* Version 2.0.19
 - The value for `netprobe_timeout` was read from the command-line, but
not from the configuration file any more. This is a regression introduced
in the previous version, that has been fixed.
 - The default value for netprobe timeouts has been raised to 60 seconds.
 - A hash of the body is added to query parameters when sending DoH
queries with the POST method in order to work around badly configured
proxies.

* Version 2.0.18
 - Official builds now support TLS 1.3.
 - The timeout for the initial connectivity check can now be set from
the command line.
 - An `Accept:` header is now always sent with `GET` queries.
 - BOMs are now ignored in configuration files.
 - In addition to SOCKS, HTTP and HTTPS proxies are now supported for
DoH servers.

* Version 2.0.17
 - Go >= 1.11 is now supported
 - The flipside is that Windows XP is not supported any more :(
 - When dropping privileges, there is no supervisor process any more.
 - DNS options used to be cleared from DNS queries, with the exception
of flags and payload sizes. This is not the case any more.
 - DoH queries are smaller, since workarounds are not required any more
after Google updated their implementation.

* Version 2.0.16
 - On Unix-like systems, the server can run as an unprivileged user,
and the main process will automatically restart if an error occurs.
 - pledge() on OpenBSD.
 - New "offline" mode to serve queries locally without contacting any
upstream servers. This can be especially useful along with the
cloaking module for local development.
 - New logo.
 - TTL of OPT records is properly ignored by the caching module.
 - The proxy doesn't quit any more if new TCP connections cannot be
created.

* Version 2.0.15
 - Support for proxies (HTTP/SOCKS) was added. All it takes to route
all TCP queries to Tor is add `proxy = "socks5://127.0.0.1:9050"` to
the configuration file.
 - Querylog files have a new record indicating the outcome of each
transaction.
 - Pre-built binaries for Linux are statically linked on all
architectures.

* Version 2.0.14
 - Supports DNS-over-HTTPS draft 08.
 - Netprobes don't use port 0 by default, as this causes issues with
Little Snitch and FreeBSD.

* Version 2.0.13
 - This version fixes a crash when using DoH for queries whose size
were a multiple of the block size. Reported by @char101, thanks!

* Version 2.0.12
 - Further compatibility fixes for Alpine Linux/i386 and Android/i386
have been made. Thanks to @aead for his help!
 - The proxy will now wait for network connectivity before starting.
This is useful if the proxy is automatically started at boot, possibly
before the network is fully configured.
 - The IPv6 blocking module now returns synthetic SOA records to
improve compatibility with downstream resolvers and stub resolvers.

* Version 2.0.11
 - This release fixes a long-standing bug that caused the proxy to
block or crash when Position-Independent Executables were produced.
This bug only showed up when compiled on (not for) Alpine Linux and
Android, for some CPU architectures.
 - New configuration settings: cache_neg_min_ttl and
cache_neg_max_ttl, to clamp the negative caching TTL.

* Version 2.0.10
 - This version fixes a crash when an incomplete size is sent by a
local client for a query over TCP.
 - Slight performance improvement of DNSCrypt on non-Intel CPUs such
as Raspberry Pi.

* Version 2.0.9
 - Whitelists have been implemented: one a name matches a pattern in
the whitelist, rules from the name-based and IP-based blacklists will
be bypassed. Whitelists support the same patterns as blacklists, as
well as time-based rules, so that some website can be normally
blocked, but accessible on specific days or times of the day.
 - Lists are now faster to load, and large lists require significantly
less memory than before.
 - New options have been added to disable TLS session tickets as well
as use a specific cipher suite. See the example configuration file for
a recommended configuration to speed up DoH servers on ARM such as
Android devices and Raspberry Pi.
 - The `-service install` command now remembers what the current
directory was when the service was installed, in order to later load
configuration files with relative paths.
 - DoH: The "Cache-Control: max-age" header is now ignored.
 - Patterns can now be prefixed with `=` to do exact matching:
`=example.com` matches `example.com` but will not match `www.example.com`.
 - Patterns are now fully supported by the cloaking module.
 - A new option was added to use a specific cipher suite instead of
the server's provided one. Using RSA+ChaChaPoly over ECDSA+AES-GCM has
shown to decrease CPU usage and latency when connecting to Cloudflare,
especially on Mips and ARM systems.
 - The ephemeral keys mode of dnscrypt-proxy v1.x was reimplemented: this
creates a new unique key for every single query.

* Version 2.0.8
 - Multiple URLs can be defined for a source in order to improve
resiliency when servers are temporarily unreachable.
 - Connections over IPv6 will be preferred over IPv4 for DoH servers
when using a fallback resolver if `ipv6_servers` is set.
 - Improvements have been made to the example systemd configuration
files.
 - The chacha20 implementation was updated to possibly fix a bug on
Android/x86.
 - `generate-domains-blacklist.py` can now parse dnsmasq-style rules.
 - FreeBSD/arm builds have been added.
 - `dnscrypt-proxy -list -json` and `-list-all -json` now include the
remove servers names and IP addresses.

* Version 2.0.7
 - Bug fix: optional ports were not properly parsed with IPv6
addresses -- thanks to @bleeee for the report and fix.
 - Bug fix: truncate TCP queries to the prefixed length.
 - Certificates are force-refreshed after a time jump (e.g. when a
system resumes from hibernation).

* Version 2.0.6
 - Automatic log files rotation was finally implemented.
 - A new -pidfile command-line option to write the PID file was added.

* Version 2.0.5
 - Fixes a crash occasionally happening when using DoH servers, with
stamps not containing any IP addresses, a DNSSEC-signed name, a
non-working system DNS configuration, and a fallback server supporting
DNSSEC.

* Version 2.0.4
 - Fixes a regression with truncated packets. Thanks to @mazesy and
@the-w1nd for spotting a case triggering this!

* Version 2.0.3
 - Load balancing: resolvers that respond promptly, but with bogus
responses are now gradually removed from the preferred pool.
 - Due to popular request, Android binaries are now available! Thanks
to @sporif for his help on getting these built.
 - Binaries are built using Go 1.10-final.

* Version 2.0.2
 - Properly error out on FreeBSD and other platforms where built-in
service installation is not supported yet.
 - Improved load-balancing algorithm, which should result in lower
latency.

* Version 2.0.1
 - Cached source data were not redownloaded if the proxy was used
without interruption. This has been fixed.
 - If the network is down at startup time, fall back to cached source
data, even if is it out of date, and schedule an immediate update
after the networks is back.
 - RTT estimation for DNS-over-HTTP/2 servers was off. This has been
fixed.
 - The generate-domains-blacklist script now has a configurable
timeout value, and can produce time-based rules.
 - The timeout parameter in the example configuration file didn't had
the correct name; this has been fixed.
 - Cache: TTLs are now decreasing.