CHANGES.md: update for 3.0.18

3.0.18 CHANGES.md includes the following:
 * https://github.com/openssl/openssl/pull/28198
 * https://github.com/openssl/openssl/pull/28398
 * https://github.com/openssl/openssl/pull/28411
 * https://github.com/openssl/openssl/pull/28449

Release: Yes
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>

diff --git a/CHANGES.md b/CHANGES.md
index 212d66c4647ab35e1c8a0ce4eb16bf4816e23e85..1875d085b873ea0ae08744161df191aeb0d084b1 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -62,6 +62,27 @@ breaking changes, and mappings for the large list of deprecated functions.
 
    *Stanislav Fort*
 
+ * Avoided a potential race condition introduced in 3.0.17, where
+   `OSSL_STORE_CTX` kept open during lookup while potentially being used
+   by multiple threads simultaneously, that could lead to potential crashes
+   when multiple concurrent TLS connections are served.
+
+   *Matt Caswell*
+
+ * Secure memory allocation calls are no longer used for HMAC keys.
+
+   *Dr Paul Dale*
+
+ * `openssl req` no longer generates certificates with an empty extension list
+   when SKID/AKID are set to `none` during generation.
+
+   *David Benjamin*
+
+ * The man page date is now derived from the release date provided
+   in `VERSION.dat` and not the current date for the released builds.
+
+   *Enji Cooper*
+
  * Hardened the provider implementation of the RSA public key "encrypt"
    operation to add a missing check that the caller-indicated output buffer
    size is at least as large as the byte count of the RSA modulus.  The issue