X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/031117fe6ed880a56acf10a2181b6b0ca882fb1d..936e342d560e218c2aee5cb2295be925c27c2106:/doc/doc-txt/NewStuff diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 394eb144d..2986b2cdd 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -19,6 +19,16 @@ Version 4.96 5. The ACL "debug" control gains options "stop", "pretrigger" and "trigger". + 6. Query-style lookups are now checked for quoting, if the query string is + built using untrusted data ("tainted"). For now lack of quoting is merely + logged; a future release will upgrade this to an error. + + 7. The expansion conditions match_ and inlist now set $value for + the expansion of the "true" result of the ${if}. With a static list, this + can be used for de-tainting. + + 8. Recipient verify callouts now set $domain_data & $local_part_data, with + de-tainted values. Version 4.95 ------------