DKIM: disallow default acceptance of sha1 for verify

[users/jgh/exim.git] / doc / doc-txt / ChangeLog

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 1ce151fa9e3e2b0bd6bf80a87dba0880179758c3..45d126ccdf9bf9ee4c61f7320c153af9da0493f3 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -5,6 +5,20 @@ affect Exim's operation, with an unchanged configuration file.  For new
 options, and new features, see the NewStuff file next to this ChangeLog.
 
 
 options, and new features, see the NewStuff file next to this ChangeLog.
 
 

+Exim version 4.next
+-------------------
+
+JH/01 Avoid costly startup code when not strictly needed.  This reduces time
+      for some exim process initialisations.  It does mean that the logging
+      of TLS configuration problems is only done for the daemon startup.
+
+JH/02 Early-pipelining support code is now included unless disabled in Makefile.
+
+JH/03 DKIM verification defaults no long accept sha1 hashes, to conform to
+      RFC 8301.  They can still be enabled, using the dkim_verify_hashes main
+      option.
+
+

 Exim version 4.93
 -----------------
 
 Exim version 4.93
 -----------------
 


@@ -181,6 +195,17 @@ JH/38 Bug 1395: Teach the DNS negative-cache about TTL value from the SOA in
       receive process (eg. due to ACL delays) versus a short SOA value could
       surprise.
 
       receive process (eg. due to ACL delays) versus a short SOA value could
       surprise.
 

+HS/05 Handle trailing backslash gracefully. (CVE-2019-15846)
+
+JH/39 Promote DMARC support to mainline.
+
+JH/40 Bug 2452: Add a References: header to DSNs.
+
+JH/41 With GnuTLS 3.6.0 (and later) do not attempt to manage Diffie-Hellman
+      parameters.  The relevant library call is documented as "Deprecated: This
+      function is unnecessary and discouraged on GnuTLS 3.6.0 or later. Since
+      3.6.0, DH parameters are negotiated following RFC7919."
+

 
 Exim version 4.92
 -----------------
 
 Exim version 4.92
 -----------------