17 Feb 2025

Hi Sophos Community,

This is a maintenance release to address vulnerabilities reported in third party components used by Sophos Connect, as well as one field reported issue.

Component Updates

The following components are upgraded in this release to address security and maintenance reports:

Component Name	Old Version	New Version
OpenVPN	2.6.10	2.6.12
StrongSWAN	5.9.5	5.9.6
OpenSSL	1.1.1w	3.3.2
Civitweb	1.15	1.16

Security Issues Resolved

The following reported vulnerabilities are addressed by the components upgraded in this release:

Component	Vulnerability ID / Link	Severity
OpenVPN	NVD - CVE-2024-5594	CRITICAL
OpenSSL	NVD - CVE-2024-9143	HIGH
OpenSSL	NVD - CVE-2024-4741	MEDIUM
OpenSSL	NVD - CVE-2024-2511	MEDIUM
OpenSSL	NVD - CVE-2024-0727	MEDIUM
OpenSSL	NVD - CVE-2024-5535	MEDIUM
OpenSSL	NVD - CVE-2024-13176	MEDIUM
StrongSWAN	NVD - CVE-2022-4967	HIGH

Client Issues Resolved

The following field reported issue is resolved in this release:

Issue ID	Description
NCL-1820	Resolved an issue where IPsec users were disconnected sporadically and couldn't reconnect.

Download

Public download site - may take time after this article publishes to be available
Or from SFOS Web UI
- From WebAdmin - Navigate to Remote Access > Download Client
- From VPN Portal - Login and click hte Sophos Connect client download for your OS

OS Compatibility

Sophos Connect Windows OS support - Version 2.3 MR3

Platform	Version	Architecture	Status	Notes
Windows Desktops	10/11	x86/x64	Supported	All Windows 10/11 editions included
Windows Desktops	Older Versions	x86/x64	UNTESTED
Windows Servers	All Versions	x86/x64	UNTESTED
Windows Desktops	11	ARM	NOT SUPPORTED	ARM support is in active planning

Sophos Connect MacOS Support - Version 1.4 MR1

Platform	Version	Architecture	Status	Notes
MacOS	v11.x - v15.x	M1-M4 ARM CPUs	Supported	Version names: Big Sur, Monterey, Ventura, Sonoma, Sequoia
MacOS	v11.x - v15.x	x86/x64	Supported	Version names: Big Sur, Monterey, Ventura, Sonoma, Sequoia

This release does not update Sophos Connect 1.4, but Mac version is included in download package
Admins looking for SSL VPN support on Windows ARM, MacOS, Linux or Mobile platforms may consider using the open-source client OpenVPN Connect

Additional Links

Release Notes Hub

Dev Singh 2 months ago

Hi Alan,

Can you please advise when the auto-update option will be added to the Sophos Connect client? It's a bit surprising that, as a security company, Sophos doesn't have a mechanism to update its own VPN client. Thanks
Quallensaft 2 months ago

NCL-1845 still not fixed -> I'll keep on our (working) unsecure version
- John AV 2 months ago in reply to Quallensaft
  
  Quallensaft NCL-1845 will be part of Sophos Connect 2.4 release.
- SOMOA 2 months ago in reply to Quallensaft
  
  What is NCL-1845? I could not find any description on it.
  - LuCar Toni 2 months ago in reply to SOMOA
    
    That is the issue: https://support.sophos.com/support/s/article/KBA-000009737?language=en_US
LHerzog 2 months ago

is already available for download from XGS VPN portal. we'll test it
Bl0ckS1z3 1 month ago

Hello,

we have a lot of notebooks/pc with error service unavailble after update to that version on windows 10/11 pro. The strongSwan-IPsec-Service can't be startet.

After a repair-installation the vpn-client works, but only on the at repair time active network interface.

If you for example repair with the ethernet nic active the vpn on that adapter works, but if you disconnect the lan-cable and restart for example with wlan it is the same issue.

We went back to 2.3.2 for thhat reason.

best regards
Fabian Grossmann 6 days ago

I can no longer import IPsec configurations from our Sophos UTM with this update. The import fails with "failed to import user certificate".

The same config and certificate work fine with Sophos Connect 2.2.90

Update: Sophos Connect 2.3 MR3 for Windows