Log Message:
Knot DNS 2.4.5 (2017-06-23)
===========================

Security:
---------
 - Improper TSIG validity period check can allow TSIG forgery (Thanks to Synacktiv!)

Bugfixes:
---------
 - Corner case journal fixes (huge changesets, OpenWRT operation)

Knot DNS 2.4.4 (2017-06-05)
===========================

Improvements:
-------------
 - Improved error handling in kjournalprint

Bugfixes:
---------
 - Zone flush not replanned upon unsuccessful flush
 - Journal inconsistency after deleting deleted zone
 - Zone events not rescheduled upon server reload (Thanks to Mark Warren)
 - Unreliable LMDB mapsize detection in kjournalprint
 - Some minor issues found by AddressSanitizer

Knot DNS 2.4.3 (2017-04-11)
===========================

Improvements:
-------------
 - New 'journal-db-mode' optimization configuration option
 - The default TSIG algorithm for utilities input is HMAC-SHA256
 - Implemented sensible default EDNS(0) padding policy (Thanks to D. K. Gillmor)
 - Added some more semantic checks on the knotc configuration operations

Bugfixes:
---------
 - Missing 'zone' keyword in the YAML output
 - Missing trailing dot in the keymgr DS owner output
 - Journal logs 'invalid parameter' in several cases
 - Some minor journal-related problems

Knot DNS 2.4.2 (2017-03-23)
===========================

Features:
---------
 - Zscanner can store record comments placed on the same line
 - Knotc status extension with version, configure, and workers parameters

Improvements:
-------------
 - Significant incoming XFR speed-up in the case of many zones

Bugfixes:
---------
 - Double OPT RR insertion when a global module returns KNOT_STATE_FAIL
 - User-driven zscanner parsing logic inconsistency
 - Lower serial at master doesn't trigger any errors
 - Queries with too long DNAME substitution do not return YXDOMAIN response
 - Incorrect elapsed time in the DDNS log
 - Failed to process forwarded DDNS request with TSIG

Knot DNS 2.4.1 (2017-02-10)
===========================

Improvements:
-------------
 - Speed-up of rdata addition into a huge rrset
 - Introduce check of minumum timeout for next refresh
 - Dnsproxy module can forward all queries without local resolving

Bugfixes:
--------
 - Transfer of a huge rrset goes into an infinite loop
 - Huge response over TCP contains useless TC bit instead of SERVFAIL
 - Failed to build utilities with disabled daemon
 - Memory leaks during keys removal
 - Rough TSIG packet reservation causes early truncation
 - Minor out-of-bounds string termination write in rrset dump
 - Server crash during stop if failed to open timers DB
 - Failed to compile on OS X older than Sierra
 - Poor minimum UDP-max-size configuration check
 - Failed to receive one-record-per-message IXFR-style AXFR
 - Kdig timeouts when receiving RCODE != NOERROR on subsequent transfer message

Knot DNS 2.4.0 (2017-01-18)
===========================
 - Kdig timeouts when receiving RCODE != NOERROR on subsequent transfer message

Knot DNS 2.4.0 (2017-01-18)
===========================

Bugfixes:
--------
 - False positive semantic-check warning about invalid bitmap in NSEC
 - Unnecessary SOA queries upon notify with up to date serial
 - Timers for expired zones are reset on reload
 - Zone doesn't expire when the server is down
 - Failed to handle keys with duplicate keytags
 - Per zone module and global module insconsistency
 - Obsolete online signing module configuration
 - Malformed output from kjournalprint
 - Redundant SO_REUSEPORT activation on the TCP socket
 - Failed to use higher number of background workers

Improvements:
-------------
 - Lower memory consumption with qp-trie
 - Zone events and zone timers improvements
 - Print all zone names in the FQDN format
 - Simplified query module interface
 - Shared TCP connection between SOA query and transfer
 - Response Rate Limiting as a module with statistics support
 - Key filters in keymgr

Features:
---------
 - New unified LMDB-based zone journal
 - Server statistics support
 - New statistics module for traffic measuring
 - Automatic deletion of retired DNSSEC keys
 - New control logging category