diff --git a/newsfragments/523.security.rst b/newsfragments/523.security.rst
new file mode 100644
index 00000000..0f8b86ef
--- /dev/null
+++ b/newsfragments/523.security.rst
@@ -0,0 +1,2 @@
+Added a maximum RSA key size limit of 4096 bits to prevent resource exhaustion attacks
+from malicious peers using oversized keys.