dnsdist: ChangeLog and security polling update for 2.0.2

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

diff --git a/docs/secpoll.zone b/docs/secpoll.zone
index 690c5cee251fdbc7fe5a1fd05696d49e663ad65d..6aa2ab0b01ebba8ad93942a36f6a4c5ba849f4c9 100644 (file)
--- a/docs/secpoll.zone
+++ b/docs/secpoll.zone
@@ -1,4 +1,4 @@
-@       86400   IN  SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2025103001 10800 3600 604800 10800
+@       86400   IN  SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2025120200 10800 3600 604800 10800
 @       3600    IN  NS  pdns-public-ns1.powerdns.com.
 @       3600    IN  NS  pdns-public-ns2.powerdns.com.
 
@@ -624,3 +624,4 @@ dnsdist-2.0.0-rc1.security-status                          60 IN TXT "3 Unsuppor
 dnsdist-2.0.0-rc2.security-status                          60 IN TXT "3 Unsupported pre-release (known vulnerabilities)"
 dnsdist-2.0.0.security-status                              60 IN TXT "3 Upgrade now, see https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-05.html"
 dnsdist-2.0.1.security-status                              60 IN TXT "1 OK"
+dnsdist-2.0.2.security-status                              60 IN TXT "1 OK"

diff --git a/pdns/dnsdistdist/docs/changelog.rst b/pdns/dnsdistdist/docs/changelog.rst
index 60630fea56674d88bf1fd77dea2a7990c89935df..e1c2123734bdf0fe467d879140033e69666d9b79 100644 (file)
--- a/pdns/dnsdistdist/docs/changelog.rst
+++ b/pdns/dnsdistdist/docs/changelog.rst
@@ -1,6 +1,180 @@
 Changelog
 =========
 
+.. changelog::
+  :version: 2.0.2
+  :released: 2nd of December 2025
+
+  .. change::
+    :tags: Bugs Fixes
+    :pullreq: 16309
+
+    Fix query rules bypass after tagging from a dynblock
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 16310
+    :tickets: 16137
+
+    Update the Rust library version when generating a tarball
+
+  .. change::
+    :tags: Improvements, Performance
+    :pullreq: 16315
+
+    Make inserting to the in-memory rings a bit faster
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 16316
+    :tickets: 16249
+
+    Allow selecting a specific version of Lua with meson
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 16317
+    :tickets: 16248
+
+    ComboAddress: Fix "unspecified address" test when the port is set
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 16318
+    :tickets: 16221
+
+    Set up the dns header for timeout response rules
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 16319
+    :tickets: 16242
+
+    Fix handling of large XSK frames (ednaq)
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 16320
+
+    Make the round-robin LB policy internal counter atomic
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 16322
+    :tickets: 16221
+
+    Properly handle exceptions when processing timeout rules
+
+  .. change::
+    :tags: Bug Fixes, Protobuf
+    :pullreq: 16325
+
+    Fix setting meta keys on response, pass them from question to response
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 16326
+    :tickets: 16139
+
+    Initialize hash perturbation later, and only if needed
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 16327
+    :tickets: 16072
+
+    Fix reentry issue in TCP downstream I/O on macOS/BSD (Karel Bilek)
+
+  .. change::
+    :tags: New Features
+    :pullreq: 16328
+    :tickets: 14060
+
+    Add a selector to match the incoming protocol
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 16345
+    :tickets: 15173
+
+    luawrapper: don't segfault on failure in traceback handler
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 16346
+
+    Refactor the FFI "alternate name" interface
+
+  .. change::
+    :tags: Improvements, DNS over HTTPS
+    :pullreq: 16430
+
+    Include a Date: response header for rejected HTTP1 requests
+
+  .. change::
+    :tags: Bug Fixes, DNS over TLS, DNS over HTTPS
+    :pullreq: 16431
+
+    Fix a memory leak with OCSP and OpenSSL 3.6.0
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 16435
+    :tickets: 15173
+
+    Store Lua's ``debug.traceback`` function before user can hide it from us
+
+  .. change::
+    :tags: Bug Fixes, YAML
+    :pullreq: 16439
+    :tickets: 16371
+
+    Properly handle invalid regular expressions
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 16508
+
+    Prevent copies of ``dnsheader_aligned`` objects
+
+  .. change::
+    :tags: Improvements, Performance
+    :pullreq: 16524
+
+    Change bogusV4/bogusV6 addresses to static constants to avoid parse in every call (delichik)
+
+  .. change::
+    :tags: Bug Fixes, YAML
+    :pullreq: 16507
+    :tickets: 16462
+
+    Fix a crash when a selector or policy cannot be found
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 16559
+
+    Raise the maximum number of descriptors to 1M
+
+  .. change::
+    :tags: Improvements, Performance
+    :pullreq: 16560
+
+    Better performance when using ``recvmmsg``
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 16561
+
+    Alter the qname ``BPF`` filter to make it ``const``
+
+  .. change::
+    :tags: Improvements, YAML
+    :pullreq: 16562
+    :tickets: 16428
+
+    Expose ``TimedIPSet`` to ``YAML``-originated ``Lua`` contexts
+
 .. changelog::
   :version: 2.0.1
   :released: 18th of September 2025