diff --git a/sssd.changes b/sssd.changes
index 74e55c9..7c5f102 100644
--- a/sssd.changes
+++ b/sssd.changes
@@ -1,3 +1,34 @@
+-------------------------------------------------------------------
+Mon Oct  6 13:25:23 UTC 2014 - jengelh@inai.de
+
+- Update to new upstream release 1.12.1
+* The GPO access control was further enhanced to allow the access
+  control decisions while offline and map the Windows logon
+  rights onto Linux PAM services.
+* The SSSD now ships a plugin for the rpc.idmapd daemon,
+  sss_rpcidmapd(5).
+* A MIT Kerberos localauth plugin was added to SSSD. This plugin
+  helps translating principals to user names in IPA-AD trust
+  scenarios, allowing the krb5.conf configuration to be less
+  complex.
+* A libwbclient plugin implementation is now part of the SSSD.
+  The main purpose is to map Active Directory users and groups
+  identified by their SID to POSIX users and groups for the
+  file-server use-case.
+* Active Directory users ca nnow use their User Logon Name to log
+  in.
+* The sss_cache tool was enhanced to allow invalidating the SSH
+  host keys.
+* Groups without full POSIX information can now be used to enroll
+  group membership (CVE-2014-0249).
+* Detection of transition from offline to online state was
+  improved, resulting in fewer timeouts when SSSD is offline.
+* The Active Directory provider now correctly detects Windows
+  Server 2012 R2. Previous versions would fall back to the slower
+  non-AD path with 2012 R2.
+* Several other bugs related to deployments where SSSD is acting
+  as an AD client were fixed.
+
 -------------------------------------------------------------------
 Fri Aug 22 15:44:14 UTC 2014 - lchiquitto@suse.com