website: add a note in the upgrade notes for 0.6 discovery ACLs

website/source/docs/upgrade-specific.html.markdown

@@ -14,6 +14,29 @@ details provided for their upgrades as a result of new features or changed
 behavior. This page is used to document those details seperately from the
 standard upgrade flow.
 
+## Consul 0.6
+
+Consul 0.6 introduces enhancements to the ACL system which may require special
+handling:
+
+* Service ACL's are enforced during service discovery (REST + DNS)
+
+Previously, service discovery was wide open, and any client could query
+information about any service without providing a token. Consul now requires
+read-level access at a minimum when ACL's are enabled to return service
+information over the REST or DNS interfaces. If clients depend on an open
+service discovery system, then the following should be added to all ACL tokens
+which require it:
+
+    # Enable discovery of all services
+    service "" {
+        policy = "read"
+    }
+
+Note that the agent's [`acl_token`](/docs/agent/options.html#acl_token) is used
+when the DNS interface is queried, so be sure that token has sufficient
+privileges to return the DNS records you expect to retrieve from it.
+
 ## Consul 0.5.1
 
 Consul version 0.5.1 uses a different backend store for persisting the Raft