release 2.3.0

eb979d3a · Tomas Krizek · Petr Špaček · 375719d5 · eb979d3a · eb979d3a
Verified Commit eb979d3a authored 6 years ago by Tomas Krizek Committed by Petr Špaček 6 years ago
--- a/NEWS
+++ b/NEWS
+Knot Resolver 2.3.0 (2018-04-23)
+================================
+
+Security
+--------
+- fix CVE-2018-1110: denial of service triggered by malformed DNS messages
+  (!550, !558, security!2, security!4)
+- increase resilience against slow lorris attack (security!5)
+
+Incompatible changes
+--------------------
+- rename serve stale configuration option cache_touted_ns_clean_interval
+  to cache_ns_tout (!537)

 Bugfixes
 --------
- validation: fix SERVFAIL in case of CNAME to NXDOMAIN in a single zone
- validation: fix SERVFAIL for DS . query
+- validation: fix SERVFAIL in case of CNAME to NXDOMAIN in a single zone (!538)
+- validation: fix SERVFAIL for DS . query (!544)
+- lib/resolve: don't send unecessary queries to parent zone (!513)
+- iterate: fix validation for zones where parent and child share NS (!543)
+- TLS: improve error handling and documentation (!536, !555, !559)
+
+Improvements
+------------
+- prefill: new module to periodically import root zone into cache
+  (replacement for RFC 7706, !511)
+- network_listen_fd: always create end point for supervisor supplied file descriptor
+- daemon: improved TLS error handling
+- use CPPFLAGS build environment variable if set (!547)


 Knot Resolver 2.2.0 (2018-03-28)

--- a/config.mk
+++ b/config.mk
 # Project
 MAJOR := 2
-MINOR := 2
+MINOR := 3
 PATCH := 0
 EXTRA :=
 ABIVER := 7