@@ -2,67 +2,13 @@ This document describes *changes* to previous versions, that might
22affect Exim's operation, with an unchanged configuration file. For new
33options, and new features, see the NewStuff file next to this ChangeLog.
44
5- Exim version 4.98
6- -----------------
7-
8- JH/01 Support list of dkim results in the dkim_status ACL condition, making
9- it more usable in the data ACL.
10-
11- JH/02 Bug 3040: Handle error on close of the spool data file during reception.
12- Previously This was only logged, on the assumption that errors would be
13- seen for a previous fflush(). However, a fuse filesystem has been
14- reported as showing this an error for the fclose(). The spool is now in
15- an uncertain state, and we have logged and responded acceptance. Change
16- this to respond with a temp-reject, wipe spoolfiles, and log the error
17- detail.
18-
19- JH/03 Bug 3030: Fix handling of DNS servfail respons for DANE TLSA. When hit
20- during a recipient verify callout, a QUIT command was attempted on the
21- now-closed callout channel, causing a paniclog entry.
22-
23- JH/04 Bug 3039: Fix handling of of an empty log_reject_target, with
24- a connection_reject log_selector, under tls_on_connect. Previously
25- with this combination, when the connect ACL rejected, a spurious
26- paniclog entry was made.
27-
28- JH/05 Fix TLS resumption for TLS-on-connect. This was broken by the advent
29- of loadbalancer-detection for resumption, in 4.96 - which tries to
30- use the EHLO response. SMTPS does not have one at the time it is starting
31- TLS. Change the default for the smtp transport host_name_extract option
32- to be a static string, for TLS-on-connect cases; meaning that resumption
33- will always be attempted (unless deliberately overriden).
34-
35- JH/06 Bug 3054: Fix dnsdb lookup for a TXT record with multiple chunks, with a
36- chunk-separator specification. This was broken by hardening introduced
37- for Bug 3031.
38-
39- JH/07 Bug 3050: Fix -bp for old message_id format spoolfiles. Previously it
40- included the -H with the id; this also messed up exiqgrep.
41-
42- JH/08 Bug 3056: Tighten up parsing of DKIM DNS records. Previously, whitespace
43- was not properly skipped and empty elements would cause mis-parsing.
44- Tighten parsing of DKIM header records. Previously, all but lowercase
45- alpha chars would be ignored in potential tag names.
46-
47- JH/09 Bug 3057: Add heuristic for spotting mistyped IPv6 addresses in lists
48- being searched. Previously we only had one for IPv4 addresses. Per the
49- documentation, the error results by default in a no-match result for the
50- list. It is logged if the unknown_in_list log_selector is used.
51-
52- JH/10 Bug 3058: Ensure that a failing expansion in a router "set" option defers
53- the routing operation. Previously it would silently stop routing the
54- message.
5+ Since Exim version 4.97
6+ -----------------------
557
56- JH/11 Bug 3046: Fix queue-runs. Previously, the arrivel of a notification or
57- info-request event close in time to a scheduled run timer could result in
58- the latter being missed, and no further queue scheduled runs being
59- initiated. This ouwld be more likely on high-load systems.
60-
61- JH/12 Refuse to accept a line "dot, LF" as end-of-DATA unless operating in
8+ JH/s1 Refuse to accept a line "dot, LF" as end-of-DATA unless operating in
629 LF-only mode (as detected from the first header line). Previously we did
6310 accept that in (normal) CRLF mode; this has been raised as a possible
64- attack scenario (under the name "smtp smuggling").
65-
11+ attack scenario (under the name "smtp smuggling", CVE-2023-51766).
6612
6713
6814Exim version 4.97
0 commit comments