Tweak and reword release notes

doc/notes/notes-9.18.19.rst

@@ -35,49 +35,58 @@ Security Fixes
 Removed Features
 ~~~~~~~~~~~~~~~~
 
-- The :any:`dnssec-must-be-secure` option has been deprecated and will be
-  removed in a future release. :gl:`#4263`
+- The :any:`dnssec-must-be-secure` option has been deprecated and will
+  be removed in a future release. :gl:`#4263`
 
 Feature Changes
 ~~~~~~~~~~~~~~~
 
-- Make :iscman:`nsupdate` honor the ``-v`` option. If set, and the server is
-  specified, SOA queries are now send over TCP as well. :gl:`#1181`
+- If the ``server`` command is specified, :iscman:`nsupdate` now honors
+  the :option:`nsupdate -v` option for SOA queries by sending both the
+  UPDATE request and the initial query over TCP. :gl:`#1181`
 
 Bug Fixes
 ~~~~~~~~~
 
-- The value of If-Modified-Since header in statistics channel was not checked
-  for length leading to possible buffer overflow by an authorized user.  We
-  would like to emphasize that statistics channel must be properly setup to
-  allow access only from authorized users of the system. :gl:`#4124`
+- The value of the If-Modified-Since header in the statistics channel
+  was not being correctly validated for its length, potentially allowing
+  an authorized user to trigger a buffer overflow. Ensuring the
+  statistics channel is configured correctly to grant access exclusively
+  to authorized users is essential (see the :any:`statistics-channels`
+  block definition and usage section). :gl:`#4124`
 
-  This issue was reported independently by Eric Sesterhenn of X41 D-SEC and
-  Cameron Whitehead.
+  This issue was reported independently by Eric Sesterhenn of X41 D-Sec
+  GmbH and Cameron Whitehead.
 
-- The value of Content-Length header in statistics channel was not
-  bound checked and negative or large enough value could lead to
-  overflow and assertion failure.  :gl:`#4125`
+- The Content-Length header in the statistics channel was lacking proper
+  bounds checking. A negative or excessively large value could
+  potentially trigger an integer overflow and result in an assertion
+  failure. :gl:`#4125`
 
-  This issue was reported by Eric Sesterhenn of X41 D-SEC.
+  This issue was reported by Eric Sesterhenn of X41 D-Sec GmbH.
 
-- Address memory leaks due to not clearing OpenSSL error stack. :gl:`#4159`
+- Several memory leaks caused by not clearing the OpenSSL error stack
+  were fixed. :gl:`#4159`
 
-  This issue was reported by Eric Sesterhenn of X41 D-SEC.
+  This issue was reported by Eric Sesterhenn of X41 D-Sec GmbH.
 
-- Following the introduction of krb5-subdomain-self-rhs and
-  ms-subdomain-self-rhs update rules, removal of nonexistent PTR
-  and SRV records via UPDATE could fail. This has been fixed. :gl:`#4280`
+- The introduction of ``krb5-subdomain-self-rhs`` and
+  ``ms-subdomain-self-rhs`` UPDATE policies accidentally caused
+  :iscman:`named` to return SERVFAIL responses to deletion requests for
+  non-existent PTR and SRV records. This has been fixed. :gl:`#4280`
 
-- The value of :any:`stale-refresh-time` was set to zero after ``rndc flush``.
-  This has been fixed. :gl:`#4278`
+- The :any:`stale-refresh-time` feature was mistakenly disabled when the
+  server cache was flushed by :option:`rndc flush`. This has been fixed.
+  :gl:`#4278`
 
-- BIND could consume more memory than it needs. That has been fixed by
-  using specialised jemalloc memory arenas dedicated to sending buffers. It
-  allowed us to optimize the process of returning memory pages back to
-  the operating system. :gl:`#4038`
+- BIND's memory consumption has been improved by implementing dedicated
+  jemalloc memory arenas for sending buffers. This optimization ensures
+  that memory usage is more efficient and better manages the return of
+  memory pages to the operating system. :gl:`#4038`
 
-- Prevent DNS message corruption on long DNS over TLS streams. :gl:`#4255`
+- Previously, partial writes in the TLS DNS code were not accounted for
+  correctly, which could have led to DNS message corruption. This has
+  been fixed. :gl:`#4255`
 
 Known Issues
 ~~~~~~~~~~~~