diff --git a/Netdisco/lib/App/Netdisco/Manual/Configuration.pod b/Netdisco/lib/App/Netdisco/Manual/Configuration.pod
index 6122babd..58a52b56 100644
--- a/Netdisco/lib/App/Netdisco/Manual/Configuration.pod
+++ b/Netdisco/lib/App/Netdisco/Manual/Configuration.pod
@@ -646,10 +646,6 @@ C<portctl_timeout>
 
 =item *
 
-C<portcontrol>
-
-=item *
-
 C<snmpforce_v1>
 
 =item *
diff --git a/Netdisco/lib/App/Netdisco/Manual/ReleaseNotes.pod b/Netdisco/lib/App/Netdisco/Manual/ReleaseNotes.pod
index 6a557738..94192346 100644
--- a/Netdisco/lib/App/Netdisco/Manual/ReleaseNotes.pod
+++ b/Netdisco/lib/App/Netdisco/Manual/ReleaseNotes.pod
@@ -19,7 +19,22 @@ You can now configure LDAP authentication for users.
 =head2 Security Notices
 
 The read-write SNMP community is now stored in the database, when used for the
-first time on a device.
+first time on a device. If you don't want the web frontend to be able to
+access this, you need to:
+
+=over 4
+
+=item *
+
+Have separate C<deployment.yml> files for web frontend and daemon, such that
+only the daemon config contains any community strings.
+
+=item *
+
+Use separate Postgres users for web frontend and daemon, such that the web
+frontend user cannot SELECT from the C<community> DB table.
+
+=back
 
 =head1 2.011000