From e16d1005f7c14b261a4d91f63159f96688fd8f00 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 15 Feb 2017 17:49:06 +0100
Subject: [PATCH] NEWS: VICI updates

---
 NEWS | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 5edbbf810..bb2a80a32 100644
--- a/NEWS
+++ b/NEWS
@@ -8,9 +8,23 @@ strongswan-5.5.2
   draft-ietf-ipsecme-eddsa. Ed25519-based public key pairs, X.509 certificates
   and CRLs can be generated and printed by the pki tool.
 
-- In-place update of cached base and delta CRLs does no leave dozens
+- In-place update of cached base and delta CRLs does not leave dozens
   of stale copies in cache memory.
 
+- Several new features for the VICI interface and the swanctl utility: Querying
+  specific pools, enumerating and unloading keys and shared secrets, loading
+  keys and certificates from PKCS#11 tokens, the ability to initiate, install
+  and uninstall connections and policies by their exact name (if multiple child
+  sections in different connections share the same name), a command to initiate
+  the rekeying of IKE and IPsec SAs, support for settings previously only
+  supported by the old config files (plain pubkeys, dscp, certificate policies,
+  IPv6 Transport Proxy Mode, NT Hash secrets, mediation extension).
+
+  Important:  Due to issues with VICI bindings that map sub-sections to
+  dictionaries the CHILD_SA sections returned via list-sas now have a unique
+  name, the original name of a CHILD_SA is returned in the "name" key of its
+  section.
+
 
 strongswan-5.5.1
 ----------------