@node News
+@cindex Releases
+@cindex News
@unnumbered News
@table @strong
-@item Release 5.0
+@item @anchor{Release_5.4} Release 5.4
+@cindex Release 5.4
+@itemize
+@item Added optional @ref{Timesync, time synchronization} requirement.
+It will add timestamps in handshake PRP authentication, disallowing to
+repeat captured packet and get reply from the server, making it visible
+to DPI.
+@end itemize
+
+@item @anchor{Release_5.3} Release 5.3
+@cindex Release 5.3
+@itemize
+@item Fixed minor bug with @code{newclient.sh} that caught
+"Passphrase:" prompt and inserted it into example YAML output.
+Just replaced stdout output to stderr for that prompt.
+@end itemize
+
+@item @anchor{Release_5.2} Release 5.2
+@cindex Release 5.2
+@itemize
+@item Ability to read passphrases directly from the terminal (user's
+input) without using of keyfiles. @code{storekey.sh} utility removed.
+@end itemize
+
+@item @anchor{Release_5.1} Release 5.1
+@cindex Release 5.1
+@itemize
+@item Server is configured using @url{http://yaml.org/, YAML} file. It
+is very convenient to have comments and templates, comparing to JSON.
+@item Incompatible with previous versions replacement of @emph{HSalsa20}
+with @emph{BLAKE2b} in handshake code.
+@end itemize
+
+@item @anchor{Release_5.0} Release 5.0
+@cindex Release 5.0
@itemize
@item New optional @ref{Encless, encryptionless mode} of operation.
-Technically no encryption functions are used, you can not be forced to
-reveal your encryption keys or sued for encryption usage.
+Technically no encryption functions are applied for outgoing packets, so
+you can not be forced to reveal your encryption keys or sued for
+encryption usage.
@item @ref{MTU}s are configured on per-user basis.
@item Simplified payload padding scheme, saving one byte of data.
@item Ability to specify TAP interface name explicitly without any
@item @code{govpn-verifier} utility also can use @ref{EGD}.
@end itemize
-@item Release 4.2
+@item @anchor{Release_4.2} Release 4.2
+@cindex Release 4.2
@itemize
@item Fixed non-critical bug when server may fail if up-script is not
executed successfully.
@end itemize
-@item Release 4.1
+@item @anchor{Release_4.1} Release 4.1
+@cindex Release 4.1
@itemize
@item @url{https://password-hashing.net/#argon2, Argon2d} is used instead
of PBKDF2 for password verifier hashing.
server-side configuration and the code.
@end itemize
-@item Release 4.0
+@item @anchor{Release_4.0} Release 4.0
+@cindex Release 4.0
@itemize
@item Handshake messages can be noised: their messages lengths are
hidden. Now they are indistinguishable from transport messages.
@item Single JSON file server configuration.
@end itemize
-@item Release 3.5
+@item @anchor{Release_3.5} Release 3.5
+@cindex Release 3.5
@itemize
@item Ability to use @ref{Network, TCP} network transport.
Server can listen on both UDP and TCP sockets.
reasons.
@end itemize
-@item Release 3.4
+@item @anchor{Release_3.4} Release 3.4
+@cindex Release 3.4
@itemize
@item Ability to use external @ref{EGD}-compatible PRNGs. Now you are
able to use GoVPN even on systems with the bad @code{/dev/random},
without performance degradation related to inbound packets reordering.
@end itemize
-@item Release 3.3
+@item @anchor{Release_3.3} Release 3.3
+@cindex Release 3.3
@itemize
@item Compatibility with an old GNU Make 3.x. Previously only BSD Make
and GNU Make 4.x were supported.
@item Updated user manual examples.
@end itemize
-@item Release 3.2
+@item @anchor{Release_3.2} Release 3.2
+@cindex Release 3.2
@itemize
@item
Deterministic building: dependent libraries source code commits are
FreeBSD Make compatibility. GNU Make is not necessary anymore.
@end itemize
-@item Release 3.1
+@item @anchor{Release_3.1} Release 3.1
+@cindex Release 3.1
@itemize
@item
Diffie-Hellman public keys are encoded with Elligator algorithm when
consume twice entropy for DH key generation in average.
@end itemize
-@item Release 3.0
+@item @anchor{Release_3.0} Release 3.0
+@cindex Release 3.0
@itemize
@item
EKE protocol is replaced by Augmented-EKE and static symmetric (both
@code{-cpr} configuration options for server.
@end itemize
-@item Release 2.4
+@item @anchor{Release_2.4} Release 2.4
+@cindex Release 2.4
@itemize
@item
Added ability to optionally run built-in HTTP-server responding with
Documentation is explicitly licenced under GNU FDL 1.3+.
@end itemize
-@item Release 2.3
+@item @anchor{Release_2.3} Release 2.3
+@cindex Release 2.3
@itemize
@item
Handshake packets became indistinguishable from the random.
consuming and resource heavy computations.
@end itemize
-@item Release 2.2
+@item @anchor{Release_2.2} Release 2.2
+@cindex Release 2.2
@itemize
@item Fixed several possible channel deadlocks.
@end itemize
-@item Release 2.1
+@item @anchor{Release_2.1} Release 2.1
+@cindex Release 2.1
@itemize
@item Fixed Linux-related building.
@end itemize
-@item Release 2.0
+@item @anchor{Release_2.0} Release 2.0
+@cindex Release 2.0
@itemize
@item Added clients identification.
@item Simultaneous several clients support by server.
@item Per-client up/down scripts.
@end itemize
-@item Release 1.5
+@item @anchor{Release_1.5} Release 1.5
+@cindex Release 1.5
@itemize
@item Nonce obfuscation/encryption.
@end itemize
-@item Release 1.4
+@item @anchor{Release_1.4} Release 1.4
+@cindex Release 1.4
@itemize
@item Performance optimizations.
@end itemize
-@item Release 1.3
+@item @anchor{Release_1.3} Release 1.3
+@cindex Release 1.3
@itemize
@item Heartbeat feature.
@item Rehandshake feature.
@item up- and down- optinal scripts.
@end itemize
-@item Release 1.1
+@item @anchor{Release_1.1} Release 1.1
+@cindex Release 1.1
@itemize
@item FreeBSD support.
@end itemize
-@item Release 1.0
+@item @anchor{Release_1.0} Release 1.0
+@cindex Release 1.0
@itemize
@item Initial stable release.
@end itemize