ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
Files
a4e4e9af05da61a4e4db6217f41fc436d5ae8b43
bind9/doc/arm/notes-9.15.1.xml
Michał Kępień 2f37ab1dac Split release notes into per-version sections 
Intertwining release notes from different BIND releases in a single XML
file has caused confusion in the past due to different (and often
arbitrary) approaches to keeping/removing release notes from older
releases on different BIND branches.  Divide doc/arm/notes.xml into
per-version sections to simplify determining the set of changes
introduced by a given release and to make adding/reviewing release notes
less error-prone.
2019-11-08 12:05:52 +01:00

88 lines
3.2 KiB
XML
Raw Blame History

<!--
- Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
- See the COPYRIGHT file distributed with this work for additional
- information regarding copyright ownership.
-->
<section xml:id="relnotes-9.15.1"><info><title>Notes for BIND 9.15.1</title></info>
<section xml:id="relnotes-9.15.1-security"><info><title>Security Fixes</title></info>
<itemizedlist>
<listitem>
<para>
A race condition could trigger an assertion failure when
a large number of incoming packets were being rejected.
This flaw is disclosed in CVE-2019-6471. [GL #942]
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="relnotes-9.15.1-new"><info><title>New Features</title></info>
<itemizedlist>
<listitem>
<para>
In order to clarify the configuration of DNSSEC keys,
the <command>trusted-keys</command> and
<command>managed-keys</command> statements have been
deprecated, and the new <command>dnssec-keys</command>
statement should now be used for both types of key.
</para>
<para>
When used with the keyword <command>initial-key</command>,
<command>dnssec-keys</command> has the same behavior as
<command>managed-keys</command>, i.e., it configures
a trust anchor that is to be maintained via RFC 5011.
</para>
<para>
When used with the new keyword <command>static-key</command>, it
has the same behavior as <command>trusted-keys</command>,
configuring a permanent trust anchor that will not automatically
be updated. (This usage is not recommended for the root key.)
[GL #6]
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="relnotes-9.15.1-removed"><info><title>Removed Features</title></info>
<itemizedlist>
<listitem>
<para>
The <command>cleaning-interval</command> option has been
removed. [GL !1731]
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="relnotes-9.15.1-changes"><info><title>Feature Changes</title></info>
<itemizedlist>
<listitem>
<para>
<command>named</command> will now log a warning if
a static key is configured for the root zone. [GL #6]
</para>
</listitem>
<listitem>
<para>
JSON-C is now the only supported library for enabling JSON
support for BIND statistics. The <command>configure</command>
option has been renamed from <command>--with-libjson</command>
to <command>--with-json-c</command>. Use
<command>PKG_CONFIG_PATH</command> to specify a custom path to
the <command>json-c</command> library as the new
<command>configure</command> option does not take the library
installation path as an optional argument.
</para>
</listitem>
</itemizedlist>
</section>
</section>
View Git Blame Copy Permalink