diff --git a/ChangeLog b/ChangeLog
index 658d194816..a1490d1031 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,21 @@
+7.0.15 -- 2026-03-12
+
+Security #8365:  stream: quadratic complexity in stream inspection (7.0.x backport)(HIGH - CVE 2026-31933)
+Security #8307: krb5: internal request/response buffering leads to quadratic complexity (7.0.x backport)(HIGH - CVE 2026-31932)
+Security #8304: dcerpc: internal buffering logic leads to quadratic complexity(HIGH - CVE 2026-31937)
+Security #8296: http2: unbounded number of http2 frames per transaction (7.0.x backport)(CRITICAL - CVE 2026-31935)
+Security #8288: krb5: TCP parser never advances past the first record in a multi-record segment (7.0.x backport)
+Bug #8363: http2: detection should use a better architecture than the Vec escaped (7.0.x backport)
+Bug #8253: dpdk: (x)stats are only accessible before port stop (7.0.x backport)
+Bug #8231: detect/app-layer-event: alert generated for the wrong packet (7.0.x backport)
+Bug #8220: base64: base64_data with relative match after base64_decode:relative fails (7.0.x backport)
+Bug #8168: utils-spm-hs: missing deallocators on hs_compile failure (7.0.x backport)
+Bug #7851: http: FP alerts on http.host and http.host.raw
+Documentation #8332: doc: explain dcerpc.opnum doesn't support operators >,<,!,= (7.0.x backport)
+Documentation #8264: doc/userguide: fix within-distance pointer graphics in payload-keywords doc (7.0.x backport)
+Documentation #8241: isdataat: document different semantics between absolute and relative modes (7.0.x backport)
+Documentation #8218: rules/endswith: doc wrong for offset/distance/within warning (7.0.x backport)
+
 7.0.14 -- 2026-01-09
 
 Security #8209: eve/alert: http xff handling can lead to denial of service (7.0.x backport)(LOW - CVE 2026-22261)
diff --git a/configure.ac b/configure.ac
index 3190cb5494..e06e349fbd 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-    AC_INIT([suricata],[7.0.15-dev])
+    AC_INIT([suricata],[7.0.15])
     m4_ifndef([AM_SILENT_RULES], [m4_define([AM_SILENT_RULES],[])])AM_SILENT_RULES([yes])
     AC_CONFIG_HEADERS([src/autoconf.h])
     AC_CONFIG_SRCDIR([src/suricata.c])
@@ -1580,12 +1580,12 @@
             echo
             exit 1
         fi
-        PKG_CHECK_MODULES(LIBHTPMINVERSION, [htp >= 0.5.52],[libhtp_minver_found="yes"],[libhtp_minver_found="no"])
+        PKG_CHECK_MODULES(LIBHTPMINVERSION, [htp >= 0.5.53],[libhtp_minver_found="yes"],[libhtp_minver_found="no"])
         if test "$libhtp_minver_found" = "no"; then
             PKG_CHECK_MODULES(LIBHTPDEVVERSION, [htp = 0.5.X],[libhtp_devver_found="yes"],[libhtp_devver_found="no"])
             if test "$libhtp_devver_found" = "no"; then
                 echo
-                echo "   ERROR! libhtp was found but it is neither >= 0.5.52, nor the dev 0.5.X"
+                echo "   ERROR! libhtp was found but it is neither >= 0.5.53, nor the dev 0.5.X"
                 echo
                 exit 1
             fi
diff --git a/requirements.txt b/requirements.txt
index 0f7e691f9c..2cde7f9521 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,5 +3,5 @@
 # Format:
 #
 #   name {repo} {branch|tag}
-libhtp https://github.com/OISF/libhtp 0.5.x
+libhtp https://github.com/OISF/libhtp 0.5.53
 suricata-update https://github.com/OISF/suricata-update 1.3.7
diff --git a/rust/Cargo.lock.in b/rust/Cargo.lock.in
index c4396526bf..e31865154a 100644
--- a/rust/Cargo.lock.in
+++ b/rust/Cargo.lock.in
@@ -927,7 +927,7 @@ checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601"
 
 [[package]]
 name = "suricata"
-version = "7.0.14"
+version = "7.0.15"
 dependencies = [
  "aes",
  "aes-gcm",
@@ -973,7 +973,7 @@ dependencies = [
 
 [[package]]
 name = "suricata-derive"
-version = "7.0.14"
+version = "7.0.15"
 dependencies = [
  "proc-macro-crate",
  "proc-macro2",