= Introduction =

This page lists all security announcements made by the OpenVPN project.

= Announcements =

 * [wiki:SecurityAnnouncement-f375aa67cc Security announcement: use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt] (Mar 2013)
 * [wiki:TLSTripleHandshakeVulnerabilityAndOpenVPN TLS Triple Handshake Vulnerability and OpenVPN] (Mar 2013)
 * [wiki:heartbleed OpenSSL 'Heartbleed' vulnerability and OpenVPN] (Apr 2014)
 * [wiki:CCSInjection OpenSSL CCS Injection Vulnerability (CVE-2014-0224) and OpenVPN] (Jun 2014)
 * [wiki:SecurityAnnouncement-97597e732b Security announcement: critical denial of service vulnerability] (Nov 2014)
 * [wiki:VulnerabilitiesFixedInOpenSSL1.0.1i Vulnerabilities fixed in OpenSSL 1.0.1i]
 * [wiki:VulnerabilitiesFixedInOpenSSL1.0.1j Vulnerabilities fixed in OpenSSL 1.0.1j]
 * [wiki:SecurityAnnouncement-FREAK Security announcement: The FREAK vulnerability]
 * [wiki:VulnerabilitiesFixedInOpenSSL1.0.1m Vulnerabilities fixed in OpenSSL 1.0.1m]