Add 8.7 changelog

CHANGELOG

@@ -1,3 +1,40 @@
+Version 8.7 - Dec 20th, 2023
+============================
+
+- Introduction of an ability to constrain a RPKI Trust Anchor's
+  effective signing authority to a limited set of Internet numbers. This
+  allows Relying Parties to enjoy the potential benefits of assuming
+  trust, but within a bounded scope. This distribution includes curated
+  constraints files. More information:
+  https://datatracker.ietf.org/doc/html/draft-snijders-constraining-rpki-trust-anchors
+
+- Following a 'failed fetch' (described in RFC 9286), emit a warning and
+  continue with a previously cached Manifest file, iff present & still
+  valid.
+
+- Emit a warning when the same manifestNumber is re-used across multiple
+  issuances.
+
+- Emit a warning when the remote repository presents a Manifest with an
+  unexpected manifestNumber. Purported new manifests are expected to
+  have a higher manifestNumber than previously validated manifests. If
+  the purported new manifest contains a manifestNumber value equal to or
+  lower than the manifestNumber of the previously validated & cached
+  manifest, the previously cached Manifest file is used. This warning
+  can be indicative of manifest replays or out-of-order publishing.
+
+- Require RPKI object files to be of a minimum of 100 bytes in both the
+  RRDP and RSYNC transports.
+
+- No longer synchronize directory modtimes in the local cache to align
+  with remote RSYNC repository sources.
+
+- Improved CRL extension checking.
+
+- Experimental support for the P-256 signature algorithm was added.
+
+- Various refactoring work.
+
 Version 8.6 - Oct 4th, 2023
 ==============================