silverstripe · GuySartorelli · Oct 19, 2023 · Oct 19, 2023
diff --git a/en/04_Changelogs/5.2.0.md b/en/04_Changelogs/5.2.0.md
@@ -9,6 +9,7 @@ title: 5.2.0 (unreleased)
 - [Features and enhancements](#features-and-enhancements)
   - [New ORM features](#new-orm-features)
   - [ErrorPage allowed codes configuration](#errorpage-allowed-codes-configuration)
+  - [Create random passwords for new users](#create-random-passwords-for-new-users)
   - [Other new features](#other-new-features)
 - [API changes](#api-changes)
 - [Bug fixes](#bug-fixes)
@@ -87,6 +88,14 @@ SilverStripe\ErrorPage\ErrorPage:
     - 500
 ```
 
+### Create random passwords for new users
+
+If a new user is created in the security section of the CMS with an empty password, then a strong random password will now be automatically assigned to the user which will not be visible to the person creating the user. The user will need to click the "I've forgotten my password" link in order to receive a password reset email so they can then enter a new password.
+
+This is a behavioural change from the change introduced in Silverstripe CMS 5.1 where blank passwords were disallowed when creating a new user. This change in 5.1 meant the administrator setting up the user could know what the users password was until the user changed it. Prior to 5.1, blank passwords were allowed though users were unable to log in using them when the default Silverstripe member authenticator was used, thus forcing the user to reset their password.
+
+This only applies to users created through the security section of the CMS. Users created programatically with an empty password will not have a random password automatically assigned to them. This is the current behaviour and is often used for non-production purposes such as unit-testing.
+
 ### Other new features
 
 ## API changes