Author:     Noah Misch <noah@leadboat.com>
Commit:     Noah Misch <noah@leadboat.com>

    

diff --git a/doc/src/sgml/release-15.sgml b/doc/src/sgml/release-15.sgml
index 179ad37..3ed986c 100644
--- a/doc/src/sgml/release-15.sgml
+++ b/doc/src/sgml/release-15.sgml
@@ -58,16 +58,17 @@ Author: Noah Misch <noah@leadboat.com>
      </para>
 
      <para>
-      This is a change in the default for newly-created databases in
-      existing clusters and for new clusters;  <literal>USAGE</literal>
-      permissions on the <literal>public</literal> schema has not
-      been changed.  Databases restored from previous Postgres releases
-      will be restored with their current permissions.  Users wishing
-      to have the former permissions will need to grant
-      <literal>CREATE</literal> permission for <literal>PUBLIC</literal>
-      on the <literal>public</literal> schema; this change can be made
-      on <literal>template1</literal> to cause all new databases
-      to have these permissions.
+      The new default is one of the secure schema usage patterns that
+      <xref linkend="ddl-schemas-patterns"/> has recommended since the
+      security release for CVE-2018-1058.  Upgrading a cluster or restoring a
+      database dump will preserve existing permissions.  This is a change in
+      the default for newly-created databases in existing clusters and for new
+      clusters.  For existing databases, especially those having multiple
+      users, consider issuing <literal>REVOKE</literal> to adopt this new
+      default.  For a new database having zero need to defend against insider
+      threats, granting back the privilege yields the behavior of prior
+      releases.  (<literal>USAGE</literal> permission on this schema has not
+      changed.)
      </para>
     </listitem>