Merge branch 'topic/timw/7.1-news-updates'

* topic/timw/7.1-news-updates:
  Add note about various dependency updates [nomail] [skip ci]
  NEWS additions for v7.1 [nomail] [skip ci]

CHANGES

@@ -1,3 +1,9 @@
+7.1.0-dev.790 | 2024-12-12 11:33:01 -0700
+
+  * Add note about various dependency updates [nomail] [skip ci] (Tim Wojtulewicz, Corelight)
+
+  * NEWS additions for v7.1 [nomail] [skip ci] (Tim Wojtulewicz, Corelight)
+
 7.1.0-dev.787 | 2024-12-12 14:45:39 +0100
 
   * Pre-compute the node topics for all pool entries. (Justin Azoff, Corelight)

NEWS

@@ -30,6 +30,18 @@ Breaking Changes
 New Functionality
 -----------------
 
+- The following dependencies have had updates:
+
+  - The bundled version of Spicy was updated to 1.12.0. See
+    https://github.com/zeek/spicy/releases/tag/v1.12.0 for notes on what's new
+    with Spicy.
+
+  - The bundled version of c-ares has been updated to v1.34.2, which required
+    some updates to Zeek's internal DNS resolver due to changes in the c-ares
+    API. At least version v1.28.0 is now required to build Zeek.
+
+  - Python 3.9 is now required for Zeek and all of it's associated subprojects.
+
 - IP-based connections that were previously not logged due to using an unknown
   IP protocol (e.g. not TCP, UDP, or ICMP) now appear in conn.log. All conn.log
   entries have a new ``ip_proto`` column that indicates the numeric IP protocol
@@ -119,8 +131,8 @@ New Functionality
   analyzer used for processing the packet when the event is raised. The
   ``unknown_protocol.log`` file was extended to include this information.
 
-- The MySQL analyzer now generates a ``mysql_user_change()`` event when
+- The MySQL analyzer now generates a ``mysql_user_change()`` event when the user
-  the user changes mid-session via the ``COM_USER_CHANGE`` command.
+  changes mid-session via the ``COM_USER_CHANGE`` command.
 
 - The DNS analyzer was extended to support TKEY RRs (RFC 2390). A corresponding
   ``dns_TKEY`` event was added.
@@ -182,6 +194,12 @@ New Functionality
   The analyzer is currently mostly interesting if you want to experiment with
   SSL; we do not yet recommend to enable it in normal Zeek deployments.
 
+- The majority of the metrics reported via stats.log are also now reported via
+  the Telemetry framework, and are visible in the output passed to Prometheus.
+
+- A new weird ``DNS_unknown_opcode`` was added to the DNS analyzer to report
+  when it receives opcodes that it cannot process.
+
 Changed Functionality
 ---------------------
 
@@ -226,8 +244,9 @@ Changed Functionality
   Previously, ``network_time()`` was used. This matters if ``Broker::publish()``
   is called within scheduled events or called within remote events.
 
-Removed Functionality
+- The SSL analyzer now reports the correct version when an SSLv2 client hello is
----------------------
+  used. Zeek previously always reported these as v2, even when the v2 client
+  hello indicated support for a later version of SSL.
 
 Deprecated Functionality
 ------------------------

VERSION

@@ -1 +1 @@
-7.1.0-dev.787
+7.1.0-dev.790