From: Petr Špaček Date: Mon, 2 Jul 2018 14:38:03 +0000 (+0200) Subject: NEWS: preparation for 2.4 release X-Git-Tag: v2.4.0~4^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b209b44a9fb89e85e4016fa944aabd820f63d73c;p=thirdparty%2Fknot-resolver.git NEWS: preparation for 2.4 release --- diff --git a/NEWS b/NEWS index f3417dea0..3813fee17 100644 --- a/NEWS +++ b/NEWS @@ -1,23 +1,33 @@ +Incompatible changes +-------------------- +- minimal libknot version is now 2.6.7 to pull in latest fixes + Security -------- -- fix a rare case of zones incorrectly dowgraded to insecure status +- fix a rare case of zones incorrectly dowgraded to insecure status (!576) New features ------------ - TLS session resumption (RFC 5077), both server and client (!585, #105) (disabled when compiling with gnutls < 3.5) -- aggressive caching for NSEC3 zones -- optional protection from DNS Rebinding attack (module rebinding) +- TLS_FORWARD policy uses system CA certificate store by default (!568) +- aggressive caching for NSEC3 zones (!600) +- optional protection from DNS Rebinding attack (module rebinding, !608) +- module bogus_log to log DNSSEC bogus queries without verbose logging (!613) Bugfixes -------- +- prefill: fix ability to read certificate bundle (!578) - avoid turning off qname minimization in some cases, e.g. co.uk. (#339) - fix validation of explicit wildcard queries (#274) - dns64 module: more properties from the RFC implemented (incl. bug #375) Improvements ------------ -- ta_sentinel: switch to version 14 of the RFC draft (e.g. new label names) +- ta_sentinel: switch to version 14 of the RFC draft (!596) +- support for glibc systems with a non-Linux kernel (!588) +- support per-request variables for Lua modules (!533) +- support custom HTTP endpoints for Lua modules (!527) Knot Resolver 2.3.0 (2018-04-23)