diff --git a/CHANGES.rst b/CHANGES.rst
index 9d7a1914deb..e0f2b6da270 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -14,6 +14,34 @@ Changelog
 
 .. towncrier release notes start
 
+3.7.3 (2021-02-25)
+==================
+
+Bugfixes
+--------
+
+- **(SECURITY BUG)** Started preventing open redirects in the
+  ``aiohttp.web.normalize_path_middleware`` middleware. For
+  more details, see
+  https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg.
+
+  Thanks to `Beast Glatisant <https://github.com/g147>`__ for
+  finding the first instance of this issue and `Jelmer Vernooij
+  <https://jelmer.uk/>`__ for reporting and tracking it down
+  in aiohttp.
+  `#5497 <https://github.com/aio-libs/aiohttp/issues/5497>`_
+- Fix interpretation difference of the pure-Python and the Cython-based
+  HTTP parsers construct a ``yarl.URL`` object for HTTP request-target.
+
+  Before this fix, the Python parser would turn the URI's absolute-path
+  for ``//some-path`` into ``/`` while the Cython code preserved it as
+  ``//some-path``. Now, both do the latter.
+  `#5498 <https://github.com/aio-libs/aiohttp/issues/5498>`_
+
+
+----
+
+
 3.7.3 (2020-11-18)
 ==================
 
diff --git a/CHANGES/5497.bugfix b/CHANGES/5497.bugfix
deleted file mode 100644
index 5cec6d75fe8..00000000000
--- a/CHANGES/5497.bugfix
+++ /dev/null
@@ -1,9 +0,0 @@
-**(SECURITY BUG)** Started preventing open redirects in the
-``aiohttp.web.normalize_path_middleware`` middleware. For
-more details, see
-https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg.
-
-Thanks to `Beast Glatisant <https://github.com/g147>`__ for
-finding the first instance of this issue and `Jelmer Vernooij
-<https://jelmer.uk/>`__ for reporting and tracking it down
-in aiohttp.
diff --git a/CHANGES/5498.bugfix b/CHANGES/5498.bugfix
deleted file mode 100644
index c11630e8743..00000000000
--- a/CHANGES/5498.bugfix
+++ /dev/null
@@ -1,6 +0,0 @@
-Fix interpretation difference of the pure-Python and the Cython-based
-HTTP parsers construct a ``yarl.URL`` object for HTTP request-target.
-
-Before this fix, the Python parser would turn the URI's absolute-path
-for ``//some-path`` into ``/`` while the Cython code preserved it as
-``//some-path``. Now, both do the latter.
diff --git a/aiohttp/__init__.py b/aiohttp/__init__.py
index 77adfe7e770..23cd5c9d6de 100644
--- a/aiohttp/__init__.py
+++ b/aiohttp/__init__.py
@@ -1,4 +1,4 @@
-__version__ = "3.7.3"
+__version__ = "3.7.4"
 
 from typing import Tuple