Tweak and reword release notes

Martyrshot · Sep 8, 2023 · 01020d7 · 01020d7
1 parent da05434
commit 01020d7
Showing 1 changed file with 42 additions and 34 deletions.
diff --git a/doc/notes/notes-9.19.17.rst b/doc/notes/notes-9.19.17.rst
@@ -26,62 +26,70 @@ Security Fixes
 New Features
 ~~~~~~~~~~~~
 
-- Add support for User Statically Defined Tracing (USDT) probes - static tracing
-  points for user-level software.  This allows a fine-grained application
-  tracing with zero-overhead when the probes are not enabled. :gl:`#4041`
+- Support for User Statically Defined Tracing (USDT) probes has been
+  added. These probes enable fine-grained application tracing and
+  introduce no overhead when they are not enabled. :gl:`#4041`
 
 Removed Features
 ~~~~~~~~~~~~~~~~
 
-- The :any:`dnssec-must-be-secure` option has been deprecated and will be
-  removed in a future release. :gl:`#4263`
+- The :any:`dnssec-must-be-secure` option has been deprecated and will
+  be removed in a future release. :gl:`#4263`
 
 Feature Changes
 ~~~~~~~~~~~~~~~
 
-- Make :iscman:`nsupdate` honor the ``-v`` option for SOA queries, that is send
-  the request over TCP, only if the server is specified. :gl:`#1181`
+- If the ``server`` command is specified, :iscman:`nsupdate` now honors
+  the :option:`nsupdate -v` option for SOA queries by sending both the
+  UPDATE request and the initial query over TCP. :gl:`#1181`
 
-- Extend client side support for the EDNS EXPIRE option to IXFR and
-  AXFR query types. ``named`` will now be making EDNS queries AXFR
-  and IXFR queries with EDNS options present.  :gl:`#4170`
+- The client-side support of the EDNS EXPIRE option has been expanded to
+  include IXFR and AXFR query types. This enhancement enables
+  :iscman:`named` to perform AXFR and IXFR queries while incorporating
+  the EDNS EXPIRE option. :gl:`#4170`
 
-- Compiling with jemalloc versions older than 4.0.0 is no longer supported;
-  those versions do not provide the features required by current BIND 9
-  releases. :gl:`#4296`
+- Compiling with jemalloc versions older than 4.0.0 is no longer
+  supported; those versions do not provide the features required by
+  current BIND 9 releases. :gl:`#4296`
 
 Bug Fixes
 ~~~~~~~~~
 
-- The value of If-Modified-Since header in statistics channel was not checked
-  for length leading to possible buffer overflow by an authorized user.  We
-  would like to emphasize that statistics channel must be properly setup to
-  allow access only from authorized users of the system. :gl:`#4124`
+- The value of the If-Modified-Since header in the statistics channel
+  was not being correctly validated for its length, potentially allowing
+  an authorized user to trigger a buffer overflow. Ensuring the
+  statistics channel is configured correctly to grant access exclusively
+  to authorized users is essential (see the :any:`statistics-channels`
+  block definition and usage section). :gl:`#4124`
 
-  This issue was reported independently by Eric Sesterhenn of X41 D-SEC and
-  Cameron Whitehead.
+  This issue was reported independently by Eric Sesterhenn of X41 D-Sec
+  GmbH and Cameron Whitehead.
 
-- The value of Content-Length header in statistics channel was not
-  bound checked and negative or large enough value could lead to
-  overflow and assertion failure.  :gl:`#4125`
+- The Content-Length header in the statistics channel was lacking proper
+  bounds checking. A negative or excessively large value could
+  potentially trigger an integer overflow and result in an assertion
+  failure. :gl:`#4125`
 
-  This issue was reported by Eric Sesterhenn of X41 D-SEC.
+  This issue was reported by Eric Sesterhenn of X41 D-Sec GmbH.
 
-- Address memory leaks due to not clearing OpenSSL error stack. :gl:`#4159`
+- Several memory leaks caused by not clearing the OpenSSL error stack
+  were fixed. :gl:`#4159`
 
-  This issue was reported by Eric Sesterhenn of X41 D-SEC.
+  This issue was reported by Eric Sesterhenn of X41 D-Sec GmbH.
 
-- Following the introduction of krb5-subdomain-self-rhs and
-  ms-subdomain-self-rhs update rules, removal of nonexistent PTR
-  and SRV records via UPDATE could fail. This has been fixed. :gl:`#4280`
+- The introduction of ``krb5-subdomain-self-rhs`` and
+  ``ms-subdomain-self-rhs`` UPDATE policies accidentally caused
+  :iscman:`named` to return SERVFAIL responses to deletion requests for
+  non-existent PTR and SRV records. This has been fixed. :gl:`#4280`
 
-- The value of :any:`stale-refresh-time` was set to zero after ``rndc flush``.
-  This has been fixed. :gl:`#4278`
+- The :any:`stale-refresh-time` feature was mistakenly disabled when the
+  server cache was flushed by :option:`rndc flush`. This has been fixed.
+  :gl:`#4278`
 
-- BIND could consume more memory than it needs. That has been fixed by
-  using specialised jemalloc memory arenas dedicated to sending buffers. It
-  allowed us to optimize the process of returning memory pages back to
-  the operating system. :gl:`#4038`
+- BIND's memory consumption has been improved by implementing dedicated
+  jemalloc memory arenas for sending buffers. This optimization ensures
+  that memory usage is more efficient and better manages the return of
+  memory pages to the operating system. :gl:`#4038`
 
 Known Issues
 ~~~~~~~~~~~~