From ae949bb428e50cf04152db56460f31c1e6d3a2a9 Mon Sep 17 00:00:00 2001
From: Delta Regeer <bertjw@regeer.org>
Date: Mon, 28 Oct 2024 18:10:04 -0600
Subject: [PATCH] Ready for 3.0.1

---
 CHANGES.txt | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/CHANGES.txt b/CHANGES.txt
index 5e29c126..1a423214 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,10 +1,14 @@
-3.0.1 (unreleased)
+3.0.1 (2024-11-28)
 ------------------
 
+Security
+~~~~~~~~
+
 - Fix a bug that would lead to Waitress busy looping on select() on a half-open
   socket due to a race condition that existed when creating a new HTTPChannel.
-  See https://github.com/Pylons/waitress/pull/435 and
-  https://github.com/Pylons/waitress/issues/418
+  See https://github.com/Pylons/waitress/pull/435,
+  https://github.com/Pylons/waitress/issues/418 and
+  https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6
 
   With thanks to Dylan Jay and Dieter Maurer for their extensive debugging and
   helping track this down.
@@ -13,6 +17,11 @@
   See https://github.com/Pylons/waitress/pull/434 and
   https://github.com/Pylons/waitress/issues/432
 
+- Fix a race condition in Waitress when `channel_request_lookahead` is enabled
+  that could lead to HTTP request smuggling.
+
+  See https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj
+
 3.0.0 (2024-02-04)
 ------------------