From 996de2629ef6b4c2934a7c04dfd49d0950d4c43b Mon Sep 17 00:00:00 2001
From: Sam Bull <git@sambull.org>
Date: Sat, 7 Oct 2023 13:40:06 +0100
Subject: [PATCH] Release v3.8.6 (#7668)

Co-authored-by: Sviatoslav Sydorenko <sviat@redhat.com>
---
 CHANGES.rst          | 73 +++++++++++++++++++++++++++++++++++++++++++-
 CHANGES/7237.bugfix  |  1 -
 CHANGES/7468.bugfix  |  1 -
 CHANGES/7484.misc    |  1 -
 CHANGES/7490.feature |  1 -
 CHANGES/7518.bugfix  |  1 -
 CHANGES/7561.feature |  2 --
 CHANGES/7577.bugfix  |  1 -
 CHANGES/7651.bugfix  |  1 -
 CHANGES/7663.feature |  1 -
 aiohttp/__init__.py  |  2 +-
 11 files changed, 73 insertions(+), 12 deletions(-)
 delete mode 100644 CHANGES/7237.bugfix
 delete mode 100644 CHANGES/7468.bugfix
 delete mode 100644 CHANGES/7484.misc
 delete mode 100644 CHANGES/7490.feature
 delete mode 100644 CHANGES/7518.bugfix
 delete mode 100644 CHANGES/7561.feature
 delete mode 100644 CHANGES/7577.bugfix
 delete mode 100644 CHANGES/7651.bugfix
 delete mode 100644 CHANGES/7663.feature

diff --git a/CHANGES.rst b/CHANGES.rst
index d929a0acc0d..fc3740c6299 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -10,6 +10,78 @@
 
 .. towncrier release notes start
 
+3.8.6 (2023-10-07)
+==================
+
+Security bugfixes
+-----------------
+
+- Upgraded the vendored copy of llhttp_ to v9.1.3 -- by :user:`Dreamsorcerer`
+
+  Thanks to :user:`kenballus` for reporting this, see
+  https://github.com/aio-libs/aiohttp/security/advisories/GHSA-pjjw-qhg8-p2p9.
+
+  .. _llhttp: https://llhttp.org
+
+  `#7647 <https://github.com/aio-libs/aiohttp/issues/7647>`_
+
+- Updated Python parser to comply with RFCs 9110/9112 -- by :user:`Dreamorcerer`
+
+  Thanks to :user:`kenballus` for reporting this, see
+  https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg.
+
+  `#7663 <https://github.com/aio-libs/aiohttp/issues/7663>`_
+
+
+Deprecation
+-----------
+
+- Added ``fallback_charset_resolver`` parameter in ``ClientSession`` to allow a user-supplied
+  character set detection function.
+
+  Character set detection will no longer be included in 3.9 as a default. If this feature is needed,
+  please use `fallback_charset_resolver <https://docs.aiohttp.org/en/stable/client_advanced.html#character-set-detection>`_.
+
+  `#7561 <https://github.com/aio-libs/aiohttp/issues/7561>`_
+
+
+Features
+--------
+
+- Enabled lenient response parsing for more flexible parsing in the client
+  (this should resolve some regressions when dealing with badly formatted HTTP responses). -- by :user:`Dreamsorcerer`
+
+  `#7490 <https://github.com/aio-libs/aiohttp/issues/7490>`_
+
+
+
+Bugfixes
+--------
+
+- Fixed ``PermissionError`` when ``.netrc`` is unreadable due to permissions.
+
+  `#7237 <https://github.com/aio-libs/aiohttp/issues/7237>`_
+
+- Fixed output of parsing errors pointing to a ``\n``. -- by :user:`Dreamsorcerer`
+
+  `#7468 <https://github.com/aio-libs/aiohttp/issues/7468>`_
+
+- Fixed ``GunicornWebWorker`` max_requests_jitter not working.
+
+  `#7518 <https://github.com/aio-libs/aiohttp/issues/7518>`_
+
+- Fixed sorting in ``filter_cookies`` to use cookie with longest path. -- by :user:`marq24`.
+
+  `#7577 <https://github.com/aio-libs/aiohttp/issues/7577>`_
+
+- Fixed display of ``BadStatusLine`` messages from llhttp_. -- by :user:`Dreamsorcerer`
+
+  `#7651 <https://github.com/aio-libs/aiohttp/issues/7651>`_
+
+
+----
+
+
 3.8.5 (2023-07-19)
 ==================
 
@@ -45,7 +117,6 @@ Bugfixes
   `#3355 <https://github.com/aio-libs/aiohttp/issues/3355>`_
 
 
-
 ----
 
 
diff --git a/CHANGES/7237.bugfix b/CHANGES/7237.bugfix
deleted file mode 100644
index 26f85ea9c95..00000000000
--- a/CHANGES/7237.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fixed ``PermissionError`` when .netrc is unreadable due to permissions.
diff --git a/CHANGES/7468.bugfix b/CHANGES/7468.bugfix
deleted file mode 100644
index 3f9c256ca0c..00000000000
--- a/CHANGES/7468.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fixed output of parsing errors on `\n`. -- by :user:`Dreamsorcerer`
diff --git a/CHANGES/7484.misc b/CHANGES/7484.misc
deleted file mode 100644
index ff540ceb709..00000000000
--- a/CHANGES/7484.misc
+++ /dev/null
@@ -1 +0,0 @@
-Upgraded llhttp parser to v9 -- by :user:`Dreamsorcerer`
diff --git a/CHANGES/7490.feature b/CHANGES/7490.feature
deleted file mode 100644
index 7dda94a850f..00000000000
--- a/CHANGES/7490.feature
+++ /dev/null
@@ -1 +0,0 @@
-Enabled lenient headers for more flexible parsing in the client. -- by :user:`Dreamsorcerer`
diff --git a/CHANGES/7518.bugfix b/CHANGES/7518.bugfix
deleted file mode 100644
index bc8083ba8ba..00000000000
--- a/CHANGES/7518.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fix GunicornWebWorker max_requests_jitter not work
diff --git a/CHANGES/7561.feature b/CHANGES/7561.feature
deleted file mode 100644
index a57914ff2a3..00000000000
--- a/CHANGES/7561.feature
+++ /dev/null
@@ -1,2 +0,0 @@
-Replace automatic character set detection with a `fallback_charset_resolver` parameter
-in `ClientSession` to allow user-supplied character set detection functions.
diff --git a/CHANGES/7577.bugfix b/CHANGES/7577.bugfix
deleted file mode 100644
index 361497fd780..00000000000
--- a/CHANGES/7577.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fix sorting in filter_cookies to use cookie with longest path -- by :user:`marq24`.
diff --git a/CHANGES/7651.bugfix b/CHANGES/7651.bugfix
deleted file mode 100644
index bc013ecf5fa..00000000000
--- a/CHANGES/7651.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fixed display of ``BadStatusLine`` messages from ``llhttp`` -- by :user:`Dreamsorcerer`
diff --git a/CHANGES/7663.feature b/CHANGES/7663.feature
deleted file mode 100644
index 509a7ad7e2a..00000000000
--- a/CHANGES/7663.feature
+++ /dev/null
@@ -1 +0,0 @@
-Updated Python parser to comply with latest HTTP specs and allow lax response parsing -- by :user:`Dreamorcerer`
diff --git a/aiohttp/__init__.py b/aiohttp/__init__.py
index 317a47bbad8..8bc7a4aa1bb 100644
--- a/aiohttp/__init__.py
+++ b/aiohttp/__init__.py
@@ -1,4 +1,4 @@
-__version__ = "3.8.5"
+__version__ = "3.8.6"
 
 from typing import Tuple