the documentation is updated, this file is reduced to a short list.
+Version 4.74
+------------
+
+ 1. SECURITY FIX: privilege escalation flaw fixed. On Linux (and only Linux)
+ the flaw permitted the Exim run-time user to cause root to append to
+ arbitrary files of the attacker's choosing, with the content based
+ on content supplied by the attacker.
+
+ 2. Exim now supports loading some lookup types at run-time, using your
+ platform's dlopen() functionality. This has limited platform support
+ and the intention is not to support every variant, it's limited to
+ dlopen(). This permits the main Exim binary to not be linked against
+ all the libraries needed for all the lookup types.
+
+
Version 4.73
------------
12. [POSSIBLE CONFIG BREAKAGE] ALT_CONFIG_ROOT_ONLY is no longer optional and
is forced on. This is mitigated by the new build option
TRUSTED_CONFIG_LIST which defines a list of configuration files which
- are trusted; if a config file is owned by root and matches a pathname in
- the list, then it may be invoked by the Exim build-time user without Exim
- relinquishing root privileges.
+ are trusted; one per line. If a config file is owned by root and matches
+ a pathname in the list, then it may be invoked by the Exim build-time
+ user without Exim relinquishing root privileges.
13. [POSSIBLE CONFIG BREAKAGE] The Exim user is no longer automatically
trusted to supply -D<Macro[=Value]> overrides on the command-line. Going
git://git.exim.org / exim.git / blobdiff