diff --git a/ChangeLog b/ChangeLog
index adefd5906..5bc755931 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,33 @@
+# 2026-01-19 Version 3.21.0
+
+Bugfix release with a few new API functions addressing shortcomings with
+regard to input data validation.
+Thanks to @ehdgks0627 we have fixed the following additional (medium)
+client side vulnerabilities:
+* CVE-2026-23530
+* CVE-2026-23531
+* CVE-2026-23532
+* CVE-2026-23533
+* CVE-2026-23534
+* CVE-2026-23732
+* CVE-2026-23883
+* CVE-2026-23884
+
+## What's Changed
+* [client,sdl] fix monitor resolution (#12142)
+* [codec,progressive] fix progressive_rfx_upgrade_block (#12143)
+* Krb cache fix (#12145)
+* Rdpdr improved checks (#12141)
+* Codec advanced length checks (#12146)
+* Glyph fix length checks (#12151)
+* Wlog printf format string checks (#12150)
+* [warnings,format] fix format string warnings (#12152)
+* Double free fixes (#12153)
+* [clang-tidy] clean up code warnings (#12154)
+
+For a complete and detailed change log since the last release run:
+git log 3.21.0...3.20.2
+
 # 2026-01-14 Version 3.20.2
 
 Patch release fixing a regression with gateway connections introduced with 3.20.1
diff --git a/cmake/GetProjectVersion.cmake b/cmake/GetProjectVersion.cmake
index 80710f364..9f428b794 100644
--- a/cmake/GetProjectVersion.cmake
+++ b/cmake/GetProjectVersion.cmake
@@ -4,7 +4,7 @@ option(USE_GIT_FOR_REVISION "Extract git tag/commit" OFF)
 function(get_project_version VERSION_MAJOR VERSION_MINOR VERSION_REVISION VERSION_SUFFIX GIT_REVISION)
 
   # Default version, hard codec per release
-  set(RAW_VERSION_STRING "3.20.3-dev0")
+  set(RAW_VERSION_STRING "3.21.1-dev0")
 
   set(VERSION_REGEX "^(.*)([0-9]+)\\.([0-9]+)\\.([0-9]+)-?(.*)")