FreeRADIUS 3.0.25 Thu 07 Oct 2021 12:00:00 EDT urgency=medium
        Feature improvements
        * Better debug output when proxying is disabled
        * Updates to support PostgreSQL 14 (#4251)

        Bug fixes
        * Add `correct_escapes` back into default configuration
        * Fix undeclared variable with some compile options (#4246)
        * Quiet erroneous debug output
        * Fix segfault when proxying to zombie home server
        * Fix resolving values to enum strings in rlm_rest (#4167)
        * Fix printing raw values rather than enum strings in rlm_couchbase (#4167)

FreeRADIUS 3.0.24 Wed 29 Sep 2021 12:00:00 EDT urgency=medium
        Feature improvements
        * Add sanitizer options to configure script.
        * Log information needed by Wireshark to decode TLS sessions.
        * Allow more liberal SQL commands in rlm_sql_map.
        * Update dictionary.apc, dictionary.h3c
        * Add new Acct-Status-Type Subsystem-On and Subsystem-Off.
          See dictionary.iana and
          https://freeradius.org/rfc/acct_status_type_subsystem.html
        * Add reject_unknown_intermediate_ca.  See mods-available/eap
        * Add dynamic loading of certificates via TLS-Session-Cert-File.
          See raddb/certs/realms/README.md
        * Add Server Name Indication (SNI) for outbound RadSec connections.
          See raddb/sites-available/tls, and the home server tls configuration.
        * Support SNI for inbound RadSec connections.  Certificates will
          be loaded from "realm_dir" in the "tls" section.  SNI will be
          cached in the TLS-Server-Name-Indication attribute.
        * Preliminary support for haproxy "PROXY" protocol.
          See sites-available/tls, "proxy_protocol" and doc/antora/modules/howto/pages/protocols/proxy/
        * Generate parse errors in more circumstances when we know that the
          configuration is wrong.
        * Add "weeklycounter" to sample sqlcounter configuration
        * Add certificate attributes to the request list, even if the certificates
          have expired.
        * The Simultaneous-Use code is now IPv6 aware, and can deal with
          NAS-IPv6-Address.
        * Add dictionary.cambium

        Bug fixes
        * Fix crash in trustrouter module (#4115). Patch from Alejandro Perez
        * Fix crash in state handling.
        * Don't alter global options in redhat logrotate scripts.
        * EAP-FAST will print errors and continue, rather than exiting
          when OpenSSL fails various internal sanity checks.
        * Allow admin to manually change core limits, even when core limits
          are disabled. Patch from Antonio Torres.
        * Fix chunked rlm_rest HTTP body.  Closes #4131.
          Patch from Nathan Ward.
        * Many fixes around the SQL ippool queries.conf and schema.
          Patches from Jorge Periera.
        * Fix MySQL stored procedures.  PR #4170 from Terry Burton.
        * Rework connection pool management for corner cases.
          Fixes #4161, #4162, #4163.
        * Final fix for double free in #3188.
        * Fix sqlcounter wrong memory free. PR #4192 from Jorge Pereira
        * Accept slow writes from proxies over TCP, which allows the
          server to make more progress when it receives partial packets.
        * Add 'weeklycounter' for rlm_sqlcounter.
        * Outbound proxying over TCP / TLS is better able to deal with
          partial TCP reads, and has fewer issues with slow networks.
        * Fix wrong data-type of Acct-Delay-Time in rlm_unix.
        * Fix EAP-FAST PAC lifetime calculation.
        * Print correct encoded packet length when debugging

FreeRADIUS 3.0.23 Thu 10 Jun 2021 12:00:00 EDT urgency=low
        Feature improvements
        * Update dictionary.aruba
        * Add "set home_server state ... down" in order to mark the
          home server as administratively down.  Use "alive" to bring
          it back to life.
        * Add Post-Auth-Type "Client-Lost" which should make it easier
          to log when clients stop responding.
        * Add sites-available/totp as an example of how to use TOTP.
        * Add %{mschap:Domain-Name}, fixes #3944.
        * Cache TLS messages in &session-state, for more debugging.
        * Notes in eap configuration about TLS 1.0 / TLS 1.1, and setting
          cipher_list = "DEFAULT@SECLEVEL=1"
        * Added MANY warning messages about using TLS 1.3 with EAP.
          In short, don't use it.  Microsoft will support it in fall 2021.

        Bug fixes
        * Fix crash in some cases when home server is down, in debug mode.
        * Fix (again) "read clients from SQL" functionality.
        * Fix sql_map to return values in more situations.
        * Silently ignore LEAP configuration instead of erroring out.