1.3.30 (July 3 2023)
    - Fixed a startup error when ca_cert is set in the config file.
    - Updated libopenotp to version 1.0.28.
    - Added a 'renew' launcher command to renew the SSL certificate and trust
      bundle and reload the deamon.
      > The renewal can be scheduled via a cron command.

1.3.29 (June 5 2023)
    - Upgraded FreeRadius to version 3.2.3 (including bug fixes).
    - Upgraded OpenSSL to version 1.1.1u (including bug fixes).
    - Fixed issues when deprecated ocsp_url is conigured in radiusd.conf.
1.3.28 (April 22 2023)
    - Upgraded FreeRadius to version 3.2.2 (including bug fixes).
    - Upgraded OpenSSL to version 1.1.1t (including bug fixes).
    - Added support OpenOTP Cloud API keys.
    - Added SELinux log context creation in the setup script.
1.3.27 (December 5 2022)
    - Upgraded FreeRadius to version 3.2.1 (including bug fixes).
    - Upgraded OpenSSL to version 1.1.1s (including bug fixes).
    - Updated vendor dictionary database.
1.3.26 (May 10 2022)
    - Upgraded FreeRadius to version 3.2.0 (including security fixes).
    - Upgraded OpenSSL to version 1.1.1o (including security fixes).
1.3.25 (April 22 2022)
    - Added support for EAP-TLS with UPNs (requires OpenOTP v2.1.1).
    - Radiusd SSL certificate auto-renewal complies with WebADM v2.1.9.
1.3.24 (April 6 2022)
    - Fixed EAP-TLS username not recognized with newer Windows versions.
    - Upgraded embedded OpenSSL to version 1.1.1n (including bug fixes).
1.3.23 (January 24 2022)
    - WebADM CA trust bundle is automatically trusted by Radiusd for EAP-TLS.
      > The CA bundle is auto-updated in 'conf/trusted.crt' at startup.
      > Requires WebADM v2.1.2.
    - Upgraded embedded OpenSSL to version 1.1.1m (including bug fixes).
    - Added 'auth_support' setting to allow disabling OpenOTP authentication and
      work in EAP-TLS mode only (ie. PKI login).
1.3.22 (November 22 2021)
    - EAP-TLS (certificate based login) now uses OpenOTP v2.0.3 PKILogin method
      by default and not the usual OCSP login.
      > Note: This update requires OpenOTP v2.0.3 for EAL-TLS PKI login to work!
      > Simply comment 'ocsp_url' in 'conf/radiusd.conf' to use OpenOTP PKILogin.
      > You can still revert to the previous behavior (ie. using OCSP service) by
        enabling the 'ocsp_url' setting in 'conf/radiusd.conf'.

1.3.21 (November 8 2021)
    - Upgraded FreeRadius to version 3.0.25 (stability fixes).
    - Upgraded OpenSSL to version 1.1.1l (including security fixes).
    - Upgraded OpenLDAP to version 2.6.0.
    - Fixed stability issues with EAP-TLS (client certificates).
1.3.20 (September 17 2021)
    - Fixed incorrect EAP max_sessions setting in lib/radiusd.ini.
    - Added module optional rlm_ippool.so to the lib/modules folder.
    - Now requires Linux with min glibc-2.17 and not glibc-2.12 anymore.

1.3.19 (August 25 2021)
    - Upgraded OpenSSL to version 1.1.1l (including security fixes).
    - Fixed crashes with talloc memory management when using EAP-TLS.
1.3.17 (July 5 2021)
    - Multiple CA certificates can be concatenated in 'conf/ca.crt' for OSCP
      client certififcates' validation.
    - When trusted certificates contain an OCSP endpoint URL, it is preferred
      to the confgiured 'ocsp_url'.
      > This allows using Windows machine certificates together with EAP-TLS.
    - Fixed multiple EAP-TLS issues.
    - Upgraded FreeRadius to version 3.0.23.
    - Upgraded OpenSSL to version 1.1.1k (including security fixes).
    - Upgraded OpenLDAP to version 2.5.5.
1.3.16 (March 18 2021)
    - Fixed a un-necessary dependency on libpcre.
    - Upgraded OpenSSL to version 1.1.1j (including security fixes).
    - Upgraded OpenLDAP to version 2.4.57.

    - Added support for EAP-PEAP-GTC (for NAC and 802.1x).
    - Updated libopenotp to version 1.0.24.

    - Added the 'cert_nopolicy' config to disable OpenOTP call with EAP-TLS.
      This setting disable the enforcement of client policies in WebADM.
    - Upgraded OpenSSL to version 1.1.1i (including security fixes).
    - Upgraded OpenLDAP to version 2.4.56.
    - Fixed client Id not defaulting to the NAS-IP-Address when NAS-Identifier
      is not provided.
    - Fixed a segfault with EAP-TLS and client certificate login.
    - Upgraded OpenLDAP to version 2.4.50.
    - Upgraded OpenLDAP to version 2.4.49.
    - Added compatibility with RedHat 8 and CentOS 8.
    - Added support for OpenOTP v1.5 and voice biometrics.
    - Upgraded OpenSSL to version 1.1.1g (including security fixes).
    - Upgraded FreeRadius to version 3.0.21.
    - Added support for OpenOTP request with EAP-TLS (physical and Wifi NAC).
      > RadiusBridge sends OpenOTP requests with client certificates generated
        by WebADM in order to validate client policies and return reply attrs.
    - Upgraded libopenotp to version 1.0.22 (stability).

    - Fixed a crash occuring whith more than 1024 simultaneous connections.
    - Fixed a memory leak with EAP-TLS for NAC access (Wifi/Ethernet).
    - Upgraded libopenotp to version 1.0.21 (stability).
    - Upgraded OpenSSL to version 1.1.1d (including security fixes).
    - Added a nodelay_usernames to prevent anti-brutfore delay for load-tests.
    - Added Docker start mode with '/opt/radiusd/bin/radiusd start docker'.
    - Upgraded FreeRadius to version 3.0.19.
    - Upgraded OpenSSL to version 1.1.1c (including security fixes).
    - Added SSL certificate auto-renewal (requires WebADM v1.7.3-1).
    - Upgraded FreeRadius to version 3.0.19.
    - Added support for WebADM 1.7.2 fast OCSP service for EAP-TLS.
    - Added support for OCSP logs in WebADM Web Services' SQL log.
    - Fixed a SOAP timeout issue in libopenotp.
    - Upgraded OpenSSL to version 1.0.2r (including security fixes).
    - Upgraded FreeRadius to version 3.0.18.
    - Radiusd 32 bit version is discontinued.
    - Added suppport for OTP retries over RADIUS (requires OpenOTP v1.4.1).
    - Upgraded OpenSSL to version 1.0.2p (including security fixes).
    - Upgraded libopenotp to version 1.0.19 (challenge timeout optimizations).
    - Added support for FIDO2 over RCDevs Vendor-Specific RADIUS attributes.
      > Setting 'u2f_support' is replaced by "fido_support'.
    - Added support for EAP-TLS for WIFI access with WebADM user certificates.
      > You need to configure cert_support and ocsp_url in radiusd.conf for AP-TLS.
      > If RadiusBridge refuses to start because it's missing the conf/ca.crt file,
        then copy the WebADM CA certificate from the Admin menu in conf/ca.crt.
    - Removed conf/dictionary and conf/radiusd.conf files.
      > The FreeRadius config is located in an .ini file under the lib/ directory.
      > conf/openotp.conf is renamed to conf/radiusd.conf for any future version.
      > The conf/ directory now only contains radiusd.conf and clients.conf.
      > You can adjust the listening interface/ports by creating conf/radiusd.env.
    - Upgraded FreeRadius to version 3.0.17.
    - nolock_usernames and similar settings now allow lists up to 256 usernames.
    - Better support for Wifi access points.
    - New setup wizard with server URL auto-configuration and SSL certificate signed
      by WebADM CA (Rsignd).
    - denied_usernames, nolock_usernames and cached_usernames support wildcard matching.
    - Upgraded OpenSSL to version 1.0.2o (including security fixes).
    - Upgraded OpenLDAP to version 2.4.46.
    - Fixed a memory leak in the libopenotp with SSL connections.
    - Upgraded Freeradius to version 3.0.16.
    - Added support for Microsoft NPS with Terminal service gateways.
    - Fixed error handling when OpenOTP reply data value-pairs cannot be parsed.
    - Added TCP listener for RADIUS auth requests.
    - Added support for Cisco ASA servers not supporting 30 seconds' timeouts.
    - Added upport for local LDAP password checks (AD / LDAP).
      > This option is reverved for MSP partners (please contact RCDevs for details).
    - Added support for PaloAlto client source IP address.
    - Fixed config with source/context/client attributes in vendor-specific dictionaries.
    - Updated OpenSSL to version 1.0.2m.
    - Upgraded Freeradius to version 3.0.15 (including security fixes).
    - Fixed server not willing to start with server_url1 & server_url2 configured.
    - Upgraded OpenLDAP to version 2.4.45 and libopenotp to version 1.0.17
    - Removed log "TLS section tls missing, trying to use legacy configuration".
    - Moved from Freeradius 2.x branch to Freeradius 3.x.
      > The previous radiusd.conf must be replaced by radiusd.conf.default.
    - Fixed EAP security issue CVE-2017-9148.
    - Updated OpenSSL to version 1.0.2l.

    - All with xxx_attribute (ex. client_attribute or source_attribute) support an
      optional list of values in the form "Attribute1,Attibute2,...".
    - When client_attribute is not set, the attributes NAS-IIdentifier NAS-IP-Address
      and NAS-IPv6-Address are tried in order.
    - Removed the deprecated setting mode_attribute.
    - Added Radius Bridge backup and restore scripts in the /opt/slapd/bin/.
      > The scripts can be used to migrate your Radius Bridge to a new server.
    - Added FreeRADIUS LDAP module to the modules directory (ie. rml_ldap).
    - Added the 'denied_usernames' configuration to the openotp.conf file to deny
      some user IDs wihout sending any OpenOTP request.
    - Added 'cached_usernames' for optimizing system user polling using LDAP-only.
      > Check openotp.conf.default for more information.
      > This option requires OpenOTP v1.3.3-1 or greater.
    - Upgraded libopenotp to version 1.0.15.
    - Upgraded OpenSSL to version 1.0.2k (security fixes).
    - Upgraded OpenSSL to version 1.0.2j and libopenotp to version 1.0.15.
    - Added support for OpenOTP protocol version checking.
    - Added U2F support over RADIUS with a RCDevs vendor-specific dictionary.
      > Check the dictionary in /opt/radius/lib/dictionaries/dictionary.rcdevs
    - Upgraded OpenSSL to version 1.0.2h and libopenotp to version 1.0.14-2.
    - The default SOAP timeout is 30 secs to accomodate with the OpenOTP Simple-Push.
    - Added support for OpenOTP RADIUS Reply Web services.
    - Added support for OpenOTP v1.3 (older RB verions do not support OpenOTP v1.3).

    - The client ID attribute can be configured if NAS-Identifier cannot be used.
    - The source attribute defaults to 'Calling-Station-Id'. The value is ignored if
      it is not an IP address.
    - When configured, the context attribute is ignored if it contains an IP address.
    - With two servers it is now possible to configure server_url1 & server_url2.
    - Fixed thread crashes under very high server loads.
    - Fixed systemd startup script.

    - Removed the 'reply_is_vps' and 'reply_attribute' configurations.
      > Use OpenOTP v1.2.2-1 to return OpenOTP Reply Attributes as RADIUS value-pairs.
      > OpenOTP v1.2.2-1 includes a RADIUS attributes' editor in the user settings.
    - Setting 'reply_vps' is renamed 'reply_attributes'.
    - Upgraded OpenSSL to version 1.0.2f.

    - Fixed issues with long passwords (containing more than 64 characters).
    - Fixed a rare issue with libopenotp causing some requests to hang.
    - Upgraded OpenSSL to version 1.0.2e and FreeRADIUS to version 2.2.9.

    - When two OpenOTP servers are configured, the health of the servers is checked
      at regular interval using TCP socket polling.
      > A new configuration (status_cache) is used to specify the polling interval.
    - Wifi access with OTP is now supported with EAP-GTC and EAP-TTLS/PAP.
      Warning: Challenged OTP is not supported with Wifi access protocols.
    - Added support for systemd startup with RedHat and CentOS 7.
    - Updated libopenotp to version 1.0.11 (timeout enhancements and bug fixes).
    - Added support for OpenOTP 1.2.1 with libopenotp 1.0.10.
    - Added support for EAP-GTC and EAP-TTLS for wifi access over RADIUS.
      > You need to re-run the bin/setup script and then to replate conf/radiusd.conf
        with conf/radiusd.conf.default in order to enable EAP.
    - Upgraded to FreeRadius v2.2.7.
    - Added a temp directory for PID file and temporary data.
    - Added support for OpenOTP 1.2.1 contextual authentication mechanism.
      > Read the documentation for the setting "context_attribute" for more details.
    - PID file and temporary files is now stored in /opt/radiusd/temp/.
    - Fixed SOAP timeout not working with SSL server URLs.
    - Added support for '@' domain separator where the domain is on the right side.
      With any other separator character, the domain part is on the left side.
    - Listen on old RADIUS ports (auth 1645 and accounting 1646) for compatibility.
    - Added support for OpenOTP 1.2 with FIDO U2F.
      > FIDO is currently not supported for RADIUS.
    - Added OTP routing policy when multiple servers are configured in server_url.
      The allowed policies are 'ordered', 'balanced' and 'consistent'.
    - When multiple servers are configured, the challenge responses are sent to the
      server which was used in the access request by default.
    - The bin/radtest tool supports challenged login requests.
    - Updated OpenSSL library to 1.0.1k with vulnerability fixes CVE-2014-0160 and
    - Upgraded to FreeRadius v2.2.6.
    - Fixed filtered value pairs (fetched from OpenOTP Reply Data) not parsed.
    - Added support for Microsoft DirectAccess RADIUS Probe requests.
    - Fixed a crash in libopenotp when multiple server URLs are set.
    - Use NAS-IP-Address as Client ID when NAS-Identifier is not available.
    - Added support for fetching domain names form AD User Principal Names.

    - Fixed a parsing problem with OpenOTP reply-data and filtered value-pairs.
    - Fixed a bug in libopenotp causing a socket read loop under heavy load when
      WebADM server closes and restarts.
    - Upgraded to FreeRadius v2.2.3 and OpenSSL v1.0.1f.
    - Added a debugging start mode with 'bin/radiusd debug'.
    - Added a failure response delay when OpenOTP SOAP service does not respond to
      allow RADIUS failover at the client side. The delay can be configured with
      the no_response_delay setting in conf/openotp.conf and is disabled by default.
    - Concatenated password mode 3 now supports both LDAP only or OTP only login via
      OpenOTP SimpleLogin method when the separator character is not found.
    - Added a special concatenation mode for Yubikeys (username followed by OTP).
    - Setting mode_attribute supports string and integer dictionary attributes.
    - Setting source_attribute supports string and ipaddr dictionary attributes.
    - Added support for OpenOTP v1.1.0.
      This version does not work with OpenOTP v1.0.x.
    - Added password_mode 0 (default) which let OpenOTP automatically handle the
      user passwords. This mode uses the new OpenOTP SimpleLogin API.

    - Added support for location-based policies in WebADM v1.2.3 & OpenOTP v1.0.17.
    - Added a 'source_attribute' setting allowing the RADIUS clients to provide
      the source IP address of the end user.
    - Added a 'mode_attribute' setting allowing the RADIUS clients to provide
      the password mode in a RADIUS attribute of the Access request.
    - Added RADIUS attribute encoding checks for username, password and state.
    - Added no_success_message and no_failure_message to disable reply messages
      in the success and failure responses with some broken RADIUS clients.
    - If not configured, domain separator is now disabled (no separator).
    - Upgraded to FreeRADIUS v2.2.0 and OpenSSL v1.0.1c.
    - Added RADIUS accounting support on port 1813.
      A new log file is created for accounting information (accounting.log).
      > Please replace your radiusd.conf file with the radiusd.conf.new file.
    - Added RADIUS server status support on port 18120.
    - Fixed client filter separator '.' not working with the filtered value_is_vps.
    - Removed user password traces from access log.
    - Fixed a bug with the domain_separator setting.
    - fixed a bug with data_is_vps setting.
    - Added the possibility to get a list of RADIUS attributes and values
      in the OpenOTP Reply Data.
    - Added the possibility to set a list of static radius attributes to be
      sent back to the radius clients in the Access-Accept packets.
    - Fixed a bug with radius requests containing OpenOTP settings.
    - Added support for concatenated password with variable OTP length.
      You can now specify a password separator instead of a fixed OTP length.
    - Updated FreeRadius to version 2.1.10.

    - Added support for OpenOTP 1.0.11-1.
    - Fixed otp_length max limitation problem.
    - Added data_separator setting to allow returning multiple Reply Data.
    - Radius Bridge 1.0.5 is required for use with OpenOTP 1.0.9.
    - Uses libopenotp version 1.0.2.
    - Updated documentations files (INSTALL and README).
    - Updated default configurations.
    - Corrected radtest script.

    - Added soap_timeout setting.
    - Added data_attribute setting.
    - Added settings_attribute setting.
    - Added password mode 4 for concatenated passwords with OTP first.
    - Updated all libraries and components to the latest versions.
    - Updated rlm_openotp to version 1.0.3. New version has several bug fixes.

    - Added password_mode and otp_length settings allowing to send only OTP
      password or LDAP+OTP passwords concatenated.
      See the updated radiusd.conf for details.

    - Fixed a bug when the RADIUS client sends a NAS-Identifier attribute
    First official release.