--------------------------------------------------------------------------------
-not yet released:
+fetchmail-6.3.20 (not yet released):
+
+# CHANGES
+* fetchmail no longer supports SSL v2, nor the corresponding SSL2 option to
+ --sslproto. SSLv2 is insecure and had been deprecated 15 years ago. fetchmail
+ will actively forbid SSLv2 negotiation by means of SSL_OP_NO_SSLv2.
+ To fix Debian Bug#622054.
+* fetchmail now always uses its own MD5 implementation. The library and header
+ variants are too diverse, and we've been bitten before -- and configure
+ complains noisily on Cyrus-SASL's RFC1321 md5.h.
# TRANSLATION UPDATES
[ja] Japanese (Takeshi Hamasaki)