From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 15 Jun 2023 12:04:46 +0000 (+0200)
Subject: NEWS: Add news for 6.0.0
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=97283e88154ae1ee5bae27982629ed6a09e396a4;p=thirdparty%2Fstrongswan.git

NEWS: Add news for 6.0.0
---

diff --git a/NEWS b/NEWS
index 1f47a711e7..2528ee370b 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,17 @@
+strongswan-6.0.0
+----------------
+
+- Support of multiple post-quantum (and classic) key exchanges using the
+  IKE_INTERMEDIATE exchange (RFC 9242) and the Additional Key Exchange
+  transform types 1..7 (RFC 9370).
+
+- New oqs and frodo plugins support NIST round 3 submission and alternate
+  KEM candidates.
+
+- The oqs plugin supports the NIST round 3 submission signature algorithms
+  DILITHIUM and Falcon.
+
+
 strongswan-5.9.14
 -----------------
 
@@ -362,7 +376,7 @@ strongswan-5.9.4
   salt lengths.
   This vulnerability has been registered as CVE-2021-41990.
 
-- Fixed a denial-of-service vulnerability in the in-memory certificate cache
+- Fixed a denial-of-service vulnerabililty in the in-memory certificate cache
   if certificates are replaced and a very large random value caused an integer
   overflow.
   This vulnerability has been registered as CVE-2021-41991.
@@ -1774,7 +1788,7 @@ strongswan-5.0.3
   PT-TLS (RFC 6876), a Posture Transport Protocol over TLS.
 
 - The charon systime-fix plugin can disable certificate lifetime checks on
-  embedded systems if the system time is obviously out of sync after boot-up.
+  embedded systems if the system time is obviously out of sync after bootup.
   Certificates lifetimes get checked once the system time gets sane, closing
   or reauthenticating connections using expired certificates.