diff --git a/python-Scrapy.changes b/python-Scrapy.changes
index 41df8b1..c5afb61 100644
--- a/python-Scrapy.changes
+++ b/python-Scrapy.changes
@@ -1,6 +1,51 @@
 -------------------------------------------------------------------
 Mon Mar 25 14:12:20 UTC 2024 - Dirk Müller <dmueller@suse.com>
 
+- update to 2.11.1 (bsc#1220514, CVE-2024-1892):
+  * Addressed `ReDoS vulnerabilities` (bsc#1220514, CVE-2024-1892)
+    -  ``scrapy.utils.iterators.xmliter`` is now deprecated in favor of
+       :func:`~scrapy.utils.iterators.xmliter_lxml`, which
+       :class:`~scrapy.spiders.XMLFeedSpider` now uses.
+
+       To minimize the impact of this change on existing code,
+       :func:`~scrapy.utils.iterators.xmliter_lxml` now supports indicating
+       the node namespace with a prefix in the node name, and big files with
+       highly nested trees when using libxml2 2.7+.
+
+    -  Fixed regular expressions in the implementation of the
+       :func:`~scrapy.utils.response.open_in_browser` function.
+      .. _ReDoS vulnerabilities: https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS
+
+  *  :setting:`DOWNLOAD_MAXSIZE` and :setting:`DOWNLOAD_WARNSIZE` now also apply
+     to the decompressed response body. Please, see the `7j7m-v7m3-jqm7 security
+     advisory`_ for more information.
+
+     .. _7j7m-v7m3-jqm7 security advisory: https://github.com/scrapy/scrapy/security/advisories/GHSA-7j7m-v7m3-jqm7
+
+  *  Also in relation with the `7j7m-v7m3-jqm7 security advisory`_, the
+     deprecated ``scrapy.downloadermiddlewares.decompression`` module has been
+     removed.
+  *  The ``Authorization`` header is now dropped on redirects to a different
+     domain. Please, see the `cw9j-q3vf-hrrv security advisory`_ for more
+     information.
+  *  The OS signal handling code was refactored to no longer use private Twisted
+      functions. (:issue:`6024`, :issue:`6064`, :issue:`6112`)
+  *  Improved documentation for :class:`~scrapy.crawler.Crawler` initialization
+     changes made in the 2.11.0 release. (:issue:`6057`, :issue:`6147`)
+  *  Extended documentation for :attr:`Request.meta <scrapy.http.Request.meta>`.
+  *  Fixed the :reqmeta:`dont_merge_cookies` documentation. (:issue:`5936`,
+  *  Added a link to Zyte's export guides to the :ref:`feed exports
+  *  Added a missing note about backward-incompatible changes in
+     :class:`~scrapy.exporters.PythonItemExporter` to the 2.11.0 release notes.
+  *  Added a missing note about removing the deprecated
+     ``scrapy.utils.boto.is_botocore()`` function to the 2.8.0 release notes.
+  *  Other documentation improvements. (:issue:`6128`, :issue:`6144`,
+     :issue:`6163`, :issue:`6190`, :issue:`6192`)
+- drop twisted-23.8.0-compat.patch (upstream)
+
+-------------------------------------------------------------------
+Mon Mar 25 14:12:20 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
 - update to 2.11.1 (bsc#1220514, CVE-2024-1892, bsc#1221986):
   * Addressed `ReDoS vulnerabilities` (bsc#1220514, CVE-2024-1892)
     -  ``scrapy.utils.iterators.xmliter`` is now deprecated in favor of