diff --git a/NEWS b/NEWS index 91e79cecc52def98ea00444811426c807579f141..33ecc593f48c8dbf10087e34fc7d197c0ee18c0d 100644 --- a/NEWS +++ b/NEWS @@ -1,8 +1,32 @@ +Knot Resolver 2.3.0 (2018-04-23) +================================ + +Security +-------- +- fix CVE-2018-1110: denial of service triggered by malformed DNS messages + (!550, !558, security!2, security!4) +- increase resilience against slow lorris attack (security!5) + +Incompatible changes +-------------------- +- rename serve stale configuration option cache_touted_ns_clean_interval + to cache_ns_tout (!537) Bugfixes -------- -- validation: fix SERVFAIL in case of CNAME to NXDOMAIN in a single zone -- validation: fix SERVFAIL for DS . query +- validation: fix SERVFAIL in case of CNAME to NXDOMAIN in a single zone (!538) +- validation: fix SERVFAIL for DS . query (!544) +- lib/resolve: don't send unecessary queries to parent zone (!513) +- iterate: fix validation for zones where parent and child share NS (!543) +- TLS: improve error handling and documentation (!536, !555, !559) + +Improvements +------------ +- prefill: new module to periodically import root zone into cache + (replacement for RFC 7706, !511) +- network_listen_fd: always create end point for supervisor supplied file descriptor +- daemon: improved TLS error handling +- use CPPFLAGS build environment variable if set (!547) Knot Resolver 2.2.0 (2018-03-28) diff --git a/config.mk b/config.mk index 5a09a86668f61495ba7d1b15976f10f8c329d820..a4f5137582f418f30203f09446283c27655b3a4c 100644 --- a/config.mk +++ b/config.mk @@ -1,6 +1,6 @@ # Project MAJOR := 2 -MINOR := 2 +MINOR := 3 PATCH := 0 EXTRA := ABIVER := 7