--- CBOR-XS/Changes	2013/12/01 14:48:00	1.40
+++ CBOR-XS/Changes	2023/09/07 23:52:24	1.96
@@ -3,10 +3,147 @@
 TODO: pack_keys?
 TODO: document encode_cbor_sharing?
 TODO: weaken cyclic structures?
+TODO: large negative integers
+TODO: type cast tests.
+TODO: round-tripping of types, such as float16 - maybe types::Serialiser support?
+TODO: possibly implement https://peteroupc.github.io/CBOR/extended.html, but NaNs are nonportable. rely on libecb?
+TODO: https://github.com/svaarala/cbor-specs/blob/master/cbor-nonutf8-string-tags.rst, but maybe that is overkill?
 
-1.11
+TODO: as_object -> key value pair list to allow non-string hash keys
+TODO: sharefdref should not shar references, but copies of references to the same referent
+	- \0, \1, \undef do not work, and were not intended to ever work, as
+          special values, despite being mentioned in the documentation (reported
+          by nuclightq).
+
+1.86 Thu 04 Nov 2021 17:48:16 CET
+	- fixed a wrong printf format specifier (reported by Petr Písař).
+
+1.85 Sat 23 Oct 2021 04:59:56 CEST
+	- left debugging printf in code, need a test for that :(
+
+1.84 Thu 21 Oct 2021 03:11:52 CEST
+	- fix a bug in validate_utf8 where we call perl's is_utf8_string with
+          a lenght of zero for empty strings, but perl interprets that as
+          "calculate length", causing spurious validation errors for
+          empty strings.
+	- include validate_utf8 in new_safe.
+	- avoid some warnings.
+
+1.83 Tue Dec  8 09:27:06 CET 2020
+	- add CBOR::XS::as_map cast function.
+
+1.82 Tue Dec  1 02:47:40 CET 2020
+	- add CBOR::XS::as_bool cast function.
+
+1.81 Mon Nov 30 19:29:33 CET 2020
+	- cast functions were broken due to last-minute renaming. thats
+          what you get for not having a tessuite.
+	- Math::BigInt and Math::BigFloat are pretty broken (again),
+          so disable some tests. (try printing the bigfloat
+          799999999999999999998E99999999999999999998).
+
+1.8  Sun Nov 29 22:35:13 CET 2020
+	- experimental support for some type casts, as well as embedding
+          raw cbor data.
+
+1.71 Thu Nov 15 20:52:13 CET 2018
+	- work around what smells like a perl bug w.r.t. exceptions
+          thrown in callbacks.
+	- update libecb.
+
+1.7  Tue Jun 27 04:02:23 CEST 2017
+	- SECURITY FIX: fix two bugs found by american fuzzy lop,
+          upgrade is advised if you accept data from untrusted
+          sources.
+        - an out-of bound sharedref or stringref index could cause an
+          out of bounds access - might be exploitable.
+        - a decoding error during indefinite array or hash decoding
+          could cause an endless loop.
+
+1.6  Wed Dec  7 15:13:23 CET 2016
+        - greatly expand the SECURITY IMPLICATIONS and similar sections.
+        - new constructor new_safe, to create a secure CBOR::XS object.
+        - new option forbid_objects, to disallow serialisation.
+        - new CBOR::XS::safe_filter functionality.
+        - fix a crash when decoding a cyclic data structure using
+          stringref/pack_strings when allow_cycles is disabled.
+        - fix a crash when decoding hash keys with length >= 2**31.
+        - avoid unreasonably long decoding times for certain
+          types of (corrupt) cbor texts.
+        - support arrays and hashes with >= 2**31 members.
+        - avoid overflow on pointer arithmetic when checking whether enough
+          data is available.
+        - fix a memory leak that occured when decoding failed while decoding
+          a tagged value.
+        - do not leak the partially constructed result when stringifying
+          a hash key throws an exception.
+        - various code size and efficiency optimizations (reduced code
+          from 42 to 40kB on my system, despite the new features).
+
+1.5  Wed Apr 27 11:38:39 CEST 2016
+        - Math::BigFloat madness workaround, see
+          http://blog.schmorp.de/2016-04-23-mathbigfloat-maintainer-fail.html
+          (bugreport by zdm@softvisio.net).
+        - add text_keys and text_strings options to force CBOR text encoding
+          for perl hash keys or all strings, as a result of discussions
+          with Fredrik Ljunggren.
+        - implement support for arbitrary-exponent numbers (see
+          http://peteroupc.github.io/CBOR/bigfrac.html, tags 264 and 265)
+          for both en- and decoding.
+        - implement support for rational numbers (see
+          http://peteroupc.github.io/CBOR/rational.html, tag 30) for both
+          en- and decoding.
+        - the above effectively implements all registered CBOR extensions
+          in a sensible manner.
+        - remove some weird dead code that was duplicated (%FILTER).
+        - add t/58_hv.t, which tests hashes and the new text_* flags.
+          hashes apparently were not encoded at all in any of the existing
+          tests.
+        - document Math::BigFloat base-2 performance/crash issues.
+        - use stability canary.
+
+1.41 Thu 25 Feb 15:22:03 CET 2016
+	- avoid perl panics on nested FREEZE/THAW calls (testcase by
+          Victor Efimov).
+
+1.4  Mon Feb  8 05:10:15 CET 2016
+        - buffer overflow fix: a fast path during decoding did not check
+          remaining length when decoding hash keys, found by fuzzing.
+          This can potentially leak information in the error message
+          or crash the process.
+	- use C style { 0 } struct initializer.
+        - upgrade libecb.
+
+1.3  Mon Apr 27 22:21:04 CEST 2015
+	- the incremental parser didn't properly parse tagged values
+          (testcase by Mons Anderson).
+	- slightly speed up encoding of plain (nonmagical) arrays.
+        - try to clarify further that effectively all 32 bit architectures
+          have 64 bit integer support.
+        - upgrade libecb.
+
+1.26 Sat Oct 25 08:35:44 CEST 2014
+	- update the t/57_incr.t subtest that would rely on 64 bit ints.
+        - disable t/50_rfc.t test that fails because of broken data::dumper.
+
+1.25 Sun Jan  5 15:19:14 CET 2014
+	- map key decoding was pretty much botched due to the recent cleanups.
+	- work around Time::Piece->epoch returning a string value, avoid encoding
+          this as a tag 1 string.
+        - enable more testcases in t/50_rfc.t, now that they work :)
+
+1.2  Tue Dec 10 22:06:42 CET 2013
+	- implement an incremental decoder.
+
+1.12 Tue Dec  3 11:23:22 CET 2013
+	- work around broken Time::Piece (in old versions of the module, %z doesn't
+          work as documented, gives different results on different platforms(!)).
+
+1.11 Sun Dec  1 18:00:00 CET 2013
 	- new setting: validate_utf8, for when you can't trust your cbor data.
         - do not leak memory on decoding errors, when allow_cycles is enabled.
+        - add default filters for tags 0 and 1, using Time::Piece.
+        - more tests added.
 
 1.1  Sat Nov 30 19:14:27 CET 2013
 	- INCOMPATIBLE CHANGE: new decoder setting: allow_cyclic, needed to decode