From d49fee3c1c185bc15b4fdf75a9d43a0996e00202 Mon Sep 17 00:00:00 2001
From: Bob Halley <halley@dnspython.org>
Date: Tue, 25 Jul 2023 07:07:11 -0700
Subject: [PATCH] prepare 2.4.1 whatsnew

---
 doc/whatsnew.rst | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/doc/whatsnew.rst b/doc/whatsnew.rst
index 31875fa8..fe592866 100644
--- a/doc/whatsnew.rst
+++ b/doc/whatsnew.rst
@@ -3,6 +3,27 @@
 What's New in dnspython
 =======================
 
+2.4.1
+-----
+
+* Importing dns.dnssecalgs without the cryptography module installed no longer causes
+  an ImportError.
+
+* A number of timeout bugs with the asyncio backend have been fixed.
+
+* DNS-over-QUIC for the asyncio backend now works for IPv6.
+
+* Dnspython now enforces that the candidate DNSKEYs for DNSSEC signatures
+  have protocol 3 and have the ZONE flag set.  This is a standards compliance issue more
+  than a security issue as the legitimate authority would have to have published
+  the non-compliant keys as well as updated their DS record in order for the records
+  to validate (the DS digest includes both flags and protocol).  Dnspython will not
+  make invalid keys by default, but does allow them to be created and used
+  for testing purposes.
+
+* Dependency specifications for optional features in the package metadata have been
+  improved.
+
 2.4.0
 -----
 
-- 
2.47.3