Changes file for deprecation features from #19820

1 files changed, 31 insertions, 0 deletions

diff --git a/changes/deprecation b/changes/deprecation
new file mode 100644
index 0000000000..03a537a0b2
--- /dev/null
+++ b/changes/deprecation
@@ -0,0 +1,31 @@
+  o Major features (user interface):
+    - Tor now supports the ability to declare options deprecated, so that
+      we can recommend that people stop using them. Previously, this was
+      done in an ad-hoc way.
+      Closes ticket 19820.
+
+  o Minor features (user interface):
+    - There is a new --list-deprecated-options command-line option to list
+      all of the deprecated options. Implemented as part of ticket 19820.
+
+  o Deprecated features:
+    - A number of options are deprecated for security reasons, and may be
+      removed in a future version of Tor. The options are: AllowDotExit,
+      AllowInvalidNodes, AllowSingleHopCircuits, AllowSingleHopExits,
+      ClientDNSRejectInternalAddresses,
+      CloseHSClientCircuitsImmediatelyOnTimeout,
+      CloseHSServiceRendCircuitsImmediatelyOnTimeout, ExcludeSingleHopRelays,
+      FastFirstHopPK, TLSECGroup, UseNTorHandshake, and WarnUnsafeSocks.
+
+    - A number of DNS-cache-related sub-options for client ports are now
+      deprecated for security reasons, and may be removed in a future version
+      of Tor. (We believe that client-side DNS cacheing is a bad idea for
+      anonymity, and you should not turn it on.) The options are: CacheDNS,
+      CacheIPv4DNS, CacheIPv6DNS, UseDNSCache, UseIPv4Cache, and
+      UseIPv6Cache.
+
+    - The *ListenAddress options are now deprecated as unnecessary: the
+      corresponding *Port options should be used instead. These options may
+      someday be removed.  The affected options are: ControlListenAddress,
+      DNSListenAddress, DirListenAddress, NATDListenAddress, ORListenAddress,
+      SocksListenAddress, and TransListenAddress.