diff --git a/CHANGES b/CHANGES
index add8957498..62f8607a3d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,44 @@
+6.0.0-rc2 | 2023-06-12 15:45:49 -0700
+
+  * test-all-policy: Do not load nodes-experimental/manager.zeek (Arne Welzel, Corelight)
+
+    Turns out loading this script in non-cluster mode uses Cluster::log()
+    and creates cluster.log in the external baselines saying "cluster
+    started". Do not load it into test-all-policy.zeek and instead rely
+    on the new test-all-policy-cluster.test to load it transitively
+    when running as manager for basic checking.
+
+  * cluster/main: Remove extra @if ( Cluster::is_enabled() ) (Arne Welzel, Corelight)
+
+    These have been discussed in the context of "@if &analyze" [1] and
+    am much in favor for not disabling/removing ~100 lines (more than
+    fits on a single terminal) out from the middle of a file. There's no
+    performance impact for having these handlers enabled unconditionally.
+    Also, any future work on "@if &analyze" will look at them again which
+    we could also skip.
+
+    This also reverts back to the behavior where the Cluster::LOG stream
+    is created even in non cluster setups like in previous Zeek versions.
+    As long as no one writes to it there's essentially no difference. If
+    someone does write to Cluster::LOG, I'd argue not black holing these
+    messages is better. Schema generators using Log::active_streams will
+    continue to discover Cluster::LOG even if they run in non-cluster
+    mode.
+
+    https://github.com/zeek/zeek/pull/3062#discussion_r1200498905
+
+  * socks/dpd: Add newer auth methods (Arne Welzel, Corelight)
+
+    The IANA has allocated a few more authentication methods, minimally
+    extend the signature to catch those.
+
+  * socks/dpd: Fix socks5_server side signature (Arne Welzel, Corelight)
+
+    The server replies with \x05 and identifier for the chosen method.
+    Not quite sure what the previous signature meant capture.
+
+    See also: https://datatracker.ietf.org/doc/html/rfc1928#section-3
+
 6.0.0-rc1.3 | 2023-06-12 11:00:53 -0700
 
   * socks/dpd: Add newer auth methods (Arne Welzel, Corelight)
diff --git a/VERSION b/VERSION
index 13aabaa614..35f9a71543 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-6.0.0-rc1.3
+6.0.0-rc2