diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 363c7c947..f49d68770 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,119 +1,18 @@
-curl and libcurl 7.72.0
+curl and libcurl 7.72.1
 
- Public curl releases:         194
+ Public curl releases:         195
  Command line options:         232
  curl_easy_setopt() options:   277
  Public functions in libcurl:  82
- Contributors:                 2239
+ Contributors:                 2240
 
 This release includes the following changes:
 
- o content_encoding: add zstd decoding support [1]
- o CURL_PUSH_ERROROUT: allow the push callback to fail the parent stream [31]
- o CURLINFO_EFFECTIVE_METHOD: added [34]
+ o
 
 This release includes the following bugfixes:
 
- o CVE-2020-8231: libcurl: wrong connect-only connection [98]
- o appveyor: collect libcurl.dll variants with prefix or suffix [38]
- o asyn-ares: correct some bad comments [94]
- o bearssl: fix build with disabled proxy support [16]
- o buildconf: avoid array concatenation in die() [64]
- o buildconf: retire ares buildconf invocation
- o checksrc: ban gmtime/localtime [40]
- o checksrc: invoke script with -D to find .checksrc proper [63]
- o CI/azure: install libssh2 for use with msys2-based builds [67]
- o CI/azure: unconditionally enable warnings-as-errors with autotools [19]
- o CI/macos: enable warnings as errors for CMake builds [4]
- o CI/macos: set minimum macOS version [56]
- o CI/macos: unconditionally enable warnings-as-errors with autotools [21]
- o CI: Add muse CI analyzer [79]
- o cirrus-ci: upgrade 11-STABLE to 11.4 [2]
- o CMake: don't complain about missing nroff [87]
- o CMake: fix test for warning suppressions [17]
- o cmake: fix windows xp build [13]
- o configure.ac: Sort features name in summary [6]
- o configure: allow disabling warnings [26]
- o configure: cleanup wolfssl + pkg-config conflicts when cross compiling. [48]
- o configure: show zstd "no" in summary when built without it [49]
- o connect: remove redundant message about connect failure [66]
- o curl-config: ignore REQUIRE_LIB_DEPS in --libs output [96]
- o curl.1: add a few missing valid exit codes [76]
- o curl: add %{method} to the -w variables
- o curl: improve the existing file check with -J [43]
- o curl_multi_setopt: fix compiler warning "result is always false" [42]
- o curl_version_info.3: CURL_VERSION_KERBEROS4 is deprecated [9]
- o CURLINFO_CERTINFO.3: fix typo [3]
- o CURLOPT_NOBODY.3: clarify what setting to 0 means [46]
- o docs: add date of 7.20 to CURLM_CALL_MULTI_PERFORM mentions [18]
- o docs: Add video link to docs/CONTRIBUTE.md [95]
- o docs: change "web site" to "website" [86]
- o docs: clarify MAX_SEND/RECV_SPEED functionality [92]
- o docs: Update a few leftover mentions of DarwinSSL [29]
- o doh: remove redundant cast [20]
- o file2memory: use a define instead of -1 unsigned value [30]
- o ftp: don't do ssl_shutdown instead of ssl_close [85]
- o ftpserver: don't verify SMTP MAIL FROM names [8]
- o getinfo: reset retry-after value in initinfo [51]
- o gnutls: repair the build with `CURL_DISABLE_PROXY` [5]
- o gtls: survive not being able to get name/issuer [73]
- o h2: repair trailer handling [81]
- o http2: close the http2 connection when no more requests may be sent [7]
- o http2: fix nghttp2_strerror -> nghttp2_http2_strerror in debug messages [11]
- o libssh2: s/ssherr/sftperr/ [78]
- o libtest/Makefile.am: add -no-undefined for libstubgss for Cygwin [91]
- o md(4|5): don't use deprecated macOS functions [23]
- o mprintf: Fix dollar string handling [54]
- o mprintf: Fix stack overflows [53]
- o multi: Condition 'extrawait' is always true [60]
- o multi: Remove 10-year old out-commented code [97]
- o multi: remove two checks always true [36]
- o multi: update comment to say easyp list is linear [44]
- o multi_remove_handle: close unused connect-only connections [62]
- o ngtcp2: adapt to error code rename [69]
- o ngtcp2: adjust to recent sockaddr updates [27]
- o ngtcp2: update to modified qlog callback prototype [14]
- o nss: fix build with disabled proxy support [32]
- o ntlm: free target_info before (re-)malloc [55]
- o openssl: fix build with LibreSSL < 2.9.1 [61]
- o page-header: provide protocol details in the curl.1 man page [28]
- o quiche: handle calling disconnect twice [50]
- o runtests.pl: treat LibreSSL and BoringSSL as OpenSSL [59]
- o runtests: move the gnutls-serv tests to a dynamic port [74]
- o runtests: move the smbserver to use a dynamic port number [71]
- o runtests: move the TELNET server to a dynamic port [68]
- o runtests: run the DICT server on a random port number [90]
- o runtests: run the http2 tests on a random port number [72]
- o runtests: support dynamicly base64 encoded sections in tests [75]
- o setopt: unset NOBODY switches to GET if still HEAD [47]
- o smtp_parse_address: handle blank input string properly [89]
- o socks: use size_t for size variable [39]
- o strdup: remove the odd strlen check [24]
- o test1119: verify stdout in the test [33]
- o test1139: make it display the difference on test failures
- o test1140: compare stdout [93]
- o test1908: treat file as text [83]
- o tests/FILEFORMAT.md: mention %HTTP2PORT
- o tests/sshserver.pl: fix compatibility with OpenSSH for Windows
- o TLS naming: fix more Winssl and Darwinssl leftovers [88]
- o tls-max.d: this option is only for TLS-using connections [45]
- o tlsv1.3.d. only for TLS-using connections [37]
- o tool_doswin: Simplify Windows version detection [57]
- o tool_getparam: make --krb option work again [10]
- o TrackMemory tests: ignore realloc and free in getenv.c [84]
- o transfer: fix data_pending for builds with both h2 and h3 enabled [41]
- o transfer: fix memory-leak with CURLOPT_CURLU in a duped handle [15]
- o transfer: move retrycount from connect struct to easy handle [77]
- o travis/script.sh: fix use of `-n' with unquoted envvar [80]
- o travis: add ppc64le and s390x builds [65]
- o travis: update quiche builds for new boringssl layout [25]
- o url: fix CURLU and location following [70]
- o url: silence MSVC warning [12]
- o util: silence conversion warnings [22]
- o win32: Add Curl_verify_windows_version() to curlx [58]
- o WIN32: stop forcing narrow-character API [52]
- o windows: add unicode to feature list [35]
- o windows: disable Unix Sockets for old mingw [82]
+ o tls: provide the CApath verbose log on its own line [1]
 
 This release includes the following known bugs:
 
@@ -122,121 +21,11 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
-  Alessandro Ghedini, Alex Kiernan, Baruch Siach, Bevan Weiss, Brian Inglis,
-  BrumBrum on hackerone, Cameron Cawley, Carlo Marcelo Arenas Belón,
-  causal-agent on github, Cherish98 on github, Dan Fandrich, Daniel Gustafsson,
-  Daniel Stenberg, Denis Goleshchikhin, divinity76 on github, Ehren Bendler,
-  Emil Engler, Erik Johansson, Filip Salomonsson, Gilles Vollant, Gisle Vanem,
-  H3RSKO on github, ihsinme on github, Jeremy Maitin-Shepard,
-  joey-l-us on github, Jonathan Cardoso Machado, Jonathan Nieder, Kamil Dudka,
-  Ken Brown, Laramie Leavitt, lilongyan-huawei on github, Marc Aldorasi,
-  Marcel Raad, Marc Hörsken, Masaya Suzuki, Matthias Naegler,
-  Nicolas Sterchele, NobodyXu on github, Peter Wu, ramsay-jones on github,
-  Rasmus Melchior Jacobsen, Ray Satiro, sspiri on github, Stefan Yohansson,
-  Tadej Vengust, Tatsuhiro Tsujikawa, tbugfinder on github,
-  Thomas M. DuBuisson, Tobias Stoeckmann, Tomas Berger, Viktor Szakats,
-  xwxbug on github,
-  (52 contributors)
+  Daniel Stenberg, jmdavitt on github, Viktor Szakats,
+  (3 contributors)
 
         Thanks! (and sorry if I forgot to mention someone)
 
 References to bug reports and discussions on issues:
 
- [1] = https://curl.haxx.se/bug/?i=5453
- [2] = https://curl.haxx.se/bug/?i=5668
- [3] = https://curl.haxx.se/bug/?i=5655
- [4] = https://curl.haxx.se/bug/?i=5716
- [5] = https://curl.haxx.se/bug/?i=5645
- [6] = https://curl.haxx.se/bug/?i=5656
- [7] = https://curl.haxx.se/bug/?i=5643
- [8] = https://curl.haxx.se/bug/?i=5639
- [9] = https://curl.haxx.se/bug/?i=5642
- [10] = https://bugzilla.redhat.com/1833193
- [11] = https://curl.haxx.se/bug/?i=5641
- [12] = https://curl.haxx.se/bug/?i=5638
- [13] = https://curl.haxx.se/bug/?i=5662
- [14] = https://curl.haxx.se/bug/?i=5675
- [15] = https://curl.haxx.se/bug/?i=5665
- [16] = https://curl.haxx.se/bug/?i=5666
- [17] = https://curl.haxx.se/bug/?i=5714
- [18] = https://curl.haxx.se/bug/?i=5744
- [19] = https://curl.haxx.se/bug/?i=5706
- [20] = https://curl.haxx.se/bug/?i=5704
- [21] = https://curl.haxx.se/bug/?i=5694
- [22] = https://curl.haxx.se/bug/?i=5695
- [23] = https://curl.haxx.se/bug/?i=5695
- [24] = https://curl.haxx.se/bug/?i=5697
- [25] = https://curl.haxx.se/bug/?i=5691
- [26] = https://curl.haxx.se/bug/?i=5689
- [27] = https://curl.haxx.se/bug/?i=5690
- [28] = https://curl.haxx.se/bug/?i=5679
- [29] = https://curl.haxx.se/bug/?i=5688
- [30] = https://curl.haxx.se/bug/?i=5683
- [31] = https://curl.haxx.se/bug/?i=5636
- [32] = https://curl.haxx.se/bug/?i=5667
- [33] = https://curl.haxx.se/bug/?i=5644
- [34] = https://curl.haxx.se/bug/?i=5511
- [35] = https://curl.haxx.se/bug/?i=5491
- [36] = https://curl.haxx.se/bug/?i=5676
- [37] = https://curl.haxx.se/bug/?i=5764
- [38] = https://curl.haxx.se/bug/?i=5659
- [39] = https://curl.haxx.se/bug/?i=5654
- [40] = https://curl.haxx.se/bug/?i=5732
- [41] = https://curl.haxx.se/bug/?i=5734
- [42] = https://github.com/curl/curl/commit/61a08508f6a458fe21bbb18cd2a9bac2f039452b#commitcomment-40941232
- [43] = https://hackerone.com/reports/926638
- [44] = https://curl.haxx.se/bug/?i=5737
- [45] = https://curl.haxx.se/bug/?i=5764
- [46] = https://curl.haxx.se/bug/?i=5729
- [47] = https://curl.haxx.se/bug/?i=5725
- [48] = https://curl.haxx.se/bug/?i=5605
- [49] = https://curl.haxx.se/bug/?i=5720
- [50] = https://curl.haxx.se/bug/?i=5726
- [51] = https://curl.haxx.se/bug/?i=5661
- [52] = https://curl.haxx.se/bug/?i=5658
- [53] = https://curl.haxx.se/bug/?i=5722
- [54] = https://curl.haxx.se/bug/?i=5722
- [55] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24379
- [56] = https://curl.haxx.se/bug/?i=5723
- [57] = https://curl.haxx.se/bug/?i=5754
- [58] = https://curl.haxx.se/bug/?i=5754
- [59] = https://curl.haxx.se/bug/?i=5762
- [60] = https://curl.haxx.se/bug/?i=5759
- [61] = https://curl.haxx.se/bug/?i=5757
- [62] = https://curl.haxx.se/bug/?i=5749
- [63] = https://curl.haxx.se/bug/?i=5715
- [64] = https://curl.haxx.se/bug/?i=5701
- [65] = https://curl.haxx.se/bug/?i=5752
- [66] = https://curl.haxx.se/bug/?i=5708
- [67] = https://curl.haxx.se/bug/?i=5721
- [68] = https://curl.haxx.se/bug/?i=5785
- [69] = https://curl.haxx.se/bug/?i=5786
- [70] = https://curl.haxx.se/bug/?i=5709
- [71] = https://curl.haxx.se/bug/?i=5782
- [72] = https://curl.haxx.se/bug/?i=5779
- [73] = https://curl.haxx.se/bug/?i=5778
- [74] = https://curl.haxx.se/bug/?i=5778
- [75] = https://curl.haxx.se/bug/?i=5761
- [76] = https://curl.haxx.se/bug/?i=5777
- [77] = https://curl.haxx.se/bug/?i=5794
- [78] = https://github.com/curl/curl/commit/7370b4e39f1390e701f5b68d910c619151daf72b#r41334700
- [79] = https://curl.haxx.se/bug/?i=5772
- [80] = https://curl.haxx.se/bug/?i=5773
- [81] = https://curl.haxx.se/bug/?i=5663
- [82] = https://curl.haxx.se/bug/?i=5674
- [83] = https://curl.haxx.se/bug/?i=5767
- [84] = https://curl.haxx.se/bug/?i=5767
- [85] = https://curl.haxx.se/bug/?i=5797
- [86] = https://curl.haxx.se/bug/?i=5822
- [87] = https://curl.haxx.se/bug/?i=5817
- [88] = https://curl.haxx.se/bug/?i=5795
- [89] = https://curl.haxx.se/bug/?i=5792
- [90] = https://curl.haxx.se/bug/?i=5783
- [91] = https://curl.haxx.se/bug/?i=5819
- [92] = https://curl.haxx.se/bug/?i=5788
- [93] = https://curl.haxx.se/bug/?i=5814
- [94] = https://curl.haxx.se/bug/?i=5812
- [95] = https://curl.haxx.se/bug/?i=5811
- [96] = https://curl.haxx.se/bug/?i=5793
- [97] = https://curl.haxx.se/bug/?i=5805
- [98] = https://curl.haxx.se/docs/CVE-2020-8231.html
+ [1] = https://curl.haxx.se/bug/?i=5826
diff --git a/include/curl/curlver.h b/include/curl/curlver.h
index b9fd7e6d6..41db2d6f1 100644
--- a/include/curl/curlver.h
+++ b/include/curl/curlver.h
@@ -30,13 +30,13 @@
 
 /* This is the version number of the libcurl package from which this header
    file origins: */
-#define LIBCURL_VERSION "7.72.0-DEV"
+#define LIBCURL_VERSION "7.72.1-DEV"
 
 /* The numeric version number is also available "in parts" by using these
    defines: */
 #define LIBCURL_VERSION_MAJOR 7
 #define LIBCURL_VERSION_MINOR 72
-#define LIBCURL_VERSION_PATCH 0
+#define LIBCURL_VERSION_PATCH 1
 
 /* This is the numeric version of the libcurl version number, meant for easier
    parsing and comparisons by programs. The LIBCURL_VERSION_NUM define will
@@ -57,7 +57,7 @@
    CURL_VERSION_BITS() macro since curl's own configure script greps for it
    and needs it to contain the full number.
 */
-#define LIBCURL_VERSION_NUM 0x074800
+#define LIBCURL_VERSION_NUM 0x074801
 
 /*
  * This is the date and time when the full source package was created. The