X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/ebcf27afb54c7dc93a3a4a76487a597ec153e9b5..6fa5cd352fc9c1e86ec56ac4f2b96804b6472a5f:/src/README.UPDATING diff --git a/src/README.UPDATING b/src/README.UPDATING index 94a1420eb..72bc97021 100644 --- a/src/README.UPDATING +++ b/src/README.UPDATING @@ -26,15 +26,38 @@ The rest of this document contains information about changes in 4.xx releases that might affect a running system. +Exim version 4.95 +----------------- + +Various length limits have been applied to Exim's parsing of its command-line. +These are all set to be at least as long as any valid input, so we do not believe +that any real use-cases have been affected by this. + +The names of various drivers (authenticators, routers, transports, ...) have +always been limited to 64 characters, but before this release the names were +silently truncated, inviting problems. Now the length limit should be enforced. +If this affects you, then please rename to use shorter names. + +The default maximum number of recipients of a single email has changed from +"unlimited" (ie: as much as CPU and memory will allow, until something breaks +badly) to 50,000. You can raise or lower this as you see fit, but we strongly +caution against using zero/unlimited. + + Exim version 4.94 ----------------- Some Transports now refuse to use tainted data in constructing their delivery location; this WILL BREAK configurations which are not updated accordingly. - -In particular: any Transport use of $local_user which has been relying upon +In particular: any Transport use of $local_part which has been relying upon check_local_user far away in the Router to make it safe, should be updated to -replace $local_user with $local_part_verified. +replace $local_part with $local_part_data. + +Attempting to remove, in router or transport, a header name that ends with +an asterisk (which is a standards-legal name) will now result in all headers +named starting with the string before the asterisk being removed. We recommend +staying away from such names, if they are private ones (and in case of future +enhancements, alao header names that look like REs). Exim version 4.93