X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=blobdiff_plain;f=NEWS;h=e8f898a9831d0d2dec428b2642b73ef54ee4740e;hp=0b86a43da95cf3ada4974359684c78032ede9c9f;hb=86cd2da8d5dc08eedbf23be5249d1cc3a16f0787;hpb=bd0de15d314e6eacd0ea77be49473fedc7b2667f

diff --git a/NEWS b/NEWS
index 0b86a43d..e8f898a9 100644
--- a/NEWS
+++ b/NEWS
@@ -9,8 +9,27 @@
                                   -- NEWS --
 
 
-ngIRCd 21
-
+ngIRCd 21~rc1 (2013-10-05)
+
+  - Actually KILL clients on GLINE/KLINE. (Closes bug #156)
+  - Add support to show all user links using the "STATS L" (uppercase)
+    command (restricted to IRC Operators).
+  - Implement configurable SSL cipher list selection for GnuTLS and OpenSSL
+    using the new configuration option "CipherList". In addition, this
+    changes the defaults to more secure values: "HIGH:!aNULL:@STRENGTH" for
+    OpenSSL, and "SECURE128" for GnuTLS.
+  - Show connection flag "s" (SSL) in RPL_TRACE{LINK|SERVER} messages: now
+    you can check if a server-to-server link is SSL-encrypted or not using
+    the IRC "TRACE" command.
+  - Implement the new configuration option "DefaultUserModes" which lists
+    user modes that become automatically set on new local clients right
+    after login. Please note that only modes can be set that the client
+    could set on itself, so you can't set "a" (away) or "o" (IRC Op),
+    for example! User modes "i" (invisible) or "x" (cloaked) etc. are
+    "interesting", though. (Closes bug #160)
+  - Add support for the new METADATA "account" property, which allows
+    services to automatically identify users after netsplits and across
+    service restarts.
   - Implement a new configuration option "AllowedChannelTypes" that lists
     all allowed channel types (channel prefixes) for newly created channels
     on the local server. By default, all supported channel types are allowed.
@@ -65,6 +84,14 @@ ngIRCd 21
     and then is used to output individual help texts to specific topics.
     Please see the file ./doc/Commands.txt for details.
 
+ngIRCd 20.3 (2013-08-23)
+
+  - This release is a bugfix release only, without new features.
+  - Security: Fix a denial of service bug (server crash) which could happen
+    when the configuration option "NoticeAuth" is enabled (which is NOT the
+    default) and ngIRCd failed to send the "notice auth" messages to new
+    clients connecting to the server (CVE-2013-5580).
+
 ngIRCd 20.2 (2013-02-15)
 
   - This release is a bugfix release only, without new features.