-2007-09-21 1.0
-2007-10-16 1.0p1
- Fixed crash when servers were configured after first realm block
+Changes since 1.6.4
+ Bug fixes:
+ - Fix a crash bug introduced in 1.6.4. Fixes RADSECPROXY-53,
+ bugfix on 1.6.4.
+
+2013-09-05 1.6.4
+ Bug fixes:
+ - Keeping Proxy-State attributes in all replies to clients
+ (RADSECPROXY-52). Reported by Stefan Winter.
+
+2013-09-05 1.6.3
+ Enhancements:
+ - Threads are allocated with a 32 KB stack rather than what
+ happens to be the default. Patch by Fabian Mauchle.
+ - On systems with mallopt(3), freed memory is returned to the
+ system more aggressively. Patch by Fabian Mauchle.
+
+ Bug fixes:
+ - radsecproxy-hash(1) no longer prints the hash four times.
+ Reported by Simon Lundström and jocar.
+ - Escaped slashes in regular expressions now works. Reported by
+ Duarte Fonseca. (RADSECPROXY-51)
+ - The duplication cache is purged properly. Patch by Fabian
+ Mauchle.
+ - Stop freeing a shared piece of memory manifesting itself as a
+ crash when using dynamic discovery. Patch by Fabian Mauchle.
+ - Closing and freeing TLS clients properly. Patch by Fabian
+ Mauchle.
+ - Timing out on TLS clients not closing the connection properly.
+ Patch by Fabian Mauchle.
+
+2012-10-25 1.6.2
+ Bug fixes (security):
+ - Fix the issue with verification of clients when using multiple
+ 'tls' config blocks (RADSECPROXY-43) for DTLS too. Fixes
+ CVE-2012-4566 (CVE id corrected 2012-11-01, after the release of
+ 1.6.2). Reported by Raphael Geissert.
+
+2012-09-14 1.6.1
+ Bug fixes (security):
+ - When verifying clients, don't consider config blocks with CA
+ settings ('tls') which differ from the one used for verifying the
+ certificate chain. Reported by Ralf Paffrath. (RADSECPROXY-43,
+ CVE-2012-4523).
+
+ Bug fixes:
+ - Make naptr-eduroam.sh check NAPTR type case insensitively.
+ Fix from Adam Osuchowski.
+
+2012-04-27 1.6
+ Incompatible changes:
+ - The default shared secret for TLS and DTLS connections change
+ from "mysecret" to "radsec" as per draft-ietf-radext-radsec-12
+ section 2.3 (4). Please make sure to specify a secret in both
+ client and server blocks to avoid unwanted surprises.
+ (RADSECPROXY-19)
+ - The default place to look for a configuration file has changed
+ from /etc to /usr/local/etc. Let radsecproxy know where your
+ configuration file can be found by using the `-c' command line
+ option. Or configure radsecproxy with --sysconfdir=/etc to
+ restore the old behaviour. (RADSECPROXY-31)
+
+ New features:
+ - Improved F-Ticks logging options. F-Ticks can now be sent to a
+ separate syslog facility and the VISINST label can now be
+ configured explicitly. This was implemented by Maja
+ Gorecka-Wolniewicz and Paweł Gołaszewski. (RADSECPROXY-29)
+ - New config option PidFile. (RADSECPROXY-32)
+ - Preliminary support for DynamicLookupCommand added. It's for
+ TLS servers only at this point. Also, beware of risks for memory
+ leaks. In addition to this, for extra adventurous users, there's
+ a new configure option --enable-experimental-dyndisc which enables
+ even more new code for handling of dynamic discovery of TLS
+ servers.
+ - Address family (IPv4 or IPv6) can now be specified for clients
+ and servers. (RADSECPROXY-37)
+
+ Bug fixes:
+ - Stop the autoconfery from warning about defining variables
+ conditionally and unconditionally.
+ - Honour configure option --sysconfdir. (RADSECPROXY-31)
+ - Don't crash on failing DynamicLookupCommand scripts. Fix made
+ with help from Ralf Paffrath. (RADSECPROXY-33)
+ - When a DynamicLookupCommand script is failing, fall back to
+ other server(s) in the realm. The timeout depends on the kind of
+ failure.
+ - Other bugs. (RADSECPROXY-26, -28, -34, -35, -39, -40)
+
+2011-10-08 1.5
+ New features:
+ - Support for F-Ticks logging.
+ - New binary radsecproxy-hash.
+ - A DynamicLookupCommand script can now signal "server not found"
+ by exiting with code 10. The scripts in the tools directory now
+ do this.
+
+ Incompatible changes:
+ - catgconf renamed to radsecproxy-conf.
+
+ Bug fixes:
+ - All compiler warnings removed. Now compiling with -Werror.
+
+2011-07-22 1.4.3
+ Notes:
+ - The default secret for TLS and DTLS will change in a future
+ release. Please make sure to specify a secret in both client and
+ server blocks to avoid surprises.
+
+ Bug fixes:
+ - Debug printout issue.
+
+2010-11-23 1.4.2
+ Bug fixes:
+ - Don't disable OpenSSL session caching for 0.9.8p and newer in
+ the 0.9.x track.
+ - Detect OpenSSL version at runtime rather than at compile time.
+
+2010-11-17 1.4.1
+ Bug fixes:
+ - OpenSSL session caching is disabled when built against OpenSSL
+ older than 1.0.0b to mitigate possible effects of
+ http://openssl.org/news/secadv_20101116.txt (RADSECPROXY-14).
+ - Crash bug when reading improper config file fixed.
+
+2010-06-12 1.4
+ Incompatible changes:
+ - Log level 4 used to be DBG_DBG but is now DBG_NOTICE. In order
+ to keep the same behaviour as in previous versions of radsecproxy,
+ those who have LogLevel set to 4 need to change this to 5. Log
+ levels 1, 2 and 3 are unaffected.
+
+ New features and various improvements:
+ - LoopPrevention per server has been added.
+ - AddVendorAttribute rewrite configuration has been added.
+ - New log level, DBG_NOTICE, added.
+ - Diagnostics improved for errors resulting from failing syscalls.
+ - Removed all compiler warnings (compiling with -Wall).
+
+ Bug fixes:
+ - A UDP fragmentation issue.
+ - Build on Solaris when compiling with gcc.
+ - A bug in pwdencrypt() with passwords of a length greater than
+ 16 octets.
+
+2009-07-22 1.3.1
+ Fixed header files for FreeBSD
+ Fix for multiple UDP servers on same IP address, solves accounting
+ problems.
+
+2009-03-12 1.3
+ Fixed some very minor bugs
+ Changed log levels for some messages, made loglevel 2 default
+
+2009-02-18 1.3-beta
+ Client and Server blocks may contain multiple host options.
+ Configure (Makefile) options for specifying which transports
+ should be supported in a build.
+
+2008-12-04 1.3-alpha
+ Support for TCP and DTLS transports (type tcp, type dtls)
+ Listen... options can be specified multiple times
+ Dynamic server discovery
+ DuplicateInterval option in client block for specifying for how
+ long a request/reply shall be stored for duplicate detection
+ Support for RADIUS TTL (hopcount) attribute. Decrements value of
+ the TTL attribute if present, discards message if becomes 0.
+ If addTTL option is used, the TTL attribute is added with the
+ specified value if the forwarded message does not have one.
+ PolicyOID option can be used to require certain CA policies.
+
+2008-10-07 1.2
+ listenTCP and sourceTCP options renamed to listenTLS and sourceTLS
+ Old options deprecated but available for backwards compatiblity
+ Logging reply-message attribute from Reject messages
+ Contribution from Arne Schwabe
+ Rewrite blocks have new options addAttribute and modifyAttribute
+ rewriteIn (replacing rewrite) and rewriteOut in client and server
+ blocks for specifying rewrite on input/output. rewrite deprecated
+ but available as an alias for rewriteIn for backwards compatibility.
+ rewritein rewriteout rewrite
+ regular expressions in realms etc can now be more advanced, including
+ use of "or".
+ cacheExpiry option in tls blocks for specifying expiry time for the
+ cache of CA certificates and CRLs. This is particularly useful for
+ regularly updating CRLs.
+ Some logging has been made more informative
+
+2008-07-24 1.1
+ Logging stationid attribute
+ Added LoopPrevention option
+ Failover also without status-server
+ Options for RetryCount and RetryInterval
+ Working accounting and AccountingResponse option
+ CRL checking and option for enabling it
+
+2008-05-14 1.1-beta
+ No longer looks for radsecproxy.conf in current directory
+ Rewrite block that allows removal of specified attributes
+ certificateNameCheck option for disabling CN/SubjectAltName check
+ matchCertificateAttribute now also supports CN matching
+ Forwarding of accounting messages, accountingServer option for realms
+ Supports multiple client blocks for same source address with different
+ certificate checks
+ Removed weekday from log timestamps
+
2007-12-24 1.1-alpha
Pretend option for validating configuration
Include option for including additional config files
Server failover support
Rewriting of username attribute
Source address and port can be specified for requests
-
-
\ No newline at end of file
+
+2007-10-16 1.0p1
+ Fixed crash when servers were configured after first realm block
+
+2007-09-21 1.0
+