Add release notes entry

7ea45838 · Mark Andrews · Michał Kępień · 83965f70 · 7ea45838
Commit 7ea45838 authored Mar 31, 2020 by Mark Andrews Committed by Michał Kępień May 19, 2020
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -14,6 +14,14 @@ Notes for BIND 9.17.2
 Security Fixes
 ~~~~~~~~~~~~~~

+-  To prevent exhaustion of server resources by a maliciously configured
+   domain, the number of recursive queries that can be triggered by a
+   request before aborting recursion has been further limited. Root and
+   top-level domain servers are no longer exempt from the
+   ``max-recursion-queries`` limit. Fetches for missing name server
+   address records are limited to 4 for any domain. This issue was
+   disclosed in CVE-2020-8616. [GL #1388]
+
 -  Replaying a TSIG BADTIME response as a request could trigger an
   assertion failure. This was disclosed in CVE-2020-8617. [GL #1703]