diff --git a/NEWS b/NEWS
index d67d870a9..d389fbf40 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,23 @@ strongswan-5.1.1
 - The lean stand-alone pt-tls-client can set up a RFC 6876 PT-TLS session
   with a strongSwan policy enforcement point which uses the tnc-pdp charon plugin.
 
+- The XAuth backend in eap-radius now supports multiple XAuth exchanges for
+  different credential types and display messages. All user input gets
+  concatenated and verified with a single User-Password RADIUS attribute on
+  the AAA. With an AAA supporting it, one for example can implement
+  Password+Token authentication with proper dialogs on iOS and OS X clients.
+
+- charon supports IKEv1 Mode Config exchange in push mode. The ipsec.conf
+  modeconfig=push option enables it for both client and server, the same way
+  as pluto used it.
+
+- The left and right options in ipsec.conf can take multiple address ranges
+  and subnets. This allows connection matching against a larger set of
+  addresses, for example to use a different connection for clients connecting
+  from a internal network.
+
+- load-tester supports transport mode connections and more complex traffic
+  selectors, including such using unique ports for each tunnel.
 
 strongswan-5.1.0
 ----------------