diff --git a/CHANGES b/CHANGES
index 0e32b999ec..08701d4c64 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,30 @@
+7.0.2 | 2024-09-23 12:01:55 -0700
+
+  * pop3: Remove unused headers (Arne Welzel, Corelight)
+
+    (cherry picked from commit 702fb031a4ea2b00364d6a7321384a45551ce3a2)
+
+  * pop3: Prevent unbounded state growth (Arne Welzel, Corelight)
+
+    The cmds list may grow unbounded due to the POP3 analyzer being in
+    multiLine mode after seeing `AUTH` in a Redis connection, but never
+    a `.` terminator. This can easily be provoked by the Redis ping
+    command.
+
+    This adds two heuristics: 1) Forcefully process the oldest commands in
+    the cmds list and cap it at max_pending_commands. 2) Start raising
+    analyzer violations if the client has been using more than
+    max_unknown_client_commands commands (default 10).
+
+    (cherry picked from commit 702fb031a4ea2b00364d6a7321384a45551ce3a2)
+
+  * btest/pop3: Add somewhat more elaborate testing (Arne Welzel, Corelight)
+
+    PCAP taken from here: https://tranalyzer.com/tutorial/pop and reference
+    added to Traces/README.
+
+    (cherry picked from commit 702fb031a4ea2b00364d6a7321384a45551ce3a2)
+
 7.0.1-6 | 2024-09-23 10:01:55 -0700
 
   * Remove core.negative-time btest (Tim Wojtulewicz, Corelight)
diff --git a/NEWS b/NEWS
index dd0c324b26..18a0fe49a3 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,23 @@ This document summarizes the most important changes in the current Zeek
 release. For an exhaustive list of changes, see the ``CHANGES`` file
 (note that submodules, such as Broker, come with their own ``CHANGES``.)
 
+Zeek 7.0.2
+==========
+
+This release fixes the following security issues:
+
+- The POP3 parser has been hardened to avoid unbounded state growth in the
+  face of one-sided traffic capture or when enabled for non-POP3 traffic.
+  Concretely, the Redis protocol's AUTH mechanism enables the POP3 analyzer
+  for such connections through DPD.
+
+This release fixes the following bugs:
+
+- Support for SASL+SPNEGO+NTLMSSP was added to the LDAP analyzer.
+
+- Telemetry callbacks are now handled via Zeek instead of depending on the
+  prometehus-cpp library to handle them.
+
 Zeek 7.0.1
 ==========
 
diff --git a/VERSION b/VERSION
index 73e224f839..a8907c025d 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-7.0.1-6
+7.0.2