--- a/NEWS	Sun Sep 13 21:43:53 2009 -0400
+++ b/NEWS	Sun Sep 13 22:12:21 2009 -0400
@@ -1,3 +1,28 @@
+v1.2.5 2009-09-13  Timo Sirainen <tss@iki.fi>
+
+	* Authentication: DIGEST-MD5 and RPA mechanisms no longer require
+	  user's login realm to be listed in auth_realms. It only made
+	  configuration more difficult without really providing extra security.
+	* zlib plugin: Don't allow clients to save compressed data directly.
+	  This prevents users from exploiting (most of the) potential security
+	  holes in zlib/bzlib.
+
+	+ Added pop3_save_uidl setting.
+	+ dict quota: When updating quota and user isn't already in dict,
+	  recalculate and save the quota.
+	- file_set_size() was broken with OSes that didn't support
+	  posix_fallocate() (almost everyone except Linux), causing all kinds
+	  of index file errors.
+	- v1.2.4 index file handling could have caused an assert-crash
+	- IMAP: Fixes to QRESYNC extension.
+	- virtual plugin: Crashfix
+	- deliver: Don't send rejects to any messages that have Auto-Submitted
+	  header. This avoids emails loops.
+	- Maildir: Performance fixes, especially with maildir_very_dirty_syncs.
+	- Maildir++ quota: Limits weren't read early enough from maildirsize
+	  file (when quota limits not enforced by Dovecot)
+	- Message decoding fixes (mainly for IMAP SEARCH, Sieve).
+
 v1.2.4 2009-08-17  Timo Sirainen <tss@iki.fi>
 
 	* acl: When looking up ACL defaults, use global/local default files