diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index fe0493890b..96015bcca8 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -5,6 +5,7 @@ Changelog
 ~~~~~~~~~~~~~~~~
 
  * New page privacy options (Shawn Makinson, Tom Miller, Luca Perico, Matt Westcott)
+ * New 'bulk delete' permission type for deleting pages with children (Matt Westcott)
  * Added support of a custom `edit_handler` in site settings (Axel Haustant)
  * Added `get_landing_page_template` getter method to `AbstractForm` (Gagaro)
  * Added `Page.get_admin_display_title` method to override how the title is displayed in the admin (Henk-Jan van Hasselaar)
@@ -21,6 +22,7 @@ Changelog
  * Fix: `set_url_paths` management command is now compatible with Django 1.10 (Benjamin Bach)
  * Fix: Form builder email notifications now output multiple values correctly (Sævar Öfjörð Magnússon)
  * Fix: Closing 'more' dropdown on explorer no longer jumps to the top of the page (Ducky)
+ * Fix: Users with only publish permission are no longer given implicit permission to delete pages (Matt Westcott)
 
 
 1.7 (20.10.2016)
diff --git a/docs/releases/1.8.rst b/docs/releases/1.8.rst
index 34c1728901..1dea29f049 100644
--- a/docs/releases/1.8.rst
+++ b/docs/releases/1.8.rst
@@ -19,6 +19,16 @@ Previously users with publishing permissions were able to restrict access to a p
 See: :ref:`private_pages`
 
 
+Restrictions on bulk-deletion of pages
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Previously, any user with edit permission over a page and its descendants was able to delete them all as a single action, which led to the risk of accidental deletions. To guard against this, the permission rules have been revised so that a user with basic permissions can only delete pages that have no children; in order to delete a whole subtree, they must individually delete each child page first. A new "bulk delete" permission type has been added which allows a user to delete pages with children, as before; superusers receive this permission implicitly, and so there is no change of behaviour for them.
+
+See: :ref:`permissions`
+
+This feature was developed by Matt Westcott.
+
+
 Minor features
 ~~~~~~~~~~~~~~
 
@@ -43,6 +53,7 @@ Bug fixes
  * ``set_url_paths`` management command is now compatible with Django 1.10 (Benjamin Bach)
  * Form builder email notifications now output multiple values correctly (Sævar Öfjörð Magnússon)
  * Closing 'more' dropdown on explorer no longer jumps to the top of the page (Ducky)
+ * Users with only publish permission are no longer given implicit permission to delete pages (Matt Westcott)
 
 Upgrade considerations
 ======================
diff --git a/docs/topics/permissions.rst b/docs/topics/permissions.rst
index 8d0dd39d4a..0ad709d53a 100644
--- a/docs/topics/permissions.rst
+++ b/docs/topics/permissions.rst
@@ -1,3 +1,5 @@
+.. _permissions:
+
 ===========
 Permissions
 ===========