X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/c4d5e329acddb83df43254990f98c53cd5b1fbf7..bd95ffc2ba87fbd3c752df17bc8fd9c01586d45a:/doc/doc-txt/NewStuff?ds=inline diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index d975fe14a..919a56ea5 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -6,6 +6,168 @@ Before a formal release, there may be quite a lot of detail so that people can test from the snapshots or the Git before the documentation is updated. Once the documentation is updated, this file is reduced to a short list. +Version 4.94 +------------ + + 1. EXPERIMENTAL_SRS_NATIVE optional build feature. See the experimental.spec + file. + + 2. Channel-binding for authenticators is now supported under OpenSSL. + Previously it was GnuTLS-only. + + 3. A msg:defer event. + + 4. Client-side support in the gsasl authenticator. Tested against the + plaintext driver for PLAIN; only against itself for SCRAM-SHA-1 and + SCRAM-SHA-1-PLUS methods. + + 5. Server-side support in the gsasl authenticator for encrypted passwords, as + an alternate for the existing plaintext. + + 6. Variable $local_part_verified, set by the router check_local_part condition + with untainted data. + + 7. Named-list definitions can now be prefixed "hide" so that "-bP" commands do + not output the content. Previously this could only be done on options. + + 8. As an exerimental feature, the dovecot authenticatino driver supports inet + sockets. Previously it was unix-domain sockets only. + + 9. The ACL control "queue_only" can also be spelled "queue", and now takes an + option "first_pass_route" to do the same as a "-odqs" on the command line. + 9. Items specified for the router and transport headers_remove option can use + a trailing asterisk to specify globbing. + + + + +Version 4.93 +------------ + + 1. An "external" authenticator, per RFC 4422 Appendix A. + + 2. A JSON lookup type, and JSON variants of the forall/any expansion conditions. + + 3. Variables $tls_in_cipher_std, $tls_out_cipher_std giving the RFC names + for ciphersuites. + + 4. Log_selectors "msg_id" (on by default) and "msg_id_created". + + 5. A case_insensitive option for verify=not_blind. + + 6. EXPERIMENTAL_TLS_RESUME optional build feature. See the experimental.spec + file. + + 7. A main option exim_version to override the version Exim + reports in verious places ($exim_version, $version_number). + + 8. Expansion operator ${sha2_N:} for N=256, 384, 512. + + 9. Router variables, $r_... settable from router options and usable in routers + and transports. + +10. The spf lookup now supports IPv6. + +11. Main options for DKIM verify to filter hash and key types. + +12. With TLS1.3, support for full-chain OCSP stapling. + +13. Dual-certificate stacks on servers now support OCSP stapling, under OpenSSL. + +14: An smtp:ehlo transport event, for observability of the remote offered features. + +15: Support under OpenSSL for writing NSS-style key files for packet-capture + decode. The environment variable SSLKEYLOGFILE is used; if an absolute path + it must indicate a file under the spool directory; if relative the the spool + directory is prepended. Works on the server side only. Support under + GnuTLS was already there, being done purely by the library (server side + only, and exim must be run as root). + +16: Command-line option to move messages from one named queue to another. + +17. Variables $tls_in_ver, $tls_out_ver. + + +Version 4.92 +-------------- + + 1. ${l_header:} and ${l_h:} expansion items, giving a colon-sep + list when there are multiple headers having a given name. This matters + when individual headers are wrapped onto multiple lines; with previous + facilities hard to parse. + + 2. The ${readsocket } expansion item now takes a "tls" option, doing the + obvious thing. + + 3. EXPERIMENTAL_REQUIRETLS and EXPERIMENTAL_PIPE_CONNECT optional build + features. See the experimental.spec file. + + 4. If built with SUPPORT_I18N a "utf8_downconvert" option on the smtp transport. + + 5. A "pipelining" log_selector. + + 6. Builtin macros for supported log_selector and openssl_options values. + + 7. JSON variants of the ${extract } expansion item. + + 8. A "noutf8" debug option, for disabling the UTF-8 characters in debug output. + + 9. TCP Fast Open support on MacOS. + +Version 4.91 +-------------- + + 1. Dual-certificate stacks on servers now support OCSP stapling, under GnuTLS + version 3.5.6 or later. + + 2. DANE is now supported under GnuTLS version 3.0.0 or later. Both GnuTLS and + OpenSSL versions are moved to mainline support from Experimental. + New SMTP transport option "dane_require_tls_ciphers". + + 3. Feature macros for the compiled-in set of malware scanner interfaces. + + 4. SPF support is promoted from Experimental to mainline status. The template + src/EDITME makefile does not enable its inclusion. + + 5. Logging control for DKIM verification. The existing DKIM log line is + controlled by a "dkim_verbose" selector which is _not_ enabled by default. + A new tag "DKIM=" is added to <= lines by default, controlled by + a "dkim" log_selector. + + 6. Receive duration on <= lines, under a new log_selector "receive_time". + + 7. Options "ipv4_only" and "ipv4_prefer" on the dnslookup router and on + routing rules in the manualroute router. + + 8. Expansion item ${sha3:} / ${sha3_:} now also supported + under OpenSSL version 1.1.1 or later. + + 9. DKIM operations can now use the Ed25519 algorithm in addition to RSA, under + GnuTLS 3.6.0 or OpenSSL 1.1.1 or later. + +10. Builtin feature-macros _CRYPTO_HASH_SHA3 and _CRYPTO_SIGN_ED25519, library + version dependent. + +11. "exim -bP macro " returns caller-usable status. + +12. Expansion item ${authresults {}} for creating an + Authentication-Results: header. + +13. EXPERIMENTAL_ARC. See the experimental.spec file. + See also new util/renew-opendmarc-tlds.sh script for use with DMARC/ARC. + +14: A dane:fail event, intended to facilitate reporting. + +15. "Lightweight" support for Redis Cluster. Requires redis_servers list to + contain all the servers in the cluster, all of which must be reachable from + the running exim instance. If the cluster has master/slave replication, the + list must contain all the master and slave servers. + +16. Add an option to the Avast scanner interface: "pass_unscanned". This + allows to treat unscanned files as clean. Files may be unscanned for + several reasons: decompression bombs, broken archives. + + Version 4.90 ------------ @@ -49,15 +211,26 @@ Version 4.90 12. TCP Fast Open logging. As a server, logs when the SMTP banner was sent while still in SYN_RECV state; as a client logs when the connection - is opened with a TFO cookie. Support varies between platforms - (Linux does both. FreeBSD server only, others unknown). + is opened with a TFO cookie. 13. DKIM support for multiple signing, by domain and/or key-selector. - DKIM support for multiple hashes. + DKIM support for multiple hashes, and for alternate-identity tags. + Builtin macro with default list of signed headers. + Better syntax for specifying oversigning. + The DKIM ACL can override verification status, and status is visible in + the data ACL. 14. Exipick understands -C|--config for an alternative Exim configuration file. +15. TCP Fast Open used, with data-on-SYN, for client SMTP via SOCKS5 proxy, + for ${readsocket } expansions, and for ClamAV. + +16. The "-be" expansion test mode now supports macros. Macros are expanded + in test lines, and new macros can be defined. + +17. Support for server-side dual-certificate-stacks (eg. RSA + ECDSA). + Version 4.89 ------------ @@ -66,7 +239,7 @@ Version 4.89 2. A main-section config option "debug_store" to control the checks on variable locations during store-reset. Normally false but can be enabled - when a memory corrution issue is suspected on a production system. + when a memory corruption issue is suspected on a production system. Version 4.88 @@ -859,7 +1032,7 @@ Version 4.68 longest line that was received as part of the message, not counting the line termination character(s). - 7. Host lists can now include +ignore_defer and +include_defer, analagous to + 7. Host lists can now include +ignore_defer and +include_defer, analogous to +ignore_unknown and +include_unknown. These options should be used with care, probably only in non-critical host lists such as whitelists.