From 6b729df698824376b9b5ee518763528ccbeff42b Mon Sep 17 00:00:00 2001
From: Povilas Kanapickas <povilas@radix.lt>
Date: Mon, 1 Nov 2021 21:56:47 +0200
Subject: [PATCH] Release notes for v2.4.0

---
 .../build-failure-mipsel-riscv.bugfix         |  1 -
 .../client-certificate-checking.bugfix        |  7 ---
 .../client-send-certificate.feature           |  1 -
 ...iguration-reading-non-ascii-windows.bugfix |  1 -
 doc/newsfragments/dont-use-openssl-cli.bugfix |  1 -
 doc/newsfragments/drop-target--option.feature |  1 -
 .../enable-crypto-by-default.feature          |  2 -
 .../fingerprint-randomart.feature             |  3 -
 doc/newsfragments/fix-x11-paste.bugfix        |  1 -
 doc/newsfragments/gui-autostart.feature       |  1 -
 .../gui-hotkey-multiple-actions.bugfix        |  1 -
 .../gui-hotkey-special-keys-handling.bugfix   |  1 -
 ...gui-keyboard-enabled-screen-layout.feature |  1 -
 .../keyboard-backlight-media-keys.feature     |  1 -
 .../muhenkan-eisu-toggle-keys.feature         |  1 -
 .../non-ascii-character-transfer.bugfix       |  1 -
 doc/newsfragments/profile-dir-option.feature  |  1 -
 .../regenerate-broken-server-cert.bugfix      |  1 -
 doc/newsfragments/sha256-fingerprints.bugfix  |  4 --
 doc/newsfragments/sun-keyboard-keys.bugfix    |  1 -
 doc/newsfragments/translation_chinese.bugfix  |  1 -
 doc/newsfragments/translation_slovak.bugfix   |  1 -
 doc/newsfragments/use-theme-icons.bugfix      |  1 -
 doc/newsfragments/windows-service-path.bugfix |  1 -
 doc/release_notes/index.md                    | 62 +++++++++++++++++++
 25 files changed, 62 insertions(+), 36 deletions(-)
 delete mode 100644 doc/newsfragments/build-failure-mipsel-riscv.bugfix
 delete mode 100644 doc/newsfragments/client-certificate-checking.bugfix
 delete mode 100644 doc/newsfragments/client-send-certificate.feature
 delete mode 100644 doc/newsfragments/configuration-reading-non-ascii-windows.bugfix
 delete mode 100644 doc/newsfragments/dont-use-openssl-cli.bugfix
 delete mode 100644 doc/newsfragments/drop-target--option.feature
 delete mode 100644 doc/newsfragments/enable-crypto-by-default.feature
 delete mode 100644 doc/newsfragments/fingerprint-randomart.feature
 delete mode 100644 doc/newsfragments/fix-x11-paste.bugfix
 delete mode 100644 doc/newsfragments/gui-autostart.feature
 delete mode 100644 doc/newsfragments/gui-hotkey-multiple-actions.bugfix
 delete mode 100644 doc/newsfragments/gui-hotkey-special-keys-handling.bugfix
 delete mode 100644 doc/newsfragments/gui-keyboard-enabled-screen-layout.feature
 delete mode 100644 doc/newsfragments/keyboard-backlight-media-keys.feature
 delete mode 100644 doc/newsfragments/muhenkan-eisu-toggle-keys.feature
 delete mode 100644 doc/newsfragments/non-ascii-character-transfer.bugfix
 delete mode 100644 doc/newsfragments/profile-dir-option.feature
 delete mode 100644 doc/newsfragments/regenerate-broken-server-cert.bugfix
 delete mode 100644 doc/newsfragments/sha256-fingerprints.bugfix
 delete mode 100644 doc/newsfragments/sun-keyboard-keys.bugfix
 delete mode 100644 doc/newsfragments/translation_chinese.bugfix
 delete mode 100644 doc/newsfragments/translation_slovak.bugfix
 delete mode 100644 doc/newsfragments/use-theme-icons.bugfix
 delete mode 100644 doc/newsfragments/windows-service-path.bugfix

diff --git a/doc/newsfragments/build-failure-mipsel-riscv.bugfix b/doc/newsfragments/build-failure-mipsel-riscv.bugfix
deleted file mode 100644
index 4e0506ad..00000000
--- a/doc/newsfragments/build-failure-mipsel-riscv.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fix build failure on mips*el and riscv64 architecture.
diff --git a/doc/newsfragments/client-certificate-checking.bugfix b/doc/newsfragments/client-certificate-checking.bugfix
deleted file mode 100644
index 01d4d03d..00000000
--- a/doc/newsfragments/client-certificate-checking.bugfix
+++ /dev/null
@@ -1,7 +0,0 @@
-SECURITY ISSUE
-
-Barrier now supports client identity verification (fixes CVE-2021-42072, CVE-2021-42073).
-
-To support seamless upgrades from older versions of Barrier this is currently disabled by default.
-The feature can be enabled in the settings dialog. If enabled, older clients of Barrier will be
-rejected.
diff --git a/doc/newsfragments/client-send-certificate.feature b/doc/newsfragments/client-send-certificate.feature
deleted file mode 100644
index b5584290..00000000
--- a/doc/newsfragments/client-send-certificate.feature
+++ /dev/null
@@ -1 +0,0 @@
-Barrier client now sends certificate that the server can verify.
diff --git a/doc/newsfragments/configuration-reading-non-ascii-windows.bugfix b/doc/newsfragments/configuration-reading-non-ascii-windows.bugfix
deleted file mode 100644
index 05234a50..00000000
--- a/doc/newsfragments/configuration-reading-non-ascii-windows.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fixed reading of configuration on Windows when the paths contain non-ASCII characters (https://github.com/debauchee/barrier/issues/976, https://github.com/debauchee/barrier/issues/974, https://github.com/debauchee/barrier/issues/444).
diff --git a/doc/newsfragments/dont-use-openssl-cli.bugfix b/doc/newsfragments/dont-use-openssl-cli.bugfix
deleted file mode 100644
index 316d6abf..00000000
--- a/doc/newsfragments/dont-use-openssl-cli.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Barrier no longer uses openssl CLI tool for any operations and hooks into the openssl library directly.
diff --git a/doc/newsfragments/drop-target--option.feature b/doc/newsfragments/drop-target--option.feature
deleted file mode 100644
index a49763e3..00000000
--- a/doc/newsfragments/drop-target--option.feature
+++ /dev/null
@@ -1 +0,0 @@
-Added `--drop-target` option that improves drag and drop support on Windows when Barrier is being run as a portable app.
diff --git a/doc/newsfragments/enable-crypto-by-default.feature b/doc/newsfragments/enable-crypto-by-default.feature
deleted file mode 100644
index 0c633ee6..00000000
--- a/doc/newsfragments/enable-crypto-by-default.feature
+++ /dev/null
@@ -1,2 +0,0 @@
-The `--enable-crypto` command line option has been made the default to reduce chances of accidental security mishaps when configuring Barrier from command line.
-A new `--disable-crypto` command line option has been added to explicitly disable encryption.
diff --git a/doc/newsfragments/fingerprint-randomart.feature b/doc/newsfragments/fingerprint-randomart.feature
deleted file mode 100644
index 9ffced93..00000000
--- a/doc/newsfragments/fingerprint-randomart.feature
+++ /dev/null
@@ -1,3 +0,0 @@
-Added support for randomart images for easier comparison of SSL
-certificate fingerprints. The algorithm is identical to what
-OpenSSH uses.
diff --git a/doc/newsfragments/fix-x11-paste.bugfix b/doc/newsfragments/fix-x11-paste.bugfix
deleted file mode 100644
index af4da5b1..00000000
--- a/doc/newsfragments/fix-x11-paste.bugfix
+++ /dev/null
@@ -1 +0,0 @@
- Map more X11 clipboard MIME types to corresponding converters (https://github.com/debauchee/barrier/issues/344).
diff --git a/doc/newsfragments/gui-autostart.feature b/doc/newsfragments/gui-autostart.feature
deleted file mode 100644
index d75ca8d8..00000000
--- a/doc/newsfragments/gui-autostart.feature
+++ /dev/null
@@ -1 +0,0 @@
-Implemented a configuration option for Server GUI auto-start.
diff --git a/doc/newsfragments/gui-hotkey-multiple-actions.bugfix b/doc/newsfragments/gui-hotkey-multiple-actions.bugfix
deleted file mode 100644
index c78712b8..00000000
--- a/doc/newsfragments/gui-hotkey-multiple-actions.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fixed setup of multiple actions associated with a hotkey.
diff --git a/doc/newsfragments/gui-hotkey-special-keys-handling.bugfix b/doc/newsfragments/gui-hotkey-special-keys-handling.bugfix
deleted file mode 100644
index 5dd12a7e..00000000
--- a/doc/newsfragments/gui-hotkey-special-keys-handling.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fixed setup of hotkeys with special characters such as comma and semicolon (https://github.com/debauchee/barrier/issues/778).
diff --git a/doc/newsfragments/gui-keyboard-enabled-screen-layout.feature b/doc/newsfragments/gui-keyboard-enabled-screen-layout.feature
deleted file mode 100644
index 7e495376..00000000
--- a/doc/newsfragments/gui-keyboard-enabled-screen-layout.feature
+++ /dev/null
@@ -1 +0,0 @@
-Made it possible to use keyboard instead of mouse to modify screen layout.
diff --git a/doc/newsfragments/keyboard-backlight-media-keys.feature b/doc/newsfragments/keyboard-backlight-media-keys.feature
deleted file mode 100644
index 9566304b..00000000
--- a/doc/newsfragments/keyboard-backlight-media-keys.feature
+++ /dev/null
@@ -1 +0,0 @@
-Added support for keyboard backlight media keys
diff --git a/doc/newsfragments/muhenkan-eisu-toggle-keys.feature b/doc/newsfragments/muhenkan-eisu-toggle-keys.feature
deleted file mode 100644
index 2c5e7163..00000000
--- a/doc/newsfragments/muhenkan-eisu-toggle-keys.feature
+++ /dev/null
@@ -1 +0,0 @@
-Added support for Eisu_toggle and Muhenkan keys
diff --git a/doc/newsfragments/non-ascii-character-transfer.bugfix b/doc/newsfragments/non-ascii-character-transfer.bugfix
deleted file mode 100644
index 31051ce5..00000000
--- a/doc/newsfragments/non-ascii-character-transfer.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fixed transfer of non-ASCII characters coming from a Windows server in certain cases (https://github.com/debauchee/barrier/issues/527).
diff --git a/doc/newsfragments/profile-dir-option.feature b/doc/newsfragments/profile-dir-option.feature
deleted file mode 100644
index f4836c39..00000000
--- a/doc/newsfragments/profile-dir-option.feature
+++ /dev/null
@@ -1 +0,0 @@
-Added `--profile-dir` option that allows to select custom profile directory.
diff --git a/doc/newsfragments/regenerate-broken-server-cert.bugfix b/doc/newsfragments/regenerate-broken-server-cert.bugfix
deleted file mode 100644
index 8ea1df3c..00000000
--- a/doc/newsfragments/regenerate-broken-server-cert.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Barrier will now regenerate server certificate if it's invalid instead of failing to launch (https://github.com/debauchee/barrier/issues/802)
diff --git a/doc/newsfragments/sha256-fingerprints.bugfix b/doc/newsfragments/sha256-fingerprints.bugfix
deleted file mode 100644
index a724c3b5..00000000
--- a/doc/newsfragments/sha256-fingerprints.bugfix
+++ /dev/null
@@ -1,4 +0,0 @@
-Barrier now uses SHA256 fingerprints for establishing security of encrypted SSL connections.
-After upgrading client to new version the existing server fingerprint will need to be approved again.
-Client and server will show both SHA1 and SHA256 server fingerprints to allow interoperability
-with older versions of Barrier.
diff --git a/doc/newsfragments/sun-keyboard-keys.bugfix b/doc/newsfragments/sun-keyboard-keys.bugfix
deleted file mode 100644
index 83bc952f..00000000
--- a/doc/newsfragments/sun-keyboard-keys.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Added support for additional keys on Sun Microsystems USB keyboards (https://github.com/debauchee/barrier/issues/784).
diff --git a/doc/newsfragments/translation_chinese.bugfix b/doc/newsfragments/translation_chinese.bugfix
deleted file mode 100644
index cab219e0..00000000
--- a/doc/newsfragments/translation_chinese.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Updated Chinese translation.
diff --git a/doc/newsfragments/translation_slovak.bugfix b/doc/newsfragments/translation_slovak.bugfix
deleted file mode 100644
index ff46ce94..00000000
--- a/doc/newsfragments/translation_slovak.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Updated Slovak translation.
diff --git a/doc/newsfragments/use-theme-icons.bugfix b/doc/newsfragments/use-theme-icons.bugfix
deleted file mode 100644
index 9dae72ca..00000000
--- a/doc/newsfragments/use-theme-icons.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Theme icons are now preferred to icons distributed together with Barrier (https://github.com/debauchee/barrier/issues/471).
diff --git a/doc/newsfragments/windows-service-path.bugfix b/doc/newsfragments/windows-service-path.bugfix
deleted file mode 100644
index c418b0aa..00000000
--- a/doc/newsfragments/windows-service-path.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fixed incorrect setup of Barrier service path on Windows.
diff --git a/doc/release_notes/index.md b/doc/release_notes/index.md
index 006debb5..72d3a43b 100644
--- a/doc/release_notes/index.md
+++ b/doc/release_notes/index.md
@@ -3,6 +3,68 @@ Release notes
 
 [comment]: <> (towncrier release notes start)
 
+Barrier `2.4.0` ( `2021-11-01` )
+================================
+
+Security fixes
+--------------
+
+- Barrier now supports client identity verification (fixes CVE-2021-42072, CVE-2021-42073).
+
+  Previously a malicious client could connect to Barrier server without any authentication and
+  send application-level messages. This made the attack surface of Barrier significantly larger.
+  Additionally, in case the malicious client got possession of a valid screen name by brute forcing
+  or other means it could modify the clipboard contents of the server.
+
+  To support seamless upgrades from older versions of Barrier this is currently disabled by default.
+  The feature can be enabled in the settings dialog. If enabled, older clients of Barrier will be
+  rejected.
+
+- Barrier now uses SHA256 fingerprints for establishing security of encrypted SSL connections.
+  After upgrading client to new version the existing server fingerprint will need to be approved
+  again. Client and server will show both SHA1 and SHA256 server fingerprints to allow
+  interoperability with older versions of Barrier.
+
+Bug fixes
+---------
+
+- Fixed build failure on mips*el and riscv64 architecture.
+- Fixed reading of configuration on Windows when the paths contain non-ASCII characters
+(https://github.com/debauchee/barrier/issues/976, https://github.com/debauchee/barrier/issues/974,
+ https://github.com/debauchee/barrier/issues/444).
+- Barrier no longer uses openssl CLI tool for any operations and hooks into the openssl library directly.
+- More X11 clipboard MIME types have been mapped to corresponding converters (https://github.com/debauchee/barrier/issues/344).
+- Fixed setup of multiple actions associated with a hotkey.
+- Fixed setup of hotkeys with special characters such as comma and semicolon
+  (https://github.com/debauchee/barrier/issues/778).
+- Fixed transfer of non-ASCII characters coming from a Windows server in certain cases
+ (https://github.com/debauchee/barrier/issues/527).
+- Barrier will now regenerate server certificate if it's invalid instead of failing to launch
+ (https://github.com/debauchee/barrier/issues/802)
+- Added support for additional keys on Sun Microsystems USB keyboards
+ (https://github.com/debauchee/barrier/issues/784).
+- Updated Chinese translation.
+- Updated Slovak translation.
+- Theme icons are now preferred to icons distributed together with Barrier
+ (https://github.com/debauchee/barrier/issues/471).
+- Fixed incorrect setup of Barrier service path on Windows.
+
+Features
+--------
+
+- Added `--drop-target` option that improves drag and drop support on Windows when Barrier is
+  being run as a portable app.
+- The `--enable-crypto` command line option has been made the default to reduce chances of
+  accidental security mishaps when configuring Barrier from command line.
+  A new `--disable-crypto` command line option has been added to explicitly disable encryption.
+- Added support for randomart images for easier comparison of SSL certificate fingerprints.
+  The algorithm is identical to what OpenSSH uses.
+- Implemented a configuration option for Server GUI auto-start.
+- Made it possible to use keyboard instead of mouse to modify screen layout.
+- Added support for keyboard backlight media keys
+- Added support for Eisu_toggle and Muhenkan keys
+- Added `--profile-dir` option that allows to select custom profile directory.
+
 Barrier `2.3.4` ( `2021-11-01` )
 ================================