diff --git a/CHANGES b/CHANGES
index 8f7866b3cd..1c02db19e0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,19 @@
+6.0.1-11 | 2023-10-16 13:27:18 -0700
+
+  * Do not require cookie for `reject_protocol` during teardown. (Benjamin Bannier, Corelight)
+
+    A user reported that they ran into a situation where a parse error
+    caused an assertion failure in `reject_protocol`. printf debugging points
+    to the `CookieSetter`s in the `try`/`catch` blocks during processing
+    already clearing the cookie RAII-style; since their `catch` blocks
+    already send an analyzer violation no further sending of one from
+    `reject_protocol` is required.
+
+    This patch replaces the assert in `reject_protocol` with a runtime check
+    and an early return if the cookie is already cleared.
+
+    (cherry picked from commit 03597d210da59f212a713f49a199a9b6e288252b)
+
 6.0.1-9 | 2023-10-16 13:23:01 -0700
 
   * DNS_Mgr: Fix | vs & for pollfd.revents (Arne Welzel, Corelight)
diff --git a/VERSION b/VERSION
index b27977b257..5efecd25fc 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-6.0.1-9
+6.0.1-11