diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6a2f85c87..f8379a505 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,28 @@
 # Changelog
 
+## v0.31.10
+
+*October 8, 2019*
+
+The previous patch was insufficient because the attacker could still find a way
+to submit a `nil` pubkey by constructing a `PubKeyMultisigThreshold` pubkey
+with `nil` subpubkeys for example.
+
+This release provides multiple fixes, which include recovering from panics when
+accepting new peers and only allowing `ed25519` pubkeys.
+
+**All clients are recommended to upgrade**
+
+Special thanks to [fudongbai](https://hackerone.com/fudongbai) for pointing
+this out.
+
+Friendly reminder, we have a [bug bounty
+program](https://hackerone.com/tendermint).
+
+### SECURITY:
+
+- [p2p] [\#4030](https://github.com/tendermint/tendermint/issues/4030) Only allow ed25519 pubkeys when connecting
+
 ## v0.31.9
 
 *September 30, 2019*
@@ -16,7 +39,7 @@ program](https://hackerone.com/tendermint).
 
 ### SECURITY:
 
-- [p2p] [TODO](hxxp://githublink) Fix for panic on nil public key send to a peer
+- [p2p] [\#4030](https://github.com/tendermint/tendermint/issues/4030) Fix for panic on nil public key send to a peer
 
 ### BUG FIXES:
 
diff --git a/CHANGELOG_PENDING.md b/CHANGELOG_PENDING.md
index f211a27f3..7c0e356f2 100644
--- a/CHANGELOG_PENDING.md
+++ b/CHANGELOG_PENDING.md
@@ -1,4 +1,4 @@
-## v0.31.8
+## v0.31.11
 
 **
 
diff --git a/version/version.go b/version/version.go
index 68e96e889..60a22d684 100644
--- a/version/version.go
+++ b/version/version.go
@@ -20,7 +20,7 @@ const (
 	// Must be a string because scripts like dist.sh read this file.
 	// XXX: Don't change the name of this variable or you will break
 	// automation :)
-	TMCoreSemVer = "0.31.9"
+	TMCoreSemVer = "0.31.10"
 
 	// ABCISemVer is the semantic version of the ABCI library
 	ABCISemVer  = "0.16.0"