[Swan-announce] libreswan-5.0rc3 Release Candidate 3 released

The Libreswan Team team at libreswan.org
Wed Apr 17 19:32:34 EEST 2024 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


The Libreswan Project has issued a Release Candidate 3 for libreswan-5.0

This release is a major release with many features and bugfixes. We
strongly encourage developers, system integrators, and distribution
vendors to carefully test this release for any unexpected regressions.

This Release Candidate 3 pulls in fixes from 4.15, such as the removal
of libsystemd/xz and CVE-2024-3652.

A list of major items for the 5.0 series are:

* A new option to globally disable IKEv1 (enabled by default)
* Combined Traffic Selectors within a single IPsec SA
* Combined addresspool support (addresspool=v4/mask,v6/mask)
* Nic Hardware Offload support (eg Nvidia/Mellanox ConnectX)
* "ipsec auto --option" obsoleted for "ipsec option"
     (eg ipsec auto --up conn is now "ipsec up conn")
     (auto is still working for backwards compatibility)
* XFRM interface IP management from pluto
* nftables support (now the default over iptables)
* Many bugfixes around restarting/reviving connections
* Improved PFS/rekey compatibility
* Drop prefix numbers from ipsec/whack command output
* IKEv2 Labeled IPsec fixes (IKEv1 support removed)
* Removal of _stackmanager
* XFRM flushing moved from init system to pluto
* cleanup of man pages
* added various missing whack options
* Internal SPD routing improvements

For new configuration keywords and whack commands, please see:
* man libreswan
* man pluto
* man ipsec whack

You can download release candidates of libreswan via https at:

https://download.libreswan.org/development/

The full changelog is available at:
https://github.com/libreswan/libreswan/blob/main/CHANGES

Please report bugs either via one of the mailinglists or at our bug
tracker:

https://lists.libreswan.org/
https://github.com/libreswan/libreswan/

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEEkH55DyXB6OVhzXO1hf9LQ7MPxvkFAmYf48MTHHRlYW1AbGli
cmVzd2FuLm9yZwAKCRCF/0tDsw/G+RVXD/wNwLBlQFzi14qWv6cM7FKyQob8CqRW
DBu6rIPMt8pH+9QMU7Lx/Bn/KJ1FxEpk0A9jVW6PPA6BOy96vEphJGZbk3V6upJV
c8MK8/VyowOilHbyqOrJKzRUsI7/HjPvCoxdcvHxzHmyob9Nzs8+GASVk7oiI23v
MJCuCwV8BkjqwkcaCntr2+8eyTA/rZCxhZe2iEqzFgHIXooNfpv5mo6+Fz8rFn4N
w1LAeQoebHw09764biyhbvT51JMc45tG47AE2vprMHAM7yJyDq3mbb9uGhSCAJJM
Zsp+R5IKTRb9qvAdxyuyaYpYyrFYFTU9ab9ph2yqANTj1kJ/u+TEwDKAJB8bwGUW
VykvA0kX5ugRpWB6Mw2nY+JVHvkF+VD76niDXfgwfSQOPeOONneEYPtJfWGdikNA
PX3QJbMfEtqNj25iFh3GyfuN8I9+kH8KLVeTpN9pZJaR1+l4otwGYHUf4WNCxccB
r1I/S3XMUdnUAJFophLHr+MHItxd/MsmAt6IT0iPwfmlsdI3ychAfddoRKzoQVXy
ZkDqmpqoYS3w+AX9pv23oAbsIE170xdjwzlZxEyB1qckWMkGcbvo7AKPnyPY8cU/
sd3+cl8yYh736f57JbK+e53v1xnE/Slvr3C7bNDdwHVPP+3bJl3A6+f1gPOXxuO6
apevvv4b0x8gXw==
=EnK8
-----END PGP SIGNATURE-----

More information about the Swan-announce mailing list