mirror of
https://github.com/isc-projects/bind9.git
synced 2026-06-09 08:54:42 -04:00
Set up release notes for BIND 9.19.18
This commit is contained in:
Michal Nowak
parent
ee46748eea
commit
03505812f0
1 changed files with 5 additions and 45 deletions
|
|
@ -9,7 +9,7 @@
|
|||
.. See the COPYRIGHT file distributed with this work for additional
|
||||
.. information regarding copyright ownership.
|
||||
|
||||
Notes for BIND 9.19.17
|
||||
Notes for BIND 9.19.18
|
||||
----------------------
|
||||
|
||||
Security Fixes
|
||||
|
|
@ -20,62 +20,22 @@ Security Fixes
|
|||
New Features
|
||||
~~~~~~~~~~~~
|
||||
|
||||
- Add support for User Statically Defined Tracing (USDT) probes - static tracing
|
||||
points for user-level software. This allows a fine-grained application
|
||||
tracing with zero-overhead when the probes are not enabled. :gl:`#4041`
|
||||
- None.
|
||||
|
||||
Removed Features
|
||||
~~~~~~~~~~~~~~~~
|
||||
|
||||
- The :any:`dnssec-must-be-secure` option has been deprecated and will be
|
||||
removed in a future release. :gl:`#4263`
|
||||
- None.
|
||||
|
||||
Feature Changes
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
- Make :iscman:`nsupdate` honor the ``-v`` option for SOA queries, that is send
|
||||
the request over TCP, only if the server is specified. :gl:`#1181`
|
||||
|
||||
- Extend client side support for the EDNS EXPIRE option to IXFR and
|
||||
AXFR query types. ``named`` will now be making EDNS queries AXFR
|
||||
and IXFR queries with EDNS options present. :gl:`#4170`
|
||||
|
||||
- Compiling with jemalloc versions older than 4.0.0 is no longer supported;
|
||||
those versions do not provide the features required by current BIND 9
|
||||
releases. :gl:`#4296`
|
||||
- None.
|
||||
|
||||
Bug Fixes
|
||||
~~~~~~~~~
|
||||
|
||||
- The value of If-Modified-Since header in statistics channel was not checked
|
||||
for length leading to possible buffer overflow by an authorized user. We
|
||||
would like to emphasize that statistics channel must be properly setup to
|
||||
allow access only from authorized users of the system. :gl:`#4124`
|
||||
|
||||
This issue was reported independently by Eric Sesterhenn of X41 D-SEC and
|
||||
Cameron Whitehead.
|
||||
|
||||
- The value of Content-Length header in statistics channel was not
|
||||
bound checked and negative or large enough value could lead to
|
||||
overflow and assertion failure. :gl:`#4125`
|
||||
|
||||
This issue was reported by Eric Sesterhenn of X41 D-SEC.
|
||||
|
||||
- Address memory leaks due to not clearing OpenSSL error stack. :gl:`#4159`
|
||||
|
||||
This issue was reported by Eric Sesterhenn of X41 D-SEC.
|
||||
|
||||
- Following the introduction of krb5-subdomain-self-rhs and
|
||||
ms-subdomain-self-rhs update rules, removal of nonexistent PTR
|
||||
and SRV records via UPDATE could fail. This has been fixed. :gl:`#4280`
|
||||
|
||||
- The value of :any:`stale-refresh-time` was set to zero after ``rndc flush``.
|
||||
This has been fixed. :gl:`#4278`
|
||||
|
||||
- BIND could consume more memory than it needs. That has been fixed by
|
||||
using specialised jemalloc memory arenas dedicated to sending buffers. It
|
||||
allowed us to optimize the process of returning memory pages back to
|
||||
the operating system. :gl:`#4038`
|
||||
- None.
|
||||
|
||||
Known Issues
|
||||
~~~~~~~~~~~~
|
||||
|
|
|
|||
Loading…
Reference in a new issue