diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index e6b6a6bed2..d64e6e43e2 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -4,11 +4,16 @@ curl and libcurl 8.20.0
  Command line options:         273
  curl_easy_setopt() options:   308
  Public functions in libcurl:  100
- Authors:                      1457
- Contributors:                 3634
+ Authors:                      1458
+ Contributors:                 3635
 
 This release includes the following changes:
 
+ o build: make NTLM disabled by default [90]
+ o cmake: drop support for CMake 3.17 and older [108]
+ o lib: drop support for < c-ares 1.16.0 [64]
+ o lib: make SMB support opt-in [18]
+ o rtmp: drop support [91]
 
 This release includes the following bugfixes:
 
@@ -20,9 +25,12 @@ This release includes the following bugfixes:
  o badwords: detect the the and with with [51]
  o badwords: only check comments and strings in source code [61]
  o badwords: rework exceptions, fix many of them [15]
+ o build: assume `snprintf()` in `mprintf`, drop feature check [107]
  o build: compiler warning silencing tidy-ups [4]
  o build: drop `openssl` module dependency for BoringSSL from `libcurl.pc` [33]
  o build: enable `-Wimplicit-int-enum-cast` compiler warning, fix issues [84]
+ o cf-https-connect: silence `-Wimplicit-int-enum-cast` with HTTPS-RR [63]
+ o cmake: add CMake Config-based dependency detection [87]
  o cmake: document functions used from Windows system DLLs [103]
  o cmake: resolve imported targets recursively when generating `libcurl.pc` [45]
  o cmake: rework binutils ld hack to not read `LOCATION` property [41]
@@ -30,10 +38,15 @@ This release includes the following bugfixes:
  o configure: fix LibreSSL ngtcp2 1.15.0+ crypto lib selection logic [3]
  o configure: prefer dependency-specific variables over `$withval` [35]
  o curl-wolfssl.m4: fix to use the correct value for pkg-config directory [36]
+ o curl.h: replace recursive macros with C++-friendly method to enforce 3 args [110]
  o curl_ctype.h: fix spelling in a couple of locally used macros [28]
  o curl_get_line: error out on read errors [9]
  o curl_get_line: fix potential infinite loop when filename is a directory [46]
+ o CURLOPT_HAPROXY_CLIENT_IP.md: mention assuption on data format [96]
+ o curlx_now(), prevent zero timestamp [93]
+ o DEPRECATE: fix minor release number typo
  o digest: pass in the user name quoted (as well) [34]
+ o dnscache: own source file, improvements [116]
  o docs/lib: fix typos [53]
  o docs: enable more compiler warnings for C snippets, fix 3 finds [71]
  o docs: minor wording tweaks
@@ -43,6 +56,7 @@ This release includes the following bugfixes:
  o examples: fix typo in comment [75]
  o file: init fd to -1 to prevent close fd 0 on early failure [40]
  o ftp: do not strdup DATA hostname [29]
+ o ftp: make the MDTM date parser stricter (again) [115]
  o ftp: reject PWD responses containing control characters [95]
  o gcc: guard `#pragma diagnostic` in core code for <4.6 [94]
  o generate.bat: remove extra % from VC11 and VC12 runs
@@ -58,24 +72,34 @@ This release includes the following bugfixes:
  o ldap: fix to initialize cleartext connection on Windows [49]
  o lib: always use Curl_1st_fatal instead of Curl_1st_err [89]
  o libssh2: fix error handling on quote errors [21]
+ o libtest: drop duplicate include [111]
+ o md5/md4: enable unaligned access fast path on powerpc64 [65]
  o mk-ca-bundle.pl: make generated timestamps deterministic [44]
+ o multi: improve wakeup and wait code [118]
  o netrc: find login-less password when user is given in URL [6]
+ o netrc: skip malformed macdef lines [67]
+ o openssl channel_binding: lookup digest algorithm without NID [117]
  o openssl: drop obsolete SSLv2 logic [27]
  o openssl: fix memory leaks in ECH code (OpenSSL 3) [78]
  o openssl: trace count of found / imported Windows native CA roots [8]
  o os400sys: fix typo in comment (symetry -> symmetry) [58]
+ o progress: count amount of data "delivered" to application [66]
  o protocol.h: fix the CURLPROTO_MASK [31]
  o protocol: use scheme names lowercase [38]
  o pytest: add additional quiche check for flaky test_05_01 [22]
  o rand: use `BCryptGenRandom()` in UWP builds [88]
+ o scripts: drop redundant double-quotes: `"$var"` -> `$var` (Perl) [109]
  o scripts: harden / tidy up more Perl `system()` calls [70]
+ o share: concurrency handling, easy updates [104]
  o sshserver.pl: harden more `system()` calls [81]
  o sshserver.pl: pass command-line to `system()` safely [82]
  o strerr: correct the strerror_s() return code condition [25]
  o sws: fix potential OOB write [80]
  o synctime: fix off-by-one read and write to a read-only buffer (Windows) [85]
  o test459: switch to mode="warn" for stderr check [5]
+ o testcurl.pl: replace shell commands with Perl `rmtree()` [76]
  o tests/unit/README: describe how to unit test static functions [60]
+ o tool: add check for curlinfo->age when determining if ssh backend is libssh2 [77]
  o tool_cb_wrt: fix no-clobber error handling [39]
  o tool_cfgable: free the SSL signature algorithms [62]
  o tool_formparse: propagate my_get_line errors when reading headers [102]
@@ -85,6 +109,7 @@ This release includes the following bugfixes:
  o tool_operate: fix condition for loading `curl-ca-bundle.crt` (Windows) [79]
  o tool_operate: fix minor memory-leak on early error [23]
  o tool_operhlp: fix `add_file_name_to_url()` result on OOM [32]
+ o tool_operhlp: propagate low-level OOM in `add_file_name_to_url()` [112]
  o tool_urlglob: fix memory-leak on glob range overflow [19]
  o top-complexity: prevent filename-based shell injection risk [101]
  o transfer: enable custom methods again on next transfer [30]
@@ -112,11 +137,6 @@ For all changes ever done in curl:
 
 Planned upcoming removals include:
 
- o NTLM support becomes opt-in
- o RTMP support
- o SMB support becomes opt-in
- o Support for c-ares versions before 1.16.0
- o Support for CMake 3.17 and earlier
  o TLS-SRP support
 
  See https://curl.se/dev/deprecate.html
@@ -126,12 +146,13 @@ advice from friends like these:
 
   am-perip on hackerone, Carlos Henrique Lima Melara, crawfordxx,
   Daniel Stenberg, Ercan Ermis, fds242 on github, Flavio Amieiro,
-  Henrique Pereira, James Fuller, Jason Stangroome,
+  Harry Sintonen, Henrique Pereira, James Fuller, Jason Stangroome, Kai Pastor,
   lg_oled77c5pua on hackerone, m777m0 on hackerone, Martin Dürrmeier,
   Michael Hendricks, Michael Kaufmann, Orgad Shaneh, Otis Cui Lei, Ray Satiro,
-  renovate[bot], Richard Tollerton, Sergey Fedorov, Stefan Eissing,
-  Viktor Szakats, Vladimír Marek, Yoshiro Yoneya
-  (25 contributors)
+  renovate[bot], Richard Tollerton, Rob Crittenden, Scott Boudreaux,
+  Sergey Fedorov, Stefan Eissing, Viktor Szakats, Vladimír Marek,
+  Yoshiro Yoneya
+  (29 contributors)
 
 References to bug reports and discussions on issues:
 
@@ -152,6 +173,7 @@ References to bug reports and discussions on issues:
  [15] = https://curl.se/bug/?i=20886
  [16] = https://curl.se/bug/?i=20893
  [17] = https://curl.se/bug/?i=20960
+ [18] = https://curl.se/bug/?i=20846
  [19] = https://curl.se/bug/?i=20956
  [20] = https://curl.se/bug/?i=20885
  [21] = https://curl.se/bug/?i=20883
@@ -195,11 +217,18 @@ References to bug reports and discussions on issues:
  [60] = https://curl.se/bug/?i=21018
  [61] = https://curl.se/bug/?i=20909
  [62] = https://curl.se/bug/?i=20915
+ [63] = https://curl.se/bug/?i=21057
+ [64] = https://curl.se/bug/?i=20911
+ [65] = https://curl.se/bug/?i=20985
+ [66] = https://curl.se/bug/?i=20787
+ [67] = https://curl.se/bug/?i=21049
  [70] = https://curl.se/bug/?i=21007
  [71] = https://curl.se/bug/?i=21006
  [72] = https://curl.se/bug/?i=21003
  [73] = https://curl.se/bug/?i=21005
  [75] = https://curl.se/bug/?i=21001
+ [76] = https://curl.se/bug/?i=21053
+ [77] = https://curl.se/bug/?i=21050
  [78] = https://curl.se/bug/?i=20993
  [79] = https://curl.se/bug/?i=20989
  [80] = https://curl.se/bug/?i=20988
@@ -209,11 +238,16 @@ References to bug reports and discussions on issues:
  [84] = https://curl.se/bug/?i=20990
  [85] = https://curl.se/bug/?i=20987
  [86] = https://curl.se/bug/?i=20999
+ [87] = https://curl.se/bug/?i=20814
  [88] = https://curl.se/bug/?i=20983
  [89] = https://curl.se/bug/?i=20980
+ [90] = https://curl.se/bug/?i=20698
+ [91] = https://curl.se/bug/?i=20673
  [92] = https://curl.se/bug/?i=20978
+ [93] = https://curl.se/bug/?i=21034
  [94] = https://curl.se/bug/?i=20892
  [95] = https://curl.se/bug/?i=20949
+ [96] = https://curl.se/bug/?i=21042
  [97] = https://curl.se/bug/?i=20974
  [98] = https://curl.se/bug/?i=20967
  [99] = https://curl.se/bug/?i=20975
@@ -221,3 +255,14 @@ References to bug reports and discussions on issues:
  [101] = https://curl.se/bug/?i=20969
  [102] = https://curl.se/bug/?i=20963
  [103] = https://curl.se/bug/?i=20965
+ [104] = https://curl.se/bug/?i=20870
+ [107] = https://curl.se/bug/?i=20763
+ [108] = https://curl.se/bug/?i=20407
+ [109] = https://curl.se/bug/?i=21009
+ [110] = https://curl.se/bug/?i=20709
+ [111] = https://curl.se/bug/?i=21046
+ [112] = https://curl.se/bug/?i=21011
+ [115] = https://curl.se/bug/?i=21041
+ [116] = https://curl.se/bug/?i=20864
+ [117] = https://curl.se/bug/?i=20590
+ [118] = https://curl.se/bug/?i=20832