From c4f81a6111659c5a78abdc4ab7add58a0f77e6e1 Mon Sep 17 00:00:00 2001
From: Ben Darnell <ben@bendarnell.com>
Date: Thu, 21 Nov 2024 16:26:44 -0500
Subject: [PATCH] docs: Copy 6.4.2 release notes to master branch

---
 docs/releases.rst        |  1 +
 docs/releases/v6.4.2.rst | 12 ++++++++++++
 2 files changed, 13 insertions(+)
 create mode 100644 docs/releases/v6.4.2.rst

diff --git a/docs/releases.rst b/docs/releases.rst
index 8a0fad4c..5c7a106d 100644
--- a/docs/releases.rst
+++ b/docs/releases.rst
@@ -4,6 +4,7 @@ Release notes
 .. toctree::
    :maxdepth: 2
 
+   releases/v6.4.2
    releases/v6.4.1
    releases/v6.4.0
    releases/v6.3.3
diff --git a/docs/releases/v6.4.2.rst b/docs/releases/v6.4.2.rst
new file mode 100644
index 00000000..0dc567d1
--- /dev/null
+++ b/docs/releases/v6.4.2.rst
@@ -0,0 +1,12 @@
+What's new in Tornado 6.4.2
+===========================
+
+Nov 21, 2024
+------------
+
+Security Improvements
+~~~~~~~~~~~~~~~~~~~~~
+
+- Parsing of the cookie header is now much more efficient. The older algorithm sometimes had
+  quadratic performance which allowed for a denial-of-service attack in which the server would spend
+  excessive CPU time parsing cookies and block the event loop. This change fixes CVE-2024-7592.
\ No newline at end of file
-- 
2.47.3