From d3a05165d441e0463765026870f6833465a8bf25 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 9 Oct 2025 11:28:28 +0200
Subject: [PATCH] NEWS: Add news for 6.0.3

---
 NEWS | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/NEWS b/NEWS
index 16cf858b4b..916f279018 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,34 @@
+strongswan-6.0.3
+----------------
+
+- The new `alert` event for vici is raised for certain error conditions.
+
+- Only plugins with matching version number are loaded by programs.
+
+- IKE SAs redirected during IKE_AUTH are now properly tracked by controller and
+  trap-manager.
+
+- Fallback to the IKE identity for clients that don't provide an EAP-Identity to
+  fix a regression in 6.0.2.
+
+- Detecting unwrapped CKA_EC_POINTs has been improved in the pkcs11 plugin.
+
+- The whitelist plugin uses non-blocking I/O to avoid issues with clients that
+  stay connected for a long time.  The buffer size for IDs was increased to 256.
+
+- The certexpire plugins also uses 256 bytes for its identity buffer.
+
+- Convenient decorators for event handling are provided by the Python bindings
+  for vici.
+
+- The openssl plugin also supports Ed25519 via AWS-LC.  It also loads EdDSA keys
+  from PKCS#12 containers.
+
+- The testing environment is now based on Debian 13 (trixie), by default.
+
+- Support for MD2 has been removed.
+
+
 strongswan-6.0.2
 ----------------
 
-- 
2.47.3