567e3460305d107c3b8bd25f2b45a63456592c6"}],"Changes.rst":[{"author":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"change_message_id":"81d1c34c9eb9f28080fcf1bacd3c6d2a2c3dc728","unresolved":true,"context_lines":[{"line_number":39,"context_line":""},{"line_number":40,"context_line":"Support for server mode in win-dco driver"},{"line_number":41,"context_line":"    On Windows the win-dco driver can now be used in server setups."},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"Enforcement of AES-GCM usage limit"},{"line_number":44,"context_line":"    OpenVPN will now enforce the usage limits on AES-GCM with the same"},{"line_number":45,"context_line":"    confidentiality margin as TLS 1.3 does. This mean that renegotiation will"}],"source_content_type":"text/x-rst","patch_set":1,"id":"1c2da85a_e3e58cd5","line":42,"updated":"2025-05-26 21:07:40.000000000","message":"- Windows adapters (tap-windows6 or win-dco) are now created on demand\n\n- windows automatic service now runs as fully unprivileged service user\n\n- more detailed printing of negotiated TLS encryption/signing parameters, including post-quantum crypto (if the TLS library supports it) (5b7a1bc3)\n\n- improve IPv6 handling and logging around `--port-share`\n\n- support for the Haiku OS\n\n- support loading `--key` and `--cert` from OpenSSL 3 provider URIs (3512e8d3)\n\n- OpenVPN on Windows will now use WFP firewalling to implement `block-local`, ensuring full protection against TunnelCrack style attacks using rogue DHCP servers\n\n- cmake build support on Windows (is that new in 2.7?)","commit_id":"6567e3460305d107c3b8bd25f2b45a63456592c6"},{"author":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"change_message_id":"2f841f22cf71e15ef4299cd2c95349ebecb2491a","unresolved":true,"context_lines":[{"line_number":39,"context_line":""},{"line_number":40,"context_line":"Support for server mode in win-dco driver"},{"line_number":41,"context_line":"    On Windows the win-dco driver can now be used in server setups."},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"Enforcement of AES-GCM usage limit"},{"line_number":44,"context_line":"    OpenVPN will now enforce the usage limits on AES-GCM with the same"},{"line_number":45,"context_line":"    confidentiality margin as TLS 1.3 does. This mean that renegotiation will"}],"source_content_type":"text/x-rst","patch_set":1,"id":"bbd93705_cb94ba42","line":42,"in_reply_to":"14ce78b6_78eda386","updated":"2025-05-27 10:55:10.000000000","message":"Automatic service code is indeed in its own repo. openvpn-build has two branches, release/2.6 and master (future release/2.7), and in the master branch of openvpn-build we now point to the new automatic service. So I would say that it is indeed a part of 2.7 release. The release is more than openvpn repo, but it just happens that we maintain changelog here.","commit_id":"6567e3460305d107c3b8bd25f2b45a63456592c6"},{"author":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"change_message_id":"2b4127fed3f0a5a96c7a703f06f225875efef6d6","unresolved":true,"context_lines":[{"line_number":39,"context_line":""},{"line_number":40,"context_line":"Support for server mode in win-dco driver"},{"line_number":41,"context_line":"    On Windows the win-dco driver can now be used in server setups."},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"Enforcement of AES-GCM usage limit"},{"line_number":44,"context_line":"    OpenVPN will now enforce the usage limits on AES-GCM with the same"},{"line_number":45,"context_line":"    confidentiality margin as TLS 1.3 does. This mean that renegotiation will"}],"source_content_type":"text/x-rst","patch_set":1,"id":"4c1bd998_bfec32a3","line":42,"in_reply_to":"1c2da85a_e3e58cd5","updated":"2025-05-27 07:18:35.000000000","message":"cmake build support on Windows has indeed been added in 2.6","commit_id":"6567e3460305d107c3b8bd25f2b45a63456592c6"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"53653f4dc92bc133dcea2eb09948f07878d3c6a6","unresolved":true,"context_lines":[{"line_number":39,"context_line":""},{"line_number":40,"context_line":"Support for server mode in win-dco driver"},{"line_number":41,"context_line":"    On Windows the win-dco driver can now be used in server setups."},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"Enforcement of AES-GCM usage limit"},{"line_number":44,"context_line":"    OpenVPN will now enforce the usage limits on AES-GCM with the same"},{"line_number":45,"context_line":"    confidentiality margin as TLS 1.3 does. This mean that renegotiation will"}],"source_content_type":"text/x-rst","patch_set":1,"id":"14ce78b6_78eda386","line":42,"in_reply_to":"4c1bd998_bfec32a3","updated":"2025-05-27 09:27:21.000000000","message":"--key and --cert have been mentioned below\nautomatic service is not actually part of this release since it is released separately, isn\u0027t it?","commit_id":"6567e3460305d107c3b8bd25f2b45a63456592c6"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"fce700e0f0ffc4c045376fc0665726526d53e5ea","unresolved":false,"context_lines":[{"line_number":39,"context_line":""},{"line_number":40,"context_line":"Support for server mode in win-dco driver"},{"line_number":41,"context_line":"    On Windows the win-dco driver can now be used in server setups."},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"Enforcement of AES-GCM usage limit"},{"line_number":44,"context_line":"    OpenVPN will now enforce the usage limits on AES-GCM with the same"},{"line_number":45,"context_line":"    confidentiality margin as TLS 1.3 does. This mean that renegotiation will"}],"source_content_type":"text/x-rst","patch_set":1,"id":"584cc932_706d76bb","line":42,"in_reply_to":"bbd93705_cb94ba42","updated":"2025-05-27 11:35:05.000000000","message":"Acknowledged","commit_id":"6567e3460305d107c3b8bd25f2b45a63456592c6"},{"author":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"change_message_id":"81d1c34c9eb9f28080fcf1bacd3c6d2a2c3dc728","unresolved":true,"context_lines":[{"line_number":162,"context_line":"- ``--key`` and ``--cert`` now accept URIs if the SSL library supports it,"},{"line_number":163,"context_line":"  which is the case for many OpenSSL 3 providers."},{"line_number":164,"context_line":""},{"line_number":165,"context_line":"Overview of changes in 2.6"},{"line_number":166,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":167,"context_line":""},{"line_number":168,"context_line":"Project changes"}],"source_content_type":"text/x-rst","patch_set":1,"id":"c256a799_54742242","line":165,"updated":"2025-05-26 21:07:40.000000000","message":"- Windows build version is now logged and send to server in IV_PLAT_VER variable\n\n- `redirect-gateway` now uses actual IPv4 route to VPN server, not just \"default route\".  Can be queried with `--show-gateway v4addr`. (9df51cf56 +3)\n\n- support for the new `--dns` syntax is advertised to OpenVPN servers with the `IV_PROTO_DNS_OPTION_V2` flag value in `IV_PROTO`","commit_id":"6567e3460305d107c3b8bd25f2b45a63456592c6"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"53653f4dc92bc133dcea2eb09948f07878d3c6a6","unresolved":true,"context_lines":[{"line_number":162,"context_line":"- ``--key`` and ``--cert`` now accept URIs if the SSL library supports it,"},{"line_number":163,"context_line":"  which is the case for many OpenSSL 3 providers."},{"line_number":164,"context_line":""},{"line_number":165,"context_line":"Overview of changes in 2.6"},{"line_number":166,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":167,"context_line":""},{"line_number":168,"context_line":"Project changes"}],"source_content_type":"text/x-rst","patch_set":1,"id":"d00040c6_2fceb3cf","line":165,"in_reply_to":"c256a799_54742242","updated":"2025-05-27 09:27:21.000000000","message":"What actually are the changes to --dns, though? All changes I could find were also backported to 2.6?","commit_id":"6567e3460305d107c3b8bd25f2b45a63456592c6"},{"author":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"change_message_id":"f49a2ee9e3e2a944bc924199816a19c0ae7f2266","unresolved":true,"context_lines":[{"line_number":42,"context_line":"    adapters anymore (in addition to the ones created by the installer)."},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"Windows automatic service now runs as an unpriviledged user"},{"line_number":45,"context_line":"    All tasks that need privileges are now delegatedt to the interactive"},{"line_number":46,"context_line":"    service."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"Support for new version of Linux DCO module"}],"source_content_type":"text/x-rst","patch_set":3,"id":"822069d3_84c1625f","line":45,"updated":"2025-05-27 12:48:52.000000000","message":"a small typo (delegatedt)","commit_id":"6c60564f2b753e429f7befdad2bf0b2f001f3ead"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"0fc138deb9848641353d65f3d5ced7d1715ba64e","unresolved":false,"context_lines":[{"line_number":42,"context_line":"    adapters anymore (in addition to the ones created by the installer)."},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"Windows automatic service now runs as an unpriviledged user"},{"line_number":45,"context_line":"    All tasks that need privileges are now delegatedt to the interactive"},{"line_number":46,"context_line":"    service."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"Support for new version of Linux DCO module"}],"source_content_type":"text/x-rst","patch_set":3,"id":"5dd47c76_495ccdbc","line":45,"in_reply_to":"822069d3_84c1625f","updated":"2025-05-27 14:44:14.000000000","message":"Done","commit_id":"6c60564f2b753e429f7befdad2bf0b2f001f3ead"},{"author":{"_account_id":1000009,"name":"selvanair","display_name":"Selva Nair","email":"selva.nair@gmail.com","username":"selvanair"},"change_message_id":"7f2fd98f5d2b0cf65c104b51cd97cadd518c4fe5","unresolved":true,"context_lines":[{"line_number":184,"context_line":""},{"line_number":185,"context_line":"- ``--static-challenge`` option now has a third parameter ``format`` that"},{"line_number":186,"context_line":"  can change how password and challenge response should be combined."},{"line_number":187,"context_line":""},{"line_number":188,"context_line":"- ``--key`` and ``--cert`` now accept URIs if the SSL library supports it,"},{"line_number":189,"context_line":"  which is the case for many OpenSSL 3 providers."},{"line_number":190,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"4b70288b_e5365aa6","line":187,"updated":"2025-05-28 01:02:06.000000000","message":"New option --providers to load optional OpenSSL3 providers","commit_id":"de24602289a5d552fe0c9c126bdc301d2e7e2e1c"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"153d5bf0ceb38771ff12b4bdb554aac19b411d8f","unresolved":false,"context_lines":[{"line_number":184,"context_line":""},{"line_number":185,"context_line":"- ``--static-challenge`` option now has a third parameter ``format`` that"},{"line_number":186,"context_line":"  can change how password and challenge response should be combined."},{"line_number":187,"context_line":""},{"line_number":188,"context_line":"- ``--key`` and ``--cert`` now accept URIs if the SSL library supports it,"},{"line_number":189,"context_line":"  which is the case for many OpenSSL 3 providers."},{"line_number":190,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"667a62fd_cac5bd3a","line":187,"in_reply_to":"4b70288b_e5365aa6","updated":"2025-05-28 08:52:05.000000000","message":"That one was backported to 2.6 as part of the OpenSSL 3 support, so it is not actually new in 2.7.","commit_id":"de24602289a5d552fe0c9c126bdc301d2e7e2e1c"},{"author":{"_account_id":1000009,"name":"selvanair","display_name":"Selva Nair","email":"selva.nair@gmail.com","username":"selvanair"},"change_message_id":"7f2fd98f5d2b0cf65c104b51cd97cadd518c4fe5","unresolved":true,"context_lines":[{"line_number":186,"context_line":"  can change how password and challenge response should be combined."},{"line_number":187,"context_line":""},{"line_number":188,"context_line":"- ``--key`` and ``--cert`` now accept URIs if the SSL library supports it,"},{"line_number":189,"context_line":"  which is the case for many OpenSSL 3 providers."},{"line_number":190,"context_line":""},{"line_number":191,"context_line":"- TLS handshake debugging information contains much more details  now when"},{"line_number":192,"context_line":"  using recent versions of OpenSSL."}],"source_content_type":"text/x-rst","patch_set":4,"id":"7f3955a7_08db94c6","line":189,"updated":"2025-05-28 01:02:06.000000000","message":"Technically its not really depend on SSL library (OpenSSL 3 required) but on providers which can be loaded by the user.\nA more correct wording would be\n\"--key`` and ``--cert`` now accept URIs implemented in OpenSSL 3 as well as\noptional OpenSSL 3 providers loaded using --providers option.\"","commit_id":"de24602289a5d552fe0c9c126bdc301d2e7e2e1c"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"69394dd0a7119e1a650a1d0af168ad9ef6a957f2","unresolved":false,"context_lines":[{"line_number":186,"context_line":"  can change how password and challenge response should be combined."},{"line_number":187,"context_line":""},{"line_number":188,"context_line":"- ``--key`` and ``--cert`` now accept URIs if the SSL library supports it,"},{"line_number":189,"context_line":"  which is the case for many OpenSSL 3 providers."},{"line_number":190,"context_line":""},{"line_number":191,"context_line":"- TLS handshake debugging information contains much more details  now when"},{"line_number":192,"context_line":"  using recent versions of OpenSSL."}],"source_content_type":"text/x-rst","patch_set":4,"id":"286d5aa2_96afacd6","line":189,"in_reply_to":"7f3955a7_08db94c6","updated":"2025-05-28 09:40:54.000000000","message":"Done","commit_id":"de24602289a5d552fe0c9c126bdc301d2e7e2e1c"},{"author":{"_account_id":1000009,"name":"selvanair","display_name":"Selva Nair","email":"selva.nair@gmail.com","username":"selvanair"},"change_message_id":"7f2fd98f5d2b0cf65c104b51cd97cadd518c4fe5","unresolved":true,"context_lines":[{"line_number":187,"context_line":""},{"line_number":188,"context_line":"- ``--key`` and ``--cert`` now accept URIs if the SSL library supports it,"},{"line_number":189,"context_line":"  which is the case for many OpenSSL 3 providers."},{"line_number":190,"context_line":""},{"line_number":191,"context_line":"- TLS handshake debugging information contains much more details  now when"},{"line_number":192,"context_line":"  using recent versions of OpenSSL."},{"line_number":193,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"65bba08f_975e28d1","line":190,"updated":"2025-05-28 01:02:06.000000000","message":"--cryptopapicert now supports issuer name as well as Windows CA template name or OID as selector string.","commit_id":"de24602289a5d552fe0c9c126bdc301d2e7e2e1c"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"69394dd0a7119e1a650a1d0af168ad9ef6a957f2","unresolved":false,"context_lines":[{"line_number":187,"context_line":""},{"line_number":188,"context_line":"- ``--key`` and ``--cert`` now accept URIs if the SSL library supports it,"},{"line_number":189,"context_line":"  which is the case for many OpenSSL 3 providers."},{"line_number":190,"context_line":""},{"line_number":191,"context_line":"- TLS handshake debugging information contains much more details  now when"},{"line_number":192,"context_line":"  using recent versions of OpenSSL."},{"line_number":193,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"612f9e6d_647a9899","line":190,"in_reply_to":"65bba08f_975e28d1","updated":"2025-05-28 09:40:54.000000000","message":"Done","commit_id":"de24602289a5d552fe0c9c126bdc301d2e7e2e1c"}]}