+Exim version 4.86
+-----------------
+JH/01 Bug 1545: The smtp transport option "retry_include_ip_address" is now
+ expanded.
+
+JH/02 The smtp transport option "multi_domain" is now expanded.
+
+JH/03 The smtp transport now requests PRDR by default, if the server offers
+ it.
+
+JH/04 Certificate name checking on server certificates, when exim is a client,
+ is now done by default. The transport option tls_verify_cert_hostname
+ can be used to disable this per-host. The build option
+ EXPERIMENTAL_CERTNAMES is withdrawn.
+
+JH/05 The value of the tls_verify_certificates smtp transport and main options
+ default to the word "system" to access the system default CA bundle.
+ For GnuTLS, only version 3.0.20 or later.
+
+JH/06 Verification of the server certificate for a TLS connection is now tried
+ (but not required) by default. The verification status is now logged by
+ default, for both outbound TLS and client-certificate supplying inbound
+ TLS connections
+
+JH/07 Changed the default rfc1413 lookup settings to disable calls. Few
+ sites use this now.
+
+
+Exim version 4.85
+-----------------
+TL/01 When running the test suite, the README says that variables such as
+ no_msglog_check are global and can be placed anywhere in a specific
+ test's script, however it was observed that placement needed to be near
+ the beginning for it to behave that way. Changed the runtest perl
+ script to read through the entire script once to detect and set these
+ variables, reset to the beginning of the script, and then run through
+ the script parsing/test process like normal.
+
+TL/02 The BSD's have an arc4random API. One of the functions to induce
+ adding randomness was arc4random_stir(), but it has been removed in
+ OpenBSD 5.5. Detect this OpenBSD version and skip calling this
+ function when detected.
+
+JH/01 Expand the EXPERIMENTAL_TPDA feature. Several different events now
+ cause callback expansion.
+
+TL/03 Bugzilla 1518: Clarify "condition" processing in routers; that
+ syntax errors in an expansion can be treated as a string instead of
+ logging or causing an error, due to the internal use of bool_lax
+ instead of bool when processing it.
+
+JH/02 Add EXPERIMENTAL_DANE, allowing for using the DNS as trust-anchor for
+ server certificates when making smtp deliveries.
+
+JH/03 Support secondary-separator specifier for MX, SRV, TLSA lookups.
+
+JH/04 Add ${sort {list}{condition}{extractor}} expansion item.
+
+TL/04 Bugzilla 1216: Add -M (related messages) option to exigrep.
+
+TL/05 GitHub Issue 18: Adjust logic testing for true/false in redis lookups.
+ Merged patch from Sebastian Wiedenroth.
+
+JH/05 Fix results-pipe from transport process. Several recipients, combined
+ with certificate use, exposed issues where response data items split
+ over buffer boundaries were not parsed properly. This eventually
+ resulted in duplicates being sent. This issue only became common enough
+ to notice due to the introduction of conection certificate information,
+ the item size being so much larger. Found and fixed by Wolfgang Breyha.
+
+JH/06 Bug 1533: Fix truncation of items in headers_remove lists. A fixed
+ size buffer was used, resulting in syntax errors when an expansion
+ exceeded it.
+
+JH/07 Add support for directories of certificates when compiled with a GnuTLS
+ version 3.3.6 or later.
+
+JH/08 Rename the TPDA expermimental facility to Event Actions. The #ifdef
+ is EXPERIMENTAL_EVENT, the main-configuration and transport options
+ both become "event_action", the variables become $event_name, $event_data
+ and $event_defer_errno. There is a new variable $verify_mode, usable in
+ routers, transports and related events. The tls:cert event is now also
+ raised for inbound connections, if the main configuration event_action
+ option is defined.
+
+TL/06 In test suite, disable OCSP for old versions of openssl which contained
+ early OCSP support, but no stapling (appears to be less than 1.0.0).
+
+JH/09 When compiled with OpenSSL and EXPERIMENTAL_CERTNAMES, the checks on
+ server certificate names available under the smtp transport option
+ "tls_verify_cert_hostname" now do not permit multi-component wildcard
+ matches.
+
+JH/10 Time-related extraction expansions from certificates now use the main
+ option "timezone" setting for output formatting, and are consistent
+ between OpenSSL and GnuTLS compilations. Bug 1541.
+
+JH/11 Fix a crash in mime ACL when meeting a zero-length parameter in the
+ incoming message.
+
+JH/12 Bug 1527: Autogrow buffer used in reading spool files. Since they now
+ include certificate info, eximon was claiming there were spoolfile
+ syntax errors.
+
+JH/13 Buf 1521: Fix ldap lookup for single-attr request, multiple-attr return.
+
+JH/14 Log delivery-related information more consistently, using the sequence
+ "H=<name> [<ip>]" wherever possible.
+
+