diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
index d9aa9249..ea62f736 100644
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@@ -16,6 +16,7 @@ on:
 
 jobs:
   audit:
+    name: Audit Rust Dependencies
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
index f45f6ff8..b9127be5 100644
--- a/.github/workflows/push.yml
+++ b/.github/workflows/push.yml
@@ -17,8 +17,8 @@ jobs:
       - name: Read MSRV from workspace manifest
         id: read_msrv
         run: |
-          cargo metadata --format-version=1 \
-          | jq -r 'first(.packages[] | select(.source == null and .rust_version)) | .rust_version' \
+          cargo metadata --no-deps --format-version=1 \
+          | jq -r 'first(.packages[]).rust_version' \
           | sed -E 's/^1\.([0-9]{2})$/1\.\1\.0/' \
           | xargs -0 printf "msrv=%s" \
           | tee /dev/stderr \
@@ -27,7 +27,7 @@ jobs:
       msrv: ${{ steps.read_msrv.outputs.msrv }}
 
   formatting:
-    name: cargo fmt
+    name: Cargo Format
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -40,7 +40,7 @@ jobs:
         uses: actions-rust-lang/rustfmt@v1
 
   clippy:
-    name: clippy (stable)
+    name: Clippy
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -62,7 +62,7 @@ jobs:
         run: cargo clippy --all-features
 
   test:
-    name: "test (${{ matrix.os }} ${{ matrix.channel }})"
+    name: "Test (${{ matrix.os }} ${{ matrix.channel }})"
     needs:
       - read_msrv
     runs-on: ${{ matrix.image }}
@@ -131,15 +131,15 @@ jobs:
           command: cargo test --verbose --workspace --features=all,native-tls,experimental
 
   dist:
-    name: "dist (${{ matrix.os }})"
+    name: "Binaries (${{ matrix.os }})"
     runs-on: ${{ matrix.image }}
     strategy:
       fail-fast: false
       matrix:
         os:
           - Linux
-          - Windows
-          - macOS
+          #- Windows
+          #- macOS
         include:
           - os: Linux
             image: ubuntu-latest
@@ -176,16 +176,9 @@ jobs:
             ./target/${{ matrix.target }}/release/wormhole-rs
             ./target/${{ matrix.target }}/release/wormhole-rs.exe
           if-no-files-found: error
-      - name: Release binaries
-        uses: softprops/action-gh-release@v2
-        if: startWith(github.ref, 'refs/tags/')
-        with:
-          files: "magic-wormhole-cli-*.tar.gz"
-          draft: true
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   coverage:
+    name: Coverage
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -225,7 +218,7 @@ jobs:
       - uses: EmbarkStudios/cargo-deny-action@v1
 
   semver:
-    name: semver
+    name: SemVer
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -234,3 +227,35 @@ jobs:
           toolchain: nightly
       - name: Check semver
         uses: obi1kenobi/cargo-semver-checks-action@v2
+
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    needs:
+      - dist
+    #if: startWith(github.ref, 'refs/tags/')
+    steps:
+      - uses: actions/checkout@v4
+      - name: Get Version
+        id: query-version
+        run: |
+          cargo metadata --no-deps --format-version=1 \
+          | jq -r 'first(.packages[]).version' \
+          | xargs -0 printf "version=%s" \
+          >> "$GITHUB_OUTPUT"
+      - name: Extract Changelog
+        uses: release-flow/keep-a-changelog-action@v3
+        with:
+          command: query
+          version: ${{ steps.query-version.outputs.version }}
+      - uses: actions/download-artifact@v4
+        with:
+          path: "$GITHUB_WORKSPACE/dist"
+          pattern: "magic-wormhole-cli-*"
+      - name: Create Release
+        uses: softprops/action-gh-release@v2
+        with:
+          name: "Version ${{ github.ref }}"
+          files: "$GITHUB_WORKSPACE/dist/magic-wormhole-cli-*"
+          body: "$release-notes"
+          draft: true
diff --git a/changelog.md b/changelog.md
index a3a3954d..bc810a83 100644
--- a/changelog.md
+++ b/changelog.md
@@ -5,6 +5,16 @@
 - \[lib\]\[deprecated\] `magic_wormhole::transfer::send_*` and `request_file` methods to take an `OfferSend` and `OfferReceive` instead of using separate methods for files and folders. Use `transfer::send()` and `transfer::receive()` for the new methods.
 - \[lib\]\[breaking\] struct `transfer::ReceiveRequest` became an enum to prepare for transfer v2
 
+## Version 0.7.1
+
+### Changed
+
+- Bump dependencies
+
+### Fixed
+
+- [openssl's `MemBio::get_buf` has undefined behavior with empty buffers](https://github.com/advisories/GHSA-q445-7m23-qrmw)
+
 ## Version 0.7.0
 
 - \[all\]\[breaking\] By default websocket TLS support is now disabled in the library crate. TLS is required for secure websocket connections to the mailbox server (`wss://`). As the handshake protocol itself is encrypted, this extra layer of encryption is superfluous. Most WASM targets however refuse to connect to non-TLS websockets. For maximum compatibility with all mailbox servers, or for web browser support, select a TLS implementation by specifying the feature flag `tls` for a statically linked implementation via the `ring` crate, or `native-tls` for dynamically linking with the system-native TLS implementation.