Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect (OpenVPN) Security Statement

Sophos Connect still uses the very old OpenVPN version 2.5.6.0 and there have been some security annoucements since that version:
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements


e.g. the last CVE-2024-27459: Windows: fix a possible stack overflow in the interactive service component which might lead to a local privilege escalation


Here I would like to hear a statement on how far we are affected with the old OpenVPN version included in Sophos Connect and when an update is finally planned here.
In general, Sophos Connect really needs an update where the known bugs that are mentioned here in the forum or on the KIL are addressed, they are really a pain.



This thread was automatically locked due to age.
Parents Reply Children