Blog

Release and vulnerability announcements for strongSwan

This advisory reclassifies an old bug in our TLS library as a potential authorization bypass vulnerability in order to get the fix applied to affected distribution packages. The bug is contained in versions 5.9.2 through 5.9.5 and was fixed with 5.9.6, which was released in August 2022.

We are happy to announce the release of strongSwan 5.9.14, which brings support for the IKEv2 OCSP extensions, improves X.509 name constraints validation, adds managed configurations to the Android app, and comes with several other new features and fixes.