For details since v3.18.0 see:
https://github.com/logrotate/logrotate/releases/tag/3.20.1
https://github.com/logrotate/logrotate/releases/tag/3.20.0
https://github.com/logrotate/logrotate/releases/tag/3.19.0
logrotate-3.20.1
drop world-readable permission on state file even when ACLs are enabled (#446)
logrotate-3.20.0
fix potential DoS from unprivileged users via the state file (CVE-2022-1348)
fix a misleading debug message with copytruncate and rotate 0 (#443)
add support for unsigned time_t (#438)
do not lock state file /dev/null (#433)
logrotate-3.19.0
continue on EINTR in compressLogFile() (#430)
enforce stricter parsing of configuration files (#427, #431)
avoid confusing error message in debug mode (#426)
fix full_write() on incomplete write (#415)
do not use alloca() any more (#412)
do not rotate hard links unless allowhardlink is used (#407)
change directory after dropping privileges (#397)
add defence in depth when dropping privileges (#400)
remove invalid configuration on error (#408)
do not open symbolic link log files by accident (#399)
do not write state if state file is /dev/null (#395)
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>