From c0970157328239c515dac200d8c4840c557b8060 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Tue, 31 Mar 2020 17:22:15 +1100
Subject: [PATCH] Add release notes entry

---
 doc/arm/notes-9.14.12.xml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/doc/arm/notes-9.14.12.xml b/doc/arm/notes-9.14.12.xml
index 47b919e0ef..42761216b8 100644
--- a/doc/arm/notes-9.14.12.xml
+++ b/doc/arm/notes-9.14.12.xml
@@ -13,6 +13,17 @@
 
   <section xml:id="relnotes-9.14.12-security"><info><title>Security Fixes</title></info>
     <itemizedlist>
+      <listitem>
+        <para>
+          To prevent exhaustion of server resources by a maliciously configured
+          domain, the number of recursive queries that can be triggered by a
+          request before aborting recursion has been further limited. Root and
+          top-level domain servers are no longer exempt from the
+          <command>max-recursion-queries</command> limit. Fetches for missing
+          name server address records are limited to 4 for any domain. This
+          issue was disclosed in CVE-2020-8616. [GL #1388]
+        </para>
+      </listitem>
       <listitem>
         <para>
           Replaying a TSIG BADTIME response as a request could