2 files changed, 5 insertions, 0 deletions

diff --git a/docs/topics/credits.md b/docs/topics/credits.md
index 49050196..b033ecba 100644
--- a/docs/topics/credits.md
+++ b/docs/topics/credits.md
@@ -94,6 +94,7 @@ The following people have helped make REST framework great.
 * Steve Gregory - [steve-gregory]
 * Federico Capoano - [nemesisdesign]
 * Bruno Renié - [brutasse]
+* Kevin Stone - [kevinastone]
 
 Many thanks to everyone who's contributed to the project.
 
@@ -223,3 +224,4 @@ You can also contact [@_tomchristie][twitter] directly on twitter.
 [steve-gregory]: https://github.com/steve-gregory
 [nemesisdesign]: https://github.com/nemesisdesign
 [brutasse]: https://github.com/brutasse
+[kevinastone]: https://github.com/kevinastone
diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md
index 54c249bb..4bd73e78 100644
--- a/docs/topics/release-notes.md
+++ b/docs/topics/release-notes.md
@@ -18,12 +18,15 @@ Major version numbers (x.0.0) are reserved for project milestones.  No major poi
 
 ### Master
 
+* Support proper 401 Unauthorized responses where appropriate, instead of always using 403 Forbidden.
 * Support json encoding of timedelta objects.
 * `format_suffix_patterns()` now supports `include` style URL patterns. 
 * Bugfix: Return proper validation errors when incorrect types supplied for relational fields.
 * Bugfix: Support nullable FKs with `SlugRelatedField`.
 * Bugfix: Don't call custom validation methods if the field has an error.
 
+**Note**: If the primary authentication class is `TokenAuthentication` or `BasicAuthentication`, a view will now correctly return 401 responses to unauthenticated access, with an appropriate `WWW-Authenticate` header, instead of 403 responses.
+
 ### 2.1.16
 
 **Date**: 14th Jan 2013