Update Gerrit v3.2.6 Release Notes
Change-Id: Id3c2a172b58d1b6fa09b2cf44cf687d3ac31d30c
diff --git a/pages/site/releases/3.2.md b/pages/site/releases/3.2.md
index afaf290..8f8fea0 100644
--- a/pages/site/releases/3.2.md
+++ b/pages/site/releases/3.2.md
@@ -611,6 +611,65 @@
elasticsearch versions also became [EOL](https://www.elastic.co/support/eol)
recently.
+* Security Fixes
+
+ * [Issue 12629](https://bugs.chromium.org/p/gerrit/issues/detail?id=12629):
+ Verify hostname when sending emails via SMTP server with SMTPSClient.
+
+ The SMTP server's certificate and hostname must be verified if
+ encryption is enabled with SSL verification in the host settings
+ (`sendemail.smtpEncryption` and `sendemail.sslVerify`).
+
+* PolyGerrit Fixes
+
+ * Add a warning if submitting a change with an open change edit.
+
+* Bug Fixes
+
+ * [Issue 13544](https://bugs.chromium.org/p/gerrit/issues/detail?id=13544)
+ Ensure that GC#deleteOrphans respects pack lock:
+
+ If pack or index files are guarded by a pack lock (.keep file)
+ deleteOrphans() should not touch the respective files protected by the
+ lock file.
+
+ * [Issue 13775](https://bugs.chromium.org/p/gerrit/issues/detail?id=13775)
+ Honor `toogleWipState` permission for `%ready` `%wip` push options:
+
+ * [Issue 13781](https://bugs.chromium.org/p/gerrit/issues/detail?id=13781)
+ Compact the REST-API output JSON unconditionally:
+
+ The output JSON was initially compacted only when
+ the Accept header was set to `application/json`: the compaction is now
+ done unconditionally, unless the `pp=1` query parameter is specified.
+
+ * [Issue 13786](https://bugs.chromium.org/p/gerrit/issues/detail?id=13786)
+ ForRef#check should permit internal users to read all refs:
+
+ [Make `PermissionBackend#ForRef` authoritative change](https://gerrit-review.googlesource.com/c/gerrit/+/288925)
+ introduced a regression where gerrit `internal users` (e.g. plugins) were
+ not taken into consideration when checking READ permission. As consequence
+ the `All-Users.git` repository did not get any of the user's refs replicated
+ to the slaves. After the upgrade it is required to trigger a forced replication
+ of the `All-Users.git` repository manually.
+
+ * Avoid logging ssh exception for __stream is already closed__ when length=0
+ if present in the stacktrace.
+
+* Documentation Updates
+
+ * Clarify that 'm' push option sets patch set description.
+
+ * Clarify that disk cache metrics require `cache.enableDiskStatMetrics`.
+
+* Dependency Updates
+
+ * Upgrade Bazel toolchain to 3.1.0.
+
+ * Upgrade testcontainers to 1.15.1.
+
+ * Upgrade Jetty to 9.4.33.v20201020.
+
### 3.2.5.1
* Bug Fixes