diff --git a/Changelog.md b/Changelog.md
index 90329ca..0ac9017 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -1,5 +1,13 @@
 # Changes to rhel9CIS
 
+## 0.4
+
+- RockyLinux now supported
+- workflow updates
+- selinux regexp improvements
+- warning summary now at end of play
+- advanced auditd options to exclude users in POST section
+
 ## 0.3
 
 - update to auditd template
diff --git a/defaults/main.yml b/defaults/main.yml
index 870f070..c605f92 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -505,6 +505,9 @@ rhel9cis_max_log_file_size: 10
 ### 4.1.3.x audit template
 update_audit_template: false
 
+## Advanced option found in auditd post
+allow_auditd_uid_user_exclusions: false
+
 ## Preferred method of logging
 ## Whether rsyslog or journald preferred method for local logging
 ## Affects rsyslog cis 4.2.1.3 and journald cis 4.2.2.5