X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=doc%2Fdoc-txt%2FChangeLog;h=8c6a1a5d3a82775a927fc8b31d0739004f556689;hb=47d004587fc190f7649b76eca3e9d18a8dfa2ab6;hp=2078b352189c8dccabdd1a62b285cc5362a1074e;hpb=7d758a6a6842fac6c511039c29d76300e2e21ccd;p=user%2Fhenk%2Fcode%2Fexim.git diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 2078b3521..8c6a1a5d3 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -76,7 +76,44 @@ JH/11 Bug 2104: Fix continued use of a transport connection with TLS. In the JH/12 Fix check on SMTP command input synchronisation. Previously there were false-negatives in the check that the sender had not preempted a response or prompt from Exim (running as a server), due to that code's lack of - awareness of the SMTP input buferring. + awareness of the SMTP input buffering. + +PP/04 Add commandline_checks_require_admin option. + Exim drops privileges sanely, various checks such as -be aren't a + security problem, as long as you trust local users with access to their + own account. When invoked by services which pass untrusted data to + Exim, this might be an issue. Set this option in main configuration + AND make fixes to the calling application, such as using `--` to stop + processing options. + +JH/13 Do pipelining under TLS. Previously, although safe, no advantage was + taken. Now take care to pack both (client) MAIL,RCPT,DATA, and (server) + responses to those, into a single TLS record each way (this usually means + a single packet). As a side issue, smtp_enforce_sync now works on TLS + connections. + +PP/05 OpenSSL/1.1: use DH_bits() for more accurate DH param sizes. This + affects you only if you're dancing at the edge of the param size limits. + If you are, and this message makes sense to you, then: raise the + configured limit or use OpenSSL 1.1. Nothing we can do for older + versions. + +JH/14 For the "sock" variant of the malware scanner interface, accept an empty + cmdline element to get the documented default one. Previously it was + inaccessible. + +JH/15 Fix a crash in the smtp transport caused when two hosts in succession + are unsuable for non-message-specific reasons - eg. connection timeout, + banner-time rejection. + +JH/16 Fix logging of delivery remote port, when specified by router, under + callout/hold. + +PP/06 Repair manualroute's ability to take options in any order, even if one + is the name of a transport. + Fixes bug 2140. + +HS/01 Cleanup, prevent repeated use of -p/-oMr (CVE-2017-1000369) Exim version 4.89