From 0bf8eb54e466870866aea7cb5054c219c06ffb95 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Thu, 4 Jul 2019 15:46:24 +0200 Subject: [PATCH] NEWS for 4.1.0 --- NEWS | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/NEWS b/NEWS index acca64d70..000103e47 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,4 @@ -Knot Resolver 4.x.y (2019-0m-dd) +Knot Resolver 4.1.0 (2019-07-10) ================================ Security @@ -7,22 +7,25 @@ Security Improvements ------------ +- new cache garbage collector is available and enabled by default (#257) + This improves cache efficiency on big installations. +- DNS-over-HTTPS: unknown HTTP parameters are ignored to improve compatibility + with non-standard clients (!832) - DNS-over-HTTPS: answers include `access-control-allow-origin: *` (!823) -- support named AF_UNIX stream sockets for the http module (again) + which allows JavaScript to use DoH endpoint. +- http module: support named AF_UNIX stream sockets (again) - aggressive caching is disabled on minimal NSEC* ranges (!826) + This improves cache effectivity with DNSSEC black lies and also accidentally + works around bug in proofs-of-nonexistence from F5 BIG-IP load-balancers. - aarch64 support, even kernels with ARM64_VA_BITS >= 48 (#216, !797) - This is done by working around a LuaJIT incompatibility. -- lua modules may omit casting parameters of layer functions (!797) + This is done by working around a LuaJIT incompatibility. Please report bugs. - lua tables for C modules are more strict by default, e.g. `nsid.foo` will throw an error instead of returning `nil` (!797) -- http module: also send intermediate TLS certificate to clients, - if available and luaossl >= 20181207 (!819) -- systemd: basic watchdog is now available and turned on by default (#275) -- experimental cache garbage collector daemon is available (#257) +- systemd: basic watchdog is now available and enabled by default (#275) Bugfixes -------- -- TCP to upstream: don't send wrong message length (unlikely, !816) +- TCP to upstream: fix unlikely case of sending out wrong message length (!816) - http module: fix problems around maintenance of ephemeral certs (!819) - http module: also send intermediate TLS certificate to clients, if available and luaossl >= 20181207 (!819) @@ -34,6 +37,11 @@ Bugfixes - cache: automatically clear stale reader locks (!844) +Module API changes +------------------ +- lua modules may omit casting parameters of layer functions (!797) + + Knot Resolver 4.0.0 (2019-04-18) ================================ -- 2.47.2