Skip to content

3.0.20
Compare
Choose a tag to compare
@mcnewton mcnewton released this 14 Nov 17:39
· 1614 commits to v3.0.x since this release
release_3_0_20
d94c953
This commit was signed with the committer’s verified signature.
mcnewton Matthew Newton
GPG key ID: D9B933C12AED74F0
Verified
Learn about vigilant mode.

Feature improvements

  • Add Jenkins continuous integration. Fixes #2620. Used to build http://packages.networkradius.com/
  • Added Force10 dictionary.
  • Update dictionary.hp with new attributes. #2690
  • Update dictionary.aruba with new attributes. #2696
  • Update logrotate settings to rotate as non-root user. #2666
  • Fix side-channel leak in EAP-PWD. Patch from Mathy Vanhoef.
  • Relax OpenSSL version checks, now that their API is both public, and stable.
  • Note that tls_min_version/tls_max_version also support "1.3". Since there is no standard yet for EAP with TLS 1.3, it will not work.
  • Added tripplite dictionary from #2760.
  • Switch to the async interface for rlm_sql_postgresql so that we can enforce query_timeout.
  • Added new LDAP option 'allow_dangling_group_ref'.
  • Updated documentation and functionality for EAP session caching. See "cache" section of mods-available/eap.
  • Tighten systemd unit file security. Fixes #2637.
  • Disable TLS 1.0 and TLS 1.1 support in the default configuration. We STRONGLY recommend doing this for all installations.
  • Add expansions for outgoing Radsec connections. "%{proxy_listen:TLS-...}" for TLS-Client-Cert-* and TLS-Cert-* attributes. Fixes #2839.
  • Add %{listen:tls} which returns "yes" or "no" for TLS or non-TLS connections.
  • Update dictionary.lancom with new attributes. #2847
  • Added rlm_sql_mongo. See raddb/mods-available/sql. Note that this module is experimental.
  • Added more documentation in sites-available/robust-proxy-accounting
  • sqlippool now re-allocates unexpired leases, to prevent IP pool exhaustion when clients perform multiple reauthentication attempts. Patch from Terry Burton.
  • Add support to radmin keep the history in ~/.radmin_history
  • Add support for ENV and LD_PRELOAD in radiusd.conf. See the new ENV sub-section of radiusd.conf.
  • Update dictionary.aptilo. #3002
  • Update dictionary.airespace. #3039
  • Add sites-available/coa-relay, which makes CoA easier. Patch from Terry Burton. #3045.
  • Add example stored procedure for IP Pools in MySQL. See mods-config/sql/ippool/mysql/procedure.sql Patch from Terry Burton. #3048.
  • Update dictionary.dhcp dictionary with the recent hardware types.
  • Add experimental rlm_python3. This should largely work the same as rlm_python, which was Python2 only.
  • Add Dockerfiles for Debian10 and CentOS8.
  • Add RPM spec file compatibility for RHEL/CentOS 8.
  • Notes on iOS 13 certificate issues. See https://support.apple.com/en-us/HT210176.
  • Notes on certificate constraints. See raddb/certs/server.cnf.
  • Add NAIRealm example to raddb/certs/server.cnf, for RFC 7585.

Bug fixes

  • Allow listen.ipaddr to reference an IPv6-only host. Fixes #2627.
  • ERX-Acct-Request-Reason is "integer". Closes #2635.
  • Fix a slow memory leak in the file management code.
  • Try to fix file permissions if they get modified while the server is running.
  • Fix slow memory leak with clients.
  • Fix request and connection timeouts in rlm_rest.
  • Fix systemd issues. Patches from Daniele Rondina.
  • Fixes from clang analyzer.
  • Fix missing include for the dictionaries: alcatel.esam, altiga,alvarion.wimax.v2_2,aptis,asn,audiocodes,avaya,bristol, columbia_university,freedhcp,garderos,infoblox,motorola.illegal, starent.vsa1, telkom, wimax.wichorus.
  • Fix internal sanity check when running with "-Xx"
  • Allow "inner-tunnel" virtual servers to work better with "accept" and "reject" policies.
  • Fix dictionary.huawei data types for Huawei-DNS-Server-IPv6-address and Huawei-Framed-IPv6-Address. Fixes #2803
  • Framed-Interface-ID in postgresql/queries.conf is string, not inet Fixes #2817.
  • Fix rlm_cache to complain on unknown attributes in the "update" section of its configuration.
  • Add configure checks for -latomic. This helps on armel, mips and mipsel. Fixes #2828.
  • Add support to Oracle 19 and 18. Via #2857
  • Add support for decoding tags in rlm_rest. Fixes #2848.
  • Use correct passwords when updating CRLs in raddb/certs/
  • Properly separate "originate-coa" packets when accounting packets are read from the detail file reader.
  • Use the correct virtual server for pre/post-proxy.
  • radsqlrelay fixes backported from "master" branch. Patches from Terry Burton.
  • Fix DoS issues due to multithreaded BN_CTX access. Patch from Mathy Vanhoef. CVE-2019-17185
Assets 2
Loading