From d7bc0410989bf20496663236455f7f2dd7e44c78 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= <flashcode@flashtux.org>
Date: Sun, 31 May 2026 15:09:01 +0200
Subject: [PATCH] core: add version 4.9.1

---
 CHANGELOG.md | 10 ++++++++++
 version.sh   |  2 +-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index cd3d93c5b..bde8a6559 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -26,6 +26,16 @@ SPDX-License-Identifier: GPL-3.0-or-later
 - relay: fix timing attack on password authentication ([GHSA-vhv8-g2r9-cwcc](https://github.com/weechat/weechat/security/advisories/GHSA-vhv8-g2r9-cwcc))
 - api, relay: fix timing attack on TOTP validation ([GHSA-vhv8-g2r9-cwcc](https://github.com/weechat/weechat/security/advisories/GHSA-vhv8-g2r9-cwcc))
 
+## Version 4.9.1 (2026-05-31)
+
+### Fixed
+
+- core: fix option weechat.look.color_real_white not applied when color is "white" on 16+ colors terminals ([#1742](https://github.com/weechat/weechat/issues/1742))
+- irc: fix tag in message with list of names when joining a channel
+- relay: limit size of decompressed websocket frame with permessage-deflate to prevent memory exhaustion ([GHSA-v2v4-45wm-5cr3](https://github.com/weechat/weechat/security/advisories/GHSA-v2v4-45wm-5cr3))
+- relay: fix timing attack on password authentication ([GHSA-vhv8-g2r9-cwcc](https://github.com/weechat/weechat/security/advisories/GHSA-vhv8-g2r9-cwcc))
+- api, relay: fix timing attack on TOTP validation ([GHSA-vhv8-g2r9-cwcc](https://github.com/weechat/weechat/security/advisories/GHSA-vhv8-g2r9-cwcc))
+
 ## Version 4.9.0 (2026-03-29)
 
 ### Changed
diff --git a/version.sh b/version.sh
index 907bfc58f..48e820914 100755
--- a/version.sh
+++ b/version.sh
@@ -41,7 +41,7 @@
 #     devel-number   the devel version as hex number ("0x04010000" for "4.1.0-dev")
 #
 
-weechat_stable="4.9.0"
+weechat_stable="4.9.1"
 weechat_devel="4.10.0-dev"
 
 stable_major=$(echo "${weechat_stable}" | cut -d"." -f1)