Update CHANGELOG.md

author: David Lönnhager <david.l@mullvad.net> 2019-12-11 10:27:51 +0100
committer: David Lönnhager <david.l@mullvad.net> 2019-12-17 12:30:15 +0100
commit: b8416a2c68034cf0b353c34cc9425e2945fd78f0 (patch)
tree: 420fc11af861b9ba7afc1c44d2705e1f14d116f2
parent: 290a642b487d3deb37148157eaf65f6151fb1fb9 (diff)
download: mullvadvpn-b8416a2c68034cf0b353c34cc9425e2945fd78f0.tar.xz
mullvadvpn-b8416a2c68034cf0b353c34cc9425e2945fd78f0.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2c70a86bac..4aad5e6eaa 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -49,6 +49,10 @@ Line wrap the file at 100 chars.                                              Th
   improve battery life in some cases.
 
 ### Security
+- Add automatic key rotation for WireGuard (every 7 days by default). This limits the potential
+  for an attacker to correlate traffic with a public key and identity, and reduces the harm of
+  software that might leak the private tunnel IP (since it is no longer fixed).
+
 #### Linux
 - Stop [CVE-2019-14899](https://seclists.org/oss-sec/2019/q4/122) by dropping all packets destined
   for the tunnel IP coming in on some other interface than the tunnel.
author	David Lönnhager <david.l@mullvad.net>	2019-12-11 10:27:51 +0100
committer	David Lönnhager <david.l@mullvad.net>	2019-12-17 12:30:15 +0100
commit	b8416a2c68034cf0b353c34cc9425e2945fd78f0 (patch)
tree	420fc11af861b9ba7afc1c44d2705e1f14d116f2
parent	290a642b487d3deb37148157eaf65f6151fb1fb9 (diff)
download	mullvadvpn-b8416a2c68034cf0b353c34cc9425e2945fd78f0.tar.xz mullvadvpn-b8416a2c68034cf0b353c34cc9425e2945fd78f0.zip