Release notes for secret consumers, microversions and CVE fix

Change-Id: Iaea5b454ad7a594eeac2b346fc2c713271c80a61

releasenotes/notes/fix-story-2010258-053ee02fe46b9984.yaml

@@ -0,0 +1,6 @@
+---
+security:
+  - |
+    Fixed Story #2010258:  Fixes a security vulnerability where the
+    contents of a request query string were mistakenly being used
+    in the RBAC policy engine.

releasenotes/notes/secret-consumers-microversions-changes-5aacdad5b7c776a3.yaml

@@ -0,0 +1,25 @@
+---
+prelude: >
+  This version adds support to the secret consumers and microversions
+  functionalities.  The detailed secret consumers specification can
+  be found on <https://specs.openstack.org/openstack/barbican-specs/specs/train/secret-consumers.html>.
+
+  Microversions allow clients to interact with Barbican server to gather
+  information on minimum and maximum versions supported by the server.
+  More information can be found on <https://docs.openstack.org/barbican/latest/api/microversions.html>.
+features:
+  - |
+    The secret consumers functionality allows other OpenStack projects,
+    such as Cinder and Glance, to name a few, to register consumers
+    of secrets.  This is useful when a project wants to make an end
+    user aware that it is using the secret.
+
+    Secret consumers do not block the secret to be deleted by the end
+    user though.  When an end user needs to delete a secret that has
+    consumers, it can simply do it.  However, deletion of secrets with
+    consumers must be forced using a corresponding parameter, either
+    in the client's CLI or in the client's API.
+
+    Microversions enable clients to do a server supported version
+    discovery, allowing old clients (not supporting the feature) to
+    interact with newer servers.