3 files changed, 47 insertions, 22 deletions
diff --git a/debian/changelog b/debian/changelog
index 4d48990..9e3d2f3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+snuffleupagus (0.13.0) UNRELEASED; urgency=low
+  [ jvoisin ]
+  * Compatibility with PHP8.5
+  * Add the possibility to log to a file
+  * Improve .drop() logging reliability when set_error_handler is used
+  * Improve simulation mode for unserialize() when no HMAC key is provided
+  * Fix a possible arbitrary code execution on misconfigured upload_validation deployments
+ -- jvoisin <julien.voisin+snuffleupagus@dustri.org>  Wed, 07 Jan 2026 18:00:00 +0200
 snuffleupagus (0.12.0) UNRELEASED; urgency=low
  [ jvoisin ]
  * Unify the default rules across all php versions
@@ -12,22 +22,22 @@ snuffleupagus (0.12.0) UNRELEASED; urgency=low
 snuffleupagus (0.11.0) UNRELEASED; urgency=low
  [ jvoisin ]
-  * Compatibility with PHP8.4                                                     
+  * Compatibility with PHP8.4
  * Fixed compilation on FreeBSD
-  * Update the internal deprecation checks                                        
+  * Update the internal deprecation checks
  [ cgzones ]
-  * Print key and value on INI violations                                         
+  * Print key and value on INI violations
  * Improve `scripts/generate_rules.php` with regard to functions from global space prefixed with `\`
-  * Add option to specify the allowed "php" wrapper types                         
+  * Add option to specify the allowed "php" wrapper types
-  * Make 'phar' filenames work in `sp.disabled_functions`                         
+  * Make 'phar' filenames work in `sp.disabled_functions`
-  * Improve the documentation                                                     
+  * Improve the documentation
-  * Improve the default set of rules, especially with regard to portability       
+  * Improve the default set of rules, especially with regard to portability
-  * Improve the Debian packaging                                                  
+  * Improve the Debian packaging
-  * Improve behaviour when dealing with broken configuration file                 
+  * Improve behaviour when dealing with broken configuration file
  * Don't whitelist files if the function name is actually a method of a class in `scripts/generate_rules.php`
-  * Ignore function definition in `scripts/generate_rules.php`                    
+  * Ignore function definition in `scripts/generate_rules.php`
-  * Improve configuration dumping                                                 
+  * Improve configuration dumping
 -- jvoisin <julien.voisin+snuffleupagus@dustri.org>  Fri, 06 Sep 2024 14:30:00 +0200
@@ -35,7 +45,7 @@ snuffleupagus (0.10.0) UNRELEASED; urgency=low
  [ jvoisin ]
  * Compatibility with PHP8.3
  * Add `sp.log_max_len` to limit the maximum size of the log messages
-  * Add an example configuration for Xenforo 2.2.12 
+  * Add an example configuration for Xenforo 2.2.12
  * Url encode functions arguments when logging them
 -- jvoisin <julien.voisin+snuffleupagus@dustri.org>  Wed, 20 Sep 2023 15:25:00 +0200
@@ -100,15 +110,15 @@ snuffleupagus (0.8.0) UNRELEASED; urgency=low
 snuffleupagus (0.7.1) UNRELEASED; urgency=low
  [ jvoisin ]
-  * Fixed possible memory-leaks when hooking via regular expressions               
+  * Fixed possible memory-leaks when hooking via regular expressions
-  * Modernise the code by removing usage of `strtok`                               
+  * Modernise the code by removing usage of `strtok`
-  * Prevent a possible crash during configuration reloading                        
+  * Prevent a possible crash during configuration reloading
-  * Fix the default rules to catch dangerous `chmod` calls                         
+  * Fix the default rules to catch dangerous `chmod` calls
-  * Improve compatibility with various `libpcre` configurations/versions           
+  * Improve compatibility with various `libpcre` configurations/versions
-  * Improve the default rules' compatibility with php8                             
+  * Improve the default rules' compatibility with php8
-  * Prevent XXE in php8 as well                                                    
+  * Prevent XXE in php8 as well
-  * Improve a bit the verbosity of the logs                                        
+  * Improve a bit the verbosity of the logs
-  * Add a rules file for php8  
+  * Add a rules file for php8
 -- jvoisin <julien.voisin+snuffleupagus@dustri.org>  Sun, 02 Aug 2021 19:29:00 +0200
diff --git a/doc/source/changelog.rst b/doc/source/changelog.rst
index 490a7ea..5052975 100644
--- a/doc/source/changelog.rst
+++ b/doc/source/changelog.rst
@@ -1,6 +1,21 @@
 Changelog
 =========
+0.13.0 - `Elephas <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.13.0>`__ 2026/01/07
+-----------------------------------------------------------------------------------------------
+New features
+^^^^^^^^^^^^
+* Compatibility with PHP8.5
+* Add the possibility to log to a file
+Bug fixes
+^^^^^^^^^
+* Improve .drop() logging reliability when set_error_handler is used
+* Improve simulation mode for unserialize() when no HMAC key is provided
+* Fix a possible arbitrary code execution on misconfigured upload_validation deployments (CVE-2026-22034)
 0.12.0 - `Stegodontidae <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.12.0>`__ 2025/08/19
 -----------------------------------------------------------------------------------------------------
diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h
index adaa6c0..e369f7c 100644
--- a/src/php_snuffleupagus.h
+++ b/src/php_snuffleupagus.h
@@ -1,7 +1,7 @@
 #ifndef PHP_SNUFFLEUPAGUS_H
 #define PHP_SNUFFLEUPAGUS_H
-#define PHP_SNUFFLEUPAGUS_VERSION "0.12.0"
+#define PHP_SNUFFLEUPAGUS_VERSION "0.13.0"
 #define PHP_SNUFFLEUPAGUS_EXTNAME "snuffleupagus"
 #define PHP_SNUFFLEUPAGUS_AUTHOR "NBS System & Julien (jvoisin) Voisin & SektionEins GmbH"
 #define PHP_SNUFFLEUPAGUS_URL "https://github.com/jvoisin/snuffleupagus"