update changelog and bump version to 0.32.7

CHANGELOG.md

@@ -1,5 +1,32 @@
 # Changelog
 
+## v0.32.7
+
+*October 18, 2019*
+
+This security release fixes a vulnerability found in the `consensus` package,
+where an attacker could construct a `BlockPartMessage` message in such a way
+that it will lead to consensus failure. A few similar issues have been
+identified and fixed here.
+
+**All clients are recommended to upgrade**
+
+Special thanks to [elvishacker](https://hackerone.com/elvishacker) for finding
+and reporting this.
+
+Friendly reminder, we have a [bug bounty
+program](https://hackerone.com/tendermint).
+
+### BREAKING CHANGES:
+
+- Go API
+  - [consensus] Modify `WAL#Write` and `WAL#WriteSync` to return an error if
+    they fail to write a message
+
+### SECURITY:
+
+- [consensus] Validate incoming messages more throughly
+
 ## v0.32.6
 
 *October 8, 2019*

CHANGELOG_PENDING.md

@@ -1,4 +1,4 @@
-## v0.32.7
+## v0.32.8
 
 \*\*
 

version/version.go

@@ -20,7 +20,7 @@ const (
 	// Must be a string because scripts like dist.sh read this file.
 	// XXX: Don't change the name of this variable or you will break
 	// automation :)
-	TMCoreSemVer = "0.32.6"
+	TMCoreSemVer = "0.32.7"
 
 	// ABCISemVer is the semantic version of the ABCI library
 	ABCISemVer  = "0.16.1"