+@node Release 7.5
+@section Release 7.5
+@itemize
+@item Dependant cryptographic libraries are updated for compatibility
+with Go 1.11.
+@end itemize
+
+@node Release 7.4
+@section Release 7.4
+@itemize
+@item Tiny refactoring. Go 1.9 is minimal required version.
+@item Dependant cryptographic libraries are updated.
+@end itemize
+
+@node Release 7.3
+@section Release 7.3
+@itemize
+@item Fixed seldom possible segmentation fault on the server during
+rehandshake.
+@item Dependant cryptographic libraries are updated.
+@end itemize
+
+@node Release 7.2
+@section Release 7.2
+@itemize
+@item Fixed fatal bug in nonce generation code, appeared in 7.1 version.
+Everyone @strong{have to} update.
+@end itemize
+
+@node Release 7.1
+@section Release 7.1
+@itemize
+@item Fixed bug in client's identity generation and detection code:
+simultaneous clients may be incorrectly identified, preventing their
+connection establishing and allowing DPI to detect GoVPN packets.
+@end itemize
+
+@node Release 7.0
+@section Release 7.0
+@itemize
+@item (X)Salsa20 is replaced with ChaCha20. Theoretically it should be
+faster and more secure. Previous versions are not compatible with it!
+@item Ability to use TUN-interfaces under GNU/Linux. FreeBSD has already
+supported them without any modifications.
+@end itemize
+
+@node Release 6.0
+@section Release 6.0
+@itemize
+@item Argon2d is replaced with Balloon hashing. Found Argon2 libraries
+written on pure Go have various problems. Moreover Argon2i should be
+used instead, but it has some possible
+@url{http://eprint.iacr.org/2016/027, cryptographic defects}. So it is
+replaced with much more simpler (and seems even cryptographically
+better) @url{https://crypto.stanford.edu/balloon/, Balloon hashing}.
+@end itemize
+
+@node Release 5.10
+@section Release 5.10
+@itemize
+@item @option{-version} option added, printing program version.
+@end itemize
+
+@node Release 5.9
+@section Release 5.9
+@itemize
+@item Client reconnects in the loop when connection is lost. Optionally
+you can disable that behaviour: client will exit immediately, as it
+previously did.
+@end itemize
+
+@node Release 5.8
+@section Release 5.8
+@itemize
+@item Optional ability to use syslog for logging, with
+@url{https://tools.ietf.org/html/rfc5424, RFC 5424}-like
+structured records.
+@item XTEA algorithm is not used anymore for nonce obfuscation, but
+BLAKE2b-MAC instead. Encryptionless mode now really does not depend on
+encryption functions.
+@end itemize
+
+@node Release 5.7
+@section Release 5.7
+@itemize
+@item TAP interface name and remote peer's address are passed to up- and
+down- scripts through environment variables.
+@item Update Argon2 library to use version 1.3 of the algorithm.
+@end itemize
+
+@node Release 5.6
+@section Release 5.6
+@itemize
+@item Added up/down example script for replacing default route (thanks
+to Zhuoyun Wei).
+@item Fixed documentation bug: @file{.info} was not installing.
+@end itemize
+
+@node Release 5.5
+@section Release 5.5
+@itemize
+@item Ability to work on 32-bit platforms. @emph{sync/atomic} library
+has some specific issues that caused panics on previous versions.
+@end itemize
+
+@node Release 5.4
+@section Release 5.4
+@itemize
+@item Added optional time synchronization requirement.
+It will add timestamps in handshake PRP authentication, disallowing to
+repeat captured packet and get reply from the server, making it visible
+to DPI.
+@end itemize
+
+@node Release 5.3
+@section Release 5.3
+@itemize
+@item Fixed minor bug with @command{newclient.sh} that caught
+"Passphrase:" prompt and inserted it into example YAML output.
+Just replaced stdout output to stderr for that prompt.
+@end itemize
+
+@node Release 5.2
+@section Release 5.2
+@itemize
+@item Ability to read passphrases directly from the terminal (user's
+input) without using of keyfiles. @command{storekey.sh} utility removed.
+@end itemize
+
+@node Release 5.1
+@section Release 5.1
+@itemize
+@item Server is configured using @url{http://yaml.org/, YAML} file. It
+is very convenient to have comments and templates, comparing to JSON.
+@item Incompatible with previous versions replacement of @emph{HSalsa20}
+with @emph{BLAKE2b} in handshake code.
+@end itemize
+
+@node Release 5.0
+@section Release 5.0
+@itemize
+@item New optional encryptionless mode of operation.
+Technically no encryption functions are applied for outgoing packets, so
+you can not be forced to reveal your encryption keys or sued for
+encryption usage.
+@item MTUs are configured on per-user basis.
+@item Simplified payload padding scheme, saving one byte of data.
+@item Ability to specify TAP interface name explicitly without any
+up-scripts for convenience.
+@item @command{govpn-verifier} utility also can use EGD.
+@end itemize
+
+@node Release 4.2
+@section Release 4.2
+@itemize
+@item Fixed non-critical bug when server may fail if up-script is not
+executed successfully.
+@end itemize
+
+@node Release 4.1
+@section Release 4.1
+@itemize
+@item @url{https://password-hashing.net/#argon2, Argon2d} is used instead
+of PBKDF2 for password verifier hashing.
+@item Client's identity is stored inside the verifier, so it simplifies
+server-side configuration and the code.
+@end itemize
+
+@node Release 4.0
+@section Release 4.0
+@itemize
+@item Handshake messages can be noised: their messages lengths are
+hidden. Now they are indistinguishable from transport messages.
+@item Parallelized clients processing on the server side.
+@item Much higher overall performance.
+@item Single JSON file server configuration.
+@end itemize
+
+@node Release 3.5
+@section Release 3.5
+@itemize
+@item Ability to use TCP network transport.