From 27e64057265b12abb2a3dfa68261e04482eda06f Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Date: Mon, 27 Feb 2017 15:41:40 -0500
Subject: [PATCH] changelog++

---
 CHANGELOG.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0a333a23b..e4148dae1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -25,6 +25,17 @@ DEPRECATIONS/CHANGES:
    and ensuring lifetimes are reasonable, and issue long-lived certificates via
    a different role with leases disabled.
 
+FEATURES:
+
+ * **Expanded Access Control Policies**: Access control policies can now
+   specify allowed and denied parameters -- and, optionally, their values -- to
+   control what a client can and cannot submit during an API call. Policies can
+   also specify minimum/maximum response wrapping TTLs to both enforce the use
+   of response wrapping and control the duration of resultant wrapping tokens.
+   See the [policies concepts
+   page](https://www.vaultproject.io/docs/concepts/policies.html) for more
+   information.
+
 IMPROVEMENTS:
 
  * auth/aws-ec2: AWS EC2 auth backend now supports constraints for VPC ID,