Key Vulnerability Information Denial-of-Service Vulnerability (CVE-2014-9221) - Fixed a denial-of-service vulnerability that could be triggered by an IKEv2 key exchange (KE) payload containing a Diffie-Hellman group 1025. - All versions since 4.5.0 are affected. - More information can be found in a separate blog entry. Post-quantum Bimodal Lattice Signature Scheme (BLISS) - Introduced BLISS, a next-generation public key authentication method suitable for IKEv2 connections. - When combined with NTRU-based IKE key exchange methods, it enables setting up IPsec connections with 128-bit or 192-bit encryption strength that are resistant to attacks by quantum computers. - The strongSwan pki tool fully supports generating BLISS-based key pairs, certificates, and CRLs. - See the BLISS howto in the wiki for more details. Explicit type prefixes for identities - strongSwan now accepts identity prefixes to enforce explicit types, such as email: or fqdn:. - The remaining string is not converted; see the conn section reference or the ipsec.conf(5) manual page for details. Use correct mapping of AH integrity algorithms with IKEv1 - Fixed the mapping of AH integrity algorithms negotiated via IKEv1, which could cause interoperability issues when connecting to older versions of charon. Other Notable Changes - Fixed a rekeying issue when using fragmentation=yes in IKEv2 connections. - Fixed handling of invalid policies in end entity certificates, so that only the affected policies are invalidated instead of rejecting the entire certificate (see #453). - Added support for IP address pools defined as ranges (-) in ipsec.conf and swanctl.conf, and fixed pool size calculation and lease reassignment. - Added support for sending and processing INITIAL_CONTACT notifications in IKEv1 main mode.