Return free memory more aggressively.

[radsecproxy.git] / ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 7cad89d..3d03928 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,22 @@
-2011-04-17 1.6-rc0
+2012-10-25 1.6.2
+       Bug fixes (security):
+       - Fix the issue with verification of clients when using multiple
+       'tls' config blocks (RADSECPROXY-43) for DTLS too. Fixes
+       CVE-2012-4566 (CVE id corrected 2012-11-01, after the release of
+       1.6.2). Reported by Raphael Geissert.
+
+2012-09-14 1.6.1
+       Bug fixes (security):
+       - When verifying clients, don't consider config blocks with CA
+       settings ('tls') which differ from the one used for verifying the
+       certificate chain. Reported by Ralf Paffrath. (RADSECPROXY-43,
+       CVE-2012-4523).
+
+       Bug fixes:
+       - Make naptr-eduroam.sh check NAPTR type case insensitively.
+         Fix from Adam Osuchowski.
+
+2012-04-27 1.6
        Incompatible changes:
        - The default shared secret for TLS and DTLS connections change
        from "mysecret" to "radsec" as per draft-ietf-radext-radsec-12
@@ -19,7 +37,10 @@
        - New config option PidFile.  (RADSECPROXY-32)
        - Preliminary support for DynamicLookupCommand added.  It's for
        TLS servers only at this point.  Also, beware of risks for memory
-       leaks.
+       leaks.  In addition to this, for extra adventurous users, there's
+       a new configure option --enable-experimental-dyndisc which enables
+       even more new code for handling of dynamic discovery of TLS
+       servers.
        - Address family (IPv4 or IPv6) can now be specified for clients
        and servers.  (RADSECPROXY-37)