Blog

Release and vulnerability announcements for strongSwan

We are happy to announce the release of strongSwan 5.1.2, which brings a new default config file layout, a post-quantum computer key exchange method and several other new features and fixes.

A DoS vulnerability triggered by crafted IKEv1 fragmentation payloads was discovered in strongSwan's IKE daemon charon. All versions since 5.0.2 are affected.

A DoS vulnerability and potential authorization bypass triggered by a crafted ID_DER_ASN1_DN ID payload was discovered in strongSwan. All versions since 4.3.3 are affected.

We are happy to announce the release of strongSwan 5.1.1, which brings many new and improved features and fixes two DoS vulnerabilities.

A DoS vulnerability in strongSwan was discovered, which is triggered by XAuth usernames and EAP identities in versions 5.0.3 and 5.0.4.

We are proud to release strongSwan 5.1.0, which brings many new and improved features and fixes a DoS vulnerability.

strongSwan 5.0.4 fixes a security vulnerability which affects all versions since 4.3.5 if the openssl plugin is used for ECDSA signature verification.

The strongSwan 5.0.3 release comes with DNSSEC-based authentication, EAP-RADIUS improvements, Trusted Key Management support and many other new features and fixes.