diff --git a/NEWS b/NEWS
index 5e4c11708..3499d44c9 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,17 @@
+strongswan-5.8.4
+----------------
+
+- In IKEv1 Quick Mode make sure that a proposal exists before determining
+  lifetimes (fixes crash due to null pointer exception).
+
+- OpenSSL currently doesn't support squeezing bytes out of a SHAKE128/256
+  XOF (eXtended Output Function) multiple times.  Unfortunately,
+  EVP_DigestFinalXOF() completely resets the context and later calls not
+  simply fail, they cause a null-pointer dereference in libcrypto. This
+  fixes the crash at the cost of repeating initializing the whole state
+  and allocating too much data for subsequent calls.
+
+
 strongswan-5.8.3
 ----------------
 
diff --git a/configure.ac b/configure.ac
index e16f7ee12..7788121e1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -19,7 +19,7 @@
 #  initialize & set some vars
 # ============================
 
-AC_INIT([strongSwan],[5.8.3])
+AC_INIT([strongSwan],[5.8.4])
 AM_INIT_AUTOMAKE(m4_esyscmd([
 	echo tar-ustar
 	echo subdir-objects
diff --git a/testing/testing.conf b/testing/testing.conf
index cb424e0db..7177563a6 100644
--- a/testing/testing.conf
+++ b/testing/testing.conf
@@ -24,14 +24,14 @@ fi
 : ${TESTDIR=/srv/strongswan-testing}
 
 # Kernel configuration
-: ${KERNELVERSION=5.5.11}
+: ${KERNELVERSION=5.5.13}
 : ${KERNEL=linux-$KERNELVERSION}
 : ${KERNELTARBALL=$KERNEL.tar.xz}
 : ${KERNELCONFIG=$DIR/../config/kernel/config-5.5}
 : ${KERNELPATCH=ha-5.0-abicompat.patch.bz2}
 
 # strongSwan version used in tests
-: ${SWANVERSION=5.8.3}
+: ${SWANVERSION=5.8.4}
 
 # Build directory where the guest kernel and images will be built
 : ${BUILDDIR=$TESTDIR/build}