--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,42 @@
 
+Changes with nginx 0.8.7                                         27 Jul 2009
+
+    *) Change: minimum supported OpenSSL version is 0.9.7.
+
+    *) Change: the "ask" parameter of the "ssl_verify_client" directive was 
+       changed to the "optional" parameter and now it checks a client 
+       certificate if it was offered.
+       Thanks to Brice Figureau.
+
+    *) Feature: the $ssl_client_verify variable.
+       Thanks to Brice Figureau.
+
+    *) Feature: the "ssl_crl" directive.
+       Thanks to Brice Figureau.
+
+    *) Feature: the "proxy" parameter of the "geo" directive.
+
+    *) Feature: the "image_filter" directive supports variables for setting 
+       size.
+
+    *) Bugfix: the $ssl_client_cert variable usage corrupted memory; the 
+       bug had appeared in 0.7.7.
+       Thanks to Sergey Zhuravlev.
+
+    *) Bugfix: "proxy_pass_header" and "fastcgi_pass_header" directives did 
+       not pass to a client the "X-Accel-Redirect", "X-Accel-Limit-Rate", 
+       "X-Accel-Buffering", and "X-Accel-Charset" lines from backend 
+       response header.
+       Thanks to Maxim Dounin.
+
+    *) Bugfix: in handling "Last-Modified" and "Accept-Ranges" backend 
+       response header lines; the bug had appeared in 0.7.44.
+       Thanks to Maxim Dounin.
+
+    *) Bugfix: the "[alert] zero size buf" error if subrequest returns an 
+       empty response; the bug had appeared in 0.8.5.
+
+
 Changes with nginx 0.8.6                                         20 Jul 2009
 
     *) Feature: the ngx_http_geoip_module.
@@ -8,7 +46,7 @@ Changes with nginx 0.8.6                
        Thanks to Kuramoto Eiji.
 
     *) Bugfix: now in MacOSX, Cygwin, and nginx/Windows locations given by 
-       a regular expression are always tested in case insensitive mode;
+       a regular expression are always tested in case insensitive mode.
 
     *) Bugfix: now nginx/Windows ignores trailing dots in URI.
        Thanks to Hugo Leisink.