From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 9 Oct 2025 09:28:28 +0000 (+0200)
Subject: NEWS: Add news for 6.0.3
X-Git-Tag: 6.0.3rc1~2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d3a05165d441e0463765026870f6833465a8bf25;p=thirdparty%2Fstrongswan.git

NEWS: Add news for 6.0.3
---

diff --git a/NEWS b/NEWS
index 16cf858b4b..916f279018 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,34 @@
+strongswan-6.0.3
+----------------
+
+- The new `alert` event for vici is raised for certain error conditions.
+
+- Only plugins with matching version number are loaded by programs.
+
+- IKE SAs redirected during IKE_AUTH are now properly tracked by controller and
+  trap-manager.
+
+- Fallback to the IKE identity for clients that don't provide an EAP-Identity to
+  fix a regression in 6.0.2.
+
+- Detecting unwrapped CKA_EC_POINTs has been improved in the pkcs11 plugin.
+
+- The whitelist plugin uses non-blocking I/O to avoid issues with clients that
+  stay connected for a long time.  The buffer size for IDs was increased to 256.
+
+- The certexpire plugins also uses 256 bytes for its identity buffer.
+
+- Convenient decorators for event handling are provided by the Python bindings
+  for vici.
+
+- The openssl plugin also supports Ed25519 via AWS-LC.  It also loads EdDSA keys
+  from PKCS#12 containers.
+
+- The testing environment is now based on Debian 13 (trixie), by default.
+
+- Support for MD2 has been removed.
+
+
 strongswan-6.0.2
 ----------------