X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/4050a04413dda769b60118e3bbb518639be6828a..d6cc7c78f624e505bb889c8ccd2879706d6dc9e1:/src/README.UPDATING diff --git a/src/README.UPDATING b/src/README.UPDATING index 0b70caa2b..8a0533b10 100644 --- a/src/README.UPDATING +++ b/src/README.UPDATING @@ -1,5 +1,3 @@ -$Cambridge: exim/src/README.UPDATING,v 1.17 2009/10/16 07:35:42 tom Exp $ - This document contains detailed information about incompatibilities that might be encountered when upgrading from one release of Exim to another. The information is in reverse order of release numbers. Mostly these are relatively @@ -28,6 +26,23 @@ The rest of this document contains information about changes in 4.xx releases that might affect a running system. +Exim version 4.77 +----------------- + + * GnuTLS will now attempt to use TLS 1.2 and TLS 1.1 before TLS 1.0 and SSL3, + if supported by your GnuTLS library. Use the existing + "gnutls_require_protocols" option to downgrade this if that will be a + problem. Prior to this release, supported values were "TLS1" and "SSL3", + so you should be able to update configuration prior to update. + + * The match_{string1}{string2} expansion conditions no longer subject + string2 to string expansion, unless Exim was built with the new + "EXPAND_LISTMATCH_RHS" option. Too many people have inadvertently created + insecure configurations that way. If you need the functionality and turn on + that build option, please let the developers know, and know why, so we can + try to provide a safer mechanism for you. + + Exim version 4.74 ----------------- @@ -69,7 +84,7 @@ Exim version 4.73 the Exim run-time user may safely pass without dropping privileges. Because changes to this involve a recompile, this is not the recommended approach but may ease transition. The values of the macros, when - overriden, are constrained to match this regex: ^[A-Za-z0-9_/.-]*$ + overridden, are constrained to match this regex: ^[A-Za-z0-9_/.-]*$ * The system_filter_user option now defaults to the Exim run-time user, rather than root. You can still set it explicitly to root and this