tag:github.com,2008:https://github.com/radsecproxy/radsecproxy/releases 2025-03-25T13:18:27Z tag:github.com,2008:Repository/116818398/1.11.2 2025-03-25T13:27:54Z <h2>Bug Fixes:</h2> <ul> <li>Fix Message-Authenticator validation for Accounting-Response</li> </ul> fmauchle tag:github.com,2008:Repository/116818398/1.11.1 2024-12-06T15:17:26Z <h2>Bug Fixes:</h2> <ul> <li>Fix wrong DN in certificate request (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2394146859" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/154" data-hovercard-type="issue" data-hovercard-url="/radsecproxy/radsecproxy/issues/154/hovercard" href="https://github.com/radsecproxy/radsecproxy/issues/154">#154</a>)</li> <li>Fix memory leak when using SIGHUP</li> <li>Fix exit when dyndisc script returns illegal PSKkey</li> <li>Fix logging during config check</li> <li>Fix invalid realm configs are ignored</li> <li>Fix default tls block selection</li> </ul> <h2>Misc:</h2> <ul> <li>Improve message-authenticator logging</li> </ul> fmauchle tag:github.com,2008:Repository/116818398/1.11.0 2024-07-05T15:24:06Z <h2>New features:</h2> <ul> <li>TLS-PSK (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1648735506" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/112" data-hovercard-type="issue" data-hovercard-url="/radsecproxy/radsecproxy/issues/112/hovercard" href="https://github.com/radsecproxy/radsecproxy/issues/112">#112</a>)</li> <li>Long hex-strings in config</li> <li>Reload complete TLS context on SIGHUP, reload client/server cert and key (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="781591288" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/76" data-hovercard-type="pull_request" data-hovercard-url="/radsecproxy/radsecproxy/pull/76/hovercard" href="https://github.com/radsecproxy/radsecproxy/pull/76">#76</a>)</li> <li>Implement SSLKEYLOGFILE mechanism</li> <li>Options to require Message-Authenticator</li> </ul> <h2>Misc:</h2> <ul> <li>Re-verify certificates on SIGHUP and terminate invalid connections (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="306278231" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/5" data-hovercard-type="issue" data-hovercard-url="/radsecproxy/radsecproxy/issues/5/hovercard" href="https://github.com/radsecproxy/radsecproxy/issues/5">#5</a>)</li> <li>Implement recommendations for deprecating insecure transports (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1648739889" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/114" data-hovercard-type="issue" data-hovercard-url="/radsecproxy/radsecproxy/issues/114/hovercard" href="https://github.com/radsecproxy/radsecproxy/issues/114">#114</a>)</li> <li>verify EAP message content length (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1739497066" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/128" data-hovercard-type="issue" data-hovercard-url="/radsecproxy/radsecproxy/issues/128/hovercard" href="https://github.com/radsecproxy/radsecproxy/issues/128">#128</a>)</li> <li>Close connection on radius attribute decode errors</li> </ul> <h2>Bug Fixes:</h2> <ul> <li>Fix correct secret for DTLS (radius/dtls)</li> <li>Fix infinite loop when listening on tcp socket fails</li> <li>Fix crashes under high load (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="717485587" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/75" data-hovercard-type="issue" data-hovercard-url="/radsecproxy/radsecproxy/issues/75/hovercard" href="https://github.com/radsecproxy/radsecproxy/issues/75">#75</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1491541112" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/109" data-hovercard-type="issue" data-hovercard-url="/radsecproxy/radsecproxy/issues/109/hovercard" href="https://github.com/radsecproxy/radsecproxy/issues/109">#109</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1745852974" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/129" data-hovercard-type="issue" data-hovercard-url="/radsecproxy/radsecproxy/issues/129/hovercard" href="https://github.com/radsecproxy/radsecproxy/issues/129">#129</a>)</li> </ul> fmauchle tag:github.com,2008:Repository/116818398/1.11.0-rc1 2024-06-06T15:53:36Z <h2>New features:</h2> <ul> <li>TLS-PSK (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1648735506" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/112" data-hovercard-type="issue" data-hovercard-url="/radsecproxy/radsecproxy/issues/112/hovercard" href="https://github.com/radsecproxy/radsecproxy/issues/112">#112</a>)</li> <li>Long hex-strings in config</li> <li>Reload complete TLS context on SIGHUP, reload client/server cert and key (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="781591288" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/76" data-hovercard-type="pull_request" data-hovercard-url="/radsecproxy/radsecproxy/pull/76/hovercard" href="https://github.com/radsecproxy/radsecproxy/pull/76">#76</a>)</li> <li>Implement SSLKEYLOGFILE mechanism</li> <li>Options to require Message-Authenticator</li> </ul> <h2>Misc:</h2> <ul> <li>Re-verify certificates on SIGHUP and terminate invalid connections (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="306278231" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/5" data-hovercard-type="issue" data-hovercard-url="/radsecproxy/radsecproxy/issues/5/hovercard" href="https://github.com/radsecproxy/radsecproxy/issues/5">#5</a>)</li> <li>Implement recommendations for deprecating insecure transports (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1648739889" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/114" data-hovercard-type="issue" data-hovercard-url="/radsecproxy/radsecproxy/issues/114/hovercard" href="https://github.com/radsecproxy/radsecproxy/issues/114">#114</a>)</li> <li>verify EAP message content length (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1739497066" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/128" data-hovercard-type="issue" data-hovercard-url="/radsecproxy/radsecproxy/issues/128/hovercard" href="https://github.com/radsecproxy/radsecproxy/issues/128">#128</a>)</li> <li>Close connection on radius attribute decode errors</li> </ul> <h2>Bug Fixes:</h2> <ul> <li>Fix correct secret for DTLS (radius/dtls)</li> <li>Fix infinite loop when listening on tcp socket fails</li> </ul> fmauchle tag:github.com,2008:Repository/116818398/1.10.1 2024-05-02T18:24:09Z <h2>Bug Fixes:</h2> <ul> <li>Fix tcp connection not closed after idle timeout</li> <li>Fix tls/dtls logging (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1738580279" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/127" data-hovercard-type="pull_request" data-hovercard-url="/radsecproxy/radsecproxy/pull/127/hovercard" href="https://github.com/radsecproxy/radsecproxy/pull/127">#127</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1833433456" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/132" data-hovercard-type="pull_request" data-hovercard-url="/radsecproxy/radsecproxy/pull/132/hovercard" href="https://github.com/radsecproxy/radsecproxy/pull/132">#132</a>)</li> <li>Fix dynamic connection not re-established after timeout if both auth- and accounting server<br> are dynamically resolved (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1809485415" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/131" data-hovercard-type="issue" data-hovercard-url="/radsecproxy/radsecproxy/issues/131/hovercard" href="https://github.com/radsecproxy/radsecproxy/issues/131">#131</a>).</li> <li>Fix error in dyndisc script result might cause radsecproxy to exit.</li> <li>Fix some TLS config errors not reported at startup</li> <li>Fix referencing non-existant rewrite passed without error</li> </ul> <h2>Misc:</h2> <ul> <li>Add Message-Authenticator to requests if missing</li> </ul> fmauchle tag:github.com,2008:Repository/116818398/1.10.0 2023-05-26T14:16:29Z <h2>New features:</h2> <ul> <li>Native dynamic discovery for NAPTR and SRV records (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="306275951" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/2" data-hovercard-type="issue" data-hovercard-url="/radsecproxy/radsecproxy/issues/2/hovercard" href="https://github.com/radsecproxy/radsecproxy/issues/2">#2</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="907308794" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/83" data-hovercard-type="pull_request" data-hovercard-url="/radsecproxy/radsecproxy/pull/83/hovercard" href="https://github.com/radsecproxy/radsecproxy/pull/83">#83</a>)</li> <li>Optionally log accounting requests when respoinding directly (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="688072379" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/72" data-hovercard-type="pull_request" data-hovercard-url="/radsecproxy/radsecproxy/pull/72/hovercard" href="https://github.com/radsecproxy/radsecproxy/pull/72">#72</a>)</li> <li>SNI support for outgoing connections (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="950242384" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/90" data-hovercard-type="pull_request" data-hovercard-url="/radsecproxy/radsecproxy/pull/90/hovercard" href="https://github.com/radsecproxy/radsecproxy/pull/90">#90</a>)</li> <li>Optionally specify server name for certificate name check (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1437403429" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/106" data-hovercard-type="pull_request" data-hovercard-url="/radsecproxy/radsecproxy/pull/106/hovercard" href="https://github.com/radsecproxy/radsecproxy/pull/106">#106</a>)</li> <li>Manual MTU setting for DTLS on non-linux platforms</li> </ul> <h2>Misc:</h2> <ul> <li>Don't require server type to be set by dyndisc scripts</li> <li>Improve locating openssl lib using pkg-config</li> </ul> <h2>Bug Fixes:</h2> <ul> <li>Fix radius message length handling</li> </ul> fmauchle tag:github.com,2008:Repository/116818398/1.9.3 2023-05-02T19:13:34Z <h2>Bug Fixes:</h2> <ul> <li>Fix shutdown TLS connection on malformed radius message (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1681168431" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/122" data-hovercard-type="pull_request" data-hovercard-url="/radsecproxy/radsecproxy/pull/122/hovercard" href="https://github.com/radsecproxy/radsecproxy/pull/122">#122</a>)</li> <li>Fix handling of lost requests in DTLS</li> <li>Fix flush requests when dyndisc fails</li> </ul> fmauchle tag:github.com,2008:Repository/116818398/1.10.0-rc1 2023-03-27T15:54:09Z <h2>New features:</h2> <ul> <li>Native dynamic discovery for NAPTR and SRV records (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="306275951" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/2" data-hovercard-type="issue" data-hovercard-url="/radsecproxy/radsecproxy/issues/2/hovercard" href="https://github.com/radsecproxy/radsecproxy/issues/2">#2</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="907308794" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/83" data-hovercard-type="pull_request" data-hovercard-url="/radsecproxy/radsecproxy/pull/83/hovercard" href="https://github.com/radsecproxy/radsecproxy/pull/83">#83</a>)</li> <li>Optionally log accounting requests when respoinding directly (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="688072379" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/72" data-hovercard-type="pull_request" data-hovercard-url="/radsecproxy/radsecproxy/pull/72/hovercard" href="https://github.com/radsecproxy/radsecproxy/pull/72">#72</a>)</li> <li>SNI support for outgoing connections (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="950242384" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/90" data-hovercard-type="pull_request" data-hovercard-url="/radsecproxy/radsecproxy/pull/90/hovercard" href="https://github.com/radsecproxy/radsecproxy/pull/90">#90</a>)</li> <li>Optionally specify server name for certificate name check (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1437403429" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/106" data-hovercard-type="pull_request" data-hovercard-url="/radsecproxy/radsecproxy/pull/106/hovercard" href="https://github.com/radsecproxy/radsecproxy/pull/106">#106</a>)</li> <li>Manual MTU setting for DTLS on non-linux platforms</li> </ul> <h2>Misc:</h2> <ul> <li>Don't require server type to be set by dyndisc scripts</li> <li>Improve locating openssl lib using pkg-config</li> </ul> <h2>Bug Fixes:</h2> <ul> <li>Fix radius message length handling</li> <li>Fix DTLS lost request and timeout handling</li> </ul> fmauchle tag:github.com,2008:Repository/116818398/1.9.2 2023-01-23T15:31:00Z <h2>Bug Fixes:</h2> <ul> <li>Fix potential segfault in tcp log message</li> <li>Fix DTLS over IPv6</li> <li>Fix SSL shutdown/EOF for openssl 3.x (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1463071909" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/108" data-hovercard-type="issue" data-hovercard-url="/radsecproxy/radsecproxy/issues/108/hovercard" href="https://github.com/radsecproxy/radsecproxy/issues/108">#108</a>)</li> </ul> fmauchle tag:github.com,2008:Repository/116818398/1.9.1 2021-10-25T15:19:47Z <h2>Misc:</h2> <ul> <li>OpenSSL 3.0 compatibility (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="680734645" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/70" data-hovercard-type="issue" data-hovercard-url="/radsecproxy/radsecproxy/issues/70/hovercard" href="https://github.com/radsecproxy/radsecproxy/issues/70">#70</a>)</li> </ul> <h2>Bug Fixes:</h2> <ul> <li>Fix refused startup with openssl &lt;1.1 (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="907252479" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/82" data-hovercard-type="issue" data-hovercard-url="/radsecproxy/radsecproxy/issues/82/hovercard" href="https://github.com/radsecproxy/radsecproxy/issues/82">#82</a>)</li> <li>Fix compiler issue for Fedora 33 on s390x (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="907722429" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/84" data-hovercard-type="issue" data-hovercard-url="/radsecproxy/radsecproxy/issues/84/hovercard" href="https://github.com/radsecproxy/radsecproxy/issues/84">#84</a>)</li> <li>Fix small memory leak in config parser</li> <li>Fix lazy certificate check when connecting to TLS servers</li> <li>Fix connect is aborted if first host in list has invalid certificate</li> <li>Fix setstacksize for glibc 2.34 (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="952158300" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/91" data-hovercard-type="issue" data-hovercard-url="/radsecproxy/radsecproxy/issues/91/hovercard" href="https://github.com/radsecproxy/radsecproxy/issues/91">#91</a>)</li> <li>Fix system defaults/settings for TLS version not honored (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="957987221" data-permission-text="Title is private" data-url="https://github.com/radsecproxy/radsecproxy/issues/92" data-hovercard-type="pull_request" data-hovercard-url="/radsecproxy/radsecproxy/pull/92/hovercard" href="https://github.com/radsecproxy/radsecproxy/pull/92">#92</a>)</li> </ul> fmauchle