X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/4c04137d73637107669e02b21f890387aaa2ef34..b9b967cca71a4da51506f8ba596b9ae40cfcef57:/src/README.UPDATING?ds=sidebyside diff --git a/src/README.UPDATING b/src/README.UPDATING index ef07d6533..708027f2c 100644 --- a/src/README.UPDATING +++ b/src/README.UPDATING @@ -26,15 +26,104 @@ The rest of this document contains information about changes in 4.xx releases that might affect a running system. +Exim version 4.94 +----------------- + +Some Transports now refuse to use tainted data in constructing their delivery +location; this WILL BREAK configurations which are not updated accordingly. +In particular: any Transport use of $local_part which has been relying upon +check_local_user far away in the Router to make it safe, should be updated to +replace $local_part with $local_part_data. + +Attempting to remove, in router or transport, a header name that ends with +an asterisk (which is a standards-legal name) will now result in all headers +named starting with the string before the asterisk being removed. We recommend +staying away from such names, if they are private ones (and in case of future +enhancements, alao header names that look like REs). + + +Exim version 4.93 +----------------- + +For a detailed list of changes that might affect Exim's operation with +an unchanged configuration, please see the doc/ChangeLog file. + +Build: + + * SUPPORT_DMARC replaces EXPERIMENTAL_DMARC + + * DISABLE_TLS replaces SUPPORT_TLS + + * Bump the version for the local_scan API. + +Runtime: + + * smtp transport option hosts_try_fastopen defaults to "*". + + * DNSSec is requested (not required) for all queries. (This seemes to + ask for trouble if your resolver is a systemd-resolved.) + + * Generic router option retry_use_local_part defaults to "true" under specific + pre-conditions. + + * Introduce a tainting mechanism for values read from untrusted sources. + + * Use longer file names for temporary spool files (this avoids + name conflicts with spool on a shared file system). + + * Use dsn_from main config option (was ignored previously). + + +Exim version 4.92 +----------------- + + * Exim used to manually follow CNAME chains, to a limited depth. In this + day-and-age we expect the resolver to be doing this for us, so the loop + is limited to one retry unless the (new) config option dns_cname_loops + is changed. + +Exim version 4.91 +----------------- + + * DANE and SPF have been promoted from Experimental to Supported status, thus + the options to enable them in Local/Makefile have been renamed. + See current src/EDITME for full details, including changes in dependencies, + but loosely: replace EXPERIMENTAL_SPF with SUPPORT_SPF and replace + EXPERIMENTAL_DANE with SUPPORT_DANE. + + * Ancient ClamAV stream support, long deprecated by ClamAV, has been removed; + if you were building with WITH_OLD_CLAMAV_STREAM enabled then your problems + have marginally increased. + + * A number of logging changes; if relying upon the previous DKIM additional + log-line, explicit log_selector configuration is needed to keep it. + + * Other incompatible changes in EXPERIMENTAL_* features, read NewStuff and + ChangeLog carefully if relying upon an experimental feature such as DMARC. + Note that this includes changes to SPF as it was promoted into Supported. + + Exim version 4.89 ----------------- + * SMTP CHUNKING in Exim 4.88 did not ensure that received mails had a final + newline; attempts to deliver such messages onwards to non-chunking hosts + would probably hang, as Exim does not insert the newline before a ".". + In 4.89, the newline is added upon receipt. For already-received messages + in your queue, try util/chunking_fixqueue_finalnewlines.pl + to walk the queue, fixing any affected messages. Note that because a + delivery attempt will be hanging, attempts to lock the messages for fixing + them will stall; stopping all queue-runners temporarily is recommended. + * OpenSSL: oldest supported release series is now 1.0.2, which is the oldest supported by the OpenSSL project. If you can build Exim with an older release series, congratulations. If you can't, then upgrade. The file doc/openssl.txt contains instructions for installing a current OpenSSL outside the system library paths and building Exim to use it. + * FreeBSD: we now always use the system iconv in libc, as all versions of + FreeBSD supported by the FreeBSD project provide this functionality. + Exim version 4.88 ----------------- @@ -51,7 +140,7 @@ Exim version 4.83 ----------------- * SPF condition results renamed "permerror" and "temperror". The old - names are still accepted for back-compatability, for this release. + names are still accepted for back-compatibility, for this release. * TLS details are now logged on rejects, subject to log selectors. @@ -92,7 +181,7 @@ Exim version 4.80 upgrading, then lock the message, replace the new-lines that should be part of the -tls_peerdn line with the two-character sequence \n and then unlock the message. No tool has been provided as we believe this is a rare - occurence. + occurrence. * For OpenSSL, SSLv2 is now disabled by default. (GnuTLS does not support SSLv2). RFC 6176 prohibits SSLv2 and some informal surveys suggest no @@ -305,7 +394,7 @@ Exim version 4.70 ----------------- 1. Experimental Yahoo! Domainkeys support has been dropped in this release. -It has been superceded by a native implementation of its successor DKIM. +It has been superseded by a native implementation of its successor DKIM. 2. Up to version 4.69, Exim came with an embedded version of the PCRE library. As of 4.70, this is no longer the case. To compile Exim, you will need PCRE