diff --git a/RELEASING.md b/RELEASING.md
new file mode 100644
index 00000000..741f54ae
--- /dev/null
+++ b/RELEASING.md
@@ -0,0 +1,59 @@
+Creating a release
+==================
+
+This document is documentation intednded for maintainers of Barrier.
+It documents the release process of Barrier.
+
+Step 1: Setup environment variables
+-----------------------------------
+
+Setup the following environment variable that will be used throughout the rest of the steps.
+
+    export VERSION=X.Y.Z
+
+Step 2: Release notes PR
+------------------------
+
+Open a new branch (e.g. `release`) and run the following:
+
+    towncrier --version ${VERSION} --date `date -u  +%F`
+
+This collects the release notes using the `towncrier` tool. Please commit the collected release
+notes afterwards.
+
+Certain file names are not properly supported by the `towncrier` tool and it ignores them.
+Check `newsfragments` directory for any forgotten release notes
+
+Step 3: Merge the release notes PR
+----------------------------------
+
+Step 4: Push git tag
+--------------------
+
+Pull the merge commit created on the `master` branch during the step 2.
+
+Create a tag:
+
+    git tag -s v${VERSION} -m v${VERSION}
+
+Push the tag:
+
+    git push origin master --tags
+
+
+Step 5: Draft a new release on Github
+-------------------------------------
+
+Go to https://github.com/buildbot/buildbot/releases and draft a new release.
+
+Use git tag as the title of the release: `vX.Y.Z`.
+
+Use the release notes generated by the `towncrier` tool as the description of the releases.
+
+Upload the artifacts created by Azure pipelines as the binaries of the release. The following
+artifacts should be uploaded to Github:
+
+ - the Barrier-X.Y.Z-release.dmg created by the oldest Mac OS task (artifact name is
+   "Mac Release Disk Image and App XYZ").
+
+ - the BarrierSetup-X.Y.Z-release.exe (artifact name is Windows Release Installer).
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 2b42fc1d..e34a3bc5 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -114,4 +114,4 @@ jobs:
       condition: eq(variables['B_BUILD_TYPE'], 'Release')
       inputs:
         pathtoPublish: build/bundle
-        artifactName: Mac Release Disk Image and App
+        artifactName: Mac Release Disk Image and App $(imageName)
diff --git a/doc/newsfragments/README.md b/doc/newsfragments/README.md
index a0ce3f33..0338cf80 100644
--- a/doc/newsfragments/README.md
+++ b/doc/newsfragments/README.md
@@ -1,12 +1,13 @@
-This is the directory for news snippets used by towncrier: https://github.com/twisted/towncrier
+This is the directory for release note fragments processed by
+[towncrier](https://github.com/hawkowl/towncrier).
 
-When changing code in a way that's visible to an end user please make a new file in this directory.
-It will be removed and integrated into release notes document upon a release of a new version of
-Barrier.
+When making a user-visible change create a file in this directory and it will be automatically be
+included into the release note document when the next release is published.
 
-towncrier has a few standard types of news fragments, signified by the file extension. These are:
+The file extension specifies the type of a change. The following are currently supported:
 
-.feature: Signifying a new feature.
-.bugfix: Signifying a bug fix.
-.doc: Signifying a documentation improvement.
-.removal: Signifying a deprecation or removal of public API.
+ - .feature: a new feature.
+ - .bugfix: a bug fix.
+ - .security: a fix for security issue.
+ - .doc: a documentation improvement.
+ - .removal: a deprecation or removal of functionality.
diff --git a/doc/newsfragments/build-failure-mipsel-riscv.bugfix b/doc/newsfragments/build-failure-mipsel-riscv.bugfix
deleted file mode 100644
index 4e0506ad..00000000
--- a/doc/newsfragments/build-failure-mipsel-riscv.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fix build failure on mips*el and riscv64 architecture.
diff --git a/doc/newsfragments/client-certificate-checking.bugfix b/doc/newsfragments/client-certificate-checking.bugfix
deleted file mode 100644
index 01d4d03d..00000000
--- a/doc/newsfragments/client-certificate-checking.bugfix
+++ /dev/null
@@ -1,7 +0,0 @@
-SECURITY ISSUE
-
-Barrier now supports client identity verification (fixes CVE-2021-42072, CVE-2021-42073).
-
-To support seamless upgrades from older versions of Barrier this is currently disabled by default.
-The feature can be enabled in the settings dialog. If enabled, older clients of Barrier will be
-rejected.
diff --git a/doc/newsfragments/client-send-certificate.feature b/doc/newsfragments/client-send-certificate.feature
deleted file mode 100644
index b5584290..00000000
--- a/doc/newsfragments/client-send-certificate.feature
+++ /dev/null
@@ -1 +0,0 @@
-Barrier client now sends certificate that the server can verify.
diff --git a/doc/newsfragments/close-failed-handshake-connections.bugfix b/doc/newsfragments/close-failed-handshake-connections.bugfix
deleted file mode 100644
index 0dc8c16c..00000000
--- a/doc/newsfragments/close-failed-handshake-connections.bugfix
+++ /dev/null
@@ -1,6 +0,0 @@
-SECURITY ISSUE
-
-Barrier will now correctly close connections when the app-level handshake fails (fixes CVE-2021-42075).
-
-Previously repeated failing connections would leak file descriptors leading to Barrier being unable
-to receive new connections from clients.
diff --git a/doc/newsfragments/configuration-reading-non-ascii-windows.bugfix b/doc/newsfragments/configuration-reading-non-ascii-windows.bugfix
deleted file mode 100644
index 05234a50..00000000
--- a/doc/newsfragments/configuration-reading-non-ascii-windows.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fixed reading of configuration on Windows when the paths contain non-ASCII characters (https://github.com/debauchee/barrier/issues/976, https://github.com/debauchee/barrier/issues/974, https://github.com/debauchee/barrier/issues/444).
diff --git a/doc/newsfragments/dont-use-openssl-cli.bugfix b/doc/newsfragments/dont-use-openssl-cli.bugfix
deleted file mode 100644
index 316d6abf..00000000
--- a/doc/newsfragments/dont-use-openssl-cli.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Barrier no longer uses openssl CLI tool for any operations and hooks into the openssl library directly.
diff --git a/doc/newsfragments/drop-target--option.feature b/doc/newsfragments/drop-target--option.feature
deleted file mode 100644
index a49763e3..00000000
--- a/doc/newsfragments/drop-target--option.feature
+++ /dev/null
@@ -1 +0,0 @@
-Added `--drop-target` option that improves drag and drop support on Windows when Barrier is being run as a portable app.
diff --git a/doc/newsfragments/enable-crypto-by-default.feature b/doc/newsfragments/enable-crypto-by-default.feature
deleted file mode 100644
index 0c633ee6..00000000
--- a/doc/newsfragments/enable-crypto-by-default.feature
+++ /dev/null
@@ -1,2 +0,0 @@
-The `--enable-crypto` command line option has been made the default to reduce chances of accidental security mishaps when configuring Barrier from command line.
-A new `--disable-crypto` command line option has been added to explicitly disable encryption.
diff --git a/doc/newsfragments/enforce-maximum-message-length.bugfix b/doc/newsfragments/enforce-maximum-message-length.bugfix
deleted file mode 100644
index 81ec2ba0..00000000
--- a/doc/newsfragments/enforce-maximum-message-length.bugfix
+++ /dev/null
@@ -1,6 +0,0 @@
-SECURITY ISSUE
-
-Barrier will now enforce a maximum length of input messages (fixes CVE-2021-42076).
-
-Previously it was possible for a malicious client or server to send excessive length messages
-leading to denial of service by resource exhaustion.
diff --git a/doc/newsfragments/fingerprint-randomart.feature b/doc/newsfragments/fingerprint-randomart.feature
deleted file mode 100644
index 9ffced93..00000000
--- a/doc/newsfragments/fingerprint-randomart.feature
+++ /dev/null
@@ -1,3 +0,0 @@
-Added support for randomart images for easier comparison of SSL
-certificate fingerprints. The algorithm is identical to what
-OpenSSH uses.
diff --git a/doc/newsfragments/fix-crash-on-ssl-hello.bugfix b/doc/newsfragments/fix-crash-on-ssl-hello.bugfix
deleted file mode 100644
index 30bb0603..00000000
--- a/doc/newsfragments/fix-crash-on-ssl-hello.bugfix
+++ /dev/null
@@ -1,4 +0,0 @@
-SECURITY ISSUE
-
-Fixed a bug which caused Barrier to crash when disconnecting a TCP session just after sending Hello message.
-This bug allowed an unauthenticated attacker to crash Barrier with only network access.
diff --git a/doc/newsfragments/fix-x11-paste.bugfix b/doc/newsfragments/fix-x11-paste.bugfix
deleted file mode 100644
index af4da5b1..00000000
--- a/doc/newsfragments/fix-x11-paste.bugfix
+++ /dev/null
@@ -1 +0,0 @@
- Map more X11 clipboard MIME types to corresponding converters (https://github.com/debauchee/barrier/issues/344).
diff --git a/doc/newsfragments/gui-autostart.feature b/doc/newsfragments/gui-autostart.feature
deleted file mode 100644
index d75ca8d8..00000000
--- a/doc/newsfragments/gui-autostart.feature
+++ /dev/null
@@ -1 +0,0 @@
-Implemented a configuration option for Server GUI auto-start.
diff --git a/doc/newsfragments/gui-hotkey-multiple-actions.bugfix b/doc/newsfragments/gui-hotkey-multiple-actions.bugfix
deleted file mode 100644
index c78712b8..00000000
--- a/doc/newsfragments/gui-hotkey-multiple-actions.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fixed setup of multiple actions associated with a hotkey.
diff --git a/doc/newsfragments/gui-hotkey-special-keys-handling.bugfix b/doc/newsfragments/gui-hotkey-special-keys-handling.bugfix
deleted file mode 100644
index 5dd12a7e..00000000
--- a/doc/newsfragments/gui-hotkey-special-keys-handling.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fixed setup of hotkeys with special characters such as comma and semicolon (https://github.com/debauchee/barrier/issues/778).
diff --git a/doc/newsfragments/gui-keyboard-enabled-screen-layout.feature b/doc/newsfragments/gui-keyboard-enabled-screen-layout.feature
deleted file mode 100644
index 7e495376..00000000
--- a/doc/newsfragments/gui-keyboard-enabled-screen-layout.feature
+++ /dev/null
@@ -1 +0,0 @@
-Made it possible to use keyboard instead of mouse to modify screen layout.
diff --git a/doc/newsfragments/keyboard-backlight-media-keys.feature b/doc/newsfragments/keyboard-backlight-media-keys.feature
deleted file mode 100644
index 9566304b..00000000
--- a/doc/newsfragments/keyboard-backlight-media-keys.feature
+++ /dev/null
@@ -1 +0,0 @@
-Added support for keyboard backlight media keys
diff --git a/doc/newsfragments/muhenkan-eisu-toggle-keys.feature b/doc/newsfragments/muhenkan-eisu-toggle-keys.feature
deleted file mode 100644
index 2c5e7163..00000000
--- a/doc/newsfragments/muhenkan-eisu-toggle-keys.feature
+++ /dev/null
@@ -1 +0,0 @@
-Added support for Eisu_toggle and Muhenkan keys
diff --git a/doc/newsfragments/non-ascii-character-transfer.bugfix b/doc/newsfragments/non-ascii-character-transfer.bugfix
deleted file mode 100644
index 31051ce5..00000000
--- a/doc/newsfragments/non-ascii-character-transfer.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fixed transfer of non-ASCII characters coming from a Windows server in certain cases (https://github.com/debauchee/barrier/issues/527).
diff --git a/doc/newsfragments/profile-dir-option.feature b/doc/newsfragments/profile-dir-option.feature
deleted file mode 100644
index f4836c39..00000000
--- a/doc/newsfragments/profile-dir-option.feature
+++ /dev/null
@@ -1 +0,0 @@
-Added `--profile-dir` option that allows to select custom profile directory.
diff --git a/doc/newsfragments/regenerate-broken-server-cert.bugfix b/doc/newsfragments/regenerate-broken-server-cert.bugfix
deleted file mode 100644
index 8ea1df3c..00000000
--- a/doc/newsfragments/regenerate-broken-server-cert.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Barrier will now regenerate server certificate if it's invalid instead of failing to launch (https://github.com/debauchee/barrier/issues/802)
diff --git a/doc/newsfragments/sha256-fingerprints.bugfix b/doc/newsfragments/sha256-fingerprints.bugfix
deleted file mode 100644
index a724c3b5..00000000
--- a/doc/newsfragments/sha256-fingerprints.bugfix
+++ /dev/null
@@ -1,4 +0,0 @@
-Barrier now uses SHA256 fingerprints for establishing security of encrypted SSL connections.
-After upgrading client to new version the existing server fingerprint will need to be approved again.
-Client and server will show both SHA1 and SHA256 server fingerprints to allow interoperability
-with older versions of Barrier.
diff --git a/doc/newsfragments/ssl-corrupted-data.bugfix b/doc/newsfragments/ssl-corrupted-data.bugfix
deleted file mode 100644
index db8bbf86..00000000
--- a/doc/newsfragments/ssl-corrupted-data.bugfix
+++ /dev/null
@@ -1,2 +0,0 @@
-Fixed a bug in SSL implementation that caused invalid data occasionally being sent to clients
-under heavy load.
diff --git a/doc/newsfragments/sun-keyboard-keys.bugfix b/doc/newsfragments/sun-keyboard-keys.bugfix
deleted file mode 100644
index 83bc952f..00000000
--- a/doc/newsfragments/sun-keyboard-keys.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Added support for additional keys on Sun Microsystems USB keyboards (https://github.com/debauchee/barrier/issues/784).
diff --git a/doc/newsfragments/translation_chinese.bugfix b/doc/newsfragments/translation_chinese.bugfix
deleted file mode 100644
index cab219e0..00000000
--- a/doc/newsfragments/translation_chinese.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Updated Chinese translation.
diff --git a/doc/newsfragments/translation_slovak.bugfix b/doc/newsfragments/translation_slovak.bugfix
deleted file mode 100644
index ff46ce94..00000000
--- a/doc/newsfragments/translation_slovak.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Updated Slovak translation.
diff --git a/doc/newsfragments/use-theme-icons.bugfix b/doc/newsfragments/use-theme-icons.bugfix
deleted file mode 100644
index 9dae72ca..00000000
--- a/doc/newsfragments/use-theme-icons.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Theme icons are now preferred to icons distributed together with Barrier (https://github.com/debauchee/barrier/issues/471).
diff --git a/doc/newsfragments/windows-service-path.bugfix b/doc/newsfragments/windows-service-path.bugfix
deleted file mode 100644
index c418b0aa..00000000
--- a/doc/newsfragments/windows-service-path.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fixed incorrect setup of Barrier service path on Windows.
diff --git a/doc/release_notes/index.md b/doc/release_notes/index.md
new file mode 100644
index 00000000..72d3a43b
--- /dev/null
+++ b/doc/release_notes/index.md
@@ -0,0 +1,94 @@
+Release notes
+=============
+
+[comment]: <> (towncrier release notes start)
+
+Barrier `2.4.0` ( `2021-11-01` )
+================================
+
+Security fixes
+--------------
+
+- Barrier now supports client identity verification (fixes CVE-2021-42072, CVE-2021-42073).
+
+  Previously a malicious client could connect to Barrier server without any authentication and
+  send application-level messages. This made the attack surface of Barrier significantly larger.
+  Additionally, in case the malicious client got possession of a valid screen name by brute forcing
+  or other means it could modify the clipboard contents of the server.
+
+  To support seamless upgrades from older versions of Barrier this is currently disabled by default.
+  The feature can be enabled in the settings dialog. If enabled, older clients of Barrier will be
+  rejected.
+
+- Barrier now uses SHA256 fingerprints for establishing security of encrypted SSL connections.
+  After upgrading client to new version the existing server fingerprint will need to be approved
+  again. Client and server will show both SHA1 and SHA256 server fingerprints to allow
+  interoperability with older versions of Barrier.
+
+Bug fixes
+---------
+
+- Fixed build failure on mips*el and riscv64 architecture.
+- Fixed reading of configuration on Windows when the paths contain non-ASCII characters
+(https://github.com/debauchee/barrier/issues/976, https://github.com/debauchee/barrier/issues/974,
+ https://github.com/debauchee/barrier/issues/444).
+- Barrier no longer uses openssl CLI tool for any operations and hooks into the openssl library directly.
+- More X11 clipboard MIME types have been mapped to corresponding converters (https://github.com/debauchee/barrier/issues/344).
+- Fixed setup of multiple actions associated with a hotkey.
+- Fixed setup of hotkeys with special characters such as comma and semicolon
+  (https://github.com/debauchee/barrier/issues/778).
+- Fixed transfer of non-ASCII characters coming from a Windows server in certain cases
+ (https://github.com/debauchee/barrier/issues/527).
+- Barrier will now regenerate server certificate if it's invalid instead of failing to launch
+ (https://github.com/debauchee/barrier/issues/802)
+- Added support for additional keys on Sun Microsystems USB keyboards
+ (https://github.com/debauchee/barrier/issues/784).
+- Updated Chinese translation.
+- Updated Slovak translation.
+- Theme icons are now preferred to icons distributed together with Barrier
+ (https://github.com/debauchee/barrier/issues/471).
+- Fixed incorrect setup of Barrier service path on Windows.
+
+Features
+--------
+
+- Added `--drop-target` option that improves drag and drop support on Windows when Barrier is
+  being run as a portable app.
+- The `--enable-crypto` command line option has been made the default to reduce chances of
+  accidental security mishaps when configuring Barrier from command line.
+  A new `--disable-crypto` command line option has been added to explicitly disable encryption.
+- Added support for randomart images for easier comparison of SSL certificate fingerprints.
+  The algorithm is identical to what OpenSSH uses.
+- Implemented a configuration option for Server GUI auto-start.
+- Made it possible to use keyboard instead of mouse to modify screen layout.
+- Added support for keyboard backlight media keys
+- Added support for Eisu_toggle and Muhenkan keys
+- Added `--profile-dir` option that allows to select custom profile directory.
+
+Barrier `2.3.4` ( `2021-11-01` )
+================================
+
+Security fixes
+--------------
+
+- Barrier will now correctly close connections when the app-level handshake fails (fixes CVE-2021-42075).
+
+  Previously repeated failing connections would leak file descriptors leading to Barrier being unable
+  to receive new connections from clients.
+
+- Barrier will now enforce a maximum length of input messages (fixes CVE-2021-42076).
+
+  Previously it was possible for a malicious client or server to send excessive length messages
+  leading to denial of service by resource exhaustion.
+
+- Fixed a bug which caused Barrier to crash when disconnecting a TCP session just after sending Hello message.
+  This bug allowed an unauthenticated attacker to crash Barrier with only network access.
+
+All of the above security issues have been reported by Matthias Gerstner who was really helpful
+resolving them.
+
+Bug fixes
+---------
+
+- Fixed a bug in SSL implementation that caused invalid data occasionally being sent to clients
+  under heavy load.
diff --git a/doc/release_notes/index.template.jinja b/doc/release_notes/index.template.jinja
new file mode 100644
index 00000000..418a1d32
--- /dev/null
+++ b/doc/release_notes/index.template.jinja
@@ -0,0 +1,37 @@
+{% for section, _ in sections|dictsort(by='key') %}
+{% set underline = "-" %}
+{% if section %}
+{{section}}
+{{ underline * section|length }}{% set underline = "-" %}
+
+{% endif %}
+{% if sections[section] %}
+{% for category, val in definitions|dictsort if category in sections[section]%}
+
+{{ definitions[category]['name'] }}
+{{ underline * definitions[category]['name']|length }}
+
+{% if definitions[category]['showcontent'] %}
+{% for text, values in sections[section][category]|dictsort(by='value') %}
+- {{ text }}
+{% endfor %}
+{% else %}
+- {{ sections[section][category]['']|sort|join(', ') }}
+
+
+{% endif %}
+{% if sections[section][category]|length == 0 %}
+
+No significant changes.
+
+
+{% else %}
+{% endif %}
+{% endfor %}
+{% else %}
+
+No significant changes.
+
+
+{% endif %}
+{% endfor %}
diff --git a/towncrier.toml b/towncrier.toml
new file mode 100644
index 00000000..d8f0a61c
--- /dev/null
+++ b/towncrier.toml
@@ -0,0 +1,39 @@
+[tool.towncrier]
+    package = ""
+    directory = "doc/newsfragments"
+    filename = "doc/release_notes/index.md"
+    template = "doc/release_notes/index.template.jinja"
+    title_format = "\nBarrier `{version}` ( `{project_date}` )\n================================\n"
+    start_string = "[comment]: <> (towncrier release notes start)"
+    [[tool.towncrier.section]]
+        path = ""
+
+    [[tool.towncrier.type]]
+        directory = "security"
+        name = "Security fixes"
+        showcontent = false
+
+    [[tool.towncrier.type]]
+        directory = "feature"
+        name = "Features"
+        showcontent = true
+
+    [[tool.towncrier.type]]
+        directory = "bugfix"
+        name = "Bug fixes"
+        showcontent = true
+
+    [[tool.towncrier.type]]
+        directory = "doc"
+        name = "Improved Documentation"
+        showcontent = true
+
+    [[tool.towncrier.type]]
+        directory = "removal"
+        name = "Deprecations and Removals"
+        showcontent = true
+
+    [[tool.towncrier.type]]
+        directory = "misc"
+        name = "Miscellaneous"
+        showcontent = false