remove release notes entries made moot by security point releases

Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>

diff --git a/docs/RELEASE_NOTES_NEXT/Architecture/DoS-protection.adoc b/docs/RELEASE_NOTES_NEXT/Architecture/DoS-protection.adoc
deleted file mode 100644 (file)
index 929c36a..0000000
--- a/docs/RELEASE_NOTES_NEXT/Architecture/DoS-protection.adoc
+++ /dev/null
@@ -1,10 +0,0 @@
-== DoS Protection ==
-
-Here we add two ways to protect against denial of service attacks:
- * Limit concurrent search requests per client IP address
-  ** This helps address issues of accidental spamming from a malfunctioning OPAC workstation, or web crawlers of various types.  The limit is controlled by a global flag called *opac.max_concurrent_search.ip*.  By default there is no limit set.
- * Limit the global concurrent search requests for the same query
-  ** This helps address both simple and distributed DoS that send the same search request over and over.  The limit is controlled by a global flag called *opac.max_concurrent_search.query*, and defaults to 20.
-
-When a limit is exceeded the client receives an HTTP 429 "Too many requests" response from the web server, and the connection is ended.
-

diff --git a/docs/RELEASE_NOTES_NEXT/OPAC/qtype-param-protection.adoc b/docs/RELEASE_NOTES_NEXT/OPAC/qtype-param-protection.adoc
deleted file mode 100644 (file)
index a4931b5..0000000
--- a/docs/RELEASE_NOTES_NEXT/OPAC/qtype-param-protection.adoc
+++ /dev/null
@@ -1,11 +0,0 @@
-== Protect qtype CGI parameter ==
-
-Malicious DoS attempts have been witnessed in the wild making use of
-the fact that Evergreen does not check the contents of the qtype CGI
-parameter.  While these fail their intent, it would be better to
-simply drop such searches on the floor when they're seen.
-
-Evergreen will now confirm that the search class in the qtype parameter
-is valid, and that the remainder of the value is structured correctly,
-before processing the search request.
-