Commit b209b44a authored by Petr Špaček's avatar Petr Špaček

NEWS: preparation for 2.4 release

parent 87bf6b25
Incompatible changes
--------------------
- minimal libknot version is now 2.6.7 to pull in latest fixes
Security
--------
- fix a rare case of zones incorrectly dowgraded to insecure status
- fix a rare case of zones incorrectly dowgraded to insecure status (!576)
New features
------------
- TLS session resumption (RFC 5077), both server and client (!585, #105)
(disabled when compiling with gnutls < 3.5)
- aggressive caching for NSEC3 zones
- optional protection from DNS Rebinding attack (module rebinding)
- TLS_FORWARD policy uses system CA certificate store by default (!568)
- aggressive caching for NSEC3 zones (!600)
- optional protection from DNS Rebinding attack (module rebinding, !608)
- module bogus_log to log DNSSEC bogus queries without verbose logging (!613)
Bugfixes
--------
- prefill: fix ability to read certificate bundle (!578)
- avoid turning off qname minimization in some cases, e.g. co.uk. (#339)
- fix validation of explicit wildcard queries (#274)
- dns64 module: more properties from the RFC implemented (incl. bug #375)
Improvements
------------
- ta_sentinel: switch to version 14 of the RFC draft (e.g. new label names)
- ta_sentinel: switch to version 14 of the RFC draft (!596)
- support for glibc systems with a non-Linux kernel (!588)
- support per-request variables for Lua modules (!533)
- support custom HTTP endpoints for Lua modules (!527)
Knot Resolver 2.3.0 (2018-04-23)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment