Release notes updates

References #10439

release-notes/3.13.0.md

@@ -172,14 +172,15 @@ connect to the same node, or inject a pause, or await a certain condition that i
 is in place.
 
 
-### TLS Defaults
+### TLS Client (LDAP, Shovels, Federation) Defaults
 
 Starting with Erlang 26, client side [TLS peer certificate chain verification](https://www.rabbitmq.com/docs/ssl#peer-verification) settings are enabled by default in most contexts:
 from federation links to shovels to TLS-enabled LDAP client connections.
 
 If using TLS peer certificate chain verification is not practical or necessary, it can be disabled.
 Please refer to the docs of the feature in question, for example,
-this one [on TLS-enabled LDAP client](http://rabbitmq.com/docs/ldap/#tls) connections.
+this one [on TLS-enabled LDAP client](http://rabbitmq.com/docs/ldap/#tls) connections,
+two others on [TLS-enabled dynamic shovels](https://www.rabbitmq.com/docs/shovel#tls) and [dynamic shovel URI query parameters](https://www.rabbitmq.com/docs/uri-query-parameters).
 
 
 ### Management Plugin and HTTP API

release-notes/4.0.0.md

@@ -1,6 +1,6 @@
-## RabbitMQ 4.0.0-rc.1
+## RabbitMQ 4.0.0-rc.2
 
-RabbitMQ `4.0.0-rc.1` is a candidate of a new major release.
+RabbitMQ `4.0.0-rc.2` is a candidate of a new major release.
 
 Starting June 1st, 2024, community support for this series will only be provided to [regularly contributing users](https://github.com/rabbitmq/rabbitmq-server/blob/main/COMMUNITY_SUPPORT.md)
 and those who hold a valid [commercial support license](https://tanzu.vmware.com/rabbitmq/oss).
@@ -124,10 +124,22 @@ and `amqp1_0.default_user` are unsupported in RabbitMQ 4.0.
 Instead, set the new RabbitMQ 4.0 settings `anonymous_login_user` and `anonymous_login_pass` (both values default to `guest`).
 For production scenarios, [disallow anonymous logins](https://www.rabbitmq.com/docs/next/production-checklist#anonymous-login).
 
+### TLS Client (LDAP, Shovels, Federation) Defaults
+
+Starting with Erlang 26, client side [TLS peer certificate chain verification](https://www.rabbitmq.com/docs/ssl#peer-verification) settings are enabled by default in most contexts:
+from federation links to shovels to TLS-enabled LDAP client connections.
+
+If using TLS peer certificate chain verification is not practical or necessary, it can be disabled.
+Please refer to the docs of the feature in question, for example,
+this one [on TLS-enabled LDAP client](http://rabbitmq.com/docs/ldap/#tls) connections,
+two others on [TLS-enabled dynamic shovels](https://www.rabbitmq.com/docs/shovel#tls) and [dynamic shovel URI query parameters](https://www.rabbitmq.com/docs/uri-query-parameters).
+
 ### Shovels
 
 RabbitMQ Shovels will be able connect to a RabbitMQ 4.0 node via AMQP 1.0 only when the Shovel runs on a RabbitMQ node >= `3.13.7`.
 
+TLS-enabled Shovels will be affected by the TLS client default changes in Erlang 26 (see above).
+
 
 ## Erlang/OTP Compatibility Notes
 
@@ -351,10 +363,10 @@ GitHub issues: [#8334](https://github.com/rabbitmq/rabbitmq-server/pull/8334), [
 ### Dependency Changes
 
  * Ra was [upgraded to `2.14.0`](https://github.com/rabbitmq/ra/releases)
- * Khepri was [upgraded to `0.15.0`](https://github.com/rabbitmq/khepri/releases)
+ * Khepri was [upgraded to `0.16.0`](https://github.com/rabbitmq/khepri/releases)
  * Cuttlefish was [upgraded to `3.4.0`](https://github.com/Kyorai/cuttlefish/releases)
 
 ## Source Code Archives
 
-To obtain source code of the entire distribution, please download the archive named `rabbitmq-server-4.0.0-rc.1.tar.xz`
+To obtain source code of the entire distribution, please download the archive named `rabbitmq-server-4.0.0-rc.2.tar.xz`
 instead of the source tarball produced by GitHub.