diff --git a/content/_data/changelogs/lts.yml b/content/_data/changelogs/lts.yml
index 52a2dcc0c70f..70ad82001603 100644
--- a/content/_data/changelogs/lts.yml
+++ b/content/_data/changelogs/lts.yml
@@ -107,7 +107,34 @@
         <strong>This option is deprecated and will be removed in a future release.</strong>
         We strongly recommend you create self-signed certificates yourself and use <tt>--httpsKeyStore</tt> and related options instead.
       issue: 25333
-
+- version: "2.32.3"
+  date: 2017-03-01
+  changes:
+    - type: bug
+      message: >
+        Display an informative message, rather than a Groovy exception, when <code>View#getItems</code> fails.
+      issue: 41825
+      pull: 2739
+    - type: bug
+      message: Don't try to set Agent Port when it is enforced, breaking form submission.
+      issue: 41511
+      pull: 2726
+    - type: bug
+      message: Don't add all group names as HTTP headers on "access denied" pages, possibly breaking reverse proxies due to very large headers.
+      issue: 39402
+      pull: 2727
+    - type: bug
+      message: Fix handling of the <tt>POST</tt> flag in <code>ManagementLink</code>s within the Manage Jenkins page.
+      issue: 38175
+      pull: 2692
+    - type: bug
+      message: <code>IllegalStateException</code> from Winstone when making certain requests with access logging enabled.
+      issue: 37625
+      pull: 2721
+    - type: bug
+      message: Do not fail to write a log file just because something deleted the parent directory.
+      issue: 16634
+      pull: 2738
 
 # DO NOT EDIT THIS FILE DIRECTLY
 # ALL CHANGES MUST GO THROUGH PULL REQUESTS
diff --git a/content/doc/upgrade-guide/2.32.adoc b/content/doc/upgrade-guide/2.32.adoc
index 4bc2c1ffda01..790f9ea28518 100644
--- a/content/doc/upgrade-guide/2.32.adoc
+++ b/content/doc/upgrade-guide/2.32.adoc
@@ -8,6 +8,18 @@ notitle: true
 
 Each section covers the upgrade from the previous LTS release, the section on 2.32.1 covers the upgrade from 2.19.4.
 
+=== Upgrading to Jenkins LTS 2.32.3
+
+==== Removal of +X-You-Are-In-Group+ headers on "Permission denied" pages
+
+https://issues.jenkins-ci.org/browse/JENKINS-39402[JENKINS-39402]
+
+"Permission denied" pages will no longer include HTTP headers listing all the groups the current user is a member of, as a large number of headers could in some cases result in reverse proxies errors.
+
+Access URLs such as +/whoAmI+ to get information about the currently logged in user and group memberships.
+
+To restore the previous behavior, set the system property `hudson.security.AccessDeniedException2.REPORT_GROUP_HEADERS` to `true`. This is not generally recommended.
+
 === Upgrading to Jenkins LTS 2.32.2
 
 ==== Console notes security fix