Update the CVE in release notes

docs/README.md

@@ -929,15 +929,7 @@ Also any DDL limitations apply so extra care need to be taken when using
 Postgres-XL changes defaults and available settings for
 `pglogical.conflict_resolution` and `pglogical.use_spi` configuration options.
 
-### BDR
-
-`pglogical` does not currently interoperate well with BDR. BDR nodes will not
-forward writes made by pglogical subscribers. And pglogical providers will not
-decode and send writes made on other BDR nodes to the pglogical subscriber.
-
-This restriction may be lifted at a later time.
-
-## Credits and License
+## Appendix A: Credits and License
 
 pglogical has been designed, developed and tested by the 2ndQuadrant team
 * Petr Jelinek
@@ -949,3 +941,29 @@ pglogical has been designed, developed and tested by the 2ndQuadrant team
 pglogical license is The PostgreSQL License
 
 pglogical copyright is donated to PostgreSQL Global Development Group
+
+## Appendix B: Release Notes
+
+Version 2.3.4 is security release fixing CVE-2021-3515.
+
+### Changes
+
+ * Fix pg_dump/pg_restore execution (CVE-2021-3515)  
+   Correctly escape the connection string for both pg_dump and
+   pg_restore so that exotic database and user names are handled
+   correctly.
+
+   Reported by Pedro Gallegos
+
+ * Assign collation to the index scan key  
+   When doing lookups for INSERT/UPDATE/DELETE, either to find conflicts
+   or key for the operation to be applied, we should use correct collation.
+
+   This fixes issues with PostgreSQL 12+ primary key lookups when primary key
+   is on column using one of the textual types.
+
+ * Execute `pg_ctl` with appropriate verbosity in `pglogical_create_subscriber`  
+   When `-v` is passed to `pglogical_create_subscriber`, it will now call
+   `pg_ctl` without silent mode. This is useful for troubleshooting.
+
+ * Clarify documentation regarding `REPLICA IDENTITY` requirements and support