NEWS in yahns-1.11.0 vs NEWS in yahns-1.12.0

- old
+ new
@@ -1,4 +1,66 @@
+=== yahns 1.12.0 - TLS fixes and more! / 2016-02-14 22:30 UTC
+
+  Most notably, serving static files over HTTPS did not work
+  before this release with the "sendfile" gem installed.  The
+  yahns_config(5) manpage is also updated with an example for
+  using OpenSSL::SSL::SSLContext objects.  Users of
+  Rack::Request#scheme and env['rack.url_scheme'] should see
+  "https" properly set for HTTPS connections.
+
+  There's also a bunch of internal tweaks like taking advantage of
+  the file-level frozen_string_literal: directive in 2.3 and
+  explicitly clearing short-lived string buffers
+
+  TLS support is still in its early stages, but I'm experimenting
+  with Let's Encrypt (via getssl[1]) and hosting https://YHBT.net/
+  on it.
+
+  For now, I suggest using a separate yahns instance (with a
+  different master process) to avoid any potential data leaks
+  between HTTPS and HTTP instances.  In the future, it may be
+  possible to isolate HTTPS from HTTP at the worker process level.
+  Supporting GnuTLS (alongside OpenSSL) may be in our future, too.
+
+  To paraphrase the warning in http://www.postfix.org/TLS_README.html
+  (which was written before Heartbleed):
+
+      WARNING
+
+        By turning on TLS support in yahns, you not only get the
+        ability to encrypt traffic and to authenticate remote
+        clients.  You also turn on thousands and thousands of
+        lines of OpenSSL library code.  Assuming that OpenSSL is
+        written as carefully as Eric's own code, every 1000 lines
+        introduce one additional bug into yahns.
+
+  I'm not nearly as careful with yahns as Wietse is with postfix,
+  either.
+
+  20 changes since v1.11.0:
+        README: updates for kqueue
+        add .gitattributes for Ruby method detection
+        nodoc internals
+        enable frozen_string_literal for Ruby 2.3+
+        copyright updates for 2016
+        extras/exec_cgi: fix frozen string error on slow responses
+        avoid StringIO#binmode for the next few years
+        use String#clear for short-lived buffers we create
+        gemspec: make rack a development dependency
+        build: install-gem forced to "--local" domain
+        acceptor: all subclasses of TCPServer use TCP_INFO
+        properly emulate sendfile for OpenSSL sockets
+        avoid race conditions in OpenSSL::SSL::SSLContext#setup
+        set HTTPS and rack.url_scheme in Rack env as appropriate
+        proxy_pass: pass X-Forwarded-Proto through
+        doc: switch to perlpod (from pandoc-flavored Markdown)
+        doc: trim down documentation slightly
+        doc: document ssl_ctx for "listen" directive
+        doc: various doc and linkification improvements
+        http_context: reduce constant lookup + bytecode
+
+  [1] git clone https://github.com/srvrco/getssl.git
+
 === yahns 1.11.0 - more minor updates / 2015-12-13 02:20 UTC
 
   There's some minor test case fixes and documentation updates.
 
   For OpenSSL users running the Ruby 2.3.0 preview releases,