Skip to content

3.2.6

Latest
Compare
Choose a tag to compare
@mcnewton mcnewton released this 24 Aug 13:16
· 34683 commits to master since this release
a696279

Configuration changes

  • require_message_authenticator=auto and limit_proxy_state=auto are not applied for wildcard clients. This likely will leave your network in an insecure state. Upgrade all clients!

Feature improvements

  • Allow for "auth+acct" dynamic home servers.
  • Allow for setting "Home-Server-Pool", etc. for proxying accounting packets, just like authentication packets.
  • Fix spelling in starent SN[1]-Subscriber-Acct-Mode attribute value. Patch from John Thacker.
  • Update dictionary.iea. Patch from John Thacker.
  • Add warning for secrets that are too short.
  • More debugging for SSL ciphers. Patch from Nick Porter.
  • Update 3GPP dictionary. Patch from Nick Porter.
  • Fix ZTE dictionary.
  • Make radsecret more portable and avoid extra dependencies.
  • Add timestamp for Client-Lost so we don't think it's 1970. Patch from Alexander Clouter. #5353

Bug fixes

  • Dynamic clients now inherit require_message_authenticator and limit_proxy_state from dynamic client {...} definition.
  • Fix radsecret build rules to better support parallel builds.
  • Checkpoint systems should be reconfigured for the BlastRADIUS attack: https://support.checkpoint.com/results/sk/sk182516 The Checkpoint systems drop packets containing Message-Authenticator, which violates the RFCs and is completely ridiculous.
  • Fix duplicate CoA packet issue. #5397
  • Several fixes in the event code
  • Don't leak memory in rlm_sql_sqlite. #5392
  • Don't stop processing RadSec data too early.