From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 25 Mar 2014 21:57:47 +0000 (+0100)
Subject: RELEASE-NOTES: 7.36.0
X-Git-Tag: curl-7_36_0^0
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4f041c9d6e61829310eb0715d8edb2a232478123;p=thirdparty%2Fcurl.git

RELEASE-NOTES: 7.36.0
---

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index a3d6d00b61..72468a993c 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -7,6 +7,13 @@ Curl and libcurl 7.36.0
  Known libcurl bindings:       42
  Contributors:                 1123
 
+This release includes the following SECURITY ADVISORIES:
+
+ o wrong re-use of connections [16]
+ o IP address wildcard certificate validation [17]
+ o not verifying certs for TLS to IP address / Darwinssl [18]
+ o not verifying certs for TLS to IP address / Winssl [19]
+
 This release includes the following changes:
 
  o ntlm: Added support for NTLMv2 [2]
@@ -73,6 +80,7 @@ This release includes the following bugfixes:
  o polarssl: avoid extra newlines in debug messages
  o rtsp: parse "Session:" header properly [14]
  o trynextip: don't store 'ai' on failed connects
+ o Curl_cert_hostcheck: strip trailing dots in host name and wildcard
 
 This release includes the following known bugs:
 
@@ -107,3 +115,7 @@ References to bug reports and discussions on issues:
  [13] = http://curl.haxx.se/mail/lib-2014-02/0036.html
  [14] = http://curl.haxx.se/mail/lib-2014-03/0134.html
  [15] = http://curl.haxx.se/bug/view.cgi?id=1337
+ [16] = http://curl.haxx.se/docs/adv_20140326A.html
+ [17] = http://curl.haxx.se/docs/adv_20140326B.html
+ [18] = http://curl.haxx.se/docs/adv_20140326C.html
+ [19] = http://curl.haxx.se/docs/adv_20140326D.html