From 6c5a269cd8f444c27a8a6c201b118abacd224657 Mon Sep 17 00:00:00 2001
From: Tomas Krizek <tomas.krizek@nic.cz>
Date: Thu, 2 Aug 2018 10:54:16 +0200
Subject: [PATCH] release 2.4.1

(cherry picked from commit 54797e88b144345c6c530731ff2e1b8d659ff5a3)
---
 NEWS      | 10 ++++++++++
 config.mk |  2 +-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 40ba26ff4..751bd72ae 100644
--- a/NEWS
+++ b/NEWS
@@ -1,9 +1,19 @@
+Knot Resolver 2.4.1 (2018-08-02)
+================================
+
+Security
+--------
+- fix CVE-2018-10920: Improper input validation bug in DNS resolver component
+  (security!7, security!9)
+
 Bugfixes
 --------
+- cache: fix TTL overflow in packet due to min_ttl (#388, security!8)
 - TLS session resumption: avoid bad scheduling of rotation (#385)
 - HTTP module: fix a regression in 2.4.0 which broke custom certs (!632)
 - cache: NSEC3 negative cache even without NS record (#384)
   This fixes lower hit rate in NSEC3 zones (since 2.4.0).
+- minor TCP and TLS fixes (!623, !624, !626)
 
 
 Knot Resolver 2.4.0 (2018-07-03)
diff --git a/config.mk b/config.mk
index fb28be39a..0f98542eb 100644
--- a/config.mk
+++ b/config.mk
@@ -1,7 +1,7 @@
 # Project
 MAJOR := 2
 MINOR := 4
-PATCH := 0
+PATCH := 1
 EXTRA ?=
 ABIVER := 7
 BUILDMODE := dynamic
-- 
2.47.2