age: Document RSA pubkey size limit introduction in changelog

This was accidentally introduced via the `rsa 0.7` migration. It is however a useful default. Closes #421.
str4d · Dec 17, 2023 · e9eb2c2 · e9eb2c2
1 parent 8e5e516
commit e9eb2c2
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/age/CHANGELOG.md b/age/CHANGELOG.md
@@ -47,6 +47,11 @@ to 1.0.0 are beta releases.
 - Support for encrypted OpenSSH keys exported from 1Password.
 
 ## [0.9.0] - 2022-10-27
+### Security
+- `age::ssh::Recipient::SshRsa` now has a maximum modulus size of 4096 bits, to
+  prevent a Denial of Service (DoS) condition when encrypting to untrusted
+  public keys.
+
 ### Added
 - `age::armor::ArmoredReadError`, used to wrap armor-specific read errors inside
   `std::io::Error`.
@@ -55,6 +60,7 @@ to 1.0.0 are beta releases.
 
 ### Changed
 - MSRV is now 1.59.0.
+- Migrated to `rsa 0.7`.
 - `age::Encryptor::with_recipients` now returns `Option<Encryptor>`, with `None`
   returned if the provided list of recipients is empty (to prevent files being
   encrypted to no recipients). The `recipients` argument is also now