1 files changed, 37 insertions, 0 deletions

diff --git a/doc/release-notes/upgrading-from-3.7.2-or-older.md b/doc/release-notes/upgrading-from-3.7.2-or-older.md
new file mode 100644
index 00000000000..f4f41568455
--- /dev/null
+++ b/doc/release-notes/upgrading-from-3.7.2-or-older.md
@@ -0,0 +1,37 @@
+A new feature in 3.7.3 is causing troubles during upgrades from previous versions of GlusterFS to 3.7.3.
+The details of the feature, issue and work around are below.
+
+## Feature
+In GlusterFS-3.7.3, insecure-ports have been enabled by default. This
+means that by default, servers accept connections from insecure ports,
+clients use insecure ports to connect to servers. This change
+particularly benefits usage of libgfapi, for example when it is used
+in qemu run by a normal user.
+
+## Issue
+This has caused troubles when upgrading from previous versions to
+3.7.3 in rolling upgrades and when attempting to use 3.7.3 clients
+with older servers. The 3.7.3 clients establish connections using
+insecure ports by default. But the older servers still expect
+connections to come from secure-ports (if this setting has not been
+changed). This causes servers to reject connections from 3.7.3, and
+leads to broken clusters during upgrade and rejected clients.
+
+## Workaround
+There are two possible workarounds.
+Before upgrading,
+
+1. Set 'client.bind-insecure off' on all volumes.
+This forces 3.7.3 clients to use secure ports to connect to the servers.
+This does not affect older clients as this setting is the default for them.
+
+2. Set 'server.allow-insecure on' on all volumes.
+This enables servers to accept connections from insecure ports.
+The new clients can successfully connect to the servers with this set.
+
+
+If anyone faces any problems with these workarounds, please let us know via email[1][1] or in IRC[2][2].
+
+
+[1]: gluster-devel at gluster dot org / gluster-users at gluster dot org
+[2]: #gluster / #gluster-dev @ freenode