Add release notes entry

author Mark Andrews <marka@isc.org>

Tue, 31 Mar 2020 06:22:15 +0000 (17:22 +1100)

committer Michał Kępień <michal@isc.org>

Tue, 5 May 2020 21:47:28 +0000 (23:47 +0200)
author Mark Andrews <marka@isc.org>
Tue, 31 Mar 2020 06:22:15 +0000 (17:22 +1100)
committer Michał Kępień <michal@isc.org>
Tue, 5 May 2020 21:47:28 +0000 (23:47 +0200)
diff --git a/doc/arm/notes-9.14.12.xml b/doc/arm/notes-9.14.12.xml

index 47b919e0efc9a542cbdecc1064522784a8e558b8..42761216b81cac95db9711b4e3a36cc69d1adf06 100644 (file)
--- a/doc/arm/notes-9.14.12.xml
+++ b/doc/arm/notes-9.14.12.xml
@@ -13,6 +13,17 @@
  
    <section xml:id="relnotes-9.14.12-security"><info><title>Security Fixes</title></info>
      <itemizedlist>
+      <listitem>
+        <para>
+          To prevent exhaustion of server resources by a maliciously configured
+          domain, the number of recursive queries that can be triggered by a
+          request before aborting recursion has been further limited. Root and
+          top-level domain servers are no longer exempt from the
+          <command>max-recursion-queries</command> limit. Fetches for missing
+          name server address records are limited to 4 for any domain. This
+          issue was disclosed in CVE-2020-8616. [GL #1388]
+        </para>
+      </listitem>
        <listitem>
          <para>
            Replaying a TSIG BADTIME response as a request could
author	Mark Andrews <marka@isc.org>
	Tue, 31 Mar 2020 06:22:15 +0000 (17:22 +1100)
committer	Michał Kępień <michal@isc.org>
	Tue, 5 May 2020 21:47:28 +0000 (23:47 +0200)