Update release notes

doc/release-notes.md

@@ -4,6 +4,20 @@ release-notes at release time)
 Notable changes
 ===============
 
+DoS Mitigation: Mempool Size Limit and Random Drop
+--------------------------------------------------
+This release adds a mechanism for preventing nodes from running out of memory
+in the situation where an attacker is trying to overwhelm the network with
+transactions. This is achieved by keeping track of and limiting the total
+`cost`, a function of a transaction's size in bytes and its fee, of the
+mempool. The maximum total cost is configurable via the parameter
+`mempooltotalcostlimit` which defaults to 80,000,000 (up to 20,000 txs). If a
+node's total mempool `cost` exceeds this limit the node will evict a random
+transaction, weighted by its cost. To prevent a node from re-accepting evicted
+transactions, it keeps track of ones that it has evicted recently. By default,
+a transaction will be considered recently evicted for 60 minutes, but this can
+be configured with the parameter `mempoolevictionmemoryminutes`.
+
 Fake chain detection during initial block download
 --------------------------------------------------