v2021.1: Mention enabling PIE by default in release notes

content/release/v2021.1/releasenotes.md

@@ -78,10 +78,28 @@ small changes are appropriate for this release stream.
 This release includes the security updates from Debian Buster and the latest
 LTS Linux kernel on the 5.10.x series.
 
-## Deprecations and ABI/API breaks
+## Deprecations
 
-Being a point release, no new deprecations or ABI breaks are part of
-this release
+No new deprecations or ABI breaks are part of this release.
+
+## ABI/API breaks
+
+### Position Independent Executables are now the default in GCC
+
+During a security audit it was found that due to a limitation in the upstream
+Debian packaging rules in the `gcc` package the default was not to produce
+Position Independent Executables (PIE).
+
+With this release the default has been tweaked to ensure
+that the address space layout randomization (ASLR) technique can be effective
+in mitigating attacks.
+
+This is a pretty safe change, but may still cause unintended effects: affected
+packages can opt-out using `export DEB_BUILD_MAINT_OPTIONS=hardening=-pie` in
+their `debian/rules`.
+
+The archive has not been re-built yet to apply new default to all the binary
+packages, with the rebuild being scheduled for the v2021.2 release.
 
 ## Infrastructure