X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/9175a8d2ac50382af2045b37e7b054180f91f4e8..5b881b5a8e0d7bc540f4b63cc9559d2cb1775965:/doc/doc-txt/ChangeLog?ds=sidebyside diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 53c5cc6be..654361af1 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -2,6 +2,130 @@ Change log file for Exim from version 4.21 ------------------------------------------- +Exim version 4.87 +----------------- + + +Exim version 4.86 +----------------- +JH/01 Bug 1545: The smtp transport option "retry_include_ip_address" is now + expanded. + +JH/02 The smtp transport option "multi_domain" is now expanded. + +JH/03 The smtp transport now requests PRDR by default, if the server offers + it. + +JH/04 Certificate name checking on server certificates, when exim is a client, + is now done by default. The transport option tls_verify_cert_hostnames + can be used to disable this per-host. The build option + EXPERIMENTAL_CERTNAMES is withdrawn. + +JH/05 The value of the tls_verify_certificates smtp transport and main options + default to the word "system" to access the system default CA bundle. + For GnuTLS, only version 3.0.20 or later. + +JH/06 Verification of the server certificate for a TLS connection is now tried + (but not required) by default. The verification status is now logged by + default, for both outbound TLS and client-certificate supplying inbound + TLS connections + +JH/07 Changed the default rfc1413 lookup settings to disable calls. Few + sites use this now. + +JH/08 The EXPERIMENTAL_DSN compile option is no longer needed; all Delivery + Status Notification (bounce) messages are now MIME format per RFC 3464. + Support for RFC 3461 DSN options NOTIFY,ENVID,RET,ORCPT can be advertised + under the control of the dsn_advertise_hosts option, and routers may + have a dsn_lasthop option. + +JH/09 A timeout of 2 minutes is now applied to all malware scanner types by + default, modifiable by a malware= option. The list separator for + the options can now be changed in the usual way. Bug 68. + +JH/10 The smtp_receive_timeout main option is now expanded before use. + +JH/11 The incoming_interface log option now also enables logging of the + local interface on delivery outgoing connections. + +JH/12 The cutthrough-routing facility now supports multi-recipient mails, + if the interface and destination host and port all match. + +JH/13 Bug 344: The verify = reverse_host_lookup ACL condition now accepts a + /defer_ok option. + +JH/14 Bug 1573: The spam= ACL condition now additionally supports Rspamd. + Patch from Andrew Lewis. + +JH/15 Bug 670: The spamd_address main option (for the spam= ACL condition) + now supports optional time-restrictions, weighting, and priority + modifiers per server. Patch originally by . + +JH/16 The spamd_address main option now supports a mixed list of local + and remote servers. Remote servers can be IPv6 addresses, and + specify a port-range. + +JH/17 Bug 68: The spamd_address main option now supports an optional + timeout value per server. + +JH/18 Bug 1581: Router and transport options headers_add/remove can + now have the list separator specified. + +JH/19 Bug 392: spamd_address, and clamd av_scanner, now support retry + option values. + +JH/20 Bug 1571: Ensure that $tls_in_peerdn is set, when verification fails + under OpenSSL. + +JH/21 Support for the A6 type of dns record is withdrawn. + +JH/22 Bug 608: The result of a QUIT or not-QUIT toplevel ACL now matters + rather than the verbs used. + +JH/23 Bug 1572: Increase limit on SMTP confirmation message copy size + from 255 to 1024 chars. + +JH/24 Verification callouts now attempt to use TLS by default. + +HS/01 DNSSEC options (dnssec_require_domains, dnssec_request_domains) + are generic router options now. The defaults didn't change. + +JH/25 Bug 466: Add RFC2322 support for MIME attachment filenames. + Original patch from Alexander Shikoff, worked over by JH. + +HS/02 Bug 1575: exigrep falls back to autodetection of compressed + files if ZCAT_COMMAND is not executable. + +JH/26 Bug 1539: Add timout/retry options on dnsdb lookups. + +JH/27 Bug 286: Support SOA lookup in dnsdb lookups. + +JH/28 Bug 1588: Do not use the A lookup following an AAAA for setting the FQDN. + Normally benign, it bites when the pair was led to by a CNAME; + modern usage is to not canoicalize the domain to a CNAME target + (and we were inconsistent anyway for A-only vs AAAA+A). + +JH/29 Bug 1632: Removed the word "rejected" from line logged for ACL discards. + +JH/30 Check the forward DNS lookup for DNSSEC, in addition to the reverse, + when evaluating $sender_host_dnssec. + +JH/31 Check the HELO verification lookup for DNSSEC, adding new + $sender_helo_dnssec variable. + +JH/32 Bug 1397: Enable ECDHE on OpenSSL, just the NIST P-256 curve. + +JH/33 Bug 1346: Note MAIL cmd seen in -bS batch, to avoid smtp_no_mail log. + +JH/34 Bug 1648: Fix a memory leak seen with "mailq" and large queues. + +JH/35 Bug 1642: Fix support of $spam_ variables at delivery time. Was + documented as working, but never had. Support all but $spam_report. + +JH/36 Bug 1659: Guard checking of input smtp commands again pseudo-command + added for tls authenticator. + + Exim version 4.85 ----------------- TL/01 When running the test suite, the README says that variables such as @@ -34,6 +158,67 @@ JH/04 Add ${sort {list}{condition}{extractor}} expansion item. TL/04 Bugzilla 1216: Add -M (related messages) option to exigrep. +TL/05 GitHub Issue 18: Adjust logic testing for true/false in redis lookups. + Merged patch from Sebastian Wiedenroth. + +JH/05 Fix results-pipe from transport process. Several recipients, combined + with certificate use, exposed issues where response data items split + over buffer boundaries were not parsed properly. This eventually + resulted in duplicates being sent. This issue only became common enough + to notice due to the introduction of conection certificate information, + the item size being so much larger. Found and fixed by Wolfgang Breyha. + +JH/06 Bug 1533: Fix truncation of items in headers_remove lists. A fixed + size buffer was used, resulting in syntax errors when an expansion + exceeded it. + +JH/07 Add support for directories of certificates when compiled with a GnuTLS + version 3.3.6 or later. + +JH/08 Rename the TPDA expermimental facility to Event Actions. The #ifdef + is EXPERIMENTAL_EVENT, the main-configuration and transport options + both become "event_action", the variables become $event_name, $event_data + and $event_defer_errno. There is a new variable $verify_mode, usable in + routers, transports and related events. The tls:cert event is now also + raised for inbound connections, if the main configuration event_action + option is defined. + +TL/06 In test suite, disable OCSP for old versions of openssl which contained + early OCSP support, but no stapling (appears to be less than 1.0.0). + +JH/09 When compiled with OpenSSL and EXPERIMENTAL_CERTNAMES, the checks on + server certificate names available under the smtp transport option + "tls_verify_cert_hostname" now do not permit multi-component wildcard + matches. + +JH/10 Time-related extraction expansions from certificates now use the main + option "timezone" setting for output formatting, and are consistent + between OpenSSL and GnuTLS compilations. Bug 1541. + +JH/11 Fix a crash in mime ACL when meeting a zero-length, quoted or RFC2047- + encoded parameter in the incoming message. Bug 1558. + +JH/12 Bug 1527: Autogrow buffer used in reading spool files. Since they now + include certificate info, eximon was claiming there were spoolfile + syntax errors. + +JH/13 Bug 1521: Fix ldap lookup for single-attr request, multiple-attr return. + +JH/14 Log delivery-related information more consistently, using the sequence + "H= []" wherever possible. + +TL/07 Bug 1547: Omit RFCs from release. Draft and RFCs have licenses which + are problematic for Debian distribution, omit them from the release + tarball. + +JH/15 Updates and fixes to the EXPERIMENTAL_DSN feature. + +JH/16 Fix string representation of time values on 64bit time_t anchitectures. + Bug 1561. + +JH/17 Fix a null-indirection in certextract expansions when a nondefault + output list separator was used. + Exim version 4.84 -----------------