ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
Files
d53ecb772006ea993c8cb2d57a45a6a7f82b999d
bind9/doc/notes/notes-current.rst
Ondřej Surý 12935f2e70 Add CHANGES and release note for [GL #4263] 
(cherry picked from commit 898f0ee3cf)
2023-09-04 17:27:38 +02:00

73 lines
2.1 KiB
ReStructuredText
Raw Blame History

.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
Notes for BIND 9.18.19
----------------------
Security Fixes
~~~~~~~~~~~~~~
- None.
New Features
~~~~~~~~~~~~
- None.
Removed Features
~~~~~~~~~~~~~~~~
- The :any:`dnssec-must-be-secure` option has been deprecated and will be
removed in a future release. :gl:`#4263`
Feature Changes
~~~~~~~~~~~~~~~
- None.
- Make :iscman:`nsupdate` honor the ``-v`` option. If set, and the server is
specified, SOA queries are now send over TCP as well. :gl:`#1181`
Bug Fixes
~~~~~~~~~
- The value of If-Modified-Since header in statistics channel was not checked
for length leading to possible buffer overflow by an authorized user. We
would like to emphasize that statistics channel must be properly setup to
allow access only from authorized users of the system. :gl:`#4124`
This issue was reported independently by Eric Sesterhenn of X41 D-SEC and
Cameron Whitehead.
- The value of Content-Length header in statistics channel was not
bound checked and negative or large enough value could lead to
overflow and assertion failure. :gl:`#4125`
This issue was reported by Eric Sesterhenn of X41 D-SEC.
- Address memory leaks due to not clearing OpenSSL error stack. :gl:`#4159`
This issue was reported by Eric Sesterhenn of X41 D-SEC.
- Following the introduction of krb5-subdomain-self-rhs and
ms-subdomain-self-rhs update rules, removal of nonexistent PTR
and SRV records via UPDATE could fail. This has been fixed. :gl:`#4280`
- The value of :any:`stale-refresh-time` was set to zero after ``rndc flush``.
This has been fixed. :gl:`#4278`
Known Issues
~~~~~~~~~~~~
- There are no new known issues with this release. See :ref:`above
<relnotes_known_issues>` for a list of all known issues affecting this
BIND 9 branch.
View Git Blame Copy Permalink