diff --git a/docs/releases/1.4.9.txt b/docs/releases/1.4.9.txt
new file mode 100644
index 00000000000..de66eb78f89
--- /dev/null
+++ b/docs/releases/1.4.9.txt
@@ -0,0 +1,21 @@
+==========================
+Django 1.4.9 release notes
+==========================
+
+*October 22, 2013*
+
+Django 1.4.9 fixes a security-related bug in the 1.4 series and one other
+data corruption bug.
+
+Readdressed denial-of-service via password hashers
+--------------------------------------------------
+
+Django 1.4.8 imposes a 4096-byte limit on passwords in order to mitigate a
+denial-of-service attack through submission of bogus but extremely large
+passwords. In Django 1.5.5, we've reverted this change and instead improved
+the speed of our PBKDF2 algorithm by not rehashing the key on every iteration.
+
+Bugfixes
+========
+
+* Fixed a data corruption bug with ``datetime_safe.datetime.combine`` (#21256).
diff --git a/docs/releases/1.5.5.txt b/docs/releases/1.5.5.txt
new file mode 100644
index 00000000000..9e1cf97cc97
--- /dev/null
+++ b/docs/releases/1.5.5.txt
@@ -0,0 +1,33 @@
+==========================
+Django 1.5.5 release notes
+==========================
+
+*October 22, 2013*
+
+Django 1.5.5 fixes a couple security-related bugs and several other bugs in the
+1.5 series.
+
+Readdressed denial-of-service via password hashers
+--------------------------------------------------
+
+Django 1.5.4 imposes a 4096-byte limit on passwords in order to mitigate a
+denial-of-service attack through submission of bogus but extremely large
+passwords. In Django 1.5.5, we've reverted this change and instead improved
+the speed of our PBKDF2 algorithm by not rehashing the key on every iteration.
+
+Properly rotate CSRF token on login
+-----------------------------------
+
+This behavior introduced as a security hardening measure in Django 1.5.2 did
+not work properly and is now fixed.
+
+Bugfixes
+========
+
+* Fixed a data corruption bug with ``datetime_safe.datetime.combine`` (#21256).
+* Fixed a Python 3 incompatability in ``django.utils.text.unescape_entities()``
+  (#21185).
+* Fixed a couple data corruption issues with ``QuerySet`` edge cases under
+  Oracle and MySQL (#21203, #21126).
+* Fixed crashes when using combinations of ``annotate()``,
+  ``select_related()``, and ``only()`` (#16436).
diff --git a/docs/releases/index.txt b/docs/releases/index.txt
index 7b117f384c9..555ed5d5d10 100644
--- a/docs/releases/index.txt
+++ b/docs/releases/index.txt
@@ -22,6 +22,7 @@ Final releases
 .. toctree::
    :maxdepth: 1
 
+   1.5.5
    1.5.4
    1.5.3
    1.5.2
@@ -33,6 +34,7 @@ Final releases
 .. toctree::
    :maxdepth: 1
 
+   1.4.9
    1.4.8
    1.4.7
    1.4.6