-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

A new version of OpenVPN-NL (2.4.12-nl1) is available on the OpenVPN-NL website [1]. This version is based on OpenVPN 2.4.12 [2], and mbed TLS 2.16.2 [3].

This release fixes CVE-2022-0547 [4]. OpenVPN 2.4.12 now aborts when there are multiple authentication plugins that are attempting deferred authentication. In earlier versions of OpenVPN, this situation could lead to a potential authentication bypass if one of the plugins accepts the user, but another one does not.

Apart from that, it contains several bugfixes and improvements.

The Windows installer is now signed with a new key because the old one expired. You can find the new certificate at [5].

Version 2.4.9-nl1 is now deprecated.

References - ------------ [1] https://openvpn.fox-it.com/ [2] https://github.com/OpenVPN/openvpn/blob/v2.4.12/Changes.rst [3] https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.2-and-2.7.11-release... [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0547 [5] https://openvpn.fox-it.com/repos/fox-crypto-win-2021.pem