From: Tomas Krizek <tomas.krizek@nic.cz>
Date: Fri, 13 Apr 2018 10:57:36 +0000 (+0200)
Subject: release 2.3.0
X-Git-Tag: v2.3.0^2~2^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eb979d3acf6bb02276f6f10349f48c43cd61be78;p=thirdparty%2Fknot-resolver.git

release 2.3.0
---

diff --git a/NEWS b/NEWS
index 91e79cecc..33ecc593f 100644
--- a/NEWS
+++ b/NEWS
@@ -1,8 +1,32 @@
+Knot Resolver 2.3.0 (2018-04-23)
+================================
+
+Security
+--------
+- fix CVE-2018-1110: denial of service triggered by malformed DNS messages
+  (!550, !558, security!2, security!4)
+- increase resilience against slow lorris attack (security!5)
+
+Incompatible changes
+--------------------
+- rename serve stale configuration option cache_touted_ns_clean_interval
+  to cache_ns_tout (!537)
 
 Bugfixes
 --------
-- validation: fix SERVFAIL in case of CNAME to NXDOMAIN in a single zone
-- validation: fix SERVFAIL for DS . query
+- validation: fix SERVFAIL in case of CNAME to NXDOMAIN in a single zone (!538)
+- validation: fix SERVFAIL for DS . query (!544)
+- lib/resolve: don't send unecessary queries to parent zone (!513)
+- iterate: fix validation for zones where parent and child share NS (!543)
+- TLS: improve error handling and documentation (!536, !555, !559)
+
+Improvements
+------------
+- prefill: new module to periodically import root zone into cache
+  (replacement for RFC 7706, !511)
+- network_listen_fd: always create end point for supervisor supplied file descriptor
+- daemon: improved TLS error handling
+- use CPPFLAGS build environment variable if set (!547)
 
 
 Knot Resolver 2.2.0 (2018-03-28)
diff --git a/config.mk b/config.mk
index 5a09a8666..a4f513758 100644
--- a/config.mk
+++ b/config.mk
@@ -1,6 +1,6 @@
 # Project
 MAJOR := 2
-MINOR := 2
+MINOR := 3
 PATCH := 0
 EXTRA :=
 ABIVER := 7