Openconnect End of Life
David Woodhouse
dwmw2 at infradead.org
Mon Apr 18 12:08:30 PDT 2022
On Mon, 2022-04-18 at 17:01 +0000, Harrison, Samantha R CIV (USA) wrote:
> Hello,
>
> Do you have a webpage or chart that describes end-of-life dates for various
> versions of Openconnect? I am working to get Openconnect approved for my
> work environment, and doing so requires some proof of vendor support.
Hi,
OpenConnect development just isn't really that exciting, and it's
generally best to just use the latest version.
We strive for compatibility with various proprietary vendors' VPN
protocols, and most of the bugs we have are around that compatibility —
having to add new functionality as VPN servers get upgraded to new
versions, and users need to use new features especiallty for
authentication (for example, they're all upgrading to SAML these days).
Since those are *features* rather than strictly bug fixes, they
generally wouldn't be candidates for backporting to an older release
branch *anyway*. But they're just as important for users who can't
continue to use OpenConnect without the ugprade.
We also operate in an unprivileged mode when run in the recommended
integrated configuration — unlike many of the VPN vendors' own
proprietary third-party tools which run various parts as root. Which
means our security exposure for actual *bugs* of that kind is lower.
Overally this means that I think we've basically done a 'bugfix
release' that isn't from the master branch only *once* in OpenConnect's
history; the v5.03 release while we were working on a bunch of new
things in master which eventually became v6.00.
That said, OpenConnect is also packaged as an integrated part of most
major Linux distributions, and *they* have policies about not
"upgrading to a new major version" within the lifetime of a given
version of the distribution, regardless of the above reasons why they
probably ought to do so. So the distribution vendor generally does
backport any necessary fixes (and sometimes, if I can persuade them,
functionality improvements) to the packages that they ship.
So Fedora 34, for example, is still on OpenConnect 8.10 but has a
couple of patches on top:
https://src.fedoraproject.org/rpms/openconnect/tree/f34
Ultimately, the answer to your question is that OpenConnect as part of
a given Linux distribution is supported for as long as that
distribution is.
If your question was about OSX, Windows, Android, *BSD or other
supported platforms... let me know and I'll try to answer more usefully
:)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5965 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20220418/d59e09da/attachment.p7s>
More information about the openconnect-devel
mailing list