Update 2.13.6 release notes
Change-Id: I2fa4e030aa14520189a329b933785ac4af65b511
diff --git a/releases/2.13.md b/releases/2.13.md
index fb69ff0..8b208cb 100644
--- a/releases/2.13.md
+++ b/releases/2.13.md
@@ -467,7 +467,23 @@
LFS plugins can now provide an implementation of `git-lfs-authenticate`
which allows the Git LFS client to use the SSH protocol to either obtain
the LFS endpoint URL or authorize the following LFS upload/download
- operation
+ operation.
+
+* Allow Git LFS to authenticate via HTTP.
+
+ Git LFS requests include the authorization as HTTP Basic but
+ this was ignored and the user was treated as anonymous.
+
+* Don't require Add Patch Set permission for submit by rebase.
+
+ When the submit strategy was Rebase Always or Rebase If Necessary and
+ a rebase was needed for the submit, the submit failed if the user
+ didn't have the Add Patch Set permission. However for submitting a
+ change the Submit permission alone should be sufficient.
+
+ The behavior is now consistent with the Cherry-Pick submit strategy
+ which also doesn't require the Add Patch Set permission if a
+ cherry-pick is done on submit.
* Add a [passwd program](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13.6/pgm-passwd.html)
to set values in the `secure.config` file when a secure store implementation