X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/8fd715e80d7848fa463f06951a42967bd7123756..51fb80db26ea90194e91bfb4b9676715f1466dfc:/doc/doc-txt/NewStuff diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index ad173041f..59994448f 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -6,7 +6,7 @@ Before a formal release, there may be quite a lot of detail so that people can test from the snapshots or the CVS before the documentation is updated. Once the documentation is updated, this file is reduced to a short list. -Version 4.78 +Version 4.80 ------------ 1. New authenticator driver, "gsasl". Server-only (at present). @@ -57,8 +57,6 @@ Version 4.78 A new log_selector, +tls_sni, has been added, to log received SNI values for Exim as a server. - Currently OpenSSL only. - 8. The existing "accept_8bitmime" option now defaults to true. This means that Exim is deliberately not strictly RFC compliant. We're following Dan Bernstein's advice in http://cr.yp.to/smtp/8bitmime.html by default. @@ -71,9 +69,37 @@ Version 4.78 "socket activation", but forcing the activated socket to fd 0. We're interested in adding more support for modern variants. -10. ${eval } now uses 64-bit values on supporting platforms. A new "G" suffux +10. ${eval } now uses 64-bit values on supporting platforms. A new "G" suffix for numbers indicates multiplication by 1024^3. +11. The GnuTLS support has been revamped; the three options gnutls_require_kx, + gnutls_require_mac & gnutls_require_protocols are no longer supported. + tls_require_ciphers is now parsed by gnutls_priority_init(3) as a priority + string, documentation for which is at: + http://www.gnu.org/software/gnutls/manual/html_node/Priority-Strings.html + + SNI support has been added to Exim's GnuTLS integration too. + + For sufficiently recent GnuTLS libraries, ${randint:..} will now use + gnutls_rnd(), asking for GNUTLS_RND_NONCE level randomness. + +12. With OpenSSL, if built with EXPERIMENTAL_OCSP, a new option tls_ocsp_file + is now available. If the contents of the file are valid, then Exim will + send that back in response to a TLS status request; this is OCSP Stapling. + Exim will not maintain the contents of the file in any way: administrators + are responsible for ensuring that it is up-to-date. + + See "experimental-spec.txt" for more details. + +13. ${lookup dnsdb{ }} supports now SPF record types. They are handled + identically to TXT record lookups. + +14. New expansion variable $tod_epoch_l for higher-precision time. + +15. New global option tls_dh_max_bits, defaulting to current value of NSS + hard-coded limit of DH ephemeral bits, to fix interop problems caused by + GnuTLS 2.12 library recommending a bit count higher than NSS supports. + Version 4.77 ------------