Irrd

one change relating to referential integrity validation
between RPSL objects.

In earlier versions of IRRd, the `members` attribute of
an `as-set`, along with several others,
were strongly validated[1]. This meant it was not possible
to add or update an `as-set`, if some of the members were
not valid objects in the same source. The same applied
to fields like `member-of` in a `route-set`.

In IRRd 4.0.3, all references from `members`, `mp-member`,
`mbrs-by-ref` and `member-of` are weak references. Their
syntax is validated, e.g. for `as-set` members, values must
be a valid `as-set` name or a valid AS number. However, there
is no validation on whether the objects actually exist.
It is also possible to delete e.g. a `route-set`, even when
the object is still listed in the `member-of` in a `route`
object, or to reference a maintainer that does not exist
in a `mbrs-by-ref`.

[1] https://github.com/irrdnet/irrd4/pull/240

* A bug in IPv4 addresses in access lists[1] IPv6-mapped
IPv4 addresses would be rejected, even when they were
listed in the access list.
* Ignoring of *xx object classes[2], even in strict mode,
as these are harmless artifacts sometimes produced by
legacy IRRd versions.
* Adding an irrd_mirror_force_reload[3] command, to force
a reload of a particular mirror. The ``irrd_load_data``
command was not well suited for this, and the documentation
provides guidance on when to use which command.

IRRd 4.0.2 is entirely backwards compatible with 4.0.0.

[1] https://github.com/irrdnet/irrd4/issues/237
[2] https://github.com/irrdnet/irrd4/issues/232
[3] https://github.com/irrdnet/irrd4/issues/233

the twisted version to 19.2.1 to ensure CVE-2019-12387 is
fixed.

The bug in object deletion prevented the deletion of
objects with no inbound references, such as certain route
objects. CVE-2019-12387 likely did not affect IRRd, as it
affected components of twisted that are not directly used
in IRRd, but upgrading is recommended to be sure.

IRRd 4.0.1 is entirely backwards compatible with 4.0.0.

[1] https://github.com/irrdnet/irrd4/issues/228

* Fix 212 - Restrict mntner creation to override password (219)
* Disable nagle on whois sockets (218)
* Fix 217 - Replace orderedset with more recent ordered-set dependency.
* Updated dependencies

NOTE: this release introduces a backwards incompatibility. The preloading feature adds a requirement for an `--irrd_pidfile` argument to the `irrd_load_database` and `irrd_submit_email` commands.

- Fix 184 - Add preloading for routes per origin.
- Fix 192 - Resolve as(-sets) contained in route-sets
- Fix 196 - Correct query source search order.
- Fix 172 - Add irrd_load_database command for manual loading of sources
- Fix 200 - Clarify error messages for queries with missing parameter
- Updated dependencies.