Hi Michael,
On 15/12/2025 17:43, Michael Tremer wrote:
Hello list,
Would someone be happy to grab this one?
Yes, I will pick it up.
Regards
Adolf.
-Michael
Begin forwarded message:
*From: *Tobias Brunner <[email protected]>
*Subject: **[strongswan/strongswan] Release 6.0.4 - strongSwan 6.0.4*
*Date: *12 December 2025 at 16:07:50 GMT
*To: *strongswan/strongswan <[email protected]>
*Cc: *Subscribed <[email protected]>
*Reply-To: *strongswan/strongswan <[email protected]>
strongSwan 6.0.4 <https://github.com/strongswan/strongswan/releases/tag/6.0.4>
Repository: strongswan/strongswan <https://github.com/strongswan/strongswan> · Tag: 6.0.4
<https://github.com/strongswan/strongswan/tree/6.0.4> · Commit: f795049
<https://github.com/strongswan/strongswan/commit/f79504994ae210904f5517abe195cccfa44843ba> ·
Released by: tobiasbrunner <https://github.com/tobiasbrunner>
Vulnerabilities
* Fixed a vulnerability in the NetworkManager plugin
<https://docs.strongswan.org/docs/latest/features/networkManager.html> that potentially
allows using credentials of other local users. This vulnerability has been registered as
CVE-2025-9615 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9615>. Please refer
to our blog
<https://www.strongswan.org/blog/2025/12/12/strongswan-vulnerability-(cve-2025-9615).html>
for details.
Enhancements and Optimizations
* Concurrent requests to fetch the same CRL URI by multiple threads are now
combined by the |revocation| plugin (#2918
<https://github.com/strongswan/strongswan/pull/2918>). Only the first thread
actually fetches it, the others wait for that result. This is particularly helpful if
the CRL can currently not be fetched due to DNS or HTTP/LDAP timeouts as it avoids
that each thread has to wait individually, reducing the number of SAs that can
concurrently be established as threads are blocked longer. A negative result is
cached for a while (currently 30 seconds) so requests can fail quickly and threads
can continue establishing SAs if they use a relaxed revocation policy.
* The maximum supported length for section names in swanctl.conf has been increased
to the upper limit of 256 characters that's enforced by VICI (#2936
<https://github.com/strongswan/strongswan/issues/2936>).
Fixes
* Prevent a crash if a confused peer rekeys a Child SA twice before sending a
delete (#2945 <https://github.com/strongswan/strongswan/issues/2945>).
* Fixed a memory leak if a peer's self-signed certificate is untrusted (#2954
<https://github.com/strongswan/strongswan/pull/2954>).
Refer to the 6.0.4 milestone
<https://github.com/strongswan/strongswan/milestone/17?closed=1> for a list of
all closed issues and pull requests.
—
This release has 8 assets:
* NetworkManager-strongswan-1.6.4.tar.bz2
* NetworkManager-strongswan-1.6.4.tar.bz2.sig
* strongswan-6.0.4.tar.bz2
* strongswan-6.0.4.tar.bz2.sig
* strongswan-6.0.4.tar.gz
* strongswan-6.0.4.tar.gz.sig
* Source code (zip)
* Source code (tar.gz)
Visit the release page
<https://github.com/strongswan/strongswan/releases/tag/6.0.4> to download them.
—
You are receiving this because you are watching this repository.
View it on GitHub <https://github.com/strongswan/strongswan/releases/tag/6.0.4> or
unsubscribe
<https://github.com/strongswan/strongswan/unsubscribe_via_email/ABQGVES62Q2DV45QXF7P5XL4BLR5NANCNFSM4AAPXRBQ>
from all notifications for this repository.
