Security fixes:
- CVE-2026-40215: fix race condition in TLS handshake that could lead to leaking of
packet data from a previous handshake under specific circumstances - CVE-2026-35058: fix server ASSERT() on receiving a suitably malformed packet with
a valid tls-crypt-v2 key
Bugfixes:
- management: stop periodic bytecount output on mgmt client disconnection
- FreeBSD: make DCO work on systems with no IPv4 support
- FreeBSD: fix compilation with --enable-async-push on FreeBSD 15
- Linux: make DCO work on big endian architectures (MIPS, PowerPC)
- Windows: fix deinstallation progress bar on adapter deletion.
- Linux: fix problem with DCO kernel notifications getting lost, leading
to overcounting of number of connected clients and general confusion
between kernel and userland regarding peer status (Github #900, #918,
#931, #919, #945) - this is a backport of the fixes in 2.7 plus the
infrastructural changes around DCO needed to support it.
For details see Changes.rst
Windows Client: Community MSI installer for Windows client can be found at Community Downloads.
Linux Packages: Instructions for installing community-maintained Linux packages can be found in the Community Wiki.
Full Changelog: v2.6.19...v2.6.20