DKIM: disallow default acceptance of sha1 for verify

[exim.git] / doc / doc-txt / ChangeLog

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 22a38981bd54a0954470fcb46f12aba63cabb4fd..45d126ccdf9bf9ee4c61f7320c153af9da0493f3 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -5,6 +5,20 @@ affect Exim's operation, with an unchanged configuration file.  For new
 options, and new features, see the NewStuff file next to this ChangeLog.
 
 
+Exim version 4.next
+-------------------
+
+JH/01 Avoid costly startup code when not strictly needed.  This reduces time
+      for some exim process initialisations.  It does mean that the logging
+      of TLS configuration problems is only done for the daemon startup.
+
+JH/02 Early-pipelining support code is now included unless disabled in Makefile.
+
+JH/03 DKIM verification defaults no long accept sha1 hashes, to conform to
+      RFC 8301.  They can still be enabled, using the dkim_verify_hashes main
+      option.
+
+
 Exim version 4.93
 -----------------
 
@@ -183,6 +197,15 @@ JH/38 Bug 1395: Teach the DNS negative-cache about TTL value from the SOA in
 
 HS/05 Handle trailing backslash gracefully. (CVE-2019-15846)
 
+JH/39 Promote DMARC support to mainline.
+
+JH/40 Bug 2452: Add a References: header to DSNs.
+
+JH/41 With GnuTLS 3.6.0 (and later) do not attempt to manage Diffie-Hellman
+      parameters.  The relevant library call is documented as "Deprecated: This
+      function is unnecessary and discouraged on GnuTLS 3.6.0 or later. Since
+      3.6.0, DH parameters are negotiated following RFC7919."
+
 
 Exim version 4.92
 -----------------