TLS: PIPELINING under OpenSSL

[exim.git] / doc / doc-txt / ChangeLog

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 2078b352189c8dccabdd1a62b285cc5362a1074e..6ba9a3e5ea20894bdd416ed94215832ae3b1352c 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -76,7 +76,21 @@ JH/11 Bug 2104: Fix continued use of a transport connection with TLS.  In the
 JH/12 Fix check on SMTP command input synchronisation.  Previously there were
       false-negatives in the check that the sender had not preempted a response
       or prompt from Exim (running as a server), due to that code's lack of
-      awareness of the SMTP input buferring.
+      awareness of the SMTP input buffering.
+
+PP/04 Add commandline_checks_require_admin option.
+      Exim drops privileges sanely, various checks such as -be aren't a
+      security problem, as long as you trust local users with access to their
+      own account.  When invoked by services which pass untrusted data to
+      Exim, this might be an issue.  Set this option in main configuration
+      AND make fixes to the calling application, such as using `--` to stop
+      processing options.
+
+JH/13 Do pipelining under TLS.  Previously, although safe, no advantage was
+      taken.  Now take care to pack both (client) MAIL,RCPT,DATA, and (server)
+      responses to those, into a single TLS record each way (this usually means
+      a single packet).  As a side issue, smtp_enforce_sync now works on TLS
+      connections.
 
 
 Exim version 4.89