We are happy to announce the release of strongSwan 5.6.3, which improves certificate chain validation, updates the DHCP plugin, allows forcing the local termination of IKE_SAs, supports trap policies with virtual IPs, and fixes two potential DoS vulnerabilities and several other issues.

A denial-of-service vulnerability in the IKEv2 key derivation if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF was discovered, all strongSwan versions since 5.0.1 may be affected.

A denial-of-service vulnerability in the stroke plugin was discovered in strongSwan. All versions are affected in certain configurations.

We are happy to announce the release of strongSwan 5.6.2 which includes rekeying and MOBIKE improvements, supports accessing certificates in a TPM 2.0, and fixes a DoS vulnerability and several other issues.

A denial-of-service vulnerability in the parser for RSASSA-PSS signatures was discovered in strongSwan 5.6.1.

We are happy to announce the release of strongSwan 5.6.1 which removes deprecated algorithms from default proposals, supports RSASSA-PSS signatures, and brings several other new features and fixes.

A denial-of-service vulnerability in the gmp plugin was discovered in strongSwan. All versions are affected.

We are happy to announce the release of strongSwan 5.6.0 which adds support for SWIMA for PA-TNC, brings a plugin that implements 3GPP MILENAGE in software, refines CHILD_SA rekeying and fixes a DoS vulnerability and several other issues.

A denial-of-service vulnerability in the gmp plugin was discovered in strongSwan. All versions since 4.4.0 are affected.

A denial-of-service vulnerability in the x509 plugin was discovered in strongSwan. All versions are affected.