DKIM: enforce limit of 20 on received DKIM-Signature: headers. Bug 2269

[exim.git] / doc / doc-txt / ChangeLog

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 9fc466365c98302df960dd5e1d68a4acf65c8e84..5e1ff056ad13b07c5d88e4b97a496e7b7bee9880 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -5,6 +5,17 @@ affect Exim's operation, with an unchanged configuration file.  For new
 options, and new features, see the NewStuff file next to this ChangeLog.
 
 
 options, and new features, see the NewStuff file next to this ChangeLog.
 
 

+Since version 4.91
+------------------
+
+JH/02 Bug 1007: Avoid doing logging from signal-handlers, as that can result in
+      non-signal-safe functions being used.
+
+JH/03 Bug 2269: When presented with a received message having a stupidly large
+      number of DKIM-Signature headers, disable DKIM verification to avoid
+      a resource-consumption attack.  The limit is set at twenty.
+
+

 Exim version 4.91
 -----------------
 
 Exim version 4.91
 -----------------
 


@@ -206,6 +217,15 @@ JH/37 Bug 2255: Revert the disable of the OpenSSL session caching.  This
 PP/03 Add util/renew-opendmarc-tlds.sh script for safe renewal of public
       suffix list.
 
 PP/03 Add util/renew-opendmarc-tlds.sh script for safe renewal of public
       suffix list.
 

+JH/38 DKIM: accept Ed25519 pubkeys in SubjectPublicKeyInfo-wrapped form,
+      since the IETF WG has not yet settled on that versus the original
+      "bare" representation.
+
+JH/39 Fix syslog logging for syslog_timestamp=no and log_selector +millisec.
+      Previously the millisecond value corrupted the output.
+      Fix also for syslog_pid=no and log_selector +pid, for which the pid
+      corrupted the output.
+

 
 Exim version 4.90
 -----------------
 
 Exim version 4.90
 -----------------