Blog

Release and vulnerability announcements for strongSwan

A vulnerability related to online certificate revocation checking was discovered in strongSwan that can lead to a denial-of-service attack. All versions may be affected.

A vulnerability in the EAP client implementation was discovered in strongSwan. All versions since 4.1.2 are affected.

A denial-of-service vulnerability in the in-memory certificate cache was discovered in strongSwan. All versions since 4.2.10 are affected.

A denial-of-service vulnerability in the gmp plugin was discovered in strongSwan. All versions since 5.6.1 are affected.

strongSwan 5.8.4 fixes two regressions in last week's 5.8.3 release, one affecting IKEv1 Quick Mode the other OpenSSL's SHAKE128/256 XOFs.

We are happy to announce the release of strongSwan 5.8.3, which comes with several updates for the NetworkManager plugin/backend, reallocates reqids, uses throw type routes for passthrough policies on Linux, and brings several other new features and fixes.

We are happy to announce the release of strongSwan 5.8.2, which adds support for identity-based CA constraints, can send intermediate CA certificates in hash-and-URL encoding and brings several other new features and fixes.

We are happy to announce the release of strongSwan 5.8.1, which is mainly a maintenance release but also supports an optional less strict matching of RDNs in DNs of X.509 certificates.