From: Alan T. DeKok <aland@freeradius.org>
Date: Fri, 23 Aug 2024 12:35:31 +0000 (-0400)
Subject: note recent changes
X-Git-Tag: release_3_2_6~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=199c210758cc67cb045bc74e0cb46ee2115fef05;p=thirdparty%2Ffreeradius-server.git

note recent changes
---

diff --git a/doc/ChangeLog b/doc/ChangeLog
index ff96d245a93..3c46665109b 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -5,11 +5,18 @@ FreeRADIUS 3.2.6 Mon 15 May 2024 12:00:00 UTC urgency=low
 	* allow for "auth+acct" dynamic home servers.
 	* Allow for setting "Home-Server-Pool", etc. for proxying
 	  accounting packets, just like authentication packets.
+	* require_message_authenticator=auto and limit_proxy_state=auto
+	  are not applied for wildcard clients.  This likely will
+	  leave your network in an insecure state.  Upgrade all clients!
 
 	Bug fixes
 	* Dynamic clients now inherit require_message_authenticator
 	  and limit_proxy_state from dynamic client {...} definition.
 	* Fix radsecret build rules to better support parallel builds.
+	* Checkpoint systems should be reconfigured for the BlastRADIUS
+	  attack: https://support.checkpoint.com/results/sk/sk182516
+	  The Checkpoint systems drop packets containing Message-Authenticator,
+	  which violates the RFCs and is completely ridiculous.
 
 FreeRADIUS 3.2.5 Tue 09 Jul 2024 12:00:00 UTC urgency=high
 	Configuration changes