Add latest changes from gitlab-org/gitlab@master

3 files changed, 28 insertions, 1 deletions

diff --git a/doc/administration/postgresql/pgbouncer.md b/doc/administration/postgresql/pgbouncer.md
index 25c4c940b97..5dd0aad7162 100644
--- a/doc/administration/postgresql/pgbouncer.md
+++ b/doc/administration/postgresql/pgbouncer.md
@@ -5,7 +5,11 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 type: reference
 ---
 
-# Working with the bundled PgBouncer service **(PREMIUM SELF)**
+# Working with the bundled PgBouncer service **(FREE SELF)**
+
+NOTE:
+PgBouncer is bundled in the `gitlab-ee` package, but is free to use.
+For support, you need a [Premium subscription](https://about.gitlab.com/pricing/).
 
 [PgBouncer](https://www.pgbouncer.org/) is used to seamlessly migrate database
 connections between servers in a failover scenario. Additionally, it can be used
diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md
index 2329649c25c..6857967e9bf 100644
--- a/doc/update/deprecations.md
+++ b/doc/update/deprecations.md
@@ -157,6 +157,27 @@ are deprecated and will be removed from the GraphQL API. For installation instru
 
 </div>
 
+<div class="deprecation removal-160 breaking-change">
+
+### HashiCorp Vault integration will no longer use CI_JOB_JWT by default
+
+Planned removal: GitLab <span class="removal-milestone">16.0</span> <span class="removal-date"></span>
+
+WARNING:
+This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+Review the details carefully before upgrading.
+
+As part of our effort to improve the security of your CI workflows using JWT and OIDC, the native HashiCorp integration is also being updated in GitLab 16.0. Any projects that use the [`secrets:vault`](https://docs.gitlab.com/ee/ci/yaml/#secretsvault) keyword to retrieve secrets from Vault will need to be [configured to use ID tokens](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#configure-automatic-id-token-authentication).
+
+To be prepared for this change, you should do the following before GitLab 16.0:
+
+- [Disable the use of JSON web tokens](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#enable-automatic-id-token-authentication) in the pipeline.
+- Ensure the bound audience is prefixed with `https://`.
+- Use the new [`id_tokens`](https://docs.gitlab.com/ee/ci/yaml/#id_tokens) keyword
+  and configure the `aud` claim.
+
+</div>
+
 <div class="deprecation removal-170 breaking-change">
 
 ### Load Performance Testing is deprecated
diff --git a/doc/user/admin_area/settings/scim_setup.md b/doc/user/admin_area/settings/scim_setup.md
index 2e3dc4b4cab..fd6e3061140 100644
--- a/doc/user/admin_area/settings/scim_setup.md
+++ b/doc/user/admin_area/settings/scim_setup.md
@@ -7,6 +7,8 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 # Configure SCIM for self-managed GitLab instances **(PREMIUM SELF)**
 
+> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/8902) in GitLab 15.8.
+
 You can use the open standard System for Cross-domain Identity Management (SCIM) to automatically:
 
 - Create users.