diff --git a/release-notes-published/13.0.3.md b/release-notes-published/13.0.3.md
new file mode 100644
index 0000000000..f6a76bba03
--- /dev/null
+++ b/release-notes-published/13.0.3.md
@@ -0,0 +1,33 @@
+
+
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Security bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10038): <!--number 10038 --><!--line 0 --><!--description Zml4KGFwaSk6IGZpeCBkZXBlbmRlbmN5IHJlcG8gcGVybXMgaW4gQ3JlYXRlL1JlbW92ZUlzc3VlRGVwZW5kZW5jeQ==-->fix(api): fix dependency repo perms in Create/RemoveIssueDependency<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10038): <!--number 10038 --><!--line 1 --><!--description Zml4KGFwaSk6IGRyYWZ0IHJlbGVhc2VzIGNvdWxkIGJlIHJlYWQgYmVmb3JlIGJlaW5nIHB1Ymxpc2hlZA==-->fix(api): draft releases could be read before being published<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10038): <!--number 10038 --><!--line 2 --><!--description bWlzY29uZmlndXJlZCBzZWN1cml0eSBjaGVja3Mgb24gdGFnIGRlbGV0ZSB3ZWIgZm9ybQ==-->misconfigured security checks on tag delete web form<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10038): <!--number 10038 --><!--line 3 --><!--description aW5jb3JyZWN0IGxvZ2ljIGluICJVcGRhdGUgUFIiIGRpZCBub3QgZW5mb3JjZSBoZWFkIGJyYW5jaCBwcm90ZWN0aW9uIHJ1bGVzIGNvcnJlY3RseQ==-->incorrect logic in "Update PR" did not enforce head branch protection rules correctly<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10038): <!--number 10038 --><!--line 4 --><!--description aXNzdWUgb3duZXIgY2FuIGRlbGV0ZSBhbm90aGVyIHVzZXIncyBjb21tZW50J3MgZWRpdCBoaXN0b3J5IG9uIHNhbWUgaXNzdWU=-->issue owner can delete another user's comment's edit history on same issue<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10038): <!--number 10038 --><!--line 5 --><!--description dGFnIHByb3RlY3Rpb24gcnVsZXMgY2FuIGJlIGJ5cGFzc2VkIGR1cmluZyB0YWcgZGVsZXRlIG9wZXJhdGlvbg==-->tag protection rules can be bypassed during tag delete operation<!--description-->
+- Localization
+  - Updates from Codeberg Translate: [#10132](https://codeberg.org/forgejo/forgejo/pulls/10132) (backport of [#9804](https://codeberg.org/forgejo/forgejo/pulls/9804), [#9917](https://codeberg.org/forgejo/forgejo/pulls/9917))
+- Bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10146) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10170)): <!--number 10170 --><!--line 0 --><!--description Zml4OiBzdXBwb3J0IGdpdCBjbG9uZSB3aGVuIC90bXAgaGFzIG5vZXhlYw==-->fix: support git clone when /tmp has noexec<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10140) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10148)): <!--number 10148 --><!--line 0 --><!--description Zml4OiBnZXQgbmV3IHNlc3Npb24gZnJvbSBlbmdpbmVncm91cCBpbnN0ZWFkIG9mIG1hc3RlcmVuZ2luZQ==-->fix: get new session from enginegroup instead of masterengine<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10002) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10013)): <!--number 10013 --><!--line 0 --><!--description Zml4OiBlbmRsZXNzIHJlZGlyZWN0aW9uIGxvb3AgYmV0d2VlbiAvdXNlci9zZXR0aW5ncy9jaGFuZ2VfcGFzc3dvcmQgYW5kIC91c2VyL3NldHRpbmdzL3NlY3VyaXR5-->fix: endless redirection loop between /user/settings/change_password and /user/settings/security<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9763) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9938)): <!--number 9938 --><!--line 0 --><!--description Zml4KGFsdCk6IGhhbmRsZSBwYWNrYWdlIG5hbWVzIHdpdGggZG90cyBpbiBBTFQgcmVwb3NpdG9yeQ==-->fix(alt): handle package names with dots in ALT repository<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9914) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9920)): <!--number 9920 --><!--line 0 --><!--description Zml4OiBwdWxsIHJlcXVlc3QgcmV2aWV3IGNvbW1lbnQgcG9zaXRpb24=-->fix: pull request review comment position<!--description-->
+- Included for completeness but not user-facing (chores, etc.)
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10178): <!--number 10178 --><!--line 0 --><!--description Y2hvcmU6IHBpbiBub2RlIHZlcnNpb24=-->chore: pin node version<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10175): <!--number 10175 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvY3J5cHRvIHRvIHYwLjQ1LjAgKHYxMy4wL2Zvcmdlam8p-->Update module golang.org/x/crypto to v0.45.0 (v13.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10135): <!--number 10135 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvY3J5cHRvIHRvIHYwLjQ0LjAgKHYxMy4wL2Zvcmdlam8p-->Update module golang.org/x/crypto to v0.44.0 (v13.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10056) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10064)): <!--number 10064 --><!--line 0 --><!--description Zml4OiBsZXNzIHJlc3RyaWN0aXZlIG1hdHJpeCByb29tX2lkIHBhdHRlcm4=-->fix: less restrictive matrix room_id pattern<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9973) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9994)): <!--number 9994 --><!--line 0 --><!--description Zml4OiBhZGQgcmVxdWlyZWQgaGVhZGVycyB0byBQYWd1cmUgbWlncmF0aW9u-->fix: add required headers to Pagure migration<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9757) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10027)): <!--number 10027 --><!--line 0 --><!--description Zml4OiBwcmV2ZW50IG9yZ3MgZnJvbSBiZWluZyBhZGRlZCBhcyBtZW1iZXJzIG9mIG9yZ3M=-->fix: prevent orgs from being added as members of orgs<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9997) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9998)): <!--number 9998 --><!--line 0 --><!--description Zml4KGFwaSk6IHNldCBhbGwgaG9vayBldmVudCB0eXBlcw==-->fix(api): set all hook event types<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9875) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9919)): <!--number 9919 --><!--line 0 --><!--description Zml4OiBkb24ndCBzaG93IENvbkVtdSBPU0MgZXNjYXBlIHNlcXVlbmNlcw==-->fix: don't show ConEmu OSC escape sequences<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9913) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9918)): <!--number 9918 --><!--line 0 --><!--description Zml4OiBzZXQgdGFnIG1lc3NhZ2Ugb24gdGFnIGFkZGl0aW9u-->fix: set tag message on tag addition<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9872) ([backported](https://codeberg.org/forgejo/forgejo/pulls/9901)): <!--number 9901 --><!--line 0 --><!--description Zml4OiBjb25zdHJ1Y3QgcHJvamVjdCBsaW5rcyBpbiB0aW1lbGluZSBiZXR0ZXI=-->fix: construct project links in timeline better<!--description-->
+<!--end release-notes-assistant-->