X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/e63825824cc406c160ccbf2b154c5d81b168604a..4243a209fd9499f30bebd58ceaa2d0d9845407ae:/doc/doc-txt/ChangeLog

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 5f2cff6f5..f8ab5da0c 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -62,6 +62,19 @@ JH/14 Bug 2933: Fix regex substring match variables for null matches. Since 4.96
       occurrences) could cause a segfault if the corresponding $<n> was
       expanded.
 
+JH/15 Fix argument parsing for ${run } expansion. Previously, when an argument
+      included a close-brace character (eg. it itself used an expansion) an
+      error occurred.
+
+JH/16 Move running the smtp connect ACL to before, for TLS-on-connect ports,
+      starting TLS.  Previously it was after, meaning that attackers on such
+      ports had to be screened using the host_reject_connection main config
+      option. The new sequence aligns better with the STARTTLS behaviour, and
+      permits defences against crypto-processing load attacks, even though it
+      is strictly an incompatible change.
+      Also, avoid sending any SMTP fail response for either the connect ACL
+      or host_reject_connection, for TLS-on-connect ports.
+
 
 Exim version 4.96
 -----------------