-------------------------------------------
+Exim version 4.87
+-----------------
+JH/01 Bug 1664: Disable OCSP for GnuTLS library versions at/before 3.3.16
+ and 3.4.4 - once the server is enabled to respond to an OCSP request
+ it does even when not requested, resulting in a stapling non-aware
+ client dropping the TLS connection.
+
+TF/01 Code cleanup: Overhaul the debug_selector and log_selector machinery to
+ support variable-length bit vectors. No functional change.
+
+TF/02 Improve the consistency of logging incoming and outgoing interfaces.
+ The I= interface field on outgoing lines is now after the H= remote
+ host field, same as incoming lines. There is a separate
+ outgoing_interface log selector which allows you to disable the
+ outgoing I= field.
+
+JH/02 Bug 728: Close logfiles after a daemon-process "exceptional" log write.
+ If not running log_selector +smtp_connection the mainlog would be held
+ open indefinitely after a "too many connections" event, including to a
+ deleted file after a log rotate. Leave the per net connection logging
+ leaving it open for efficiency as that will be quickly detected by the
+ check on the next write.
+
+HS/01 Bug 1671: Fix post transport crash.
+ Processing the wait-<transport> messages could crash the delivery
+ process if the message IDs didn't exist for some reason. When
+ using 'split_spool_directory=yes' the construction of the spool
+ file name failed already, exposing the same netto behaviour.
+
+JH/03 Bug 425: Capture substrings in $regex1, $regex2 etc from regex &
+ mime_regex ACL conditions.
+
+JH/04 Bug 1686: When compiled with EXPERIMENTAL_DSN_INFO: Add extra information
+ to DSN fail messages (bounces): remote IP, remote greeting, remote response
+ to HELO, local diagnostic string.
+
+JH/05 Downgrade message for a TLS-certificate-based authentication fail from
+ log line to debug. Even when configured with a tls authenticator many
+ client connections are expected to not authenticate in this way, so
+ an authenticate fail is not an error.
+
+HS/02 Add the Exim version string to the process info. This way exiwhat
+ gives some more detail about the running daemon.
+
+JH/06 Bug 1395: time-limit cacheing of DNS lookups, to the TTL value. This may
+ matter for fast-change records such as DNSBLs.
+
+JH/07 Bug 1678: Always record an interface option value, if set, as part of a
+ retry record, even if constant. There may be multiple transports with
+ different interface settings and the retry behaviour needs to be kept
+ distinct.
+
+JH/08 Bug 1586: exiqgrep now refuses to run if there are unexpected arguments.
+
+JH/09 Bug 1700: ignore space & tab embedded in base64 during decode.
+
+JH/10 Bug 840: fix log_defer_output option of pipe transport
+
+JH/11 Bug 830: use same host for all RCPTS of a message, even under
+ hosts_randomize. This matters a lot when combined with mua_wrapper.
+
+JH/12 Bug 1706: percent and underbar characters are no longer escaped by the
+ ${quote_pgsql:<string>} operator.
+
+JH/13 Bug 1708: avoid misaligned access in cached lookup.
+
+JH/14 Change header file name for freeradius-client. Relevant if compiling
+ with Radius support; from the Gentoo tree and checked under Fedora.
+
+JH/15 Bug 1712: Introduce $prdr_requested flag variable
+
+JH/16 Bug 1714: Permit an empty string as expansion result for transport
+ option transport_filter, meaning no filtering.
+
+JH/17 Bug 1713: Fix non-PDKIM_DEBUG build. Patch from Jasen Betts.
+
+JH/18 Bug 1709: When built with TLS support, the tls_advertise_hosts option now
+ defaults to "*" (all hosts). The variable is now available when not built
+ with TLS, default unset, mainly to enable keeping the testuite sane.
+ If a server certificate is not supplied (via tls_certificate) an error is
+ logged, and clients will find TLS connections fail on startup. Presumably
+ they will retry in-clear.
+ Packagers of Exim are strongly encouraged to create a server certificate
+ at installation time.
+
+HS/03 Add -bP config_file as a synonym for -bP configure_file, for consistency
+ with the $config_file variable.
+
+
Exim version 4.86
-----------------
JH/01 Bug 1545: The smtp transport option "retry_include_ip_address" is now
it.
JH/04 Certificate name checking on server certificates, when exim is a client,
- is now done by default. The transport option tls_verify_cert_hostname
+ is now done by default. The transport option tls_verify_cert_hostnames
can be used to disable this per-host. The build option
EXPERIMENTAL_CERTNAMES is withdrawn.
JH/31 Check the HELO verification lookup for DNSSEC, adding new
$sender_helo_dnssec variable.
+JH/32 Bug 1397: Enable ECDHE on OpenSSL, just the NIST P-256 curve.
+
+JH/33 Bug 1346: Note MAIL cmd seen in -bS batch, to avoid smtp_no_mail log.
+
+JH/34 Bug 1648: Fix a memory leak seen with "mailq" and large queues.
+
+JH/35 Bug 1642: Fix support of $spam_ variables at delivery time. Was
+ documented as working, but never had. Support all but $spam_report.
+
+JH/36 Bug 1659: Guard checking of input smtp commands again pseudo-command
+ added for tls authenticator.
+
Exim version 4.85
-----------------