Tweak and reword release notes

diff --git a/doc/notes/notes-9.18.8.rst b/doc/notes/notes-9.18.8.rst
index d3c4095b9c82f544a2cb0cf96e60a071535622f6..c76a6013507bd26922a884ff8a8624cd8bf4337a 100644 (file)
--- a/doc/notes/notes-9.18.8.rst
+++ b/doc/notes/notes-9.18.8.rst
@@ -15,21 +15,23 @@ Notes for BIND 9.18.8
 Known Issues
 ~~~~~~~~~~~~
 
-- Upgrading from BIND 9.16.32, 9.18.6, or older, may require a manual
-  configuration change. The following configurations are affected:
+- Upgrading from BIND 9.16.32, 9.18.6, or any older version may require
+  a manual configuration change. The following configurations are
+  affected:
 
-  - :any:`type primary` zones configured with :any:`dnssec-policy` but without
-    either :any:`allow-update` or :any:`update-policy`
-  - :any:`type secondary` zones configured with :any:`dnssec-policy`
+  - :any:`type primary` zones configured with :any:`dnssec-policy` but
+    without either :any:`allow-update` or :any:`update-policy`,
+  - :any:`type secondary` zones configured with :any:`dnssec-policy`.
 
   In these cases please add :namedconf:ref:`inline-signing yes;
-  <inline-signing>` to individual zone configuration(s). Without applying this
-  change :iscman:`named` will fail to start. For more details see
+  <inline-signing>` to the individual zone configuration(s). Without
+  applying this change, :iscman:`named` will fail to start. For more
+  details, see
   https://kb.isc.org/docs/dnssec-policy-requires-dynamic-dns-or-inline-signing
 
-- BIND 9.18 does not support dynamic updates forwarding (see
-  :any:`allow-update-forwarding`) in conjuction with zone transfers
-  over TLS (XoT). :gl:`#3512`
+- BIND 9.18 does not support dynamic update forwarding (see
+  :any:`allow-update-forwarding`) in conjuction with zone transfers over
+  TLS (XoT). :gl:`#3512`
 
 New Features
 ~~~~~~~~~~~~
@@ -40,19 +42,20 @@ New Features
 Feature Changes
 ~~~~~~~~~~~~~~~
 
-- The ability to use pkcs11 via engine_pkcs11 has been restored, by only using
-  deprecated APIs in OpenSSL 3.0.0. BIND needs to be compiled
-  with '-DOPENSSL_API_COMPAT=10100' specified in the CFLAGS at
-  compile time. :gl:`!6711`
+- The ability to use PKCS#11 via engine_pkcs11 has been restored, by
+  using only deprecated APIs in OpenSSL 3.0.0. BIND 9 needs to be
+  compiled with ``-DOPENSSL_API_COMPAT=10100`` specified in the CFLAGS
+  environment variable at compile time. :gl:`#3578`
 
-- Add support for parsing and validating ``dohpath`` to SVBC records.
-  :gl:`#3544`
+- Support for parsing and validating the ``dohpath`` service parameter
+  in SVCB records was added. :gl:`#3544`
 
 Bug Fixes
 ~~~~~~~~~
 
-- An assertion failure was fixed in ``named`` that was caused by aborting the statistics
-  channel connection while sending statistics data to the client.  :gl:`#3542`
+- An assertion failure was fixed in :iscman:`named` that was caused by
+  aborting the statistics channel connection while sending statistics
+  data to the client. :gl:`#3542`
 
-- Changing just the TSIG key names for primaries in catalog zones' member
-  zones was not effective. :gl:`#3557`
+- Changing just the TSIG key names for primaries in catalog zones'
+  member zones was not effective. This has been fixed. :gl:`#3557`