diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2843ba5deba..531aa92ef92 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@
 **Table of Contents**  *generated with [DocToc](https://github.com/thlorenz/doctoc)*
 
 - [Change Log](#change-log)
+  - [v1.0.0-rc.1+oryOS.9 (2018-11-21)](#v100-rc1oryos9-2018-11-21)
   - [v1.0.0-beta.9 (2018-09-01)](#v100-beta9-2018-09-01)
   - [v1.0.0-beta.8 (2018-08-10)](#v100-beta8-2018-08-10)
   - [v1.0.0-beta.7 (2018-07-16)](#v100-beta7-2018-07-16)
@@ -135,6 +136,166 @@
 
 # Change Log
 
+## [v1.0.0-rc.1+oryOS.9](https://github.com/ory/hydra/tree/v1.0.0-rc.1+oryOS.9) (2018-11-21)
+[Full Changelog](https://github.com/ory/hydra/compare/v1.0.0-beta.9...v1.0.0-rc.1+oryOS.9)
+
+**Implemented enhancements:**
+
+- cmd: `token user` should be able to set up ssl [\#1147](https://github.com/ory/hydra/issues/1147)
+- client: Deleting a client should delete all associated data too [\#1131](https://github.com/ory/hydra/issues/1131)
+- Use `-mod=vendor` when building binaries / docker [\#1112](https://github.com/ory/hydra/issues/1112)
+- Switch to go mod [\#1074](https://github.com/ory/hydra/issues/1074)
+- CORS\_ALLOWED\_ORIGINS doesn't respect wildcards [\#1073](https://github.com/ory/hydra/issues/1073)
+- consent: Add authorize code URL to consent and login response payloads [\#1046](https://github.com/ory/hydra/issues/1046)
+- \[Feature Request\] Update consent tests to match oauth2/client tests [\#1043](https://github.com/ory/hydra/issues/1043)
+- cmd/server: Export useful bootstrap function [\#973](https://github.com/ory/hydra/issues/973)
+- sdk: C\# language SDK [\#958](https://github.com/ory/hydra/issues/958)
+- Opentracing tracing integration [\#931](https://github.com/ory/hydra/issues/931)
+- consent: Add ability to specify Access Token Audience [\#883](https://github.com/ory/hydra/issues/883)
+- Prepare v1.0.0-rc.1 release [\#1175](https://github.com/ory/hydra/pull/1175) ([aeneasr](https://github.com/aeneasr))
+- vendor: Update fosite to 0.27.3 [\#1164](https://github.com/ory/hydra/pull/1164) ([aeneasr](https://github.com/aeneasr))
+- sdk: Document userinfo as GET instead of POST [\#1161](https://github.com/ory/hydra/pull/1161) ([aeneasr](https://github.com/aeneasr))
+- oauth2: Add audience and improve refresh flow [\#1156](https://github.com/ory/hydra/pull/1156) ([aeneasr](https://github.com/aeneasr))
+- cmd: Improve issuer error message [\#1152](https://github.com/ory/hydra/pull/1152) ([aeneasr](https://github.com/aeneasr))
+- oauth2: Add OAuth2 audience claim and improve migrations [\#1145](https://github.com/ory/hydra/pull/1145) ([aeneasr](https://github.com/aeneasr))
+- Switch to go modules [\#1077](https://github.com/ory/hydra/pull/1077) ([aeneasr](https://github.com/aeneasr))
+- cmd: Fix flaky port finder [\#1076](https://github.com/ory/hydra/pull/1076) ([aeneasr](https://github.com/aeneasr))
+- rand: Fix flaky random test [\#1075](https://github.com/ory/hydra/pull/1075) ([aeneasr](https://github.com/aeneasr))
+
+**Fixed bugs:**
+
+- tracing: sql args are added as tags when they should be omitted [\#1181](https://github.com/ory/hydra/issues/1181)
+- consent: Require proof of authentication before ending user session [\#1154](https://github.com/ory/hydra/issues/1154)
+- oauth2: Audience is potentially not being refreshed [\#1153](https://github.com/ory/hydra/issues/1153)
+- Hydra shut down after a race condition [\#1141](https://github.com/ory/hydra/issues/1141)
+- oauth2: Tables oidc, code, openid, refresh are missing indices [\#1140](https://github.com/ory/hydra/issues/1140)
+- consent: SQL field `subject\_obfuscated` does not have an index [\#1138](https://github.com/ory/hydra/issues/1138)
+- Setting up a fresh hydra installation results in panic [\#1137](https://github.com/ory/hydra/issues/1137)
+- Copy-paste error in manager\_0\_sql\_migrations\_test.go [\#1135](https://github.com/ory/hydra/issues/1135)
+- cmd: Error message regarding IssuerURL should contain environment variable name [\#1133](https://github.com/ory/hydra/issues/1133)
+- client: Deleting a client should delete all associated data too [\#1131](https://github.com/ory/hydra/issues/1131)
+- CORS\\_ALLOWED\\_ORIGINS doesn't respect wildcards [\#1073](https://github.com/ory/hydra/issues/1073)
+- OpenID configuration endpoint returns wrong registration endpoint [\#1072](https://github.com/ory/hydra/issues/1072)
+- OAuth2 Token Revoke call results in 404 Not Found [\#1070](https://github.com/ory/hydra/issues/1070)
+- Missing database indices [\#1067](https://github.com/ory/hydra/issues/1067)
+- Use PKCE with hybrid flow [\#1060](https://github.com/ory/hydra/issues/1060)
+- cmd: Consent timeout is currently hardcoded but environment variable exists [\#1057](https://github.com/ory/hydra/issues/1057)
+- ACR claim not being set on id token when requested by login accept request [\#1032](https://github.com/ory/hydra/issues/1032)
+- List all consent sessions returns 404 [\#1031](https://github.com/ory/hydra/issues/1031)
+- Introspect endpoint reports expiration time for refresh tokens [\#1025](https://github.com/ory/hydra/issues/1025)
+- sql: Resolve index/fk regression issues [\#1178](https://github.com/ory/hydra/pull/1178) ([aeneasr](https://github.com/aeneasr))
+- Prepare v1.0.0-rc.1 release [\#1175](https://github.com/ory/hydra/pull/1175) ([aeneasr](https://github.com/aeneasr))
+- consent: Ignore row count in revoke [\#1173](https://github.com/ory/hydra/pull/1173) ([aeneasr](https://github.com/aeneasr))
+- vendor: Upgrade to fosite 0.27.4 [\#1171](https://github.com/ory/hydra/pull/1171) ([aeneasr](https://github.com/aeneasr))
+- vendor: Update fosite to 0.27.3 [\#1164](https://github.com/ory/hydra/pull/1164) ([aeneasr](https://github.com/aeneasr))
+- consent: Properly propagate acr value [\#1160](https://github.com/ory/hydra/pull/1160) ([aeneasr](https://github.com/aeneasr))
+- cmd: Resolve broken wildcard cors [\#1159](https://github.com/ory/hydra/pull/1159) ([aeneasr](https://github.com/aeneasr))
+- cmd: Resolve panic in migration handler [\#1151](https://github.com/ory/hydra/pull/1151) ([aeneasr](https://github.com/aeneasr))
+- consent: Only fetch latest consent state  [\#1124](https://github.com/ory/hydra/pull/1124) ([aeneasr](https://github.com/aeneasr))
+- server: Instantiate PKCE after oidc [\#1123](https://github.com/ory/hydra/pull/1123) ([aeneasr](https://github.com/aeneasr))
+- cli: Improve migrate error messages  [\#1080](https://github.com/ory/hydra/pull/1080) ([aeneasr](https://github.com/aeneasr))
+- cmd: Fix flaky port finder [\#1076](https://github.com/ory/hydra/pull/1076) ([aeneasr](https://github.com/aeneasr))
+
+**Closed issues:**
+
+- Resolve regression issues related to foreign keys [\#1177](https://github.com/ory/hydra/issues/1177)
+- DELETE `/oauth2/auth/sessions/login/{user}` returns 404 [\#1168](https://github.com/ory/hydra/issues/1168)
+- How to authenticate with POST /clients endpoint [\#1148](https://github.com/ory/hydra/issues/1148)
+- Implementation of user idel time sout  [\#1146](https://github.com/ory/hydra/issues/1146)
+- Move SQL migrations to files and improve test pipeline [\#1144](https://github.com/ory/hydra/issues/1144)
+- cmd: Show error hint in oauth2 error view [\#1143](https://github.com/ory/hydra/issues/1143)
+- Login time deteriorates over time [\#1119](https://github.com/ory/hydra/issues/1119)
+- why hydra-login-consent-go didn't work, is there will have login provider and consent provider with golang? [\#1117](https://github.com/ory/hydra/issues/1117)
+- Intro Blog source code is unreadable [\#1111](https://github.com/ory/hydra/issues/1111)
+- consent: ignores extra claims for id and access token [\#1106](https://github.com/ory/hydra/issues/1106)
+- Invalid\_request while generate the Access token in own OAuth 2.0 server [\#1104](https://github.com/ory/hydra/issues/1104)
+- Invalid\_request while generate the Access token in own OAuth 2.0 server [\#1103](https://github.com/ory/hydra/issues/1103)
+- Document query parameters for /oauth2/auth [\#1100](https://github.com/ory/hydra/issues/1100)
+- PHP SDK is not PSR-4 compliant [\#1099](https://github.com/ory/hydra/issues/1099)
+- CHALLENGE\_TOKEN\_LIFESPAN unused [\#1097](https://github.com/ory/hydra/issues/1097)
+- Improve follow-up on numerous ORY repos [\#1093](https://github.com/ory/hydra/issues/1093)
+- Run your own OAuth 2.0 Server : " Client authentication failed "  [\#1091](https://github.com/ory/hydra/issues/1091)
+- govet cmd/tooken\_user.go: the cancel function returned by context.WithTimeout should be called [\#1090](https://github.com/ory/hydra/issues/1090)
+- Enhancement: specify lifespan for refresh\_token [\#1088](https://github.com/ory/hydra/issues/1088)
+- Add at\_hash claim to id\_token in code flow. [\#1085](https://github.com/ory/hydra/issues/1085)
+- Disable https://api.segment.io POST request [\#1083](https://github.com/ory/hydra/issues/1083)
+- Move internal dependencies to ory/x [\#1081](https://github.com/ory/hydra/issues/1081)
+- Support Kubernetes Secrets [\#1079](https://github.com/ory/hydra/issues/1079)
+- Silent token refresh fails with "The Authorization Server requires End-User consent" [\#1068](https://github.com/ory/hydra/issues/1068)
+- Invalid login\_challenge [\#1065](https://github.com/ory/hydra/issues/1065)
+- Problem with import path for go-resty and go1.11 modules [\#1063](https://github.com/ory/hydra/issues/1063)
+- sql: Add auto-increment PKs [\#1059](https://github.com/ory/hydra/issues/1059)
+- Feature: admin endpoint for deleting expired tokens [\#1058](https://github.com/ory/hydra/issues/1058)
+- consent: Send error response if consent or login challenge is expired or invalid [\#1056](https://github.com/ory/hydra/issues/1056)
+- consent: Add original request URL to login and consent request payloads [\#1055](https://github.com/ory/hydra/issues/1055)
+- Fix flaky random-port generator [\#1054](https://github.com/ory/hydra/issues/1054)
+- Fix flaky pseudo-random test [\#1053](https://github.com/ory/hydra/issues/1053)
+- API doc: GET /userinfo works but not documented [\#1049](https://github.com/ory/hydra/issues/1049)
+- go SDK userInfo response does not support extra claims [\#1048](https://github.com/ory/hydra/issues/1048)
+- Issuer url is allways fallowed by / even when defined without [\#1041](https://github.com/ory/hydra/issues/1041)
+- missing end\_session\_endpoint from .well-known doc [\#1040](https://github.com/ory/hydra/issues/1040)
+- oryd/hydra:v1.0.0-beta.9 clients api return 404 [\#1036](https://github.com/ory/hydra/issues/1036)
+- DELETE login/{user} and  DELETE consent/{user} can not redirect to Login page [\#1035](https://github.com/ory/hydra/issues/1035)
+- remember in  requests/login/{challenge}/accept api cause get same subject always [\#1034](https://github.com/ory/hydra/issues/1034)
+- Out of Band OAuth2 Authorization [\#1033](https://github.com/ory/hydra/issues/1033)
+- \[Cleanup\] CORS Settings [\#1028](https://github.com/ory/hydra/issues/1028)
+- Key rotation leads to "Could not fetch private signing key for OpenID Connect" [\#1026](https://github.com/ory/hydra/issues/1026)
+
+**Merged pull requests:**
+
+- More e2e tests [\#1184](https://github.com/ory/hydra/pull/1184) ([aeneasr](https://github.com/aeneasr))
+- fix migrate sql command  at upgrading guide [\#1183](https://github.com/ory/hydra/pull/1183) ([sawadashota](https://github.com/sawadashota))
+- rc.1 release preparations [\#1182](https://github.com/ory/hydra/pull/1182) ([aeneasr](https://github.com/aeneasr))
+- e2e: Improve e2e test pipeline [\#1180](https://github.com/ory/hydra/pull/1180) ([aeneasr](https://github.com/aeneasr))
+- docs: Auto-generate appendix [\#1174](https://github.com/ory/hydra/pull/1174) ([aeneasr](https://github.com/aeneasr))
+- vendor: Upgrade to fosite 0.28.0 [\#1172](https://github.com/ory/hydra/pull/1172) ([aeneasr](https://github.com/aeneasr))
+- ci: Generate benchmarks in docus format [\#1170](https://github.com/ory/hydra/pull/1170) ([aeneasr](https://github.com/aeneasr))
+- ci: Update release pipeline for new versioning [\#1169](https://github.com/ory/hydra/pull/1169) ([aeneasr](https://github.com/aeneasr))
+- oauth2: Make client registration endpoint configurable [\#1167](https://github.com/ory/hydra/pull/1167) ([aeneasr](https://github.com/aeneasr))
+- sdk: Update swagger endpoint definition [\#1166](https://github.com/ory/hydra/pull/1166) ([aeneasr](https://github.com/aeneasr))
+- sql: Add missing indices [\#1157](https://github.com/ory/hydra/pull/1157) ([aeneasr](https://github.com/aeneasr))
+- cmd: Add ability to specify consent and login lifespan [\#1155](https://github.com/ory/hydra/pull/1155) ([aeneasr](https://github.com/aeneasr))
+- cmd: Add https option to token user command [\#1150](https://github.com/ory/hydra/pull/1150) ([aeneasr](https://github.com/aeneasr))
+- cmd: Improve token user error handling [\#1149](https://github.com/ory/hydra/pull/1149) ([aeneasr](https://github.com/aeneasr))
+- Minor bug fix in JWK sql migrations test case [\#1136](https://github.com/ory/hydra/pull/1136) ([jacor84](https://github.com/jacor84))
+- tracing: remove bad tracing config from docker-compose.yml [\#1132](https://github.com/ory/hydra/pull/1132) ([aaslamin](https://github.com/aaslamin))
+- cmd: Resolve issues with secret migration [\#1129](https://github.com/ory/hydra/pull/1129) ([aeneasr](https://github.com/aeneasr))
+- health: Register healthx.AliveCheckPath route for frontend [\#1128](https://github.com/ory/hydra/pull/1128) ([jayme-github](https://github.com/jayme-github))
+- consent: Set fetch order to descending [\#1126](https://github.com/ory/hydra/pull/1126) ([aeneasr](https://github.com/aeneasr))
+- cors: add options cors middleware handler [\#1125](https://github.com/ory/hydra/pull/1125) ([JiaLiPassion](https://github.com/JiaLiPassion))
+- ci: Check vet and fix vet errors [\#1122](https://github.com/ory/hydra/pull/1122) ([aeneasr](https://github.com/aeneasr))
+- jwks: cors for wellknown endpoints [\#1118](https://github.com/ory/hydra/pull/1118) ([JiaLiPassion](https://github.com/JiaLiPassion))
+- oauth2: wellknown should use corsMiddleware [\#1116](https://github.com/ory/hydra/pull/1116) ([JiaLiPassion](https://github.com/JiaLiPassion))
+- tracing: add support for tracing db interactions [\#1115](https://github.com/ory/hydra/pull/1115) ([aaslamin](https://github.com/aaslamin))
+- build: Improve build pipeline [\#1114](https://github.com/ory/hydra/pull/1114) ([aeneasr](https://github.com/aeneasr))
+- e2e: Check for access/id token claims [\#1113](https://github.com/ory/hydra/pull/1113) ([aeneasr](https://github.com/aeneasr))
+- sdk/js: Declare opencollective as devdep [\#1109](https://github.com/ory/hydra/pull/1109) ([aeneasr](https://github.com/aeneasr))
+- Fix missing LoginChallenge and LoginSessionID from GetConsentRequest [\#1105](https://github.com/ory/hydra/pull/1105) ([jcxplorer](https://github.com/jcxplorer))
+- Update README - Benchmarks section [\#1102](https://github.com/ory/hydra/pull/1102) ([kishaningithub](https://github.com/kishaningithub))
+- docs: Updates issue and pull request templates [\#1101](https://github.com/ory/hydra/pull/1101) ([aeneasr](https://github.com/aeneasr))
+- Add error response if consent or login challenge is expired [\#1098](https://github.com/ory/hydra/pull/1098) ([k-lepa](https://github.com/k-lepa))
+- docs: Updates issue and pull request templates [\#1096](https://github.com/ory/hydra/pull/1096) ([aeneasr](https://github.com/aeneasr))
+- Move dependencies to ory/x [\#1095](https://github.com/ory/hydra/pull/1095) ([aeneasr](https://github.com/aeneasr))
+- docs: Updates issue and pull request templates [\#1094](https://github.com/ory/hydra/pull/1094) ([aeneasr](https://github.com/aeneasr))
+- Add schema changes introduced to UPGRADE.md [\#1082](https://github.com/ory/hydra/pull/1082) ([aaslamin](https://github.com/aaslamin))
+- sql: Add auto-increment PKs [\#1078](https://github.com/ory/hydra/pull/1078) ([aeneasr](https://github.com/aeneasr))
+- tracing: use context aware database methods [\#1071](https://github.com/ory/hydra/pull/1071) ([aaslamin](https://github.com/aaslamin))
+- Add missing indices to resolve \#1067 [\#1069](https://github.com/ory/hydra/pull/1069) ([aaslamin](https://github.com/aaslamin))
+- change go-resty import path for gopkg.in/resty.v1 [\#1064](https://github.com/ory/hydra/pull/1064) ([pierredavidbelanger](https://github.com/pierredavidbelanger))
+- fosite: bump to version 0.24.0 with associated code changes [\#1062](https://github.com/ory/hydra/pull/1062) ([someone1](https://github.com/someone1))
+- Bump fosite version to 0.23.0 + New tracing instrumented Hasher [\#1052](https://github.com/ory/hydra/pull/1052) ([aaslamin](https://github.com/aaslamin))
+- consent: migrate to test helpers \[closes \#1043\] [\#1051](https://github.com/ory/hydra/pull/1051) ([someone1](https://github.com/someone1))
+- Fix swagger [\#1045](https://github.com/ory/hydra/pull/1045) ([pierredavidbelanger](https://github.com/pierredavidbelanger))
+- client: fix test to pass non-nil context [\#1044](https://github.com/ory/hydra/pull/1044) ([someone1](https://github.com/someone1))
+- Bump fosite version and integrate breaking changes [\#1042](https://github.com/ory/hydra/pull/1042) ([aaslamin](https://github.com/aaslamin))
+- two littles things that bugs me when I compile or run tests [\#1039](https://github.com/ory/hydra/pull/1039) ([pierredavidbelanger](https://github.com/pierredavidbelanger))
+- cmd: Do not echo secrets if explicitly set [\#1038](https://github.com/ory/hydra/pull/1038) ([aeneasr](https://github.com/aeneasr))
+- propagate context through to the sql store [\#1030](https://github.com/ory/hydra/pull/1030) ([aaslamin](https://github.com/aaslamin))
+- consent: Add SessionsPath const [\#1027](https://github.com/ory/hydra/pull/1027) ([someone1](https://github.com/someone1))
+- Use latest version of sqlcon [\#1024](https://github.com/ory/hydra/pull/1024) ([davidjwilkins](https://github.com/davidjwilkins))
+- cmd/server: Export Handler bootstrap functions \(\#973\) [\#1023](https://github.com/ory/hydra/pull/1023) ([someone1](https://github.com/someone1))
+- Add support for distributed tracing [\#1019](https://github.com/ory/hydra/pull/1019) ([aaslamin](https://github.com/aaslamin))
+
 ## [v1.0.0-beta.9](https://github.com/ory/hydra/tree/v1.0.0-beta.9) (2018-09-01)
 [Full Changelog](https://github.com/ory/hydra/compare/v1.0.0-beta.8...v1.0.0-beta.9)
 
@@ -144,7 +305,6 @@
 - consent: Share session state between login and consent [\#1003](https://github.com/ory/hydra/issues/1003)
 - cmd: Print version when booting up [\#987](https://github.com/ory/hydra/issues/987)
 - client: client specific CORS settings [\#957](https://github.com/ory/hydra/issues/957)
-- oauth2: Consider implementing OIDC Session Management [\#834](https://github.com/ory/hydra/issues/834)
 - cmd: Add cli helper for importing and exporting environments \(clients, policies, keys\) [\#699](https://github.com/ory/hydra/issues/699)
 - sql: jsonb support for postgres [\#516](https://github.com/ory/hydra/issues/516)
 - client: filter oauth2 clients by field through REST API [\#505](https://github.com/ory/hydra/issues/505)