From: Petr Špaček Date: Thu, 4 Jul 2019 13:46:24 +0000 (+0200) Subject: NEWS for 4.1.0 X-Git-Tag: v4.1.0^2~49 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0bf8eb54e466870866aea7cb5054c219c06ffb95;p=thirdparty%2Fknot-resolver.git NEWS for 4.1.0 --- diff --git a/NEWS b/NEWS index acca64d70..000103e47 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,4 @@ -Knot Resolver 4.x.y (2019-0m-dd) +Knot Resolver 4.1.0 (2019-07-10) ================================ Security @@ -7,22 +7,25 @@ Security Improvements ------------ +- new cache garbage collector is available and enabled by default (#257) + This improves cache efficiency on big installations. +- DNS-over-HTTPS: unknown HTTP parameters are ignored to improve compatibility + with non-standard clients (!832) - DNS-over-HTTPS: answers include `access-control-allow-origin: *` (!823) -- support named AF_UNIX stream sockets for the http module (again) + which allows JavaScript to use DoH endpoint. +- http module: support named AF_UNIX stream sockets (again) - aggressive caching is disabled on minimal NSEC* ranges (!826) + This improves cache effectivity with DNSSEC black lies and also accidentally + works around bug in proofs-of-nonexistence from F5 BIG-IP load-balancers. - aarch64 support, even kernels with ARM64_VA_BITS >= 48 (#216, !797) - This is done by working around a LuaJIT incompatibility. -- lua modules may omit casting parameters of layer functions (!797) + This is done by working around a LuaJIT incompatibility. Please report bugs. - lua tables for C modules are more strict by default, e.g. `nsid.foo` will throw an error instead of returning `nil` (!797) -- http module: also send intermediate TLS certificate to clients, - if available and luaossl >= 20181207 (!819) -- systemd: basic watchdog is now available and turned on by default (#275) -- experimental cache garbage collector daemon is available (#257) +- systemd: basic watchdog is now available and enabled by default (#275) Bugfixes -------- -- TCP to upstream: don't send wrong message length (unlikely, !816) +- TCP to upstream: fix unlikely case of sending out wrong message length (!816) - http module: fix problems around maintenance of ephemeral certs (!819) - http module: also send intermediate TLS certificate to clients, if available and luaossl >= 20181207 (!819) @@ -34,6 +37,11 @@ Bugfixes - cache: automatically clear stale reader locks (!844) +Module API changes +------------------ +- lua modules may omit casting parameters of layer functions (!797) + + Knot Resolver 4.0.0 (2019-04-18) ================================