X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/a01ba0815be7209559968f44f3498136a7924527..bddd752627531884c9aeb087dd71d0c69e5371b3:/doc/doc-txt/NewStuff?ds=sidebyside diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 8c8aeaa50..b940afe34 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -9,10 +9,39 @@ test from the snapshots or the CVS before the documentation is updated. Once the documentation is updated, this file is reduced to a short list. +Version 4.75 +------------ + + 1. In addition to the existing LDAP and LDAP/SSL ("ldaps") support, there + is now LDAP/TLS support, given sufficiently modern OpenLDAP client + libraries. The following global options have been added in support of + this: ldap_ca_cert_dir, ldap_ca_cert_file, ldap_cert_file, ldap_cert_key, + ldap_cipher_suite, ldap_require_cert, ldap_start_tls. + + 2. The pipe transport now takes a boolean option, "freeze_signal", default + false. When true, if the external delivery command exits on a signal then + Exim will freeze the message in the queue, instead of generating a bounce. + + 3. Log filenames may now use %M as an escape, instead of %D (still available). + The %M pattern expands to yyyymm, providing month-level resolution. + + 4. The $message_linecount variable is now updated for the maildir_tag option, + in the same way as $message_size, to reflect the real number of lines, + including any header additions or removals from transport. + + 5. When contacting a pool of SpamAssassin servers configured in spamd_address, + Exim now selects entries randomly, to better scale in a cluster setup. + + Version 4.74 ------------ - 1. Exim now supports loading some lookup types at run-time, using your + 1. SECURITY FIX: privilege escalation flaw fixed. On Linux (and only Linux) + the flaw permitted the Exim run-time user to cause root to append to + arbitrary files of the attacker's choosing, with the content based + on content supplied by the attacker. + + 2. Exim now supports loading some lookup types at run-time, using your platform's dlopen() functionality. This has limited platform support and the intention is not to support every variant, it's limited to dlopen(). This permits the main Exim binary to not be linked against