-2011-04-17 1.6-rc0
+2012-10-25 1.6.2
+ Bug fixes (security):
+ - Fix the issue with verification of clients when using multiple
+ 'tls' config blocks (RADSECPROXY-43) for DTLS too. Fixes
+ CVE-2012-4566 (CVE id corrected 2012-11-01, after the release of
+ 1.6.2). Reported by Raphael Geissert.
+
+2012-09-14 1.6.1
+ Bug fixes (security):
+ - When verifying clients, don't consider config blocks with CA
+ settings ('tls') which differ from the one used for verifying the
+ certificate chain. Reported by Ralf Paffrath. (RADSECPROXY-43,
+ CVE-2012-4523).
+
+ Bug fixes:
+ - Make naptr-eduroam.sh check NAPTR type case insensitively.
+ Fix from Adam Osuchowski.
+
+2012-04-27 1.6
Incompatible changes:
- The default shared secret for TLS and DTLS connections change
from "mysecret" to "radsec" as per draft-ietf-radext-radsec-12
- New config option PidFile. (RADSECPROXY-32)
- Preliminary support for DynamicLookupCommand added. It's for
TLS servers only at this point. Also, beware of risks for memory
- leaks.
+ leaks. In addition to this, for extra adventurous users, there's
+ a new configure option --enable-experimental-dyndisc which enables
+ even more new code for handling of dynamic discovery of TLS
+ servers.
- Address family (IPv4 or IPv6) can now be specified for clients
and servers. (RADSECPROXY-37)