diff --git a/docs/release_notes/4.3.0.md b/docs/release_notes/4.3.0.md
new file mode 100644
index 0000000000..80f0dcce9a
--- /dev/null
+++ b/docs/release_notes/4.3.0.md
@@ -0,0 +1,36 @@
+# OpenConext EngineBlock v4.3.0 Release Notes #
+
+Full support for SP Proxies and improvements to error handling.
+
+SP Proxies are Service Providers that:
+* Have 'coin:trusted_proxy' set/
+* Sign their AuthnRequests
+* Mention another Service Provider, also known to EB, in the AuthnRequest > Scoping > RequesterId.
+
+For these proxies EB will act like a big brother and do consent, attribute release, WAYF and attribute manipulation
+for them. Most notable implementation is the upcoming SURFconext Step Up Gateway.
+
+List of issues resolved:
+
+* EB > 4 accepts SAML Responses over HTTP Redirect #83
+* Remove Management of 3rd party OpenSocial Group Providers from Profile #81
+* WAYF screen not valid HTML #79
+* Consistently apply licensing file header #76
+* Remove Internal endpoint #74
+* Full support for SP Proxies #64
+* Show more informative error when IdP denies user access #61
+* Add specific error message for IdP cert mismatch #55
+* Improve error message for invalid IdP signing certificate #25
+
+See: https://github.com/OpenConext/OpenConext-engineblock/issues?q=milestone%3A4.3.0+is%3Aclosed
+
+Also https://github.com/OpenConext/OpenConext-engine-test-stand can be used for functional tests.
+
+And the following dependencies were updated:
+| package                     | prev version  | current version |
+|-----------------------------|---------------|-----------------|
+| kriswallsmith/assetic       | dev-master    | v1.2.0          |
+| simplesamlphp/saml2         | v0.4.2        | v0.5.0          |
+| simplesamlphp/simplesamlphp | v1.12.0       | v1.13.0         |
+| phake/phake                 | v2.0.0-alpha2 | v2.0.0-beta2    |
+| phpunit/phpunit             | v3.7.19       | v4.3.4          |
\ No newline at end of file