From cf52c0e044882a98892bc3d5700b8952ed9c4e49 Mon Sep 17 00:00:00 2001
From: Tom Christie <tom@tomchristie.com>
Date: Tue, 22 Jan 2013 17:42:06 +0000
Subject: [PATCH] Update release notes.

---
 docs/topics/release-notes.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md
index 58471a790..ebbe6876e 100644
--- a/docs/topics/release-notes.md
+++ b/docs/topics/release-notes.md
@@ -18,11 +18,14 @@ Major version numbers (x.0.0) are reserved for project milestones.  No major poi
 
 ### Master
 
+* Support proper 401 Unauthorized responses where appropriate, instead of always using 403 Forbidden.
 * Support json encoding of timedelta objects.
 * `format_suffix_patterns()` now supports `include` style URL patterns. 
 * Bugfix: Return proper validation errors when incorrect types supplied for relational fields.
 * Bugfix: Support nullable FKs with `SlugRelatedField`.
 
+**Note**: If the primary authentication class is `TokenAuthentication` or `BasicAuthentication`, a view will now correctly return 401 responses to unauthenticated access, with an appropriate `WWW-Authenticate` header, instead of 403 responses.
+
 ### 2.1.16
 
 **Date**: 14th Jan 2013