From b339d00cb4db358576f145aa5ab35afd5073af69 Mon Sep 17 00:00:00 2001
From: Amos Jeffries <yadij@users.noreply.github.com>
Date: Mon, 8 Jul 2019 21:07:47 +1200
Subject: [PATCH] 4.8 Release prep (#431)

* Fix date for v4.6 release
---
 ChangeLog                        | 21 ++++++++++++++++++++-
 doc/release-notes/release-4.sgml |  9 +++++++--
 2 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index bd276e7961..5e58704306 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,22 @@
+Changes to squid-4.8 (09 Jul 2019):
+
+	- Bug 4957: Multiple XSS issues in cachemgr.cgi
+	- Bug 4953: to_localhost does not include ::
+	- Bug 4937: cachemgr.cgi: unallocated memory access
+	- Bug 4936: terminating c-strings beyond BASE64_DECODE_LENGTH
+	- Bug 4889: Ignore ECONNABORTED in accept(2)
+	- Bug 4842: Memory leak when http_reply_access uses external_acl
+	- TLS: Fix tls-min-version= being ignored
+	- TLS: Add the NO_TLSv1_3 option to available tls-options values
+	- HTTP: RFC 7230 forbids generation of userinfo subcomponent of https URL
+	- HTTP: Remove userinfo support from old protocols
+	- HTTP: Fix Digest auth parameter parsing
+	- HTTP: Send Connection:close with the known-last request on a connection
+	- HTTP: Fix handling of tiny invalid responses
+	- Replace uudecode with libnettle base64 decoder
+	- Update HttpHeader::getAuth to SBuf
+	- ... and some compile issues
+
 Changes to squid-4.7 (06 May 2019):
 
 	- Bug 4942: --with-filedescriptors does not do anything
@@ -9,7 +28,7 @@ Changes to squid-4.7 (06 May 2019):
 	- Add support for buffer-size= to UDP logging
 	- TLS: When using OpenSSL, trust intermediate CAs from trusted store
 
-Changes to squid-4.6 (08 Feb 2019):
+Changes to squid-4.6 (19 Feb 2019):
 
 	- Bug 4915: Detect IPv6 loopback binding errors
 	- Bug 4914: Do not call setsid() in --foreground mode
diff --git a/doc/release-notes/release-4.sgml b/doc/release-notes/release-4.sgml
index ec1a464ab7..8968b5cab1 100644
--- a/doc/release-notes/release-4.sgml
+++ b/doc/release-notes/release-4.sgml
@@ -1,6 +1,6 @@
 <!doctype linuxdoc system>
 <article>
-<title>Squid 4.7 release notes</title>
+<title>Squid 4.8 release notes</title>
 <author>Squid Developers</author>
 
 <abstract>
@@ -12,7 +12,7 @@ for Applied Network Research and members of the Web Caching community.
 <toc>
 
 <sect>Notice
-<p>The Squid Team are pleased to announce the release of Squid-4.7 for testing.
+<p>The Squid Team are pleased to announce the release of Squid-4.8 for testing.
 
 This new release is available for download from <url url="http://www.squid-cache.org/Versions/v4/"> or the
  <url url="http://www.squid-cache.org/Download/http-mirrors.html" name="mirrors">.
@@ -298,6 +298,7 @@ This section gives a thorough account of those changes in three categories:
 	<p>New <em>--consensus</em>, <em>--client-requested</em> and
 	   <em>--server-provided</em> flags for the <em>ssl::server_name</em>
 	   type to control which server name to match against.
+	<p>Added <em>::/128</em> IPv6 range to <em>to_localhost</em> ACL.
 
 	<tag>auth_param</tag>
 	<p>New parameter <em>queue-size=</em> to set the maximum number
@@ -313,6 +314,7 @@ This section gives a thorough account of those changes in three categories:
 	<p>New option <em>tls-min-version=1.N</em> to set minimum TLS version allowed.
 	<p>New option <em>tls-default-ca</em> replaces <em>sslflags=NO_DEFAULT_CA</em>
 	<p>New option <em>tls-no-npn</em> to disable sending TLS NPN extension.
+	<p>New <em>tls-options=</em> option value to disable TLS/1.3.
 	<p>All <em>ssloptions=</em> values for SSLv2 configuration or disabling
 	   have been removed.
 	<p>Removed <em>sslversion=</em> option. Use <em>tls-options=</em> instead.
@@ -346,6 +348,7 @@ This section gives a thorough account of those changes in three categories:
 	<p>New option <em>tls-default-ca</em> replaces <em>sslflags=NO_DEFAULT_CA</em>,
 	   the default is also changed to OFF.
 	<p>New option <em>tls-no-npn</em> to disable sending TLS NPN extension.
+	<p>New <em>tls-options=</em> option value to disable TLS/1.3.
 	<p>All <em>option=</em> values for SSLv2 configuration or disabling
 	   have been removed.
 	<p>Removed <em>version=</em> option. Use <em>tls-options=</em> instead.
@@ -358,6 +361,7 @@ This section gives a thorough account of those changes in three categories:
 	<p>New option <em>tls-default-ca</em> replaces <em>sslflags=NO_DEFAULT_CA</em>,
 	   the default is also changed to OFF.
 	<p>New option <em>tls-no-npn</em> to disable sending TLS NPN extension.
+	<p>New <em>tls-options=</em> option value to disable TLS/1.3.
 	<p>All <em>options=</em> values for SSLv2
 	   configuration or disabling have been removed.
 	<p>Removed <em>version=</em> option. Use <em>tls-options=</em> instead.
@@ -376,6 +380,7 @@ This section gives a thorough account of those changes in three categories:
 	<p>New <em>tls-min-version=1.N</em> option to set minimum TLS version allowed
 	   on server connections.
 	<p>New <em>tls-options=</em> option to set OpenSSL library parameters.
+	<p>New <em>tls-options=</em> option value to disable TLS/1.3.
 	<p>New <em>tls-flags=</em> option to set flags modifying Squid TLS operations.
 	<p>New <em>tls-cipher=</em> option to set a list of ciphers permitted.
 	<p>New <em>tls-cafile=</em> option to set a file with additional CA
-- 
2.47.2