diff --git a/Changes b/Changes
index 7b2a0f38b..383b73f5c 100644
--- a/Changes
+++ b/Changes
@@ -1,5 +1,40 @@
 {{$NEXT}}
 
+6.025     2021-02-18 10:44:32+01:00 Europe/Berlin
+
+ - Added new command 'check-acl'
+   Usage: check-acl [-f file] code/router acl ['ip1 ip2 tcp|udp port']...
+   This command checks if given packets would be permitted or denied
+   by specified ACL.
+   ACL is read from code file that was generated by Netspoc for given router.
+   Packet descriptions are given on command line or read from file.
+   Each packet description is written to STDOUT,
+   prefixed with "permit" or "deny".
+ - Added check for rules with identical service body.
+   Two services have identical body, if rule definitions are equal
+   and lists of users could be combined into a single list.
+   This check is enabled with option
+        '--check_identical_services=0|warn|err'.
+   Default is off.
+   Printing of warn messages is controlled with attribute 'identical_body'.
+   A)
+   Warning for two identical services s1, s2 can be suppressed by
+   adding attribute 'identical_body = service:s2' to service:s1
+   or 'identical_body = service:s1' to service:s2.
+   B)
+   Attribute 'identical_body = enable|restrict|ok;'
+   at area, zone or network controls printing of warn messages.
+   The attribute is inherited to all objects contained in
+   given area, zone or network.
+   - If at least one object used in rule definitions of identical services
+     has attribute 'identical_body = restrict',
+     identical body is forbidden and warning can't be disabled.
+   - If all objects have attribute 'identical_body =ok',
+     identical body is allowed and no warning is shown.
+   - Otherwise a warning is shown that can be suppressed.
+ - Changed output of command 'export-netspoc'
+   IP of any:... is now written as 0.0.0.0/0.0.0.0 and not as 0.0.0.0
+
 6.024     2021-02-02 15:10:10+01:00 Europe/Berlin
 
  - Support new radius attribute "group-lock".