diff --git a/source/CE_releases.rst b/source/CE_releases.rst
index 28f0a9c5..115bebec 100644
--- a/source/CE_releases.rst
+++ b/source/CE_releases.rst
@@ -8,7 +8,7 @@ Community Edition
     :width: 600px
     :align: center
 
-As of January 2015 there have been *268* releases leading to the latest version *23.7.8*
+As of January 2015 there have been *269* releases leading to the latest version *23.7.9*
 named "Restless Roadrunner".
 
 
diff --git a/source/releases/CE_23.7.rst b/source/releases/CE_23.7.rst
index 220d6829..af0723f8 100644
--- a/source/releases/CE_23.7.rst
+++ b/source/releases/CE_23.7.rst
@@ -26,6 +26,76 @@ can be found below as well.
 * Full mirror list: https://opnsense.org/download/
 
 
+--------------------------------------------------------------------------
+23.7.9 (November 23, 2023)
+--------------------------------------------------------------------------
+
+
+As the end of the year inches closer the changes published today are naturally
+smaller additions and cleanups, notably changes for IPsec VTI connection for
+IPv6 and dual-stack operation, a possible OpenVPN CSO mismatch bug and optional
+support for SHA-512 password hashing.
+
+Note that the HTTPS bump for the firmware mirrors updates the published URLs
+in the firmware selection, but if you already use LeaseWeb or NYC BUG you need
+to reselect them in order to move from HTTP to HTTPS connectivity.
+
+Of further note is that the Squid web proxy will be moved to a plugin in
+version 24.1 but for everyone using it the upgrade procedure will make sure
+to install it automatically when enabled.  A meta package was added to the
+plugins already in order for this to work just in case there are questions
+about what it is supposed to be doing... apart from providing dependencies
+it does not do anything at the moment.  ;)
+
+Last but not least, we have been successfully testing and ironing out OpenSSL
+3 ports builds in the past week and inclusion in 24.1 seems very likely at this
+point.  The effort continues and we will also be looking into backport material
+from FreeBSD 13 stable branches for further preparation.
+
+Here are the full patch notes:
+
+* system: add SHA-512 password hash compliance option
+* system: allow special selector for plugins_configure()
+* system: handle broken menu XML files more gracefully
+* system: fix PHP warnings and SSH fail on empty "ssh" XML node
+* system: fix a couple of PHP warnings in auth server pages
+* system: add support for Google Shared drives backup (contributed by Jeremy Huylebroeck)
+* system: change wait time to 1 second per round, total of 7 in console prompts
+* system: update syslog model
+* interfaces: mark WireGuard devices as virtual
+* interfaces: update LAGG and loopback models
+* interfaces: improve VIP validation, fix broadcast generation
+* firewall: make sure firewall log reading always emits a label
+* firewall: fix business bogons set fetch
+* firewall: add section for automatic rules being added at the end of the ruleset
+* firewall: allow multiple networks given to wrap in the GUI
+* captive portal: fix log target
+* firmware: stop manually adjusting firmware config structure during factory reset
+* firmware: clear stray "pkgsave" and "pkgtemp" pkg-upgrade leftovers
+* firmware: changed LeaseWeb and NYC BUG mirrors to use HTTPS (contributed by jeremiah-rs)
+* firmware: opnsense-update: new "-X" mode for canonical bogons/changelog set fetch URL
+* firmware: opnsense-version: support base/kernel hash info
+* ipsec: mute ipsec.conf related load errors
+* ipsec: fix typo in VTI protocol family parsing
+* ipsec: add secondary tunnel address pair for VTI dual-stack purposes
+* ipsec: add "aes256-sha256" proposal option (no PFS)
+* openvpn: obey username_as_common_name setting
+* backend: add physical_interface and physical_interfaces as template helper function
+* backend: add file_exists as template helper function
+* mvc: instead of failing invalidate a non-match in CSVListField
+* mvc: split tree-view template and javascript and hook via controllers
+* ui: upgrade bootstrap-select to v1.13.18
+* ui: improve saveFormToEndpoint() UX
+* plugins: os-ddclient 1.17 `[1] <https://github.com/opnsense/plugins/blob/stable/23.7/dns/ddclient/pkg-descr>`__ 
+* plugins: os-frr 1.37 `[2] <https://github.com/opnsense/plugins/blob/stable/23.7/net/frr/pkg-descr>`__ 
+* plugins: os-squid adds a meta package for web proxy core removal in 24.1
+* ports: openvpn 2.6.8 `[3] <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn26#Changesin2.6.8>`__ 
+* ports: sqlite 3.44.0 `[4] <https://sqlite.org/releaselog/3_44_0.html>`__ 
+* ports: sudo 1.9.15p2 `[5] <https://www.sudo.ws/stable.html#1.9.15p2>`__ 
+* ports: unbound 1.19.0 `[6] <https://nlnetlabs.nl/projects/unbound/download/#unbound-1-19-0>`__ 
+
+
+
 --------------------------------------------------------------------------
 23.7.8 (November 09, 2023)
 --------------------------------------------------------------------------