Security fixes:
- CVE-2026-40215: fix race condition in TLS handshake that could lead to leaking of
packet data from a previous handshake under specific circumstances - CVE-2026-35058: fix server ASSERT() on receiving a suitably malformed packet with
a valid tls-crypt-v2 key
New features:
- management interface: permit input of very long passwords in
base64-encoded multiline format. Signal support to management
clients via "management version 6".
User-visible Changes:
- improve error messages on
--verify-x509-namefailures - improve error logging when overlong username or passwords can not
be written to TLS buffer
Bugfixes:
- when using a config file with inlined username and no password,
fix prompting for the password from management interface. - Windows: fix DNSSEC flag handling - this got never applied due to
a bad comparison being always false. - Windows: fix deinstallation progress bar on adapter deletion.
For details see Changes.rst
Windows Client: Community MSI installer for Windows client can be found at Community Downloads.
Linux Packages: Instructions for installing community-maintained Linux packages can be found in the Community Wiki.
Full Changelog: v2.7.1...v2.7.2