freeradius upgrade

Alan DeKok aland at
Tue Aug 4 12:07:08 CEST 2009

Alexandre Chapellon wrote:
> I am wondering if I shall upgrade now to 2.1.6 or wait until the next
> comming 2.1.7 release.
> What are the new features, improvements, or bug fixes that should come
> with 2.1.7?

  I've put the preliminary ChangeLog below.

> Is there Major leacks in 2.1.6?

  Not that I'm aware of.

  Here's the preliminary changelog for 2.1.7:

	Feature improvements
	* Full support for CoA and Disconnect packets as per RFC 3576
	  and RFC 5176.  Both receiving and proxying CoA is supported.
	* Added "src_ipaddr" configuration to "home_server".  See
	  proxy.conf for details.
	* radsniff now accepts -I, to read from a filename instead of
	  a device.
	* radsniff also prints matching requests and any responses to those
	  requests when '-r' is used.
	* Added example of attr_filter for Access-Challenge packets
	* Added support for udpfromto in DHCP code
	* radmin can now selectively mark modules alive/dead.
	  See "set module state".
	* Added customizable messages on login success/fail.
	  See msg_goodpass && msg_badpass in log{} section of radiusd.conf
	* Document "chase_referrals" and "rebind" in raddb/modules/ldap
	* Preliminary implementation of DHCP relay.
	* Made thread pool section optional.  If it doesn't exist,
	  The server will run single-threaded.
	* Added sample radrelay.conf for people upgrading from 1.x
	* Made proxying more stable by failing over, rather than
	  rejecting the first request.  See "response_window" in proxy.conf
	* Add dictionary.iea (closes bug #7)

	Bug fixes
	* Fixed corner case where proxied packets could have extra
	  character in User-Password attribute.  Fix from Niko Tyni.
	* Extended size of "attribute" field in SQL to 64.
	* Fixes to ruby module to be more careful about when it builds.
	* Updated Perl module "configure" script to check for broken
	  Perl installations.
	* Fix "status_check = none".  It would still send packets
	  in some cases.
	* Set recursive flag on the proxy mutex, which enables safer
	  cleanup on some platforms.
	* Copy the EAP username verbatim, rather than escaping it.
	* Update handling so that robust-proxy-accounting works when
	  all home servers are down for extended periods of time.
	* Look for DHCP option 53 anywhere in the packet, not just
	  at the start.
	* Mark proxy mutex as recursive.  This solves issues on exit
	  with some platforms.
	* Fix processing of proxy fail handler with virtual servers.
	* DHCP code now prints out correct src/dst IP addresses
	  when sending packets.
	* Removed requirement for DHCP to have clients
	* Fixed handling of packets with message-type buried in the packet
	* Fixed corner case with negation in unlang.
	* Minor fixes to default MySQL & PostgreSQL schemas
	* Suppress MSCHAP complaints in debugging mode.
	* Fix SQL module for multiple instance, and possible crash on HUP
	* Fix permissions for radius.log for sites that change user/group,
	  but which don't create the file before starting radiusd.
	* Fix double counting of packets when proxying
	* Make %l work
	* Fix pthread keys in rlm_perl
	* Log reasons for EAP failure (closes bug #8)
	* Load home servers and pools that aren't referenced from a realm.

More information about the Freeradius-Users mailing list