Hello list, Would someone be happy to grab this one?
-Michael > Begin forwarded message: > > From: Tobias Brunner <[email protected]> > Subject: [strongswan/strongswan] Release 6.0.4 - strongSwan 6.0.4 > Date: 12 December 2025 at 16:07:50 GMT > To: strongswan/strongswan <[email protected]> > Cc: Subscribed <[email protected]> > Reply-To: strongswan/strongswan <[email protected]> > > > strongSwan 6.0.4 <https://github.com/strongswan/strongswan/releases/tag/6.0.4> > Repository: strongswan/strongswan <https://github.com/strongswan/strongswan> > · Tag: 6.0.4 <https://github.com/strongswan/strongswan/tree/6.0.4> · Commit: > f795049 > <https://github.com/strongswan/strongswan/commit/f79504994ae210904f5517abe195cccfa44843ba> > · Released by: tobiasbrunner <https://github.com/tobiasbrunner> > Vulnerabilities > > Fixed a vulnerability in the NetworkManager plugin > <https://docs.strongswan.org/docs/latest/features/networkManager.html> that > potentially allows using credentials of other local users. This vulnerability > has been registered as CVE-2025-9615 > <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9615>. Please refer > to our blog > <https://www.strongswan.org/blog/2025/12/12/strongswan-vulnerability-(cve-2025-9615).html> > for details. > Enhancements and Optimizations > > Concurrent requests to fetch the same CRL URI by multiple threads are now > combined by the revocation plugin (#2918 > <https://github.com/strongswan/strongswan/pull/2918>). Only the first thread > actually fetches it, the others wait for that result. This is particularly > helpful if the CRL can currently not be fetched due to DNS or HTTP/LDAP > timeouts as it avoids that each thread has to wait individually, reducing the > number of SAs that can concurrently be established as threads are blocked > longer. A negative result is cached for a while (currently 30 seconds) so > requests can fail quickly and threads can continue establishing SAs if they > use a relaxed revocation policy. > The maximum supported length for section names in swanctl.conf has been > increased to the upper limit of 256 characters that's enforced by VICI (#2936 > <https://github.com/strongswan/strongswan/issues/2936>). > Fixes > > Prevent a crash if a confused peer rekeys a Child SA twice before sending a > delete (#2945 <https://github.com/strongswan/strongswan/issues/2945>). > Fixed a memory leak if a peer's self-signed certificate is untrusted (#2954 > <https://github.com/strongswan/strongswan/pull/2954>). > Refer to the 6.0.4 milestone > <https://github.com/strongswan/strongswan/milestone/17?closed=1> for a list > of all closed issues and pull requests. > > — > This release has 8 assets: > > NetworkManager-strongswan-1.6.4.tar.bz2 > NetworkManager-strongswan-1.6.4.tar.bz2.sig > strongswan-6.0.4.tar.bz2 > strongswan-6.0.4.tar.bz2.sig > strongswan-6.0.4.tar.gz > strongswan-6.0.4.tar.gz.sig > Source code (zip) > Source code (tar.gz) > Visit the release page > <https://github.com/strongswan/strongswan/releases/tag/6.0.4> to download > them. > > — > You are receiving this because you are watching this repository. > View it on GitHub > <https://github.com/strongswan/strongswan/releases/tag/6.0.4> or unsubscribe > <https://github.com/strongswan/strongswan/unsubscribe_via_email/ABQGVES62Q2DV45QXF7P5XL4BLR5NANCNFSM4AAPXRBQ> > from all notifications for this repository. >
