1 files changed, 80 insertions, 1 deletions

diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index 0093f3b..cfa0b1c 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -86,6 +86,19 @@ New Features
 
     Library:
     --------
+    - Add an enumerated value to H5F_libver_t for H5Pset_libver_bounds().
+
+      Currently, the library defines two values for H5F_libver_t and supports
+      only two pairs of (low, high) combinations as derived from these values. 
+      Thus the bounds setting via H5Pset_libver_bounds() is rather restricted.
+
+      Add an enumerated value (H5F_LIBVER_V18) to H5F_libver_t and 
+      H5Pset_libver_bounds() now supports five pairs of (low, high) combinations 
+      as derived from these values.  This addition provides the user more 
+      flexibility in setting bounds for object creation.
+
+      (VC - 2018/03/14)
+
     - Add prefix option to VDS files.
 
       Currently, VDS source files must be in the active directory to be
@@ -271,6 +284,17 @@ Bug Fixes since HDF5-1.10.1 release
 
     Library
     -------
+    - Freeing of object header in H5Ocache.c
+
+      It was discovered that the object header was not released properly
+      when the checksum verification failed and a re-load of the object
+      header was needed.
+
+      Free the object header that failed the chksum verification only
+      after the new object header is reloaded, deserialized and set up.
+
+      (VC - 2018/03/14, HDFFV-10209)
+
     - H5Pset_evict_on_close in H5Pfapl.c
 
       Changed the minor error number from H5E_CANTSET to H5E_UNSUPPORTED for
@@ -362,6 +386,26 @@ Bug Fixes since HDF5-1.10.1 release
 
       (DER - 2018/02/26, HDFFV-10355)
 
+    - If an HDF5 file contains a malformed compound datatype with a
+      suitably large offset, the type conversion code can run off
+      the end of the type conversion buffer, causing a segmentation
+      fault.
+
+      This issue was reported to The HDF Group as issue #CVE-2017-17507.
+
+      NOTE: The HDF5 C library cannot produce such a file. This condition
+            should only occur in a corrupt (or deliberately altered) file
+            or a file created by third-party software.
+
+      THE HDF GROUP WILL NOT FIX THIS BUG AT THIS TIME
+
+      Fixing this problem would involve updating the publicly visible
+      H5T_conv_t function pointer typedef and versioning the API calls
+      which use it. We normally only modify the public API during
+      major releases, so this bug will not be fixed at this time.
+
+      (DER - 2018/02/26, HDFFV-10356)
+
     - If an HDF5 file contains a malformed compound type which contains
       a member of size zero, a division by zero error will occur while
       processing the type.
@@ -377,6 +421,23 @@ Bug Fixes since HDF5-1.10.1 release
 
       (DER - 2018/02/26, HDFFV-10357)
 
+    - If an HDF5 file contains a malformed symbol table node that declares
+      it contains more symbols than it actually contains, the library
+      can run off the end of the metadata cache buffer while processing
+      the symbol table node.
+
+      This issue was reported to The HDF Group as issue #CVE-2017-17509.
+
+      NOTE: The HDF5 C library cannot produce such a file. This condition
+            should only occur in a corrupt (or deliberately altered) file
+            or a file created by third-party software.
+
+      Performing bounds checks on the buffer while processing fixes the
+      problem. Instead of the segmentation fault, the normal HDF5 error
+      handling is invoked.
+
+      (DER - 2018/03/12, HDFFV-10358)
+
     Configuration
     -------------
     - CMake
@@ -455,6 +516,20 @@ Bug Fixes since HDF5-1.10.1 release
 
     Tools
     -----
+    - h5clear
+
+      An enhancement to the tool in setting a file's stored EOA.
+
+      It was discovered that a crashed file's stored EOA in the superblock
+      was smaller than the actual file's EOF.  When the file was reopened
+      and closed, the library truncated the file to the stored EOA.
+
+      Add an option to the tool in setting the file's stored EOA in the
+      superblock to the maximum of (EOA, EOF) + increment.  
+      Another option is also added to print the file's EOA and EOF.
+
+      (VC - 2018/03/14, HDFFV-10360)
+
     - h5repack
 
       h5repack changes the chunk parameters when a change of layout is not
@@ -647,7 +722,11 @@ Bug Fixes since HDF5-1.10.1 release
 
     Testing
     -------
-    -
+    - Memory for three variables in testphdf5's coll_write_test was malloced 
+      but not freed, leaking memory when running the test.  The variables' 
+      memory is now freed.
+
+      (LRK - 2018/03/12, HDFFV-10397)
 
 Supported Platforms
 ===================