diff --git a/release-notes-published/14.0.4.md b/release-notes-published/14.0.4.md
new file mode 100644
index 0000000000..533378dc21
--- /dev/null
+++ b/release-notes-published/14.0.4.md
@@ -0,0 +1,30 @@
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Security bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12028): <!--number 12028 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjUuOSAodjE0LjAvZm9yZ2Vqbyk=-->Update dependency go to v1.25.9 (v14.0/forgejo)<!--description-->
+- User Interface bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11614) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11725)): <!--number 11725 --><!--line 0 --><!--description TWFrZSBvdmVyZmxvdy1tZW51IFdlYiBDb21wb25lbnQgc2Nyb2xsIC8gb3ZlcmZsb3cgd2l0aCBKUyBvZmY=-->Make overflow-menu Web Component scroll / overflow with JS off<!--description-->
+- Localization
+  - Updates from from Codeberg Translate: [#12039](https://codeberg.org/forgejo/forgejo/pulls/12039) (backport of [#11460](https://codeberg.org/forgejo/forgejo/pulls/11460), [#11810](https://codeberg.org/forgejo/forgejo/pulls/11810))
+- Bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11821) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11850)): <!--number 11850 --><!--line 0 --><!--description Zml4OiBvdXQgb2Ygc3luY2hyb25pemF0aW9uIGVycm9yIGFmdGVyIGludGVycnVwdGluZyBhIFBSIG1lcmdlIGJ5IHVzZXItYWdlbnQgZGlzY29ubmVjdA==-->fix: out of synchronization error after interrupting a PR merge by user-agent disconnect<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11623) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11742)): <!--number 11742 --><!--line 0 --><!--description Zml4OiBjb21tZW50IGF0dGFjaG1lbnQgQVBJIGlzIG1vcmUgcmVzdHJpY3RpdmUgdGhhbiB0aGUgd2ViIFVJ-->fix: comment attachment API is more restrictive than the web UI<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11642) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11658)): <!--number 11658 --><!--line 0 --><!--description Zml4OiBkb24ndCB0cmlwIGRlbGV0aW5nIGF0dGFjaG1lbnQgd2l0aCBtaXNzaW5nIHBlcm1pc3Npb24gZXJyb3I=-->fix: don't trip deleting attachment with missing permission error<!--description-->
+- Included for completeness but not user-facing (chores, etc.)
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11885): <!--number 11885 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgaGFwcHktZG9tIHRvIHYyMC44LjkgW1NFQ1VSSVRZXSAodjE0LjAvZm9yZ2Vqbyk=-->Update dependency happy-dom to v20.8.9 [SECURITY] (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11296) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11317)): <!--number 11317 --><!--line 0 --><!--description UEFNOiBwb3J0YWJsZSBlcnJvciByZXBvcnRpbmc=-->PAM: portable error reporting<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11899): <!--number 11899 --><!--line 0 --><!--description VXBkYXRlIGdpdGh1Yi5jb20vZ28tZ2l0L2dvLWdpdC92NSAoaW5kaXJlY3QpIHRvIHY1LjE3LjEgW1NFQ1VSSVRZXSAodjE0LjAvZm9yZ2Vqbyk=-->Update github.com/go-git/go-git/v5 (indirect) to v5.17.1 [SECURITY] (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11838): <!--number 11838 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgaGFwcHktZG9tIHRvIHYyMC44LjggW1NFQ1VSSVRZXSAodjE0LjAvZm9yZ2Vqbyk=-->Update dependency happy-dom to v20.8.8 [SECURITY] (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11828): <!--number 11828 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvbmV0IHRvIHYwLjUxLjAgW1NFQ1VSSVRZXSAodjE0LjAvZm9yZ2Vqbyk=-->Update module golang.org/x/net to v0.51.0 [SECURITY] (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11820): <!--number 11820 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvaW1hZ2UgdG8gdjAuMzguMCBbU0VDVVJJVFldICh2MTQuMC9mb3JnZWpvKQ==-->Update module golang.org/x/image to v0.38.0 [SECURITY] (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11801) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11802)): <!--number 11802 --><!--line 0 --><!--description Y2k6IHVwZGF0ZSB0ZXN0cyB0byBydW4gZGViaWFuIHRyaXhpZSwgcmVtb3ZlIG1hbnVhbCBpbnN0YWxsYXRpb24gZnJvbSBgdGVzdGluZ2A=-->ci: update tests to run debian trixie, remove manual installation from `testing`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11733) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11737)): <!--number 11737 --><!--line 0 --><!--description Zml4OiBwcmV2ZW50IGNvbnRhaW5lciByZWdpc3RyeSBoZWFkZXJzIGZyb20gbGVha2luZyBpbnRvIG90aGVyIHJlZ2lzdHJpZXM=-->fix: prevent container registry headers from leaking into other registries<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11691) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11722)): <!--number 11722 --><!--line 0 --><!--description Zml4OiByZW1vdmUgdGVtcGxhdGUgZmlsZSBmcm9tIGdlbmVyYXRlZCByZXBv-->fix: remove template file from generated repo<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11624) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11626)): <!--number 11626 --><!--line 0 --><!--description Y2hvcmUoZGVwcyk6IGJ1bXAgeG9ybSB0byB2MS4zLjktZm9yZ2Vqby44-->chore(deps): bump xorm to v1.3.9-forgejo.8<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11616) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11625)): <!--number 11625 --><!--line 0 --><!--description OiBmaXg6IHJlbW92ZSBzZWNvbmQgY2hhbGxlbmdlIGZyb20gV1dXLUF1dGhlbnRpY2F0ZSBoZWFkZXI=-->fix: remove second challenge from WWW-Authenticate header<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11588) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11613)): <!--number 11613 --><!--line 0 --><!--description Zml4OiB3ZWJob29rL2Rpc2NvcmQ6IG9taXQgZW1wdHkgZW1iZWRzLmZvb3RlciBmcm9tIHRoZSBwYXlsb2FkIGZvciBTcGFjZWJhciBjb21wYXRpYmlsaXR5-->fix: webhook/discord: omit empty embeds.footer from the payload for Spacebar compatibility<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11585) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11596)): <!--number 11596 --><!--line 0 --><!--description Zml4KGlzc3VlLXNlYXJjaCk6IGRlbGV0ZSBpc3N1ZSBmcm9tIGluZGV4ZXIgb24gRGVsZXRlSXNzdWU=-->fix(issue-search): delete issue from indexer on DeleteIssue<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11442) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11594)): <!--number 11594 --><!--line 0 --><!--description Zml4OiBlbmZvcmNlIHBhY2thZ2UgcXVvdGEgYWdhaW5zdCBwYWNrYWdlIG93bmVyLCBub3QgdXBsb2FkZXI=-->fix: enforce package quota against package owner, not uploader<!--description-->
+<!--end release-notes-assistant-->