krb5 commit: Update features list for 1.21

[ghudson at mit.edu]

https://github.com/krb5/krb5/commit/49d6ae210d3b376f3263b171709e75fd74b9dd8b
commit 49d6ae210d3b376f3263b171709e75fd74b9dd8b
Author: Greg Hudson <ghudson at mit.edu>
Date:   Thu Apr 13 12:27:03 2023 -0400

    Update features list for 1.21

 doc/mitK5features.rst | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/doc/mitK5features.rst b/doc/mitK5features.rst
index ca2d6ef11..10effcf17 100644
--- a/doc/mitK5features.rst
+++ b/doc/mitK5features.rst
@@ -642,6 +642,48 @@ Release 1.20
 
   - Converted the remaining Tcl tests to Python.
 
+Release 1.21
+
+* User experience:
+
+  - Added a credential cache type providing compatibility with the
+    macOS 11 native credential cache.
+
+* Developer experience:
+
+  - libkadm5 will use the provided krb5_context object to read
+    configuration values, instead of creating its own.
+
+  - Added an interface to retrieve the ticket session key from a GSS
+    context.
+
+* Protocol evolution:
+
+  - The KDC will no longer issue tickets with RC4 or triple-DES
+    session keys unless explicitly configured with the new allow_rc4
+    or allow_des3 variables respectively.
+
+  - The KDC will assume that all services can handle aes256-sha1
+    session keys unless the service principal has a session_enctypes
+    string attribute.
+
+  - Support for PAC full KDC checksums has been added to mitigate an
+    S4U2Proxy privilege escalation attack.
+
+  - The PKINIT client will advertise a more modern set of supported
+    CMS algorithms.
+
+* Code quality:
+
+  - Removed unused code in libkrb5, libkrb5support, and the PKINIT
+    module.
+
+  - Modernized the KDC code for processing TGS requests, the code for
+    encrypting and decrypting key data, the PAC handling code, and the
+    GSS library packet parsing and composition code.
+
+  - Improved the test framework's detection of memory errors in daemon
+    processes when used with asan.
 
 `Pre-authentication mechanisms`