@node News
@unnumbered News
-@table @strong
+See also this page @ref{Новости, on russian}.
-@item Release 3.5
-@itemize @bullet
+@node Release 7.0
+@section Release 7.0
+@itemize
+@item (X)Salsa20 is replaced with ChaCha20. Theoretically it should be
+faster and more secure.
+@end itemize
+
+@node Release 6.0
+@section Release 6.0
+@itemize
+@item Argon2d is replaced with Balloon hashing. Found Argon2 libraries
+written on pure Go have various problems. Moreover Argon2i should be
+used instead, but it has some possible
+@url{http://eprint.iacr.org/2016/027, cryptographic defects}. So it is
+replaced with much more simpler (and seems even cryptographically
+better) @url{https://crypto.stanford.edu/balloon/, Balloon hashing}.
+@end itemize
+
+@node Release 5.10
+@section Release 5.10
+@itemize
+@item @option{-version} option added, printing program version.
+@end itemize
+
+@node Release 5.9
+@section Release 5.9
+@itemize
+@item Client reconnects in the loop when connection is lost. Optionally
+you can disable that behaviour: client will exit immediately, as it
+previously did.
+@end itemize
+
+@node Release 5.8
+@section Release 5.8
+@itemize
+@item Optional ability to use syslog for logging, with
+@url{https://tools.ietf.org/html/rfc5424, RFC 5424}-like
+structured records.
+@item XTEA algorithm is not used anymore for nonce obfuscation, but
+BLAKE2b-MAC instead. Encryptionless mode now really does not depend on
+encryption functions.
+@end itemize
+
+@node Release 5.7
+@section Release 5.7
+@itemize
+@item TAP interface name and remote peer's address are passed to up- and
+down- scripts through environment variables.
+@item Update Argon2 library to use version 1.3 of the algorithm.
+@end itemize
+
+@node Release 5.6
+@section Release 5.6
+@itemize
+@item Added up/down example script for replacing default route (thanks
+to Zhuoyun Wei).
+@item Fixed documentation bug: @file{.info} was not installing.
+@end itemize
+
+@node Release 5.5
+@section Release 5.5
+@itemize
+@item Ability to work on 32-bit platforms. @emph{sync/atomic} library
+has some specific issues that caused panics on previous versions.
+@end itemize
+
+@node Release 5.4
+@section Release 5.4
+@itemize
+@item Added optional @ref{Timesync, time synchronization} requirement.
+It will add timestamps in handshake PRP authentication, disallowing to
+repeat captured packet and get reply from the server, making it visible
+to DPI.
+@end itemize
+
+@node Release 5.3
+@section Release 5.3
+@itemize
+@item Fixed minor bug with @command{newclient.sh} that caught
+"Passphrase:" prompt and inserted it into example YAML output.
+Just replaced stdout output to stderr for that prompt.
+@end itemize
+
+@node Release 5.2
+@section Release 5.2
+@itemize
+@item Ability to read passphrases directly from the terminal (user's
+input) without using of keyfiles. @command{storekey.sh} utility removed.
+@end itemize
+
+@node Release 5.1
+@section Release 5.1
+@itemize
+@item Server is configured using @url{http://yaml.org/, YAML} file. It
+is very convenient to have comments and templates, comparing to JSON.
+@item Incompatible with previous versions replacement of @emph{HSalsa20}
+with @emph{BLAKE2b} in handshake code.
+@end itemize
+
+@node Release 5.0
+@section Release 5.0
+@itemize
+@item New optional @ref{Encless, encryptionless mode} of operation.
+Technically no encryption functions are applied for outgoing packets, so
+you can not be forced to reveal your encryption keys or sued for
+encryption usage.
+@item @ref{MTU}s are configured on per-user basis.
+@item Simplified payload padding scheme, saving one byte of data.
+@item Ability to specify TAP interface name explicitly without any
+up-scripts for convenience.
+@item @command{govpn-verifier} utility also can use @ref{EGD}.
+@end itemize
+
+@node Release 4.2
+@section Release 4.2
+@itemize
+@item Fixed non-critical bug when server may fail if up-script is not
+executed successfully.
+@end itemize
+
+@node Release 4.1
+@section Release 4.1
+@itemize
+@item @url{https://password-hashing.net/#argon2, Argon2d} is used instead
+of PBKDF2 for password verifier hashing.
+@item Client's identity is stored inside the verifier, so it simplifies
+server-side configuration and the code.
+@end itemize
+
+@node Release 4.0
+@section Release 4.0
+@itemize
+@item Handshake messages can be noised: their messages lengths are
+hidden. Now they are indistinguishable from transport messages.
+@item Parallelized clients processing on the server side.
+@item Much higher overall performance.
+@item Single JSON file server configuration.
+@end itemize
+
+@node Release 3.5
+@section Release 3.5
+@itemize
@item Ability to use @ref{Network, TCP} network transport.
Server can listen on both UDP and TCP sockets.
@item Ability to use @ref{Proxy, HTTP proxies} (through CONNECT method)
reasons.
@end itemize
-@item Release 3.4
-@itemize @bullet
+@node Release 3.4
+@section Release 3.4
+@itemize
@item Ability to use external @ref{EGD}-compatible PRNGs. Now you are
-able to use GoVPN even on systems with the bad @code{/dev/random},
+able to use GoVPN even on systems with the bad @file{/dev/random},
providing higher quality entropy from external sources.
-@item Removed @code{-noncediff} option. It is replaced with in-memory
+@item Removed @option{-noncediff} option. It is replaced with in-memory
storage of seen nonces, thus eliminating possible replay attacks at all
without performance degradation related to inbound packets reordering.
@end itemize
-@item Release 3.3
-@itemize @bullet
+@node Release 3.3
+@section Release 3.3
+@itemize
@item Compatibility with an old GNU Make 3.x. Previously only BSD Make
and GNU Make 4.x were supported.
-@item /dev/urandom is used for correct client identity generation under
-GNU/Linux systems. Previously /dev/random can produce less than required
-128-bits of random.
-@item Updated user manual examples.
+@item @file{/dev/urandom} is used for correct client identity generation
+under GNU/Linux systems. Previously @file{/dev/random} can produce less
+than required 128-bits of random.
@end itemize
-@item Release 3.2
-@itemize @bullet
-@item
-Deterministic building: dependent libraries source code commits are
-fixed in our makefiles.
-@item
-No Internet connection is needed for building the source code: all
+@node Release 3.2
+@section Release 3.2
+@itemize
+@item Deterministic building: dependent libraries source code commits
+are fixed in our makefiles.
+@item No Internet connection is needed for building the source code: all
required libraries are included in release tarballs.
-@item
-FreeBSD Make compatibility. GNU Make is not necessary anymore.
+@item FreeBSD Make compatibility. GNU Make is not necessary anymore.
@end itemize
-@item Release 3.1
-@itemize @bullet
+@node Release 3.1
+@section Release 3.1
+@itemize
@item
Diffie-Hellman public keys are encoded with Elligator algorithm when
sending over the wire, making them indistinguishable from the random
consume twice entropy for DH key generation in average.
@end itemize
-@item Release 3.0
-@itemize @bullet
+@node Release 3.0
+@section Release 3.0
+@itemize
@item
EKE protocol is replaced by Augmented-EKE and static symmetric (both
sides have it) pre-shared key replaced with server-side verifier. This
Ability to hide underlying packets appearance rate, by generating
Constant Packet Rate traffic. This includes noise generation too.
@item
-Per-peer @code{-timeout}, @code{-noncediff}, @code{-noise} and
-@code{-cpr} configuration options for server.
+Per-peer @option{-timeout}, @option{-noncediff}, @option{-noise} and
+@option{-cpr} configuration options for server.
@end itemize
-@item Release 2.4
-@itemize @bullet
-@item
-Added ability to optionally run built-in HTTP-server responding with
-JSON of all known connected peers information. Real-time client's
+@node Release 2.4
+@section Release 2.4
+@itemize
+@item Added ability to optionally run built-in HTTP-server responding
+with JSON of all known connected peers information. Real-time client's
statistics.
-
-@item
-Documentation is explicitly licenced under GNU FDL 1.3+.
+@item Documentation is explicitly licenced under GNU FDL 1.3+.
@end itemize
-@item Release 2.3
-@itemize @bullet
-@item
-Handshake packets became indistinguishable from the random.
-Now all GoVPN's traffic is the noise for men in the middle.
+@node Release 2.3
+@section Release 2.3
+@itemize
+@item Handshake packets became indistinguishable from the random. Now
+all GoVPN's traffic is the noise for men in the middle.
-@item
-Handshake messages are smaller (16% traffic reduce).
+@item Handshake messages are smaller (16% traffic reduce).
-@item
-Adversary now can not create malicious fake handshake packets that
+@item Adversary now can not create malicious fake handshake packets that
will force server to generate private DH key, preventing entropy
consuming and resource heavy computations.
@end itemize
-@item Release 2.2
-@itemize @bullet
+@node Release 2.2
+@section Release 2.2
+@itemize
@item Fixed several possible channel deadlocks.
@end itemize
-@item Release 2.1
-@itemize @bullet
+@node Release 2.1
+@section Release 2.1
+@itemize
@item Fixed Linux-related building.
@end itemize
-@item Release 2.0
-@itemize @bullet
+@node Release 2.0
+@section Release 2.0
+@itemize
@item Added clients identification.
@item Simultaneous several clients support by server.
@item Per-client up/down scripts.
@end itemize
-@item Release 1.5
-@itemize @bullet
+@node Release 1.5
+@section Release 1.5
+@itemize
@item Nonce obfuscation/encryption.
@end itemize
-@item Release 1.4
-@itemize @bullet
+@node Release 1.4
+@section Release 1.4
+@itemize
@item Performance optimizations.
@end itemize
-@item Release 1.3
-@itemize @bullet
+@node Release 1.3
+@section Release 1.3
+@itemize
@item Heartbeat feature.
@item Rehandshake feature.
-@item up- and down- optinal scripts.
+@item up- and down- optional scripts.
@end itemize
-@item Release 1.1
-@itemize @bullet
+@node Release 1.1
+@section Release 1.1
+@itemize
@item FreeBSD support.
@end itemize
-@item Release 1.0
-@itemize @bullet
+@node Release 1.0
+@section Release 1.0
+@itemize
@item Initial stable release.
@end itemize
-
-@end table