Version 5.3.2¶

• Fixed a vulnerability that allowed rogue servers with a valid certificate
  accepted by the client to trick it into disclosing its username and even
  password (if the client accepts EAP-GTC). This was caused because constraints
  against the responder's authentication were enforced too late.
  This vulnerability has been registered as CVE-2015-4171.
  Please refer to our blog for details.