X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/1f791335fa63a062b191c4d51cb902b3991de65b..b9b967cca71a4da51506f8ba596b9ae40cfcef57:/src/README.UPDATING diff --git a/src/README.UPDATING b/src/README.UPDATING index 73b52e4a0..708027f2c 100644 --- a/src/README.UPDATING +++ b/src/README.UPDATING @@ -26,6 +26,62 @@ The rest of this document contains information about changes in 4.xx releases that might affect a running system. +Exim version 4.94 +----------------- + +Some Transports now refuse to use tainted data in constructing their delivery +location; this WILL BREAK configurations which are not updated accordingly. +In particular: any Transport use of $local_part which has been relying upon +check_local_user far away in the Router to make it safe, should be updated to +replace $local_part with $local_part_data. + +Attempting to remove, in router or transport, a header name that ends with +an asterisk (which is a standards-legal name) will now result in all headers +named starting with the string before the asterisk being removed. We recommend +staying away from such names, if they are private ones (and in case of future +enhancements, alao header names that look like REs). + + +Exim version 4.93 +----------------- + +For a detailed list of changes that might affect Exim's operation with +an unchanged configuration, please see the doc/ChangeLog file. + +Build: + + * SUPPORT_DMARC replaces EXPERIMENTAL_DMARC + + * DISABLE_TLS replaces SUPPORT_TLS + + * Bump the version for the local_scan API. + +Runtime: + + * smtp transport option hosts_try_fastopen defaults to "*". + + * DNSSec is requested (not required) for all queries. (This seemes to + ask for trouble if your resolver is a systemd-resolved.) + + * Generic router option retry_use_local_part defaults to "true" under specific + pre-conditions. + + * Introduce a tainting mechanism for values read from untrusted sources. + + * Use longer file names for temporary spool files (this avoids + name conflicts with spool on a shared file system). + + * Use dsn_from main config option (was ignored previously). + + +Exim version 4.92 +----------------- + + * Exim used to manually follow CNAME chains, to a limited depth. In this + day-and-age we expect the resolver to be doing this for us, so the loop + is limited to one retry unless the (new) config option dns_cname_loops + is changed. + Exim version 4.91 ----------------- @@ -84,7 +140,7 @@ Exim version 4.83 ----------------- * SPF condition results renamed "permerror" and "temperror". The old - names are still accepted for back-compatability, for this release. + names are still accepted for back-compatibility, for this release. * TLS details are now logged on rejects, subject to log selectors. @@ -125,7 +181,7 @@ Exim version 4.80 upgrading, then lock the message, replace the new-lines that should be part of the -tls_peerdn line with the two-character sequence \n and then unlock the message. No tool has been provided as we believe this is a rare - occurence. + occurrence. * For OpenSSL, SSLv2 is now disabled by default. (GnuTLS does not support SSLv2). RFC 6176 prohibits SSLv2 and some informal surveys suggest no @@ -338,7 +394,7 @@ Exim version 4.70 ----------------- 1. Experimental Yahoo! Domainkeys support has been dropped in this release. -It has been superceded by a native implementation of its successor DKIM. +It has been superseded by a native implementation of its successor DKIM. 2. Up to version 4.69, Exim came with an embedded version of the PCRE library. As of 4.70, this is no longer the case. To compile Exim, you will need PCRE