diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4a0d139ea9..27608dc33b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,8 +7,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 This changelog format was introduced in NAV 5.4.0. Older changelogs can be
 found in the [HISTORY](HISTORY) file.
 
-## [Unreleased]
-
+## [5.8.0] - 2023-11-24
 
 ### Added
 
diff --git a/NOTES.rst b/NOTES.rst
index a89c5ddcc5..e4d60b4584 100644
--- a/NOTES.rst
+++ b/NOTES.rst
@@ -68,6 +68,20 @@ device to device and vendor to vendor, so the available presets will simply be
 presented for selection in a dropdown menu if PoE support is detected on a
 device.
 
+REMOTE_USER autocreate option
+-----------------------------
+
+The external authentication integration system (popularly named
+``REMOTE_USER``) has gained a new toggle ``autocreate`` in the
+``[remote-user]`` section of :file:`webfront/webfront.conf`.  This option is
+``False`` by default, meaning that externally authenticated users will not be
+allowed to use NAV unless they have already been pre-created in the user admin
+panel.
+
+This changes the old behavior, in where any unknown user referenced in the
+``REMOTE_USER`` header by the web server is automatically created in NAV.  If
+you need the old functionality, you need to set this option to ``True``.
+
 
 NAV 5.7
 =======