2 files changed, 11 insertions, 0 deletions

diff --git a/changes/bug19025 b/changes/bug19025
new file mode 100644
index 0000000000..0f365f52ba
--- /dev/null
+++ b/changes/bug19025
@@ -0,0 +1,4 @@
+  o Major bugfixes (DNS):
+    - Fix a bug that prevented exit nodes from caching DNS records for more
+      than 60 seconds.
+      Fixes bug 19025; bugfix on 0.2.4.7-alpha.
diff --git a/changes/ticket19769 b/changes/ticket19769
new file mode 100644
index 0000000000..9fc05c3e9e
--- /dev/null
+++ b/changes/ticket19769
@@ -0,0 +1,7 @@
+  o Major features (security):
+    - Change the algorithm used to decide DNS TTLs on client and server side,
+      to better resist DNS-based correlation attacks like the DefecTor attack
+      of Greschbach, Pulls, Roberts, Winter, and Feamster).  Now
+      relays only return one of two possible DNS TTL values, and clients
+      are willing to believe DNS TTL values up to 3 hours long.
+      Closes ticket 19769.