Release notes updates

References #10439

Author: michaelklishin

release-notes/3.13.0.md

@@ -172,14 +172,15 @@ connect to the same node, or inject a pause, or await a certain condition that i
 is in place.
 
 
-### TLS Defaults
+### TLS Client (LDAP, Shovels, Federation) Defaults
 
 Starting with Erlang 26, client side [TLS peer certificate chain verification](https://www.rabbitmq.com/docs/ssl#peer-verification) settings are enabled by default in most contexts:
 from federation links to shovels to TLS-enabled LDAP client connections.
 
 If using TLS peer certificate chain verification is not practical or necessary, it can be disabled.
 Please refer to the docs of the feature in question, for example,
-this one [on TLS-enabled LDAP client](http://rabbitmq.com/docs/ldap/#tls) connections.
+this one [on TLS-enabled LDAP client](http://rabbitmq.com/docs/ldap/#tls) connections,
+two others on [TLS-enabled dynamic shovels](https://www.rabbitmq.com/docs/shovel#tls) and [dynamic shovel URI query parameters](https://www.rabbitmq.com/docs/uri-query-parameters).
 
 
 ### Management Plugin and HTTP API
@@ -232,7 +233,7 @@ Some of it's great features include:
 * A reworked table of contents and navigation
 * Search over both doc guides and blog content
 
-**Note**: We hope you enjoy the new website, more improvements are coming soon, we are revising the documentation table of contents that you see now and also adding some navigational topics to help you move around and find the documentation you are looking for faster in the future. We will keep you posted! 
+**Note**: We hope you enjoy the new website, more improvements are coming soon, we are revising the documentation table of contents that you see now and also adding some navigational topics to help you move around and find the documentation you are looking for faster in the future. We will keep you posted!
 
 ### Core Server
 
@@ -251,16 +252,16 @@ Some of it's great features include:
    that RabbitMQ clusters now **must have a majority of nodes online at all times**, or all client operations will be refused.
 
    Like quorum queues and streams, Khepri uses [RabbitMQ's Raft implementation](https://github.com/rabbitmq/ra) under the hood. With Khepri enabled, all key modern features
-   of RabbitMQ will use the same fundamental approach to recovery from failures, relying on a library that passes a [Jepsen test suite](https://github.com/rabbitmq/ra/#safety-verification). 
+   of RabbitMQ will use the same fundamental approach to recovery from failures, relying on a library that passes a [Jepsen test suite](https://github.com/rabbitmq/ra/#safety-verification).
 
    Team RabbitMQ intends to make Khepri the default schema database starting with RabbitMQ 4.0.
 
    GitHub issue: [#7206](https://github.com/rabbitmq/rabbitmq-server/pull/7206)
 
  * Messages are now internally stored using a new common heavily AMQP 1.0-influenced container format. This is a major step towards a protocol-agnostic core:
    a common format that encapsulates a sum of data types used by the protocols RabbitMQ supports, plus annotations for routng, dead-lettering state,
-   and other purposes. 
-  
+   and other purposes.
+
    AMQP 1.0, AMQP 0-9-1, MQTT and STOMP have or will adopt this internal representation in upcoming releases. RabbitMQ Stream protocol already uses the AMQP 1.0 message container
    structure internally.
 
@@ -424,7 +425,7 @@ This release includes all bug fixes shipped in the `3.12.x` series.
    enormously large responses.
 
    A couple of relevant queue metrics or state fields were lifted to the top level.
-  
+
    **This is a potentially breaking change**.
 
    Note that [Prometheus](https://www.rabbitmq.com/docs/prometheus) is the recommended option for monitoring,

release-notes/4.0.0.md

@@ -1,6 +1,6 @@
-## RabbitMQ 4.0.0-rc.1
+## RabbitMQ 4.0.0-rc.2
 
-RabbitMQ `4.0.0-rc.1` is a candidate of a new major release.
+RabbitMQ `4.0.0-rc.2` is a candidate of a new major release.
 
 Starting June 1st, 2024, community support for this series will only be provided to [regularly contributing users](https://github.com/rabbitmq/rabbitmq-server/blob/main/COMMUNITY_SUPPORT.md)
 and those who hold a valid [commercial support license](https://tanzu.vmware.com/rabbitmq/oss).
@@ -124,10 +124,22 @@ and `amqp1_0.default_user` are unsupported in RabbitMQ 4.0.
 Instead, set the new RabbitMQ 4.0 settings `anonymous_login_user` and `anonymous_login_pass` (both values default to `guest`).
 For production scenarios, [disallow anonymous logins](https://www.rabbitmq.com/docs/next/production-checklist#anonymous-login).
 
+### TLS Client (LDAP, Shovels, Federation) Defaults
+
+Starting with Erlang 26, client side [TLS peer certificate chain verification](https://www.rabbitmq.com/docs/ssl#peer-verification) settings are enabled by default in most contexts:
+from federation links to shovels to TLS-enabled LDAP client connections.
+
+If using TLS peer certificate chain verification is not practical or necessary, it can be disabled.
+Please refer to the docs of the feature in question, for example,
+this one [on TLS-enabled LDAP client](http://rabbitmq.com/docs/ldap/#tls) connections,
+two others on [TLS-enabled dynamic shovels](https://www.rabbitmq.com/docs/shovel#tls) and [dynamic shovel URI query parameters](https://www.rabbitmq.com/docs/uri-query-parameters).
+
 ### Shovels
 
 RabbitMQ Shovels will be able connect to a RabbitMQ 4.0 node via AMQP 1.0 only when the Shovel runs on a RabbitMQ node >= `3.13.7`.
 
+TLS-enabled Shovels will be affected by the TLS client default changes in Erlang 26 (see above).
+
 
 ## Erlang/OTP Compatibility Notes
 
@@ -351,10 +363,10 @@ GitHub issues: [#8334](https://github.com/rabbitmq/rabbitmq-server/pull/8334), [
 ### Dependency Changes
 
  * Ra was [upgraded to `2.14.0`](https://github.com/rabbitmq/ra/releases)
- * Khepri was [upgraded to `0.15.0`](https://github.com/rabbitmq/khepri/releases)
+ * Khepri was [upgraded to `0.16.0`](https://github.com/rabbitmq/khepri/releases)
  * Cuttlefish was [upgraded to `3.4.0`](https://github.com/Kyorai/cuttlefish/releases)
 
 ## Source Code Archives
 
-To obtain source code of the entire distribution, please download the archive named `rabbitmq-server-4.0.0-rc.1.tar.xz`
+To obtain source code of the entire distribution, please download the archive named `rabbitmq-server-4.0.0-rc.2.tar.xz`
 instead of the source tarball produced by GitHub.