diff --git a/django/__init__.py b/django/__init__.py
index 19d1f85e6d6e..18a86d3c530c 100644
--- a/django/__init__.py
+++ b/django/__init__.py
@@ -1,6 +1,6 @@
 from django.utils.version import get_version
 
-VERSION = (4, 2, 11, "final", 0)
+VERSION = (4, 2, 13, "final", 0)
 
 __version__ = get_version(VERSION)
 
diff --git a/django/core/mail/message.py b/django/core/mail/message.py
index f3fe6186c7f5..1d4c5271c857 100644
--- a/django/core/mail/message.py
+++ b/django/core/mail/message.py
@@ -166,7 +166,8 @@ def __setitem__(self, name, val):
     def set_payload(self, payload, charset=None):
         if charset == "utf-8" and not isinstance(charset, Charset.Charset):
             has_long_lines = any(
-                len(line.encode()) > RFC5322_EMAIL_LINE_LENGTH_LIMIT
+                len(line.encode(errors="surrogateescape"))
+                > RFC5322_EMAIL_LINE_LENGTH_LIMIT
                 for line in payload.splitlines()
             )
             # Quoted-Printable encoding has the side effect of shortening long
diff --git a/docs/releases/4.2.12.txt b/docs/releases/4.2.12.txt
new file mode 100644
index 000000000000..01abac19c235
--- /dev/null
+++ b/docs/releases/4.2.12.txt
@@ -0,0 +1,14 @@
+===========================
+Django 4.2.12 release notes
+===========================
+
+*May 6, 2024*
+
+Django 4.2.12 fixes a compatibility issue with Python 3.11.9+ and 3.12.3+.
+
+Bugfixes
+========
+
+* Fixed a crash in Django 4.2 when validating email max line lengths with
+  content decoded using the ``surrogateescape`` error handling scheme
+  (:ticket:`35361`).
diff --git a/docs/releases/4.2.13.txt b/docs/releases/4.2.13.txt
new file mode 100644
index 000000000000..510e58727999
--- /dev/null
+++ b/docs/releases/4.2.13.txt
@@ -0,0 +1,7 @@
+===========================
+Django 4.2.13 release notes
+===========================
+
+*May 7, 2024*
+
+Django 4.2.13 fixes a packaging error in 4.2.12.
diff --git a/docs/releases/index.txt b/docs/releases/index.txt
index 4a3c6880a1ce..9ea93647d235 100644
--- a/docs/releases/index.txt
+++ b/docs/releases/index.txt
@@ -26,6 +26,8 @@ versions of the documentation contain the release notes for any later releases.
 .. toctree::
    :maxdepth: 1
 
+   4.2.13
+   4.2.12
    4.2.11
    4.2.10
    4.2.9
diff --git a/docs/releases/security.txt b/docs/releases/security.txt
index 7df74adb82dd..404af4d00fc6 100644
--- a/docs/releases/security.txt
+++ b/docs/releases/security.txt
@@ -36,6 +36,17 @@ Issues under Django's security process
 All security issues have been handled under versions of Django's security
 process. These are listed below.
 
+March 4, 2024 - :cve:`2024-27351`
+---------------------------------
+
+Potential regular expression denial-of-service in
+``django.utils.text.Truncator.words()``. `Full description
+<https://www.djangoproject.com/weblog/2024/mar/04/security-releases/>`__
+
+* Django 5.0 :commit:`(patch) <3394fc6132436eca89e997083bae9985fb7e761e>`
+* Django 4.2 :commit:`(patch) <3c9a2771cc80821e041b16eb36c1c37af5349d4a>`
+* Django 3.2 :commit:`(patch) <072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521>`
+
 February 6, 2024 - :cve:`2024-24680`
 ------------------------------------