From 88bf8dd475551fc4ab5ef217ad3baf92357b40bd Mon Sep 17 00:00:00 2001
From: Blaine Gardner <blaine.gardner@ibm.com>
Date: Wed, 19 Feb 2025 12:10:06 -0700
Subject: [PATCH] doc: add obc allow list to pending release notes

Add a note about the upcoming potentially-breaking change to OBCs to the
v1.17 release notes. This covers usage of
`ROOK_OBC_ALLOW_ADDITIONAL_CONFIG_FIELDS` for OBC fields that some
admins might not want exposed to users.

Signed-off-by: Blaine Gardner <blaine.gardner@ibm.com>
---
 PendingReleaseNotes.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/PendingReleaseNotes.md b/PendingReleaseNotes.md
index f40151ba6d06..252f70b28a7c 100644
--- a/PendingReleaseNotes.md
+++ b/PendingReleaseNotes.md
@@ -2,5 +2,14 @@
 
 ## Breaking Changes
 
+Object:
+
+- Some ObjectBucketClaim options were added in Rook v1.16 that allowed more control over buckets.
+    These controls allow users to self-serve their own S3 policies, which many administrators might
+    consider a risk, depending on their environment. Rook has taken steps to ensure potentially risky
+    configurations are disabled by default to ensure the safest off-the-shelf configurations.
+    Administrators who wish to allow users to use the full range of OBC configurations must use the
+    new `ROOK_OBC_ALLOW_ADDITIONAL_CONFIG_FIELDS` to enable users to set potentially risky options.
+    See https://github.com/rook/rook/pull/15376 for more information.
 
 ## Features