+2007-09-21 1.0
+2007-10-16 1.0p1
+ Fixed crash when servers were configured after first realm block
+2007-12-24 1.1-alpha
+ Pretend option for validating configuration
+ Include option for including additional config files
+ Allows clients configured by IP prefix, dynamic clients
+ Server failover support
+ Rewriting of username attribute
+ Source address and port can be specified for requests
+2008-05-14 1.1-beta
+ No longer looks for radsecproxy.conf in current directory
+ Rewrite block that allows removal of specified attributes
+ certificateNameCheck option for disabling CN/SubjectAltName check
+ matchCertificateAttribute now also supports CN matching
+ Forwarding of accounting messages, accountingServer option for realms
+ Supports multiple client blocks for same source address with different
+ certificate checks
+ Removed weekday from log timestamps
+2008-07-24 1.1
+ Logging stationid attribute
+ Added LoopPrevention option
+ Failover also without status-server
+ Options for RetryCount and RetryInterval
+ Working accounting and AccountingResponse option
+ CRL checking and option for enabling it
+2008-10-07 1.2
+ listenTCP and sourceTCP options renamed to listenTLS and sourceTLS
+ Old options deprecated but available for backwards compatiblity
+ Logging reply-message attribute from Reject messages
+ Contribution from Arne Schwabe
+ Rewrite blocks have new options addAttribute and modifyAttribute
+ rewriteIn (replacing rewrite) and rewriteOut in client and server
+ blocks for specifying rewrite on input/output. rewrite deprecated
+ but available as an alias for rewriteIn for backwards compatibility.
+ rewritein rewriteout rewrite
+ regular expressions in realms etc can now be more advanced, including
+ use of "or".
+ cacheExpiry option in tls blocks for specifying expiry time for the
+ cache of CA certificates and CRLs. This is particularly useful for
+ regularly updating CRLs.
+ Some logging has been made more informative
+2008-12-04 1.3-alpha
+ Support for TCP and DTLS transports (type tcp, type dtls)
+ Listen... options can be specified multiple times
+ Dynamic server discovery
+ DuplicateInterval option in client block for specifying for how
+ long a request/reply shall be stored for duplicate detection
+ Support for RADIUS TTL (hopcount) attribute. Decrements value of
+ the TTL attribute if present, discards message if becomes 0.
+ If addTTL option is used, the TTL attribute is added with the
+ specified value if the forwarded message does not have one.
+ PolicyOID option can be used to require certain CA policies.
+2009-02-18 1.3-beta
+ Client and Server blocks may contain multiple host options.
+ Configure (Makefile) options for specifying which transports
+ should be supported in a build.
+2009-03-12 1.3
+ Fixed some very minor bugs
+ Changed log levels for some messages, made loglevel 2 default
+2009-07-22 1.3.1
+ Fixed header files for FreeBSD
+ Fix for multiple UDP servers on same IP address, solves accounting
+ problems.
+2010-06-12 1.4
+ Incompatible changes:
+ - Log level 4 used to be DBG_DBG but is now DBG_NOTICE. In order
+ to keep the same behaviour as in previous versions of radsecproxy,
+ those who have LogLevel set to 4 need to change this to 5. Log
+ levels 1, 2 and 3 are unaffected.
+
+ New features and various improvements:
+ - LoopPrevention per server has been added.
+ - AddVendorAttribute rewrite configuration has been added.
+ - New log level, DBG_NOTICE, added.
+ - Diagnostics improved for errors resulting from failing syscalls.
+ - Removed all compiler warnings (compiling with -Wall).
+
+ Bug fixes:
+ - A UDP fragmentation issue.
+ - Build on Solaris when compiling with gcc.
+ - A bug in pwdencrypt() with passwords of a length greater than
+ 16 octets.