diff --git a/sssd.changes b/sssd.changes
index 35bf822..5432c56 100644
--- a/sssd.changes
+++ b/sssd.changes
@@ -1,3 +1,52 @@
+-------------------------------------------------------------------
+Wed Jun 20 08:38:53 UTC 2018 - varkoly@suse.com
+
+- Update to new minor upstream release 1.16.2
+New Features:
+  * The smart card authentication, or in more general certificate
+    authentication code now supports OpenSSL in addition to previously
+    supported NSS (#3489). In addition, the SSH responder can now
+    return public SSH keys derived from the public keys stored in a
+    X.509 certificate. Please refer to the ssh_use_certificate_keys
+    option in the man pages.
+  * The files provider now supports mirroring multiple passwd or
+    group files. This enhancement can be used to use the SSSD files
+    provider instead of the nss_altfiles module
+Bugfixes:
+  * A memory handling issue in the nss_ex interface was fixed. This
+    bug would manifest in IPA environments with a trusted AD domain
+    as a crash of the ns-slapd process, because a ns-slapd plugin
+    loads the nss_ex interface (#3715)
+  * Several fixes for the KCM deamon were merged (see #3687, #3671, #3633)
+  * The ad_site override is now honored in GPO code as well (#3646)
+  * Several potential crashes in the NSS responder’s netgroup code
+    were fixed (#3679, #3731)
+  * A potential crash in the autofs responder’s code was fixed (#3752)
+  * The LDAP provider now supports group renaming (#2653)
+  * The GPO access control code no longer returns an error if one
+    of the relevant GPO rules contained no SIDs at all (#3680)
+  * A memory leak in the IPA provider related to resolving external
+    AD groups was fixed (#3719)
+  * Setups that used multiple domains where one of the domains had
+    its ID space limited using the min_id/max_id options did not
+    resolve requests by ID properly (#3728)
+  * Overriding IDs or names did not work correctly when the domain
+    resolution order was set as well (#3595)
+  * A version mismatch between certain newer Samba versions (e.g.
+    those shipped in RHEL-7.5) and the Winbind interface provided
+    by SSSD was fixed. To further prevent issues like this in the
+    future, the correct interface is now detected at build time (#3741)
+  * The files provider no longer returns a qualified name in case
+    domain resolution order is used (#3743)
+  * A race condition between evaluating IPA group memberships and
+    AD group memberships in setups with IPA-AD trusts that would
+    have manifested as randomly losing IPA group memberships assigned
+    to an AD user was fixed (#3744)
+  * Setting an SELinux login label was broken in setups where the
+    domain resolution order was used (#3740)
+  * SSSD start up issue on systems that use the libldb library
+    with version 1.4.0 or newer was fixed.
+
 -------------------------------------------------------------------
 Fri Apr 27 14:43:58 UTC 2018 - ckowalczyk@suse.com