3.3.2 notes

diff --git a/docs/markdown/authoritative/upgrading.md b/docs/markdown/authoritative/upgrading.md
index 2c6367401a353f4896ceeda27188674b61154572..81f94ddbfb73be577a12173c4a9bbf0b857ba1e0 100644 (file)
--- a/docs/markdown/authoritative/upgrading.md
+++ b/docs/markdown/authoritative/upgrading.md
@@ -2,6 +2,12 @@ Before proceeding, it is advised to check the release notes for your PDNS versio
 
 **WARNING**: Version 3.X of the PowerDNS Authoritative Server is a major upgrade if you are coming from 2.9.x. Please follow **all** instructions.
 
+# 3.X.X to 3.3.2
+
+Please run "pdnssec rectify-all-zones" and trigger an AXFR for all DNSSEC
+zones to make sure you benefit from all the compliance improvements present in
+this version.
+
 # 3.4.X to HEAD
 
 ## API

diff --git a/docs/markdown/changelog.md.raw b/docs/markdown/changelog.md.raw
index 555f2e34c290ce0d02611375a182f2ec855a8fb0..3f44f4fa6c06cf58b85ad3e0171282dac2dc6658 100644 (file)
--- a/docs/markdown/changelog.md.raw
+++ b/docs/markdown/changelog.md.raw
@@ -4,11 +4,21 @@
 
 Released 1st of May, 2015
 
-Among other bug fixes and improvements (as listed below), this release incorporates a fix for 
-CVE-2015-1868, as detailed in [PowerDNS Security Advisory 2015-01](security/powerdns-advisory-2015-01.md)
+Among other bug fixes and improvements (as listed below), this release
+incorporates a fix for CVE-2015-1868, as detailed in [PowerDNS Security
+Advisory 2015-01](security/powerdns-advisory-2015-01.md)
+
+If you are running DNSSEC with version 3.3.1, and you cannot currently upgrade
+to 3.4.4, please consider upgrading to 3.3.2; it has a lot of improvements and
+bug fixes and tremendously increases compliance.
+
+We want to explicitly thank Kees Monshouwer for digging up all the DNSSEC
+improvements and porting them back to this release.
+
+When upgrading, please run "pdnssec rectify-all-zones" and trigger an AXFR for
+all DNSSEC zones to make sure you benefit from all the compliance improvements
+present in this version.
 
-If you are running DNSSEC with version 3.3.1, and you cannot currently upgrade to 3.4.4, please consider
-upgrading to 3.3.2; it has a lot of improvements and bug fixes and tremendously increases compliance.
 
 Security fixes:
 
@@ -17,36 +27,35 @@ Security fixes:
 
 Improvements:
 
-- [commit d0af589](https://github.com/PowerDNS/pdns/commit/d0af589): 
-- [commit c45b6db](https://github.com/PowerDNS/pdns/commit/c45b6db): auth: limit long version strings to 63 characters and catch exceptions in secpoll (Kees Monshouwer)
-- [commit 88c1f21](https://github.com/PowerDNS/pdns/commit/88c1f21): force PACKAGEVERSION to string, fixes [ticket #2030](https://github.com/PowerDNS/pdns/issues/2030) (Peter van Dijk)
-- [commit 2a4c620](https://github.com/PowerDNS/pdns/commit/2a4c620): secpoll: Replace ~ with _, too (Christian Hofstaedtler)
-- [commit 4a4597e](https://github.com/PowerDNS/pdns/commit/4a4597e): if no nameserver configured in /etc/resolv.conf, send to 127.0.0.1. Closes [ticket #1851](https://github.com/PowerDNS/pdns/issues/1851). (bert hubert)
-- [commit 9fa7373](https://github.com/PowerDNS/pdns/commit/9fa7373): initialize security_status to 0 (unknown) (bert hubert)
-- [commit 8115a83](https://github.com/PowerDNS/pdns/commit/8115a83): implement security polling for auth (bert hubert)
+- [commit d0af589](https://github.com/PowerDNS/pdns/commit/d0af589)
+, [commit c45b6db](https://github.com/PowerDNS/pdns/commit/c45b6db)
+, [commit 88c1f21](https://github.com/PowerDNS/pdns/commit/88c1f21)
+, [commit 2a4c620](https://github.com/PowerDNS/pdns/commit/2a4c620)
+, [commit 4a4597e](https://github.com/PowerDNS/pdns/commit/4a4597e)
+, [commit 9fa7373](https://github.com/PowerDNS/pdns/commit/9fa7373)
+, [commit 8115a83](https://github.com/PowerDNS/pdns/commit/8115a83):
+implement security polling for auth
+- [commit 5bbd868](https://github.com/PowerDNS/pdns/commit/5bbd868): import suck() from master (Kees Monshouwer)
+- [commit 194f4d2](https://github.com/PowerDNS/pdns/commit/194f4d2): respond REFUSED instead of NOERROR for "unknown zone" situations (Peter van Dijk)
+- [commit 55b0653](https://github.com/PowerDNS/pdns/commit/55b0653): set AA on CNAME into referral, fixes [ticket #589](https://github.com/PowerDNS/pdns/issues/589) (Peter van Dijk)
+- [commit 71232aa](https://github.com/PowerDNS/pdns/commit/71232aa): update l.root ip (Kees Monshouwer)
+
+Bug fixes:
 
+- [commit 88c52fe](https://github.com/PowerDNS/pdns/commit/88c52fe): make makeRelative() case insensitive (Kees Monshouwer)
+
+DNSSEC improvements:
 
-- [commit 185bf20](https://github.com/PowerDNS/pdns/commit/185bf20): fix up compilation on RHEL (missing include) (bert hubert)
 - [commit b3dec9c](https://github.com/PowerDNS/pdns/commit/b3dec9c): change default for add-superfluous-nsec3-for-old-bind config option (Kees Monshouwer)
 - [commit 017a78b](https://github.com/PowerDNS/pdns/commit/017a78b): limit the number of NSEC3 iterations RFC5155 10.3 (Kees Monshouwer)
-- [commit 88c52fe](https://github.com/PowerDNS/pdns/commit/88c52fe): make makeRelative() case insensitive (Kees Monshouwer)
 - [commit d768d7f](https://github.com/PowerDNS/pdns/commit/d768d7f): NSEC3 and related RRSIGS are not part of the dnstree (Kees Monshouwer)
-- [commit 5bbd868](https://github.com/PowerDNS/pdns/commit/5bbd868): import suck() from master (Kees Monshouwer)
 - [commit 3a36a1c](https://github.com/PowerDNS/pdns/commit/3a36a1c): import bindbackend rectify code from master (Kees Monshouwer)
 - [commit 1ee7e22](https://github.com/PowerDNS/pdns/commit/1ee7e22): limit mode 0 closest provable encloser to optout (Kees Monshouwer)
 - [commit bbc0bc5](https://github.com/PowerDNS/pdns/commit/bbc0bc5): fix for errata 3441 of RFC5155 (Kees Monshouwer)
 - [commit e8bfa7b](https://github.com/PowerDNS/pdns/commit/e8bfa7b): allow covering NSEC3 record in NODATA response (Kees Monshouwer)
-- [commit 194f4d2](https://github.com/PowerDNS/pdns/commit/194f4d2): respond REFUSED instead of NOERROR for "unknown zone" situations (Peter van Dijk)
-- [commit 55b0653](https://github.com/PowerDNS/pdns/commit/55b0653): set AA on CNAME into referral, fixes [ticket #589](https://github.com/PowerDNS/pdns/issues/589) (Peter van Dijk)
 - [commit f0b3b24](https://github.com/PowerDNS/pdns/commit/f0b3b24): return NOTIMP for direct RRSIG request (Kees Monshouwer)
 - [commit c79addc](https://github.com/PowerDNS/pdns/commit/c79addc): import pdnssec checkZone() from master (Kees Monshouwer)
 - [commit 2f1fec7](https://github.com/PowerDNS/pdns/commit/2f1fec7): import pdnssec rectifyZone() from master (Kees Monshouwer)
-- [commit 71232aa](https://github.com/PowerDNS/pdns/commit/71232aa): update l.root ip (Kees Monshouwer)
-- [commit 1202d18](https://github.com/PowerDNS/pdns/commit/1202d18): update expected results for the regression tests (Kees Monshouwer)
-- [commit 8ed113c](https://github.com/PowerDNS/pdns/commit/8ed113c): Revert "don't build .a files for backends, we do not use them at all; based on dbff3daf2a5354bbdd20058b356873327d1efc41" (Peter van Dijk)
-- [commit d293d1b](https://github.com/PowerDNS/pdns/commit/d293d1b): don't build .a files for backends, we do not use them at all; based on dbff3daf2a5354bbdd20058b356873327d1efc41 (Peter van Dijk)
-- [commit 1baa75d](https://github.com/PowerDNS/pdns/commit/1baa75d): move manpages (Peter van Dijk)
-- [commit 9b13924](https://github.com/PowerDNS/pdns/commit/9b13924): move auth-git build script from jenkins config into git (Peter van Dijk)
 
 # PowerDNS Recursor 3.7.2