diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3b91405..485bf4a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,12 +1,68 @@
 > This project uses [Break Versioning](https://github.com/ptaoussanis/encore/blob/master/BREAK-VERSIONING.md) as of **Aug 16, 2014**.
 
+## v3.0.0-RC1 / 2020 Sep 11
+
+```clojure
+[com.taoensso/nippy "3.0.0-RC1"]
+```
+
+> Major **BREAKING** feature + security release.  
+> See [here](https://github.com/ptaoussanis/encore#recommended-steps-after-any-significant-dependency-update) for recommended steps when updating any Clojure/Script dependencies.
+
+> This release is focused on smoothing out rough edges left by `CVE-2020-24164` [#130], and to **ease transition** from version of Nippy < `v2.15.0` final.
+
+> Apologies for the recent breaking changes!
+
+Note that there's separate documentation below if upgrading from `v2.15` or `v2.14`:
+
+## Since `v2.15.0` (incl. BREAKING changes)
+
+See [#130] for **detailed upgrade instructions**.
+
+### Changes
+
+  - **[BREAKING]** Bumped minimum Clojure version from `v1.5` to `v1.7`.
+  - **[BREAKING]** `*serializable-whitelist*` has been split into two separate vars: `*freeze-serializable-allowlist*`, `*thaw-serializable-allowlist`*. See [#130] for details.
+  - **[BREAKING]** `:nippy/unthawable` responses now have a standardized form: `{:nippy/unthawable {:type _ :cause _ ...}`. Most folks won't care about this change unless you have code specifically to deal with `:nippy/unthawable` responses.
+  - By default, `freeze` now allows the use of Java's Serializable for any class. `thaw` continues to be restrictive by default, and will quarantine any objects not on the class allowlist. See [#130] for details.
+
+### New
+
+  - [#122] Option to disable freezing and/or thawing of metadata.
+  - `freeze` and `thaw` now support opts: `:serializable-allowlist`, `:incl-metadata?`.
+  - New `read-quarantined-serializable-object-unsafe!` util to read quarantined Serializable objects. See [#130] for details.
+
+## Since `v2.14.0` (incl. BREAKING changes)
+
+See [#130] for **detailed upgrade instructions**.
+
+### Changes
+
+  - **[BREAKING]** [#130] `thaw` will now quarantine Serializable objects whose class is not allowed by `*thaw-serializable-allowlist*`. See [#130] for details.
+  - **[BREAKING]** Bumped minimum Clojure version from `v1.5` to `v1.7`.
+  - **[BREAKING]** `:nippy/unthawable` responses now have a standardized form: `{:nippy/unthawable {:type _ :cause _ ...}`. Most folks won't care about this change unless you have code specifically to deal with `:nippy/unthawable` responses.
+  - [#101] Switch default encryptor from `AES-CBC` to `AES-GCM` (faster, includes integrity check)
+
+### New
+
+  - [#127] Add utils: `freeze-to-string`, `thaw-from-string` (@piotr-yuxuan)
+  - [#113 #114] Add support for object arrays (@isaksky)
+  - [#83 #112] Add support for deftype (@isaksky)
+  - [#83 #113] Add support for URIs (@isaksky)
+  - [#126] `extend-freeze`: include id collision odds in docstring
+
+### Fixes
+
+  - [#120] Update `freezable?` to cover `nil`
+
+
 ## v2.15.3 / 2020 Sep 10
 
 ```clojure
 [com.taoensso/nippy "2.15.3"]
 ```
 
-> Non-breaking release. See [here](https://github.com/ptaoussanis/encore#recommended-steps-after-any-significant-dependency-update) recommended steps when updating any Clojure/Script dependencies.
+> Non-breaking release. See [here](https://github.com/ptaoussanis/encore#recommended-steps-after-any-significant-dependency-update) for recommended steps when updating any Clojure/Script dependencies.
 
 #### Changes since `v2.15.2`
 
diff --git a/README.md b/README.md
index 1d59f96..9942573 100644
--- a/README.md
+++ b/README.md
@@ -4,23 +4,18 @@
 **[CHANGELOG]** | [API] | current [Break Version]:
 
 ```clojure
-[com.taoensso/nippy "2.15.3"] ; BREAKING, see CHANGELOG for details
+[com.taoensso/nippy "3.0.0-RC1"] ; BREAKING, see CHANGELOG for details
+[com.taoensso/nippy "2.15.3"]    ; BREAKING, see CHANGELOG for details
 ```
 
-## ** SECURITY ADVISORY **
+> See [here](https://taoensso.com/clojure/backers) if you're interested in helping support my open-source work, thanks! - Peter
 
-Users of Nippy older than **v2.15.0 final** should **please upgrade ASAP** due to a **Remote Code Execution vulnerability** when deserializing data from an **untrusted source**.
+## _SECURITY ADVISORY_
+
+Users of Nippy older than **v2.15.0 final** should **please upgrade ASAP** due to a **Remote Code Execution (RCE) vulnerability** when deserializing data from an **untrusted source**.
 
 Please see [here](https://github.com/ptaoussanis/nippy/issues/130) for details, including upgrade instructions.
 
---
-
-> Please consider helping to [support my continued open-source Clojure/Script work]? 
-> 
-> Even small contributions can add up + make a big difference to help sustain my time writing, maintaining, and supporting Nippy and other Clojure/Script libraries. **Thank you!**
->
-> \- Peter Taoussanis
-
 # Nippy
 
 ## The fastest serialization library for Clojure
@@ -195,7 +190,6 @@ Copyright &copy; 2012-2020 [Peter Taoussanis].
 [@ptaoussanis]: https://www.taoensso.com
 [More by @ptaoussanis]: https://www.taoensso.com
 [Break Version]: https://github.com/ptaoussanis/encore/blob/master/BREAK-VERSIONING.md
-[support my continued open-source Clojure/Script work]: http://taoensso.com/clojure/backers
 
 <!--- Standard links (repo specific) -->
 [CHANGELOG]: https://github.com/ptaoussanis/nippy/releases
diff --git a/project.clj b/project.clj
index 35ca6ab..5832d7d 100644
--- a/project.clj
+++ b/project.clj
@@ -1,4 +1,4 @@
-(defproject com.taoensso/nippy "2.15.3"
+(defproject com.taoensso/nippy "3.0.0-RC1"
   :author "Peter Taoussanis <https://www.taoensso.com>"
   :description "High-performance serialization library for Clojure"
   :url "https://github.com/ptaoussanis/nippy"