From 3c3a545bfe863f5a847e4198f0a5e15f4d70c6f3 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 5 Mar 2025 08:50:44 +0100
Subject: [PATCH] NEWS: Add news for 6.0.1

---
 NEWS | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/NEWS b/NEWS
index f65ac164a8..2c69cc5b72 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,32 @@
+strongswan-6.0.1
+----------------
+
+- The ha plugin supports IKE and Child SAs with multiple key exchanges.
+  Incomplete IKE_SAs are now destroyed during a failover.
+
+- The new `interface_receive` option for the dhcp plugin allows binding the
+  receive socket to a different interface than the send socket. Also fixed a
+  regression if the DHCP server is running on the same host.
+
+- The new `source` option for the eap-radius plugin allows sending RADIUS
+  messages from a specific IP address.
+
+- Self-signed root CAs without policies are now excluded from policy validation.
+
+- Inbound traffic on IPsec SAs is now ignored when sending DPDs unless
+  UDP-encapsulation is used.
+
+- Send IKE_SA_INIT from NAT-T socket if not connecting to port 500.
+
+- Local traffic selectors can be configured for charon-nm. Its default
+  retransmission settings have been set to those of the Android app.
+
+- The vici Python wheel is now built via `build` frontend instead of calling
+  setup.py directly if --enable-python-wheels is used (the option to build eggs
+  has been removed). There is no option to automatically install the wheel (use
+  pip instead) and the --enable-python-eggs-install option has been removed.
+
+
 strongswan-6.0.0
 ----------------