Add release notes entry

author Mark Andrews <marka@isc.org>

Tue, 31 Mar 2020 06:22:15 +0000 (17:22 +1100)

committer Michał Kępień <michal@isc.org>

Tue, 5 May 2020 21:49:48 +0000 (23:49 +0200)
author Mark Andrews <marka@isc.org>
Tue, 31 Mar 2020 06:22:15 +0000 (17:22 +1100)
committer Michał Kępień <michal@isc.org>
Tue, 5 May 2020 21:49:48 +0000 (23:49 +0200)
diff --git a/doc/arm/notes-9.11.19.xml b/doc/arm/notes-9.11.19.xml

index dbede743469c2e28d44a2873adcf2c06f09f1b8c..b9b5bb4c9198f924cdb8bf2dbd6046798c1bcab4 100644 (file)
--- a/doc/arm/notes-9.11.19.xml
+++ b/doc/arm/notes-9.11.19.xml
@@ -13,6 +13,17 @@
  
    <section xml:id="relnotes-9.11.19-security"><info><title>Security Fixes</title></info>
      <itemizedlist>
+      <listitem>
+        <para>
+          To prevent exhaustion of server resources by a maliciously configured
+          domain, the number of recursive queries that can be triggered by a
+          request before aborting recursion has been further limited. Root and
+          top-level domain servers are no longer exempt from the
+          <command>max-recursion-queries</command> limit. Fetches for missing
+          name server address records are limited to 4 for any domain. This
+          issue was disclosed in CVE-2020-8616. [GL #1388]
+        </para>
+      </listitem>
        <listitem>
          <para>
            Replaying a TSIG BADTIME response as a request could
author	Mark Andrews <marka@isc.org>
	Tue, 31 Mar 2020 06:22:15 +0000 (17:22 +1100)
committer	Michał Kępień <michal@isc.org>
	Tue, 5 May 2020 21:49:48 +0000 (23:49 +0200)