Warn updating folks to use $local_part_verified

This tainting change to appendfile seems likely to cause pain, breaking previously working configurations. Note it in README.UPDATING.
author: Phil Pennock <pdp@exim.org> 2020-01-11 18:51:28 -0500
committer: Phil Pennock <pdp@exim.org> 2020-01-11 18:51:28 -0500
commit: ebcf27afb54c7dc93a3a4a76487a597ec153e9b5 (patch)
tree: 891c8e964b611e5ca2b22f337c7f77e415f92e4c
parent: 9e21ce8fc41aea068996e0a22093dfae33f542c7 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/src/README.UPDATING b/src/README.UPDATING
index db754da40..94a1420eb 100644
--- a/src/README.UPDATING
+++ b/src/README.UPDATING
@@ -25,6 +25,18 @@ there have been two big upheavals...
 The rest of this document contains information about changes in 4.xx releases
 that might affect a running system.
 
+
+Exim version 4.94
+-----------------
+
+Some Transports now refuse to use tainted data in constructing their delivery
+location; this WILL BREAK configurations which are not updated accordingly.
+
+In particular: any Transport use of $local_user which has been relying upon
+check_local_user far away in the Router to make it safe, should be updated to
+replace $local_user with $local_part_verified.
+
+
 Exim version 4.93
 -----------------
author	Phil Pennock <pdp@exim.org>	2020-01-11 18:51:28 -0500
committer	Phil Pennock <pdp@exim.org>	2020-01-11 18:51:28 -0500
commit	ebcf27afb54c7dc93a3a4a76487a597ec153e9b5 (patch)
tree	891c8e964b611e5ca2b22f337c7f77e415f92e4c
parent	9e21ce8fc41aea068996e0a22093dfae33f542c7 (diff)