X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/8d042305ef14df8cabcf7ae33767d019741dd59f..4b0fe31936b336d12836875101dcac6599d127ee:/doc/doc-txt/ChangeLog?ds=sidebyside

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 5469c4bdb..cecd2a038 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -1,9 +1,24 @@
 Change log file for Exim from version 4.21
 -------------------------------------------
 
-
 Exim version 4.88
 -----------------
+JH/01 Use SIZE on MAIL FROM in a cutthrough connection, if the destination
+      supports it and a size is available (ie. the sending peer gave us one).
+
+JH/02 The obsolete acl condition "demime" is removed (finally, after ten
+      years of being deprecated). The replacements are the ACLs
+      acl_smtp_mime and acl_not_smtp_mime.
+
+JH/03 Upgrade security requirements imposed for hosts_try_dane: previously
+      a downgraded non-dane trust-anchor for the TLS connection (CA-style)
+      or even an in-clear connection were permitted.  Now, if the host lookup
+      was dnssec and dane was requested then the host is only used if the
+      TLSA lookup succeeds and is dnssec.  Further hosts (eg. lower priority
+      MXs) will be tried (for hosts_try_dane though not for hosts_require_dane)
+      if one fails this test.
+      This means that a poorly-configured remote DNS will make it incommunicado;
+      but it protects against a DNS-interception attack on it.
 
 
 Exim version 4.87
@@ -324,6 +339,8 @@ JH/35 Bug 1642: Fix support of $spam_ variables at delivery time.  Was
 JH/36 Bug 1659: Guard checking of input smtp commands again pseudo-command
       added for tls authenticator.
 
+HS/03 Add perl_taintmode main config option
+
 
 Exim version 4.85
 -----------------