+* 2.0 -> 2.1
+
+** Authentication
+
+Users are now stored in the database rather than in 'allow' directives in a
+private configuration file. 'allow' is still understood in this version, but
+is only used to populate the database on startup. After the first (successful)
+run of the server the remaining 'allow' directives can be deleted.
+
+'allow' will stop working entirely in a future version.
+