+* Changes in Wget X.Y.Z
+
+** Support HTTP/1.1
+
+** Fix some portability issues.
+
+** Handle properly malformed status line in a HTTP response.
+
+** Ignore zero length domains in $no_proxy.
+
+** Set new cookies after an authorization failure.
+
+** Exit with failure if -k is specified and -O is not a regular file.
+
+** Cope better with unclosed html tags.
+
+** Print diagnostic messages to stderr, not stdout.
+
+** Do not use an additional HEAD request when --content-disposition is used,
+ but use directly GET.
+
+** Report the average transfer speed correctly when multiple URL's are specified
+ and -c influences the transferred data amount.
+
+** GNU TLS backend works again.
+
+** Now --timestamping and --continue works well together.
+
+** By default, on server redirects, use the original URL to get the
+ local file name. Close CVE-2010-2252. This introduce a
+ backward-incompatibility, any script that relies on the old
+ behaviour must use --trust-server-names.
+
+** Fix a problem when -k is used and some URLs are specified trough
+ CSS.
+
+** Convert correctly URLs that need to be encoded to local files when following
+ links.
+
+** Use persistent connections with proxies supporting them.
+\f
+* Changes in Wget 1.12
+
+** Mailing list MOVED to bug-wget@gnu.org
+
+** SECURITY FIX: It had been possible to trick Wget into accepting
+SSL certificates that don't match the host name, through the trick of
+embedding NUL characters into the certs' common name. Fixed by Joao
+Ferreira <joao@joaoff.com>.