diff --git a/CHANGES b/CHANGES
index 84a427778a..7307571637 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+7.0.5 | 2024-12-16 11:12:33 -0700
+
+  * Update CHANGES, VERSION, and NEWS for 7.0.5 release (Tim Wojtulewicz, Corelight)
+
 7.0.4-10 | 2024-12-16 10:21:46 -0700
 
   * QUIC/decrypt_crypto: Actually check if decryption was successful (Arne Welzel, Corelight)
diff --git a/NEWS b/NEWS
index d9174642a0..25a19bc2ab 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,27 @@ This document summarizes the most important changes in the current Zeek
 release. For an exhaustive list of changes, see the ``CHANGES`` file
 (note that submodules, such as Broker, come with their own ``CHANGES``.)
 
+Zeek 7.0.5
+==========
+
+This release fixes the following security issues:
+
+- Large QUIC packets can cause Zeek to overflow memory and potentially
+  crash. Due to the possibility of receiving these packets from remote hosts,
+  this is a DoS risk. The fix included limits the payload length to 10000 bytes
+  and reports an error for those cases, as well as fixing the memory allocation
+  to not use a fixed-size buffer for all packets.
+
+This release fixes the following bugs:
+
+- The ZAM script optimization feature gained some fixes for some minor memory
+  leaks.
+
+- The ZeekJS submodule was updated to v0.14.0. In certain environment, ZeekJS
+  would fail to start a debugging thread due to limited stack size, producing
+  spurious log messages. This was fixed by not starting the debugging thread by
+  default.
+
 Zeek 7.0.4
 ==========
 
diff --git a/VERSION b/VERSION
index 0fdcca7814..2be8aeb6b1 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-7.0.4-10
+7.0.5