From 0d681467f6e0490ee656fd66ec4aa29b5ef2dd96 Mon Sep 17 00:00:00 2001
From: Nathan Cutler <ncutler@suse.com>
Date: Thu, 12 Apr 2018 04:39:19 +0200
Subject: [PATCH] doc: mention stricter caps checking in PendingReleaseNotes

Signed-off-by: Nathan Cutler <ncutler@suse.com>
---
 PendingReleaseNotes | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/PendingReleaseNotes b/PendingReleaseNotes
index 383ea6c1bd6a5..5e1c34f3b820b 100644
--- a/PendingReleaseNotes
+++ b/PendingReleaseNotes
@@ -28,3 +28,7 @@
   develop. The new option client_die_on_failed_dentry_invalidate (default:
   true) may be turned off to allow the client to proceed (dangerous!).
 
+* In 10.2.10 and earlier releases, keyring caps were not checked for validity,
+  so the caps string could be anything. As of 10.2.11, caps strings are
+  validated and providing a keyring with an invalid caps string to, e.g.,
+  "ceph auth add" will result in an error.
-- 
2.39.5