X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/e8793bad207763b266bedcb9d859e238b6a3a04e..f3d11401d1cf97be77dbaa3246e06d07809f48b5:/doc/doc-txt/NewStuff diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 95b4119d1..76947300e 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -6,6 +6,30 @@ Before a formal release, there may be quite a lot of detail so that people can test from the snapshots or the CVS before the documentation is updated. Once the documentation is updated, this file is reduced to a short list. +Version 4.85 +------------ + + 1. If built with EXPERIMENTAL_DANE feature enabled, Exim will follow the + DANE smtp draft to assess a secure chain of trust of the certificate + used to establish the TLS connection based on a TLSA record in the + domain of the sender. + + 2. The EXPERIMENTAL_TPDA feature has been renamed to EXPERIMENTAL_EVENT + and several new events have been created. The reason is because it has + been expanded beyond just firing events during the transport phase. Any + existing TPDA transport options will have to be rewritten to use a new + $event_name expansion variable in a condition. Refer to the + experimental-spec.txt for details and examples. + + 3. The EXPERIMENTAL_CERTNAMES features is an enhancement to verify that + server certs used for TLS match the result of the MX lookup. It does + not use the same mechanism as DANE. + + +Version 4.84 +------------ + + Version 4.83 ------------ @@ -24,13 +48,37 @@ Version 4.83 4. New malware type "sock". Talks over a Unix or TCP socket, sending one command line and matching a regex against the return data for trigger - and a second regex to extract malware_name. The mail spoofile name can + and a second regex to extract malware_name. The mail spoolfile name can be included in the command line. - 5. When built with OpenSSL the smtp transport now supports options - "tls_verify_hosts" and "tls_try_verify_hosts". If either is set the - certificate verification is split from the encryption operation. The - default remains that a failed verification cancels the encryption. + 5. The smtp transport now supports options "tls_verify_hosts" and + "tls_try_verify_hosts". If either is set the certificate verification + is split from the encryption operation. The default remains that a failed + verification cancels the encryption. + + 6. New SERVERS override of default ldap server list. In the ACLs, an ldap + lookup can now set a list of servers to use that is different from the + default list. + + 7. New command-line option -C for exiqgrep to specify alternate exim.conf + file when searching the queue. + + 8. OCSP now supports GnuTLS also, if you have version 3.1.3 or later of that. + + 9. Support for DNSSEC on outbound connections. + +10. New variables "tls_(in,out)_(our,peer)cert" and expansion item + "certextract" to extract fields from them. Hash operators md5 and sha1 + work over them for generating fingerprints, and a new sha256 operator + for them added. + +11. PRDR is now supported dy default. + +12. OCSP stapling is now supported by default. + +13. If built with the EXPERIMENTAL_DSN feature enabled, Exim will output + Delivery Status Notification messages in MIME format, and negociate + DSN features per RFC 3461. Version 4.82