diff --git a/NEWS b/NEWS
index 7a5e6f017..9f07180f4 100644
--- a/NEWS
+++ b/NEWS
@@ -14,6 +14,28 @@ strongswan-5.0.3
 - The openssl plugin now uses the AES-NI accelerated version of AES-GCM
   if the hardware supports it.
 
+- The eap-radius plugin can now assign virtual IPs to IKE clients using the
+  Framed-IP-Address attribute by using the "%radius" named pool in the
+  rightsourceip ipsec.conf option. Cisco Banner attributes are forwarded to
+  Unity-capable IKEv1 clients during mode config. charon now sends Interim
+  Accounting updates if requested by the RADIUS server, reports
+  sent/received packets in Accounting messages, and adds a Terminate-Cause
+  to Accounting-Stops.
+
+- The recently introduced "ipsec listcounters" command can report connection
+  specific counters by passing a connection name, and global or connection
+  counters can be reset by the "ipsec resetcounters" command.
+
+- The strongSwan libpttls library provides an experimental implementation of
+  PT-TLS (RFC 6876), a Posture Transport Protocol over TLS.
+
+- The charon systime-fix plugin can disable certificate lifetime checks on
+  embedded systems if the system time is obviously out of sync after bootup.
+  Certificates lifetimes get checked once the system time gets sane, closing
+  or reauthenticating connections using expired certificates.
+
+- The "ikedscp" ipsec.conf option can set DiffServ code points on outgoing
+  IKE packets.
 
 strongswan-5.0.2
 ----------------