-add updated response

1 files changed, 11 insertions, 0 deletions

diff --git a/template/news/2021-09.html.j2 b/template/news/2021-09.html.j2
index ca135824..af187ae3 100644
--- a/template/news/2021-09.html.j2
+++ b/template/news/2021-09.html.j2
@@ -17,6 +17,8 @@ Notable changes include:
 <li>NEW: Optional inventory management by the merchant backend</li>
 <li>NEW: Product image previews in contracts</li>
 <li>NEW: Packaged merchant point-of-sale and cashier Apps for F-Droid</li>
+<li>NEW: Better isolation of online private keys</li>
+<li>NEW: Better isolation of sensitive exchange configuration options</li>
 <li>Implemented long-polling support for refunds</li>
 <li>Improved the HTTP API of the merchant to be more RESTful and easier to use</li>
 <li>Improved message flow for tipping and refunds to ensure merchant knows
@@ -30,6 +32,15 @@ Notable changes include:
 <li>Availability of a documented API for the wallet core, now used by all user interfaces</li>
 <li>Various minor bugfixes and documentation improvements</li>
 </ul>
+<p>
+Some of the major changes are based on the security audit performed
+by Code Blau in 2020. In particular, they had recommended strengthening
+the isolation of the private keys, which is now implemented using the
+<tt>taler-exchange-secmod-*</tt> binaries that can run under a different
+user ID than the network-facing <tt>taler-exchange-httpd</tt> process.
+Our detailed response to the audit is available
+<a href="https://taler.net/papers/response-202109.pdf">here</a>.
+</p>
 
 <h4>Download links</h4>
 <p>