2 files changed, 34 insertions, 14 deletions

diff --git a/static/papers/response-202109.pdf b/static/papers/response-202109.pdf
new file mode 100644
index 0000000..af0ae14
--- /dev/null
+++ b/static/papers/response-202109.pdf
diff --git a/template/news/2021-09.html.j2 b/template/news/2021-09.html.j2
index ca13582..7eb1d87 100644
--- a/template/news/2021-09.html.j2
+++ b/template/news/2021-09.html.j2
@@ -17,6 +17,8 @@ Notable changes include:
 <li>NEW: Optional inventory management by the merchant backend</li>
 <li>NEW: Product image previews in contracts</li>
 <li>NEW: Packaged merchant point-of-sale and cashier Apps for F-Droid</li>
+<li>NEW: Better isolation of online private keys</li>
+<li>NEW: Better isolation of sensitive exchange configuration options</li>
 <li>Implemented long-polling support for refunds</li>
 <li>Improved the HTTP API of the merchant to be more RESTful and easier to use</li>
 <li>Improved message flow for tipping and refunds to ensure merchant knows
@@ -31,6 +33,19 @@ Notable changes include:
 <li>Various minor bugfixes and documentation improvements</li>
 </ul>
 
+<p>
+Some of the major changes are based on the security audit performed by Code
+Blau in 2020. Addressing these recommendations was done as part of the NLnet
+Grant 2019-06-28 funded by the European Commissions great <a
+href="https://ngi.eu/">Next Generation Internet</a> initiative under grant
+agreement number 825310. In particular, Code Blau had recommended
+strengthening the isolation of the private keys, which is now implemented
+using the <tt>taler-exchange-secmod-*</tt> binaries that can run under a
+different user ID than the network-facing <tt>taler-exchange-httpd</tt>
+process.  Our detailed response to the audit is available
+<a href="https://taler.net/papers/response-202109.pdf">here</a>.
+</p>
+
 <h4>Download links</h4>
 <p>
 The wallet has its own download site <a
@@ -39,27 +54,32 @@ sync and bank components are distributed via the GNU FTP mirrors.
 </p>
 <ul>
 
-<li><a href="http://ftpmirror.gnu.org/taler/taler-exchange-0.8.1.tar.gz">http://ftpmirror.gnu.org/taler/taler-exchange-0.8.1.tar.gz</a></li>
-<li><a href="http://ftpmirror.gnu.org/taler/taler-exchange-0.8.1.tar.gz.sig">http://ftpmirror.gnu.org/taler/taler-exchange-0.8.1.tar.gz.sig</a></li>
-<li><a href="http://ftpmirror.gnu.org/taler/taler-merchant-0.8.0.tar.gz">http://ftpmirror.gnu.org/taler/taler-merchant-0.8.0.tar.gz</a></li>
-<li><a href="http://ftpmirror.gnu.org/taler/taler-merchant-0.8.0.tar.gz.sig">http://ftpmirror.gnu.org/taler/taler-merchant-0.8.0.tar.gz.sig</a></li>
-<li><a href="http://ftpmirror.gnu.org/taler/taler-bank-0.8.1.tar.gz">http://ftpmirror.gnu.org/taler/taler-bank-0.8.1.tar.gz</a></li>
-<li><a href="http://ftpmirror.gnu.org/taler/taler-bank-0.8.1.tar.gz.sig">http://ftpmirror.gnu.org/taler/taler-bank-0.8.1.tar.gz.sig</a></li>
+<li><a href="http://ftpmirror.gnu.org/taler/taler-exchange-0.8.3.tar.gz">http://ftpmirror.gnu.org/taler/taler-exchange-0.8.3.tar.gz</a></li>
+<li><a href="http://ftpmirror.gnu.org/taler/taler-exchange-0.8.3.tar.gz.sig">http://ftpmirror.gnu.org/taler/taler-exchange-0.8.3.tar.gz.sig</a></li>
+<li><a href="http://ftpmirror.gnu.org/taler/taler-bank-0.8.2.tar.gz">http://ftpmirror.gnu.org/taler/taler-bank-0.8.2.tar.gz</a></li>
+<li><a href="http://ftpmirror.gnu.org/taler/taler-bank-0.8.2.tar.gz.sig">http://ftpmirror.gnu.org/taler/taler-bank-0.8.2.tar.gz.sig</a></li>
 
+<!-- Still under review, but uploaded:
+<li><a href="http://ftpmirror.gnu.org/taler/taler-merchant-0.8.1.tar.gz">http://ftpmirror.gnu.org/taler/taler-merchant-0.8.1.tar.gz</a></li>
+<li><a href="http://ftpmirror.gnu.org/taler/taler-merchant-0.8.1.tar.gz.sig">http://ftpmirror.gnu.org/taler/taler-merchant-0.8.1.tar.gz.sig</a></li>
+-->
+
+<!-- STILL TO BE FINISHED, TAGGED & UPLOADED:
 <li><a href="http://ftpmirror.gnu.org/taler/libeufin-0.0.0.tar.gz">http://ftpmirror.gnu.org/taler/libeufin-0.0.0.tar.gz</a></li>
 <li><a href="http://ftpmirror.gnu.org/taler/libeufin-0.0.0.tar.gz.sig">http://ftpmirror.gnu.org/taler/libeufin-0.0.0.tar.gz.sig</a></li>
 
-<!-- STILL TO BE UPLOADED!
 <li><a href="http://ftpmirror.gnu.org/taler/taler-wallet-webex-0.6.0.tar.gz">http://ftpmirror.gnu.org/taler/taler-wallet-webex-0.6.0.tar.gz</a></li>
 <li><a href="http://ftpmirror.gnu.org/taler/taler-wallet-webex-0.6.0.tar.gz.sig">http://ftpmirror.gnu.org/taler/taler-wallet-webex-0.6.0.tar.gz.sig</a></li>
 -->
-<li><a href="http://ftpmirror.gnu.org/taler/sync-0.8.1.tar.gz">http://ftpmirror.gnu.org/taler/sync-0.8.1.tar.gz</a></li>
-<li><a href="http://ftpmirror.gnu.org/taler/sync-0.8.1.tar.gz.sig">http://ftpmirror.gnu.org/taler/sync-0.8.1.tar.gz.sig</a></li>
-<li><a href="http://ftpmirror.gnu.org/taler/taler-mdb-0.8.1.tar.gz">http://ftpmirror.gnu.org/taler/taler-mdb-0.8.1.tar.gz</a></li>
-<li><a href="http://ftpmirror.gnu.org/taler/taler-mdb-0.8.1.tar.gz.sig">http://ftpmirror.gnu.org/taler/taler-mdb-0.8.1.tar.gz.sig</a></li>
-</ul>
-You must install GNUnet v0.15.0 to compile GNU Taler 0.8.
 
-You must first install <a href="https://gnunet.org/en/news/2020-11-0.15.0.html">GNUnet v0.15.0</a> to compile GNU Taler 0.8.
+<!-- DONE: -->
+<li><a href="http://ftpmirror.gnu.org/taler/sync-0.8.2.tar.gz">http://ftpmirror.gnu.org/taler/sync-0.8.2.tar.gz</a></li>
+<li><a href="http://ftpmirror.gnu.org/taler/sync-0.8.2.tar.gz.sig">http://ftpmirror.gnu.org/taler/sync-0.8.2.tar.gz.sig</a></li>
+<li><a href="http://ftpmirror.gnu.org/taler/taler-mdb-0.8.2.tar.gz">http://ftpmirror.gnu.org/taler/taler-mdb-0.8.2.tar.gz</a></li>
+<li><a href="http://ftpmirror.gnu.org/taler/taler-mdb-0.8.2.tar.gz.sig">http://ftpmirror.gnu.org/taler/taler-mdb-0.8.2.tar.gz.sig</a></li>
+<li><a href="http://ftpmirror.gnu.org/taler/taler-twister-0.8.1.tar.gz">http://ftpmirror.gnu.org/taler/taler-twister-0.8.1.tar.gz</a></li>
+<li><a href="http://ftpmirror.gnu.org/taler/taler-twister-0.8.1.tar.gz.sig">http://ftpmirror.gnu.org/taler/taler-twister-0.8.1.tar.gz.sig</a></li>
+</ul>
+You must first install <a href="https://gnunet.org/en/news/2021-08-0.15.0.html">GNUnet v0.15.0</a> to compile GNU Taler 0.8.
 
 {% endblock body_content %}