diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml
index 315a2eaeacb..c52fbdfebe9 100644
--- a/nixos/doc/manual/release-notes/rl-2009.xml
+++ b/nixos/doc/manual/release-notes/rl-2009.xml
@@ -61,6 +61,28 @@
This is to make it possible to use podman instead of docker.
+
+
+ MariaDB has been updated to 10.4, MariaDB Galera to 26.4.
+ Before you upgrade, it would be best to take a backup of your database.
+ For MariaDB Galera Cluster, see Upgrading
+ from MariaDB 10.3 to MariaDB 10.4 with Galera Cluster instead.
+ Before doing the upgrade read Incompatible
+ Changes Between 10.3 and 10.4.
+ After the upgrade you will need to run mysql_upgrade.
+ MariaDB 10.4 introduces a number of changes to the authentication process, intended to make things easier and more
+ intuitive. See Authentication from MariaDB 10.4.
+ unix_socket auth plugin does not use a password, and uses the connecting user's UID instead. When a new MariaDB data directory is initialized, two MariaDB users are
+ created and can be used with new unix_socket auth plugin, as well as traditional mysql_native_password plugin: root@localhost and mysql@localhost. To actually use
+ the traditional mysql_native_password plugin method, one must run the following:
+
+services.mysql.initialScript = pkgs.writeText "mariadb-init.sql" ''
+ ALTER USER root@localhost IDENTIFIED VIA mysql_native_password USING PASSWORD("verysecret");
+'';
+
+ When MariaDB data directory is just upgraded (not initialized), the users are not created or modified.
+
+