strongSwan 5.1.3 fixes a security vulnerability and adds support for X.509 attribute certificates.
An authentication bypass vulnerability was fixed that can be triggered by rekeying an unestablished IKEv2 SA while it gets actively initiated. All versions since 4.0.7 are affected.
More information is provided in a separate blog entry.
The acert plugin evaluates X.509 Attribute Certificates. Group membership information encoded as strings can be used to fulfill authorization checks defined with the rightgroups option. Attribute Certificates can be loaded locally or get exchanged in IKEv2 certificate payloads.
The openac utility has been removed in favor of the new pki functionality.