===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/70.html,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- www/70.html	2021/10/02 12:25:48	1.19
+++ www/70.html	2021/10/02 12:26:38	1.20
@@ -272,7 +272,14 @@
 
     <li>IPSEC support in the kernel and the <a href="https://man.openbsd.org/iked.8">iked(8)</a> userland daemon:
     <ul>
-	<li>...
+	<li>Zeroed out potential passwords when freeing memory or handling parsing errors in <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
+	<li>Added client-side support for DNS configuration to <a href="https://man.openbsd.org/iked.8">iked(8)</a>.
+	<li>Increased <a href="https://man.openbsd.org/iked.8">iked(8)</a> default data bytes limit for Child SAs to 4 GB, preventing excessive rekeying and lost data in high performance setups.
+	<li>Fixed races which were slowing <a href="https://man.openbsd.org/ipsec.4">ipsec(4)</a> throughput.
+	<li>Fixed an <a href="https://man.openbsd.org/iked.8">iked(8)</a> bug where no flows are added if a single address is configured in the config address instead of a pool.
+	<li>Fixed a problem in <a href="https://man.openbsd.org/iked.8">iked(8)</a> where no flows are loaded when a single config address without pool is configured.
+	<li>Added an experimental post-quantum hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519) to <a href="https://man.openbsd.org/iked.8">iked(8)</a> as sntrup761x25519.
+	<li>Fixed <a href="https://man.openbsd.org/ipsec.4">IPsec(4)</a> NAT-T to work with <a href="https://man.openbsd.org/pipex.4">pipex(4)</a>.
     </ul>
 
     <li>The <a href="https://man.openbsd.org/httpd.8">httpd(8)</a> webserver saw numerous improvements: