From e4467aa841aecfc99eeb2a3f3225e2844cf590f7 Mon Sep 17 00:00:00 2001
From: Matthijs Mekking <matthijs@isc.org>
Date: Tue, 11 Oct 2022 12:13:19 +0200
Subject: [PATCH] Add release note and change for GL #3591

Breaking news.

(cherry picked from commit 1cf2f6fe684458afb26482a9b5ad324c57cdf25e)
---
 CHANGES                     | 4 ++++
 doc/notes/notes-current.rst | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/CHANGES b/CHANGES
index 170cffb915..b22b434acc 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+6013.	[bug]		Fix a crash that could happen when you change
+			a dnssec-policy zone with NSEC3 to start using
+			inline-signing. [GL #3591]
+
 6009.	[bug]		Don't trust a placeholder KEYDATA from the managed-keys
 			zone by adding it into secroots. [GL #2895]
 
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index 0f66431f78..53c913e432 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -60,3 +60,6 @@ Bug Fixes
   enter into a state where it would not recover without stopping ``named``,
   manually deleting ``managed-keys.bind`` and ``managed-keys.bind.jnl`` files,
   and starting ``named`` again. :gl:`#2895`
+
+- Fixed a crash that happens when you reconfigure a ``dnssec-policy``
+  zone that uses NSEC3 to enable ``inline-signing``. :gl:`#3591`