diff --git a/Documentation/RelNotes/2.13.7.txt b/Documentation/RelNotes/2.13.7.txt
new file mode 100644
index 0000000000..3df9b009fc
--- /dev/null
+++ b/Documentation/RelNotes/2.13.7.txt
@@ -0,0 +1,19 @@
+Git v2.13.7 Release Notes
+=========================
+
+Fixes since v2.13.6
+-------------------
+
+ * Submodule "names" come from the untrusted .gitmodules file, but
+   we blindly append them to $GIT_DIR/modules to create our on-disk
+   repo paths. This means you can do bad things by putting "../"
+   into the name (among other things).  As these are initially taken
+   from the path the submodule initially bound to the project and
+   then serve as a constant name across moving it in the directory
+   structure, a submodule with a name that does not pass
+   verify_path() check, which rejects a string with a substring
+   "/../" and ".git/" etc., is now ignored.
+
+Credit for finding this vulnerability and the proof of concept from
+which the test script was adapted goes to Etienne Stalmans.  Credit
+for the fix goes to Jeff King, Johannes Schindelin and others.
diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN
index 3db6830bed..1534654ffc 100755
--- a/GIT-VERSION-GEN
+++ b/GIT-VERSION-GEN
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 GVF=GIT-VERSION-FILE
-DEF_VER=v2.13.6
+DEF_VER=v2.13.7
 
 LF='
 '
diff --git a/RelNotes b/RelNotes
index c2dd9dd6ad..a7f9eca981 120000
--- a/RelNotes
+++ b/RelNotes
@@ -1 +1 @@
-Documentation/RelNotes/2.13.6.txt
\ No newline at end of file
+Documentation/RelNotes/2.13.7.txt
\ No newline at end of file