1. Dual-certificate stacks on servers now support OCSP stapling, under GnuTLS
version 3.5.6 or later.
- 2. DANE is now supported under GnuTLS version 3.0.0 or later (adding to the
- previous OpenSSL implementation, but still Experimental).
+ 2. DANE is now supported under GnuTLS version 3.0.0 or later. Both GnuTLS and
+ OpenSSL versions are moved to mainline support from Experimental.
+ New SMTP transport option "dane_require_tls_ciphers".
3. Feature macros for the compiled-in set of malware scanner interfaces.
under OpenSSL version 1.1.1 or later.
9. DKIM operations can now use the Ed25519 algorithm in addition to RSA, under
- GnuTLS 3.6.0 or later.
+ GnuTLS 3.6.0 or OpenSSL 1.1.1 or later.
10. Builtin feature-macros _CRYPTO_HASH_SHA3 and _CRYPTO_SIGN_ED25519, library
version dependent.
11. "exim -bP macro <name>" returns caller-usable status.
+12. Expansion item ${authresults {<machine>}} for creating an
+ Authentication-Results: header.
+
+13. EXPERIMENTAL_ARC. See the experimental.spec file.
+ See also new util/renew-opendmarc-tlds.sh script for use with DMARC/ARC.
+
+14: A dane:fail event, intended to facilitate reporting.
+
+15. "Lightweight" support for Redis Cluster. Requires redis_servers list to
+ contain all the servers in the cluster, all of which must be reachable from
+ the running exim instance. If the cluster has master/slave replication, the
+ list must contain all the master and slave servers.
+
+16. Add an option to the Avast scanner interface: "pass_unscanned". This
+ allows to treat unscanned files as clean. Files may be unscanned for
+ several reasons: decompression bombs, broken archives.
+
Version 4.90
------------