+Exim version 4.94
+-----------------
+
+Some Transports now refuse to use tainted data in constructing their delivery
+location; this WILL BREAK configurations which are not updated accordingly.
+
+In particular: any Transport use of $local_user which has been relying upon
+check_local_user far away in the Router to make it safe, should be updated to
+replace $local_user with $local_part_verified.
+
+
+Exim version 4.93
+-----------------
+
+For a detailed list of changes that might affect Exim's operation with
+an unchanged configuration, please see the doc/ChangeLog file.
+
+Build:
+
+ * SUPPORT_DMARC replaces EXPERIMENTAL_DMARC
+
+ * DISABLE_TLS replaces SUPPORT_TLS
+
+ * Bump the version for the local_scan API.
+
+Runtime:
+
+ * smtp transport option hosts_try_fastopen defaults to "*".
+
+ * DNSSec is requested (not required) for all queries. (This seemes to
+ ask for trouble if your resolver is a systemd-resolved.)
+
+ * Generic router option retry_use_local_part defaults to "true" under specific
+ pre-conditions.
+
+ * Introduce a tainting mechanism for values read from untrusted sources.
+
+ * Use longer file names for temporary spool files (this avoids
+ name conflicts with spool on a shared file system).
+
+ * Use dsn_from main config option (was ignored previously).
+
+
+Exim version 4.92
+-----------------
+
+ * Exim used to manually follow CNAME chains, to a limited depth. In this
+ day-and-age we expect the resolver to be doing this for us, so the loop
+ is limited to one retry unless the (new) config option dns_cname_loops
+ is changed.
+
+Exim version 4.91
+-----------------
+
+ * DANE and SPF have been promoted from Experimental to Supported status, thus
+ the options to enable them in Local/Makefile have been renamed.
+ See current src/EDITME for full details, including changes in dependencies,
+ but loosely: replace EXPERIMENTAL_SPF with SUPPORT_SPF and replace
+ EXPERIMENTAL_DANE with SUPPORT_DANE.
+
+ * Ancient ClamAV stream support, long deprecated by ClamAV, has been removed;
+ if you were building with WITH_OLD_CLAMAV_STREAM enabled then your problems
+ have marginally increased.
+
+ * A number of logging changes; if relying upon the previous DKIM additional
+ log-line, explicit log_selector configuration is needed to keep it.
+
+ * Other incompatible changes in EXPERIMENTAL_* features, read NewStuff and
+ ChangeLog carefully if relying upon an experimental feature such as DMARC.
+ Note that this includes changes to SPF as it was promoted into Supported.
+
+
+Exim version 4.89
+-----------------
+
+ * SMTP CHUNKING in Exim 4.88 did not ensure that received mails had a final
+ newline; attempts to deliver such messages onwards to non-chunking hosts
+ would probably hang, as Exim does not insert the newline before a ".".
+ In 4.89, the newline is added upon receipt. For already-received messages
+ in your queue, try util/chunking_fixqueue_finalnewlines.pl
+ to walk the queue, fixing any affected messages. Note that because a
+ delivery attempt will be hanging, attempts to lock the messages for fixing
+ them will stall; stopping all queue-runners temporarily is recommended.
+
+ * OpenSSL: oldest supported release series is now 1.0.2, which is the oldest
+ supported by the OpenSSL project. If you can build Exim with an older
+ release series, congratulations. If you can't, then upgrade.
+ The file doc/openssl.txt contains instructions for installing a current
+ OpenSSL outside the system library paths and building Exim to use it.
+
+ * FreeBSD: we now always use the system iconv in libc, as all versions of
+ FreeBSD supported by the FreeBSD project provide this functionality.
+
+
+Exim version 4.88
+-----------------
+
+ * The "demime" ACL condition, deprecated for the past 10 years, has
+ now been removed.
+
+ * Old GnuTLS configuration options "gnutls_require_kx", "gnutls_require_mac",
+ and "gnutls_require_protocols" have now been removed. (Inoperative from
+ 4.80, per below; logging warnings since 4.83, again per below).
+
+