X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/3cc3f7625d68c169d47dadbefa74233e5fe7ed55..a678496c52fe5cb49f76918598352ab9d457b70d:/doc/doc-txt/ChangeLog?ds=inline diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 52e04926f..46ec11e34 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,5 +1,14 @@ Change log file for Exim from version 4.21 ------------------------------------------- +This document describes *changes* to previous versions, that might +affect Exim's operation, with an unchanged configuration file. For new +options, and new features, see the NewStuff file next to this ChangeLog. + +Exim version 4.89 +------------------- +JH/01 Bug 1922: Support IDNA2008. This has slightly different conversion rules + than -2003 did; needs libidn2 in addition to linidn. + Exim version 4.88 ----------------- @@ -24,7 +33,7 @@ JH/04 Bug 1810: make continued-use of an open smtp transport connection non-noisy when a race steals the message being considered. JH/05 If main configuration option tls_certificate is unset, generate a - selfsigned certificate for inbound TLS connections. + self-signed certificate for inbound TLS connections. JH/06 Bug 165: hide more cases of password exposure - this time in expansions in rewrites and routers. @@ -90,7 +99,7 @@ JH/23 Bug 1874: fix continued use of a connection for further deliveries. JH/24 Bug 1832: Log EHLO response on getting conn-close response for HELO. -JH/25 Decoding ACL controls is now done using a binary search; the sourcecode +JH/25 Decoding ACL controls is now done using a binary search; the source code takes up less space and should be simpler to maintain. Merge the ACL condition decode tables also, with similar effect. @@ -112,6 +121,37 @@ JH/29 Fix the connection_reject log selector to apply to the connect ACL. Previously it only applied to the main-section connection policy options. +JH/30 Bug 1897: fix callouts connection fallback from TLS to cleartext. + +PP/01 Changed default Diffie-Hellman parameters to be Exim-specific, created + by me. Added RFC7919 DH primes as an alternative. + +PP/02 Unbreak build via pkg-config with new hash support when crypto headers + are not in the system include path. + +JH/31 Fix longstanding bug with aborted TLS server connection handling. Under + GnuTLS, when a session startup failed (eg because the client disconnected) + Exim did stdio operations after fclose. This was exposed by a recent + change which nulled out the file handle after the fclose. + +JH/32 Bug 1909: Fix OCSP proof verification for cases where the proof is + signed directly by the cert-signing cert, rather than an intermediate + OCSP-signing cert. This is the model used by LetsEncrypt. + +JH/33 Bug 1914: Ensure socket is nonblocking before draining after SMTP QUIT. + +HS/01 Fix leak in verify callout under GnuTLS, about 3MB per recipient on + an incoming connection. + +HS/02 Bug 1802: Do not half-close the connection after sending a request + to rspamd. + +HS/03 Use "auto" as the default EC curve parameter. For OpenSSL < 1.0.2 + fallback to "prime256v1". + +JH/34 SECURITY: Use proper copy of DATA command in error message. + Could leak key material. Remotely explaoitable. CVE-2016-9963. + Exim version 4.87 -----------------