note recent changes

author Alan T. DeKok <aland@freeradius.org>

Fri, 23 Aug 2024 12:35:31 +0000 (08:35 -0400)

committer Alan T. DeKok <aland@freeradius.org>

Fri, 23 Aug 2024 12:35:31 +0000 (08:35 -0400)
author Alan T. DeKok <aland@freeradius.org>
Fri, 23 Aug 2024 12:35:31 +0000 (08:35 -0400)
committer Alan T. DeKok <aland@freeradius.org>
Fri, 23 Aug 2024 12:35:31 +0000 (08:35 -0400)
diff --git a/doc/ChangeLog b/doc/ChangeLog

index ff96d245a93d948f725f0f329ef79c20776ee703..3c46665109bb12733870b05110c8547a8d0c23c3 100644 (file)
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -5,11 +5,18 @@ FreeRADIUS 3.2.6 Mon 15 May 2024 12:00:00 UTC urgency=low
         * allow for "auth+acct" dynamic home servers.
         * Allow for setting "Home-Server-Pool", etc. for proxying
           accounting packets, just like authentication packets.
+       * require_message_authenticator=auto and limit_proxy_state=auto
+         are not applied for wildcard clients.  This likely will
+         leave your network in an insecure state.  Upgrade all clients!
  
         Bug fixes
         * Dynamic clients now inherit require_message_authenticator
           and limit_proxy_state from dynamic client {...} definition.
         * Fix radsecret build rules to better support parallel builds.
+       * Checkpoint systems should be reconfigured for the BlastRADIUS
+         attack: https://support.checkpoint.com/results/sk/sk182516
+         The Checkpoint systems drop packets containing Message-Authenticator,
+         which violates the RFCs and is completely ridiculous.
  
  FreeRADIUS 3.2.5 Tue 09 Jul 2024 12:00:00 UTC urgency=high
         Configuration changes
author	Alan T. DeKok <aland@freeradius.org>
	Fri, 23 Aug 2024 12:35:31 +0000 (08:35 -0400)
committer	Alan T. DeKok <aland@freeradius.org>
	Fri, 23 Aug 2024 12:35:31 +0000 (08:35 -0400)