+Exim version 4.78
+-----------------
+
+ * The value of $tls_peerdn is now print-escaped when written to the spool file
+ in a -tls_peerdn line, and unescaped when read back in. We received reports
+ of values with embedded newlines, which caused spool file corruption.
+
+ If you have a corrupt spool file and you wish to recover the contents after
+ upgrading, then lock the message, replace the new-lines that should be part
+ of the -tls_peerdn line with the two-character sequence \n and then unlock
+ the message. No tool has been provided as we believe this is a rare
+ occurence.
+
+ * With OpenSSL 1.0.1+, Exim now supports TLS 1.1 and TLS 1.2. If built
+ against 1.0.1a then you will get a warning message and the
+ "openssl_options" value will not parse "no_tlsv1_1": the value changes
+ incompatibly between 1.0.1a and 1.0.1b, because the value chosen for 1.0.1a
+ is infelicitous. We advise avoiding 1.0.1a.
+
+ "openssl_options" gains "no_tlsv1_1", "no_tlsv1_2" and "no_compression".
+
+
+
+Exim version 4.77
+-----------------
+
+ * GnuTLS will now attempt to use TLS 1.2 and TLS 1.1 before TLS 1.0 and SSL3,
+ if supported by your GnuTLS library. Use the existing
+ "gnutls_require_protocols" option to downgrade this if that will be a
+ problem. Prior to this release, supported values were "TLS1" and "SSL3",
+ so you should be able to update configuration prior to update.
+
+ * The match_<type>{string1}{string2} expansion conditions no longer subject
+ string2 to string expansion, unless Exim was built with the new
+ "EXPAND_LISTMATCH_RHS" option. Too many people have inadvertently created
+ insecure configurations that way. If you need the functionality and turn on
+ that build option, please let the developers know, and know why, so we can
+ try to provide a safer mechanism for you.
+
+ The match{}{} expansion condition (for regular expressions) is NOT affected.
+ For match_<type>{s1}{s2}, all list functionality is unchanged. The only
+ change is that a '$' appearing in s2 will not trigger expansion, but instead
+ will be treated as a literal $ sign; the effect is very similar to having
+ wrapped s2 with \N...\N. If s2 contains a named list and the list definition
+ uses $expansions then those _will_ be processed as normal. It is only the
+ point at which s2 is read where expansion is inhibited.
+
+ If you are trying to test if two email addresses are equal, use eqi{s1}{s2}.
+ If you are testing if the address in s1 occurs in the list of items given
+ in s2, either use the new inlisti{s1}{s2} condition (added in 4.77) or use
+ the pre-existing forany{s2}{eqi{$item}{s1}} condition.
+
+