diff --git a/CHANGELOG-7.2.md b/CHANGELOG-7.2.md
index 681d728e832ef..fbc5b88c33e11 100644
--- a/CHANGELOG-7.2.md
+++ b/CHANGELOG-7.2.md
@@ -7,6 +7,68 @@ in 7.2 minor versions.
 To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash
 To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v7.2.0...v7.2.1
 
+* 7.2.3 (2025-01-29)
+
+ * bug #58889 [Serializer] Handle default context in Serializer (Valmonzo)
+ * bug #59631 [HttpClient] Fix processing a NativeResponse after its client has been reset (Jean-Beru)
+ * bug #59590 [Security] Throw an explicit error when refreshing a token with a null user (alexandre-daubois)
+ * bug #59625 [FrameworkBundle] Add missing `not-compromised-password` entry in XSD (alexandre-daubois)
+ * bug #59610 [Mailer] Ensure TransportExceptionInterface populates stream debug data (bytestream)
+ * bug #59598 [Mime] Fix body validity check in `Email` when using `Message::setBody()` (alexandre-daubois)
+ * bug #59513 [Messenger ] Extract retry delay from nested `RecoverableExceptionInterface` (AydinHassan)
+ * bug #59544 [AssetMapper] Fix CssCompiler matches url in comments (smnandre)
+ * bug #59575 [DoctrineBridge] Add support for doctrine/persistence 4 (greg0ire)
+ * bug #59611 [Mailer][Notifier] Fix channel parameter value to fixed value for Mailer and Notifier Sweego Transports (welcoMattic)
+ * bug #59399 [DomCrawler] Make `ChoiceFormField::isDisabled` return `true` for unchecked disabled checkboxes (MatTheCat)
+ * bug #59581 [Cache] Don't clear system caches on `cache:clear` (nicolas-grekas)
+ * bug #59579 [FrameworkBundle] Fix patching refs to the tmp warmup dir in files generated by optional cache warmers (nicolas-grekas)
+ * bug #59580 [Config] Add missing `json_encode` flags when creating `.meta.json` files (nicolas-grekas)
+ * bug #57459 [PropertyInfo] convert legacy types to TypeInfo types if getType() is not implemented (xabbuh)
+ * bug #59525 [HtmlSanitizer] Fix access to undefined keys in UrlSanitizer (Antoine Beyet)
+ * bug #59538 [VarDumper] fix dumped markup (xabbuh)
+ * bug #59508 [Messenger] [AMQP] Improve AMQP connection issues (AurelienPillevesse)
+ * bug #59501 [Serializer] [ObjectNormalizer] Filter int when using FILTER_BOOL (DjordyKoert)
+ * bug #59515 [FrameworkBundle] Fix wiring ConsoleProfilerListener (nicolas-grekas)
+ * bug #59136 [DependencyInjection] Reset env vars with `kernel.reset` (faizanakram99)
+ * bug #59488 [Lock] Make sure RedisStore will also support Valkey (PatNowak)
+ * bug #59486 [Validator] Update sr_Cyrl 120:This value is not a valid slug. (kaznovac)
+ * bug #59403 [FrameworkBundle][HttpFoundation] Reset Request's formats using the service resetter (nicolas-grekas)
+ * bug #59404 [Mailer] Fix SMTP stream EOF handling on Windows by using feof() (skmedix)
+ * bug #59390 [VarDumper] Fix blank strings display (MatTheCat)
+ * bug #59446 [Routing] Fix configuring a single route's hosts (MatTheCat)
+ * bug #58901 [HttpClient] Ignore RuntimeExceptions thrown when rewinding the PSR-7 created in HttplugWaitLoop::createPsr7Response (KurtThiemann)
+ * bug #59046 [HttpClient] Fix Undefined array key `connection` (PhilETaylor)
+ * bug #59055 [HttpFoundation] Fixed `IpUtils::anonymize` exception when using IPv6 link-local addresses with RFC4007 scoping (jbtronics)
+ * bug #59256 [Mailer] Fix Sendmail memory leak (rch7)
+ * bug #59375 [RemoteEvent][Webhook] fix SendgridPayloadConverter category support (ericabouaf)
+ * bug #59367 [PropertyInfo] Make sure that SerializerExtractor returns null for invalid class metadata (wuchen90)
+ * bug #59376 [RemoteEvent][Webhook] Fix `SendgridRequestParser` and `SendgridPayloadConverter` (ericabouaf)
+ * bug #59381 [Yaml] fix inline notation with inline comment (alexpott)
+ * bug #59352 [Messenger] Fix `TransportMessageIdStamp` not always added (HypeMC)
+ * bug #59185 [DoctrineBridge] Fix compatibility to Doctrine persistence 2.5 in Doctrine Bridge 6.4 to avoid Projects stuck on 6.3 (alexander-schranz)
+ * bug #59245 [PropertyInfo] Fix add missing composer conflict (mtarld)
+ * bug #59292 [WebProfilerBundle] Fix event delegation on links inside toggles (MatTheCat)
+ * bug #59362 [Doctrine][Messenger] Prevents multiple TransportMessageIdStamp being stored in envelope (rtreffler)
+ * bug #59323 [Serializer] Fix exception thrown by `YamlEncoder` (VincentLanglet)
+ * bug #59293 [AssetMapper] Fix JavaScript compiler creates self-referencing imports (smnandre)
+ * bug #59296 [Form] do not render hidden CSRF token forms with autocomplete set to off (xabbuh)
+ * bug #59349 [Yaml] reject inline notations followed by invalid content (xabbuh)
+ * bug #59229 [WebProfilerBundle] fix loading of toolbar stylesheet (alexislefebvre)
+ * bug #59363 [VarDumper] Fix displaying closure's "this" from anonymous classes (nicolas-grekas)
+ * bug #59364 [ErrorHandler] Don't trigger "internal" deprecations for anonymous LazyClosure instances (nicolas-grekas)
+ * bug #59221 [PropertyAccess] Fix compatibility with PHP 8.4 asymmetric visibility (Florian-Merle)
+ * bug #59348 [Lock] Fix predis command error checking (dciprian-petrisor)
+ * bug #59357 [HttpKernel] Don't override existing `LoggerInterface` autowiring alias in `LoggerPass` (nicolas-grekas)
+ * bug #59347 [Security] Fix triggering session tracking from ContextListener (nicolas-grekas)
+ * bug #59146 [Security] Use the session only if it is started when using `SameOriginCsrfTokenManager` (Thibault G)
+ * bug #59188 [HttpClient] Fix `reset()` not called on decorated clients (HypeMC)
+ * bug #59339 [SecurityBundle] Remove outdated guard from security xsd schema (chalasr)
+ * bug #59343 [Security] Adjust parameter order in exception message (Link1515)
+ * bug #59342 [SecurityBundle] Do not pass traceable authenticators to `security.helper` (MatTheCat)
+ * bug #59320 [HttpClient] fix amphp http client v5 unix socket (praswicaksono)
+ * bug #59312 [Yaml] Fix parsing of unquoted strings in Parser::lexUnquotedString() to ignore spaces (Link1515)
+ * bug #59334 [ErrorHandler] [A11y] Simple proposal for color updates on error stack traces against colorblindness (DocFX)
+
 * 7.2.2 (2024-12-31)
 
  * bug #59304 [PropertyInfo] Remove ``@internal`` from `PropertyReadInfo` and `PropertyWriteInfo` (Dario Guarracino)
diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php
index 1471776ddccc5..4b6ecb68d80d1 100644
--- a/src/Symfony/Component/HttpKernel/Kernel.php
+++ b/src/Symfony/Component/HttpKernel/Kernel.php
@@ -73,12 +73,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl
      */
     private static array $freshCache = [];
 
-    public const VERSION = '7.2.3-DEV';
+    public const VERSION = '7.2.3';
     public const VERSION_ID = 70203;
     public const MAJOR_VERSION = 7;
     public const MINOR_VERSION = 2;
     public const RELEASE_VERSION = 3;
-    public const EXTRA_VERSION = 'DEV';
+    public const EXTRA_VERSION = '';
 
     public const END_OF_MAINTENANCE = '07/2025';
     public const END_OF_LIFE = '07/2025';