test from the snapshots or the Git before the documentation is updated. Once
the documentation is updated, this file is reduced to a short list.
+Version 4.96
+------------
+
+ 1. A new ACL condition: seen. Records/tests a timestamp against a key.
+
+ 2. A variant of the "mask" expansion operator to give normalised IPv6.
+
+ 3. UTC output option for exim_dumpdb, exim_fixdb.
+
+ 4. An event for failing TLS connects to the daemon.
+
+ 5. The ACL "debug" control gains options "stop", "pretrigger" and "trigger".
+
+ 6. Query-style lookups are now checked for quoting, if the query string is
+ built using untrusted data ("tainted"). For now lack of quoting is merely
+ logged; a future release will upgrade this to an error.
+
+ 7. The expansion conditions match_<list-type> and inlist now set $value for
+ the expansion of the "true" result of the ${if}. With a static list, this
+ can be used for de-tainting.
+
Version 4.95
------------
12. Proxy Protocol Timeout is configurable via "proxy_protocol_timeout"
main config option.
-13. Option "smtp_accept_msx_per_connection" is now expanded.
+13. Option "smtp_accept_max_per_connection" is now expanded.
-14. Log selector "queue_size_exclusive", enabled by default, to exclude the
+14. Log selector "queue_time_exclusive", enabled by default, to exclude the
time taken for reception from QT log elements.
-15. Main option "smtp_backlog_monitor", to set a level abve which listen
+15. Main option "smtp_backlog_monitor", to set a level above which listen
socket backlogs are logged.
16. Main option "hosts_require_helo", requiring HELO or EHLO before MAIL.
-Version 4.95
-------------
-
- 1. The fast-ramp two phase queue run support, previously experimental, is
- now supported by default.
-
- 2. The native SRS support, previously experimental, is now supported. It is
- not built unless specified in the Local/Makefile.
-
- 3. TLS resumption support, previously experimental, is now supported and
- included in default builds.
-
- 4. Single-key LMDB lookups, previously experimental, are now supported.
- The support is not built unless specified in the Local/Makefile.
-
- 5. Option "message_linelength_limit" on the smtp transport to enforce (by
- default) the RFC 998 character limit.
-
- 6. An option to ignore the cache on a lookup.
-
- 7. Quota checking during reception (i.e. at SMTP time) for appendfile-
- transport-managed quotas.
-
- 8. Sqlite lookups accept a "file=<path>" option to specify a per-operation
- db file, replacing the previous prefix to the SQL string (which had
- issues when the SQL used tainted values).
+17. A main config option "allow_insecure_tainted_data" allows to turn
- 9. Lsearch lookups accept a "ret=full" option, to return both the portion
- of the line matching the key, and the remainder.
-
-10. A command-line option to have a daemon not create a notifier socket.
-
-11. Faster TLS startup. When various configuration options contain no
- expandable elements, the information can be preloaded and cached rather
- than the provious behaviour of always loading at startup time for every
- connection. This helps particularly for the CA bundle.
-
-12. Proxy Protocol Timeout is configurable via "proxy_protocol_timeout"
- main config option.
+18. TLS ALPN handling. By default, refuse TLS connections that try to specify
+ a non-smtp (eg. http) use. Options for customising.
-13. Option "smtp_accept_msx_per_connection" is now expanded.
+19. Support for MacOS (darwin) has been dropped.
-13. A main config option "allow_insecure_tainted_data" allows to turn
- taint errors into warnings.
Version 4.94
------------