diff --git a/CHANGELOG b/CHANGELOG
new file mode 100644
index 0000000..747638d
--- /dev/null
+++ b/CHANGELOG
@@ -0,0 +1,11 @@
+3proxy-0.9.6 Released April, 11 2026
+
++ ssl_client and multiple configuration options added to SSLPlugin, SSLPlugin code significantly improved and bugfixed. See https://github.com/3proxy/3proxy/wiki/SSLPlugin. 3proxy can now be used as stunnel replacement for many scenarios.
++ HAProxy proxy protocol v1 support as client and server, add -H option for service to expect HA proxy v1 protocol header, use ha parent type: parent 1000 ha 0.0.0.0 0 to send v1 header.
++ tlspr is supported in auto
++ tlspr supports -s option, it breaks HELLO packet to prevent some DPIs from detecting SNI
++ maxseg configuration option and TCP_MAXSEG socket flag support added. It sets maximum size of TCP segment to fix PathMTU discovery problems
++ -Ne / -Ni options added to specify external / internal NAT address for SOCKSv5
++ cmake environment added
+! External pcre2 (pcre2-8) library is used for PCRE, pcre code is removed from 3proxy
+! Multiple minor bugfixes
\ No newline at end of file
diff --git a/CHANGELOG.rus b/CHANGELOG.rus
new file mode 100644
index 0000000..a0da305
--- /dev/null
+++ b/CHANGELOG.rus
@@ -0,0 +1,11 @@
+3proxy-0.9.6 Вышел 11 Апреля 2026
+
++ В SSLPlugin добавлены ssl_client и множество опций конфигурации, код SSLPlugin значительно улучшен и исправлен. См. https://github.com/3proxy/3proxy/wiki/SSLPlugin. 3proxy теперь может использоваться как замена stunnel во многих сценариях.
++ Поддержка прокси-протокола HAProxy v1 на стороне клиента и сервера. Добавлена опция -H для сервиса, чтобы ожидать заголовок прокси-протокола HA v1. Используйте тип родителя ha: parent 1000 ha 0.0.0.0 0 для отправки заголовка v1.
++ tlspr поддерживается в режиме auto
++ tlspr поддерживает опцию -s, которая разбивает HELLO-пакет для предотвращения обнаружения SNI некоторыми DPI
++ Добавлена опция конфигурации maxseg и поддержка флага сокета TCP_MAXSEG. Устанавливает максимальный размер TCP-сегмента для решения проблем с обнаружением PathMTU
++ Добавлены опции -Ne / -Ni для указания внешнего/внутреннего NAT-адреса для SOCKSv5
++ Добавлено окружение cmake
+! Внешняя библиотека pcre2 (pcre2-8) используется для PCRE, код pcre удалён из 3proxy
+! Множество мелких исправлений ошибок
\ No newline at end of file
diff --git a/doc/changelog/0/7/0 b/doc/changelog/0/7/0
new file mode 100644
index 0000000..cf57c4e
--- /dev/null
+++ b/doc/changelog/0/7/0
@@ -0,0 +1,26 @@
+
+3proxy 0.7
+
+This release is partially forced: while no new significant functions are
+added, 0.7 is code is much more stable and less buggy than 0.6. Since
+there is no new development for a long time, except few minor bugfixes,
+I decided to finally release 0.7. You may want it if you:
+
+    Use HTTP proxy
+    Use 3proxy under *BSD/Mac OS X/iPhone OS
+    Use plugins, specially traffic related ones, like PCRE.
+
+I have no time for active developement. There are interesting features
+in nearly ready state, e.g. SSL support / SSL decryption via
+certificates spoofing, NAT support and SSL auto-detection. You can step
+into development, if you are interested.
+
+There are some configuration changes:
+
+    auth iponly is now default (because most misconfigurations were
+    because of default auth none)
+    maxconn is now 500 by default (because WebKit browsers ignore
+    standards and create a lot of connections even if proxy is configured)
+    NTLM is disabled by default (-n options, -n1 to enable) because
+    NTLMv1 is disabled by default in Windows since Vista and there is no
+    NTLMv2 library with compatible license. Report me, if any.
diff --git a/doc/changelog/0/7/1 b/doc/changelog/0/7/1
new file mode 100644
index 0000000..1d2dd07
--- /dev/null
+++ b/doc/changelog/0/7/1
@@ -0,0 +1,35 @@
+3proxy-0.7.1.4
+
+!! Fix transparent flag not reset after keep-alive connection, can lead to
+
+
+3proxy-0.7.1.3
+
+! traffic displayed incorrectly
+! archiver doesn't add suffix if logname contains macro
+! fix potential race condition on configuration reload
+! fix FTP over HTTP authentication
+
+
+3proxy-0.7.1.2
+
+! Request / header size limitation relaxed for HTTP proxy
+
+
+3proxy 0.7.1.1
+
+! Linux compilation issues resolved
+
+
+3proxy 0.7.1
+
+Minor improvements and bugfixes:
+
++ Windows icons added
++ Warnings added for most common misconfigurations
++ ftppr NLSD command supported
+! Ignore NTLM handshake if NTLM is not enabled
+!! memcpy replaced with memmove for overlapped region
+! better EINTR handling on *nix
+! FTP proxy debugging output removed (introduced in 0.7), binding for data connection corrected
+! memory leak fixed in ldapauth plugin
\ No newline at end of file
diff --git a/doc/changelog/0/8/0 b/doc/changelog/0/8/0
new file mode 100644
index 0000000..4b0b716
--- /dev/null
+++ b/doc/changelog/0/8/0
@@ -0,0 +1,9 @@
++ IPv6 support
++ back connect support
++ name resolution over TCP, parent proxy support for dnspr
++ SSLPlugin for TLS/SSL traffic decryption
+! multiple race conditions fixed
+! reduced memory usage
+! Generate Forwarded: header instead of X-Forwarded-For:
+! Default name resolution is non-blocking in *nix
+! multiple race conditions fixed on configuration reload
diff --git a/doc/changelog/0/8/1 b/doc/changelog/0/8/1
new file mode 100644
index 0000000..9b801b7
--- /dev/null
+++ b/doc/changelog/0/8/1
@@ -0,0 +1 @@
+!!Fix: destination IP may be not checked against ACL
\ No newline at end of file
diff --git a/doc/changelog/0/8/10 b/doc/changelog/0/8/10
new file mode 100644
index 0000000..ee3bacf
--- /dev/null
+++ b/doc/changelog/0/8/10
@@ -0,0 +1,2 @@
+! Fix: parent proxy can be used in some cases where it shouldn't
+! Fix: bandlimiters may not work for older connections on configuration reload
\ No newline at end of file
diff --git a/doc/changelog/0/8/11 b/doc/changelog/0/8/11
new file mode 100644
index 0000000..6cbbd90
--- /dev/null
+++ b/doc/changelog/0/8/11
@@ -0,0 +1,9 @@
+Minor bugfixes / improvements:
+! Fixed: deadlock on insufficient resources
+! Fixed: race condition in ssl_plugin
+! Fixed: minor memory leak on configuration reload
+! Fixed: recursion detection was not working
+! Fixed: %n for IPv6 in logging terminates log record
+! Fixed: reverse PTR validation (required for dnsauth)
+! Fixed: error on external 0.0.0.0 for NOIPV6 (light version)
++ Better support for IPv6 in ftppr
\ No newline at end of file
diff --git a/doc/changelog/0/8/12 b/doc/changelog/0/8/12
new file mode 100644
index 0000000..177cdb6
--- /dev/null
+++ b/doc/changelog/0/8/12
@@ -0,0 +1,5 @@
+Bugfixes:
+! Fixed hostname support in SOCKSv5 UDP portmapping
+! -fno-strict-aliasing added to gcc options (compiling without this option can lead to unpredictable issues under Debian with gcc 6 and potentially others)
+! Fixed LDAP plugin compilation issues (LDAP plugin is still listed as unsupported though)
+and some minor fixes and improvements.
\ No newline at end of file
diff --git a/doc/changelog/0/8/13 b/doc/changelog/0/8/13
new file mode 100644
index 0000000..a1fd0bf
--- /dev/null
+++ b/doc/changelog/0/8/13
@@ -0,0 +1,3 @@
+Bugfixes:
+!! Fixed out-of-bound write and few minor bugs on configuration saving in admin
+! fixed: $ is not correctly handled in the beginning of quoted line on configuration parsing
\ No newline at end of file
diff --git a/doc/changelog/0/8/2 b/doc/changelog/0/8/2
new file mode 100644
index 0000000..d3fc09d
--- /dev/null
+++ b/doc/changelog/0/8/2
@@ -0,0 +1,3 @@
+!! Fix transparent flag not reset after keep-alive connection, can lead to DoS by authenticated user.
+! Do not use SO_REUSEADDR by default (leads to random 00013 errors under some glibc versions)
+! Use SASIZE() instead of sizeof() in bind() for FreeBSD compatibility
diff --git a/doc/changelog/0/8/3 b/doc/changelog/0/8/3
new file mode 100644
index 0000000..25e2ccc
--- /dev/null
+++ b/doc/changelog/0/8/3
@@ -0,0 +1 @@
+! fixed: use SASIZE() instead of sizeof() in connect() for FreeBSD compatibility
\ No newline at end of file
diff --git a/doc/changelog/0/8/4 b/doc/changelog/0/8/4
new file mode 100644
index 0000000..5704690
--- /dev/null
+++ b/doc/changelog/0/8/4
@@ -0,0 +1,5 @@
++ Build PamPlugin on *nix
++ stacksize and -S options, stacksize defaults changed for FreeBSD
++ extip redirection type added
+! SSL plugin fix to correct handling of certificates path
+! fixed random errors on IPv6 connect
diff --git a/doc/changelog/0/8/5 b/doc/changelog/0/8/5
new file mode 100644
index 0000000..ba0960c
--- /dev/null
+++ b/doc/changelog/0/8/5
@@ -0,0 +1 @@
+!Fix: mutex was used prior to initialization on 'log' command processing
\ No newline at end of file
diff --git a/doc/changelog/0/8/6 b/doc/changelog/0/8/6
new file mode 100644
index 0000000..14bb3be
--- /dev/null
+++ b/doc/changelog/0/8/6
@@ -0,0 +1 @@
+! Fix: random 00012 errors in some configurations
\ No newline at end of file
diff --git a/doc/changelog/0/8/7 b/doc/changelog/0/8/7
new file mode 100644
index 0000000..f804d18
--- /dev/null
+++ b/doc/changelog/0/8/7
@@ -0,0 +1,15 @@
+! Fix 'daemon' command for Linux
+! Fix 'extip' redirections 00009 errors
+! Fix counters for older Win platforms
+! Resolve logging race conditions
+! attempt to fix pam_auth race conditions
+! FTP proxy workaround for broken gethostname() on some libc limplementations
+! authcache IP matching corrected
+! fix SOCKSv5 BIND/UDP ASSOC
+! use setreuid/setregid instead of setuid / setgid
+
++ OpenWatcom makefiles for Windows
++ -u2 support for proxy
++ support %i in logformat
++ force/noforce configuration commands to disconnect / do not disconnect clients if nolonger match ACL after configuration change
++ support longer external passwords
diff --git a/doc/changelog/0/8/8 b/doc/changelog/0/8/8
new file mode 100644
index 0000000..6fdd82b
--- /dev/null
+++ b/doc/changelog/0/8/8
@@ -0,0 +1,3 @@
+!! Fix resolver for non-compressed reply parsing (on mixed-case sensitive resolvers)
+! Fix plugins export on OpenWatcom compiler (light version)
+! Fix SOCKSv5
\ No newline at end of file
diff --git a/doc/changelog/0/8/9 b/doc/changelog/0/8/9
new file mode 100644
index 0000000..f0b226b
--- /dev/null
+++ b/doc/changelog/0/8/9
@@ -0,0 +1 @@
+! Fix: tcppm may fail if used with parent proxy
\ No newline at end of file
diff --git a/doc/changelog/0/9/0 b/doc/changelog/0/9/0
new file mode 100644
index 0000000..c9ef990
--- /dev/null
+++ b/doc/changelog/0/9/0
@@ -0,0 +1,6 @@
++ Socket options, interface binding
++ Connection limiting / connection rate limiting
++ RADIUS support (beta)
++ Zero copy (splice) support for Linux
++ Possibility to limit user to single IP (via authentication cache)
+! bugfixes, improvements
\ No newline at end of file
diff --git a/doc/changelog/0/9/1 b/doc/changelog/0/9/1
new file mode 100644
index 0000000..c12cdd5
--- /dev/null
+++ b/doc/changelog/0/9/1
@@ -0,0 +1,8 @@
+Bugfixes:
+! Fixed: socket may be closed before all data received/sent
+! Fixed: bandlimin non-working
+! Fixed: countall/nocountall
+! Fixed: few race conditions
+
+Improvements:
++ deb/rpm build, systemd support (experimental)
\ No newline at end of file
diff --git a/doc/changelog/0/9/2 b/doc/changelog/0/9/2
new file mode 100644
index 0000000..d60694a
--- /dev/null
+++ b/doc/changelog/0/9/2
@@ -0,0 +1,9 @@
+Bugfixes:
+! Fixed: bandwidth limiters (once again)
+! Fixed: data filtering plugins (PCREPlugin, SSLPlugin). SSLPlugin use on Linux requires to disable splice (-s0)
+! FIxed: standalone proxies do not react on HUP (Ctrl+C) in Linux/Unix
+! Fixed: few minor bugs
+
+Improvements:
++ deb for arm platforms (experimental)
++ Openssl 1.1 support for SSLPlugin
\ No newline at end of file
diff --git a/doc/changelog/0/9/3 b/doc/changelog/0/9/3
new file mode 100644
index 0000000..0d8fffc
--- /dev/null
+++ b/doc/changelog/0/9/3
@@ -0,0 +1,11 @@
+Bugfixes:
+! Fixed: systemd description file (proxy may fail to start after reboot or via systemctl)
+! Fixed: group/account creation in installation scripts
+! Fixed: countall/nocounall do not work in some configurations
+! Fixed: counters do not work if counter file is not specified
+! Fixed: counters without rotation (type N) are incorrectly shown in web admin interface
+! Fixed: %n may be incomplete or missed in long log records
+! Fixed: connect back functionality does not work
+
+Improvements:
++ Docker builds
\ No newline at end of file
diff --git a/doc/changelog/0/9/4 b/doc/changelog/0/9/4
new file mode 100644
index 0000000..bdaf728
--- /dev/null
+++ b/doc/changelog/0/9/4
@@ -0,0 +1,4 @@
+! Fix: invalid handling of '-' character in ACL hostname
+! Fix: minor bugfixes and improvements
++ parentretry command added (defaults to 2) to retry connections to parent proxies
+- icqpr related code (OSCAR proxy) removed, due to drop of OSCAR support by messengers
\ No newline at end of file
diff --git a/doc/changelog/0/9/5 b/doc/changelog/0/9/5
new file mode 100644
index 0000000..77f0970
--- /dev/null
+++ b/doc/changelog/0/9/5
@@ -0,0 +1,7 @@
+!! Security fix: proxy can potentially crash on on some platforms due to overlapping regions in strcpy() (thanks to @lenix123 for reporting)
++ new proxy service type: `tlspr` - SNI proxy, may also be used as parent `tls` type, sniffs hostname from TLS handhake, read more in https://github.com/3proxy/3proxy/wiki/tlspr https://github.com/3proxy/3proxy/wiki/How-To-(incomplete)#TLSPR
++ new proxy service type: `auto` - autodetect proxy type between `proxy` and `socks`
++ SSLPlugin is rewritten, production-ready, supports TLS (SSL) server (may be used to create https:// type proxy), certificates checks and cypher options, see https://github.com/3proxy/3proxy/wiki/SSLPlugin
++ -g option is added for grace delay to reduce CPU load, see https://github.com/3proxy/3proxy/wiki/High-Load
+! Multiple minor bugfixes
+! More supported sockets options
\ No newline at end of file
diff --git a/doc/changelog/0/9/6 b/doc/changelog/0/9/6
new file mode 100644
index 0000000..d394d87
--- /dev/null
+++ b/doc/changelog/0/9/6
@@ -0,0 +1,9 @@
++ ssl_client and multiple configuration options added to SSLPlugin, SSLPlugin code significantly improved and bugfixed. See https://github.com/3proxy/3proxy/wiki/SSLPlugin. 3proxy can now be used as stunnel replacement for many scenarios.
++ HAProxy proxy protocol v1 support as client and server, add -H option for service to expect HA proxy v1 protocol header, use ha parent type: parent 1000 ha 0.0.0.0 0 to send v1 header.
++ tlspr is supported in auto
++ tlspr supports -s option, it breaks HELLO packet to prevent some DPIs from detecting SNI
++ maxseg configuration option and TCP_MAXSEG socket flag support added. It sets maximum size of TCP segment to fix PathMTU discovery problems
++ -Ne / -Ni options added to specify external / internal NAT address for SOCKSv5
++ cmake environment added
+! External pcre2 (pcre2-8) library is used for PCRE, pcre code is removed from 3proxy
+! Multiple minor bugfixes