We are happy to announce the release of strongSwan 6.0.0, which brings support for multiple classic and post-quantum key exchanges, supports ML-KEM, changes default crypto plugins, improves child rekey collision handling, and comes with several other new features and fixes.
This advisory reclassifies an old bug in our TLS library as a potential authorization bypass vulnerability in order to get the fix applied to affected distribution packages. The bug is contained in versions 5.9.2 through 5.9.5 and was fixed with 5.9.6, which was released in August 2022.
We are happy to announce the release of strongSwan 5.9.14, which brings support for the IKEv2 OCSP extensions, improves X.509 name constraints validation, adds managed configurations to the Android app, and comes with several other new features and fixes.
We are happy to announce the release of strongSwan 5.9.13, which fixes a regression related to handling OCSP error responses that was introduced with 5.9.12, adds a new setting to specify the length of nonces in OCSP requests, and includes several other fixes.
We are happy to announce the release of strongSwan 5.9.12, which fixes a vulnerability in charon-tkm, provides a new OCSP responder utility, adds a new certificate enrollment and renewal script, and comes with several other new features and fixes.
A vulnerability in charon-tkm related to processing DH public values was discovered in strongSwan that can result in a buffer overflow and potentially remote code execution. All versions since 5.3.0 are affected.
We are happy to announce the release of strongSwan 5.9.11, which fixes a deadlock in the vici plugin, changes requirements for CRL signers, supports optional CA labels in EST server URIs, and comes with several other new features and fixes.
A vulnerability related to certificate verification in TLS-based EAP methods was discovered in strongSwan that results in a denial of service but possibly even remote code execution. Versions 5.9.8 and 5.9.9 may be affected.