NEWS in yahns-1.12.1 vs NEWS in yahns-1.12.2

- old
+ new
@@ -1,4 +1,40 @@
+=== yahns 1.12.2 - minor doc and TLS fixes / 2016-03-01 01:55 UTC
+
+  This release ensures OpenSSL::SSL::SSLContext#session_id_context
+  is always set for OpenSSL users.  It won't overwrite existing
+  settings, but setting it to a random value is necessary to
+  ensure clients do not get aborted connections when attempting to
+  use a session cache.
+
+  No need to actually upgrade if you're on 1.12.1, you may add the
+  following to your yahns_config(5) file where
+  OpenSSL::SSL::SSLContext is configured:
+
+      # recommended, not required.  This sets safer defaults
+      # provided by Ruby on top of what OpenSSL gives:
+      ssl_ctx.set_params
+
+      # required, and done by default in v1.12.2:
+      ssl_ctx.session_id_context ||= OpenSSL::Random.random_bytes(32)
+
+  yahns gives you full control of of how OpenSSL::SSL::SSLContext is
+  configured.  To avoid bugs, yahns only ensures
+  OpenSSL::SSL::SSLContext#session_id_context is set (if not previously
+  set by the user) and calls OpenSSL::SSL::SSLContext#setup before
+  spawning threads to avoid race conditions.  yahns itself does not and
+  will not enforce any opinion on the compatibility/performance/security
+  trade-offs regarding TLS configuration.
+
+  Note: keep in mind using an SSL session cache may be less useful
+  with yahns because HTTP/1.1 persistent connections may live
+  forever :)
+
+  3 bug/doc fixes on top of v1.12.1:
+        document OpenSSL::SSL::SSLContext#set_params use
+        ssl: ensure is session_id_context is always set
+        test/*: fix mktmpdir usage for 1.9.3
+
 === yahns 1.12.1 - more TLS fixes / 2016-02-22 00:39 UTC
 
   Most notably release fixes TLS output buffering for large
   responses to slow clients.  For Rack HTTPS users,
   env['SERVER_PORT'] also defaults to 443 properly unless the