NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to use in a distributed denial-of-service (DDoS) attack. Please also take this opportunity to defeat denial-of-service attacks by implementing ingress and Egress filtering through BCP38.
ntp-4.2.8p2, released on 7 April 2015, addresses two issues with crafted packets involving symmetric key encryption and Message Authentication Codes.
Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
Network Code Wizards Wanted
The NTP Project needs more networking code wizards - the current set of volunteers are swamped.
We need help with IPv4 and IPv6, on both Unix and Windows, to help with a number of issues, including some that are blocking the 4.2.6 release (see ReleaseSchedule
for a link to the list of blockers).