Clarify RELEASES.md.

briansmith · briansmith · commit c0b2e84797bd · 2025-03-06T12:13:18.000-08:00
diff --git a/RELEASES.md b/RELEASES.md
@@ -2,14 +2,17 @@ Version 0.17.12 (2025-03-05)
 ============================
 Bug fix: https://github.com/briansmith/ring/pull/2447 for denial of service (DoS).
 
-Fixes a panic in `ring::aead::quic::HeaderProtectionKey::new_mask()` when
-integer overflow checking is enabled. Integer overflow checking is not enabled
-in release mode by default, but `RUSTFLAGS="-C overflow-checks"` or
-`overflow-checks = true` in the Cargo.toml profile can override this.
+* Fixes a panic in `ring::aead::quic::HeaderProtectionKey::new_mask()` when
+integer overflow checking is enabled.
 
-Fixes a panic in when using `ring::aead::{AES_128_GCM, AES_256_GCM}` when
-integer overflow checking is enabled, when  encrypting/decrypting approximately
-68,719,476,700 bytes (about 64 gigabytes) of data in a single chunk. Integer
-overflow checking is not enabled in release mode by default, but
+* Fixes a panic on 64-bit targets in `ring::aead::{AES_128_GCM, AES_256_GCM}`
+when overflow checking is enabled, when encrypting/decrypting approximately
+68,719,476,700 bytes (about 64 gigabytes) of data in a single chunk. Protocols
+like TLS and SSH are not affected by this because those protocols break large 
+amounts of data into small chunks. Similarly, most applications will not
+attempt to encrypt/decrypt 64GB of data in one chunk.
+
+Overflow checking is not enabled in release mode by default, but
 `RUSTFLAGS="-C overflow-checks"` or `overflow-checks = true` in the Cargo.toml
-profile can override this.
+profile can override this. Overflow checking is usually enabled by default in
+debug mode.
