RELEASE-NOTES: 7.36.0

commit: 4f041c9d6e61829310eb0715d8edb2a232478123 [log] [tgz]
author: Daniel Stenberg <daniel@haxx.se> Tue Mar 25 22:57:47 2014 +0100
committer: Daniel Stenberg <daniel@haxx.se> Wed Mar 26 00:29:43 2014 +0100
tree: 4338de12d2b5f209b9458131536d337254b54df2
parent: 4d06b27921bde6d0caba0c84c1e50f8495ed48ee [diff]
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index a3d6d00..72468a9 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES

@@ -7,6 +7,13 @@
  Known libcurl bindings:       42
  Contributors:                 1123
 
+This release includes the following SECURITY ADVISORIES:
+
+ o wrong re-use of connections [16]
+ o IP address wildcard certificate validation [17]
+ o not verifying certs for TLS to IP address / Darwinssl [18]
+ o not verifying certs for TLS to IP address / Winssl [19]
+
 This release includes the following changes:
 
  o ntlm: Added support for NTLMv2 [2]
@@ -73,6 +80,7 @@
  o polarssl: avoid extra newlines in debug messages
  o rtsp: parse "Session:" header properly [14]
  o trynextip: don't store 'ai' on failed connects
+ o Curl_cert_hostcheck: strip trailing dots in host name and wildcard
 
 This release includes the following known bugs:
 
@@ -107,3 +115,7 @@
  [13] = http://curl.haxx.se/mail/lib-2014-02/0036.html
  [14] = http://curl.haxx.se/mail/lib-2014-03/0134.html
  [15] = http://curl.haxx.se/bug/view.cgi?id=1337
+ [16] = http://curl.haxx.se/docs/adv_20140326A.html
+ [17] = http://curl.haxx.se/docs/adv_20140326B.html
+ [18] = http://curl.haxx.se/docs/adv_20140326C.html
+ [19] = http://curl.haxx.se/docs/adv_20140326D.html
commit	4f041c9d6e61829310eb0715d8edb2a232478123	[log] [tgz]
author	Daniel Stenberg <daniel@haxx.se>	Tue Mar 25 22:57:47 2014 +0100
committer	Daniel Stenberg <daniel@haxx.se>	Wed Mar 26 00:29:43 2014 +0100
tree	4338de12d2b5f209b9458131536d337254b54df2
parent	4d06b27921bde6d0caba0c84c1e50f8495ed48ee [diff]