diff --git a/CHANGELOG.md b/CHANGELOG.md
index f368962dcdf..9b9fd0fbb35 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,10 +12,23 @@ as necessary. Empty sections will not end in the release notes.
 
 ### Breaking changes
 
+### New Features
+
+### Changes
+
+### Deprecations
+
+### Fixes
+
+### Commits
+
+## [0.93.0] Release (2024-07-19)
+
+### Breaking changes
+
 - The `throttled-retry-after` advanced configuration property was renamed from
   `nessie.catalog.service.s3.throttled-retry-after` to
   `nessie.catalog.error-handling.throttled-retry-after`. The old property name is ignored.
-
 - Helm chart: a few ADLS-specific options under `catalog.storage.adls` were incorrectly placed and
   therefore effectively ignored by Nessie; if you are using ADLS, please re-check your configuration
   and adjust it accordingly.
@@ -31,8 +44,6 @@ as necessary. Empty sections will not end in the release notes.
   to provide per-client/table credentials, users have to configure object store credentials when using GCS or
   ADLS via the local Iceberg configuration(s).
 
-### Deprecations
-
 ### Fixes
 
 - GC: Fix behavior of cutoff policy "num commits", it was 'off by one' and considered the n-th commit as non-live
@@ -43,8 +54,6 @@ as necessary. Empty sections will not end in the release notes.
 - Catalog/ADLS: More informative error message if mandatory `endpoint` is missing.
 - Catalog/ADLS: Use a less restrictive endpoint in the 'ObjectIO.ping' function used for health checks.
 
-### Commits
-
 ## [0.92.1] Release (2024-07-13)
 
 ### Fixes
@@ -627,7 +636,8 @@ as necessary. Empty sections will not end in the release notes.
 - Tests: Make `ITCassandraBackendFactory` less flaky (#7186)
 - IntelliJ: Exclude some more directories from indexing (#7181)
 
-[Unreleased]: https://github.com/projectnessie/nessie/compare/nessie-0.92.1...HEAD
+[Unreleased]: https://github.com/projectnessie/nessie/compare/nessie-0.93.0...HEAD
+[0.93.0]: https://github.com/projectnessie/nessie/compare/nessie-0.92.1...nessie-0.93.0
 [0.92.1]: https://github.com/projectnessie/nessie/compare/nessie-0.92.0...nessie-0.92.1
 [0.92.0]: https://github.com/projectnessie/nessie/compare/nessie-0.91.3...nessie-0.92.0
 [0.91.3]: https://github.com/projectnessie/nessie/compare/nessie-0.91.2...nessie-0.91.3
diff --git a/README.md b/README.md
index 9c24f4224ad..5b3022248ed 100644
--- a/README.md
+++ b/README.md
@@ -108,7 +108,7 @@ Nessie Iceberg's integration is compatible with Iceberg as in the following tabl
 
 | Nessie version | Iceberg version | Spark version (Scala 2.12+2.13) | Hive version | Flink version          | Presto version                      | Trino version |
 |----------------|-----------------|---------------------------------|--------------|------------------------|-------------------------------------|---------------|
-| 0.92.1         | 1.5.0           | 3.3.x, 3.4.x, 3.5.x             | n/a          | 1.16.x, 1.17.x, 1.18.x | 0.277, 0.278.x, 0.279, 0.280, 0.281 | 419           |
+| 0.93.0         | 1.5.0           | 3.3.x, 3.4.x, 3.5.x             | n/a          | 1.16.x, 1.17.x, 1.18.x | 0.277, 0.278.x, 0.279, 0.280, 0.281 | 419           |
 
 ### Distribution
 To run:
diff --git a/SECURITY.md b/SECURITY.md
index 74a5e32a7e7..e2000c7d865 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -6,8 +6,8 @@ Currently supported versions are listed below.
 
 | Version  | Supported          |
 |----------|--------------------|
-| 0.92.1   | :white_check_mark: |
-| < 0.92.1 | :x:                |
+| 0.93.0   | :white_check_mark: |
+| < 0.93.0 | :x:                |
 
 All Nessie 0.x.x versions are considered beta or even alpha releases and not supported after
 release of Nessie 1.0.0.
diff --git a/helm/nessie/Chart.yaml b/helm/nessie/Chart.yaml
index 3e0ee9c9ee5..02230b65827 100644
--- a/helm/nessie/Chart.yaml
+++ b/helm/nessie/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: nessie
 description: A Helm chart for Nessie
 type: application
-version: 0.92.1
+version: 0.93.0
 home: https://projectnessie.org/
 icon: https://raw.githubusercontent.com/projectnessie/nessie/main/site/docs/img/nessie.svg
 sources:
diff --git a/helm/nessie/README.md b/helm/nessie/README.md
index 92b7ad9441b..b9326f6e103 100644
--- a/helm/nessie/README.md
+++ b/helm/nessie/README.md
@@ -8,7 +8,7 @@ helm-docs --chart-search-root=helm
 
 # Nessie Helm chart
 
-![Version: 0.92.1](https://img.shields.io/badge/Version-0.92.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.93.0](https://img.shields.io/badge/Version-0.93.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 A Helm chart for Nessie.
 
@@ -79,7 +79,7 @@ $ helm uninstall --namespace nessie-ns nessie
 | cassandra.secret.name | string | `"cassandra-creds"` | The secret name to pull Cassandra credentials from. |
 | cassandra.secret.password | string | `"cassandra_password"` | The secret key storing the Cassandra password. |
 | cassandra.secret.username | string | `"cassandra_username"` | The secret key storing the Cassandra username. |
-| catalog | object | `{"enabled":false,"iceberg":{"configDefaults":{},"configOverrides":{},"defaultWarehouse":null,"objectStoresHealthCheckEnabled":true,"warehouses":[{"configDefaults":{},"configOverrides":{},"location":null,"name":null}]},"storage":{"adls":{"advancedConfig":{},"defaultOptions":{"accountSecret":{"accountKey":null,"accountName":null,"name":null},"endpoint":null,"externalEndpoint":null,"sasTokenSecret":{"name":null,"sasToken":null}},"filesystems":[],"transport":{"connectTimeout":null,"connectionIdleTimeout":null,"maxHttpConnections":null,"maxRetries":null,"maxRetryDelay":null,"readBlockSize":null,"readTimeout":null,"retryDelay":null,"retryPolicy":null,"tryTimeout":null,"writeBlockSize":null,"writeTimeout":null}},"gcs":{"buckets":[],"defaultOptions":{"authCredentialsJsonSecret":{"key":null,"name":null},"authType":null,"clientLibToken":null,"decryptionKey":null,"deleteBatchSize":null,"encryptionKey":null,"externalHost":null,"host":null,"oauth2TokenSecret":{"expiresAt":null,"name":null,"token":null},"projectId":null,"quotaProjectId":null,"readChunkSize":null,"userProject":null,"writeChunkSize":null},"transport":{"connectTimeout":null,"initialRetryDelay":null,"initialRpcTimeout":null,"logicalTimeout":null,"maxAttempts":null,"maxRetryDelay":null,"maxRpcTimeout":null,"readTimeout":null,"retryDelayMultiplier":null,"rpcTimeoutMultiplier":null,"totalTimeout":null}},"s3":{"buckets":[],"defaultOptions":{"accessKeySecret":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"name":null},"accessPoint":null,"allowCrossRegionAccessPoint":false,"assumeRole":{"clientSessionDuration":null,"externalId":null,"roleArn":null,"roleSessionName":null,"sessionIamPolicy":null,"stsEndpoint":null},"clientAuthenticationMode":null,"endpoint":null,"externalEndpoint":null,"pathStyleAccess":false,"region":null,"serverAuthenticationMode":null},"sessionCredentials":{"sessionCredentialCacheMaxEntries":null,"sessionCredentialRefreshGracePeriod":null,"stsClientsCacheMaxEntries":null},"transport":{"connectTimeout":null,"connectionAcquisitionTimeout":null,"connectionMaxIdleTime":null,"connectionTimeToLive":null,"expectContinueEnabled":null,"maxHttpConnections":null,"readTimeout":null,"retryAfter":null}}}}` | The Nessie catalog server configuration. |
+| catalog | object | `{"enabled":false,"iceberg":{"configDefaults":{},"configOverrides":{},"defaultWarehouse":null,"objectStoresHealthCheckEnabled":true,"warehouses":[{"configDefaults":{},"configOverrides":{},"location":null,"name":null}]},"storage":{"adls":{"advancedConfig":{},"defaultOptions":{"accountSecret":{"accountKey":null,"accountName":null,"name":null},"endpoint":null,"externalEndpoint":null,"maxRetries":null,"maxRetryDelay":null,"retryDelay":null,"retryPolicy":null,"sasTokenSecret":{"name":null,"sasToken":null},"tryTimeout":null},"filesystems":[],"transport":{"connectTimeout":null,"connectionIdleTimeout":null,"maxHttpConnections":null,"readBlockSize":null,"readTimeout":null,"writeBlockSize":null,"writeTimeout":null}},"gcs":{"buckets":[],"defaultOptions":{"authCredentialsJsonSecret":{"key":null,"name":null},"authType":null,"clientLibToken":null,"decryptionKey":null,"deleteBatchSize":null,"encryptionKey":null,"externalHost":null,"host":null,"oauth2TokenSecret":{"expiresAt":null,"name":null,"token":null},"projectId":null,"quotaProjectId":null,"readChunkSize":null,"userProject":null,"writeChunkSize":null},"transport":{"connectTimeout":null,"initialRetryDelay":null,"initialRpcTimeout":null,"logicalTimeout":null,"maxAttempts":null,"maxRetryDelay":null,"maxRpcTimeout":null,"readTimeout":null,"retryDelayMultiplier":null,"rpcTimeoutMultiplier":null,"totalTimeout":null}},"retryAfter":null,"s3":{"buckets":[],"defaultOptions":{"accessKeySecret":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"name":null},"accessPoint":null,"allowCrossRegionAccessPoint":false,"assumeRole":{"clientSessionDuration":null,"externalId":null,"roleArn":null,"roleSessionName":null,"sessionIamPolicy":null,"stsEndpoint":null},"clientAuthenticationMode":null,"endpoint":null,"externalEndpoint":null,"pathStyleAccess":false,"region":null,"serverAuthenticationMode":null},"sessionCredentials":{"sessionCredentialCacheMaxEntries":null,"sessionCredentialRefreshGracePeriod":null,"stsClientsCacheMaxEntries":null},"transport":{"connectTimeout":null,"connectionAcquisitionTimeout":null,"connectionMaxIdleTime":null,"connectionTimeToLive":null,"expectContinueEnabled":null,"maxHttpConnections":null,"readTimeout":null}}}}` | The Nessie catalog server configuration. |
 | catalog.enabled | bool | `false` | Whether to enable the REST catalog service. |
 | catalog.iceberg | object | `{"configDefaults":{},"configOverrides":{},"defaultWarehouse":null,"objectStoresHealthCheckEnabled":true,"warehouses":[{"configDefaults":{},"configOverrides":{},"location":null,"name":null}]}` | Iceberg catalog settings. |
 | catalog.iceberg.configDefaults | object | `{}` | Iceberg config defaults applicable to all clients and warehouses. Any properties that are common to all iceberg clients should be included here. They will be passed to all clients on all warehouses as config defaults. These defaults can be overridden on a per-warehouse basis, see below. |
@@ -90,7 +90,7 @@ $ helm uninstall --namespace nessie-ns nessie
 | catalog.iceberg.warehouses[0].configDefaults | object | `{}` | Iceberg config defaults specific to this warehouse. They override any defaults specified above in catalog.iceberg.configDefaults. |
 | catalog.iceberg.warehouses[0].configOverrides | object | `{}` | Iceberg config overrides specific to this warehouse. They override any defaults specified above in catalog.iceberg.configOverrides. |
 | catalog.iceberg.warehouses[0].location | string | `nil` | Location of the warehouse. Required. Used to determine the base location of a table. Scheme must be either s3 (Amazon S3), gs (Google GCS) or abfs / abfss (Azure ADLS). Storage properties for each location can be defined below. |
-| catalog.storage | object | `{"adls":{"advancedConfig":{},"defaultOptions":{"accountSecret":{"accountKey":null,"accountName":null,"name":null},"endpoint":null,"externalEndpoint":null,"sasTokenSecret":{"name":null,"sasToken":null}},"filesystems":[],"transport":{"connectTimeout":null,"connectionIdleTimeout":null,"maxHttpConnections":null,"maxRetries":null,"maxRetryDelay":null,"readBlockSize":null,"readTimeout":null,"retryDelay":null,"retryPolicy":null,"tryTimeout":null,"writeBlockSize":null,"writeTimeout":null}},"gcs":{"buckets":[],"defaultOptions":{"authCredentialsJsonSecret":{"key":null,"name":null},"authType":null,"clientLibToken":null,"decryptionKey":null,"deleteBatchSize":null,"encryptionKey":null,"externalHost":null,"host":null,"oauth2TokenSecret":{"expiresAt":null,"name":null,"token":null},"projectId":null,"quotaProjectId":null,"readChunkSize":null,"userProject":null,"writeChunkSize":null},"transport":{"connectTimeout":null,"initialRetryDelay":null,"initialRpcTimeout":null,"logicalTimeout":null,"maxAttempts":null,"maxRetryDelay":null,"maxRpcTimeout":null,"readTimeout":null,"retryDelayMultiplier":null,"rpcTimeoutMultiplier":null,"totalTimeout":null}},"s3":{"buckets":[],"defaultOptions":{"accessKeySecret":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"name":null},"accessPoint":null,"allowCrossRegionAccessPoint":false,"assumeRole":{"clientSessionDuration":null,"externalId":null,"roleArn":null,"roleSessionName":null,"sessionIamPolicy":null,"stsEndpoint":null},"clientAuthenticationMode":null,"endpoint":null,"externalEndpoint":null,"pathStyleAccess":false,"region":null,"serverAuthenticationMode":null},"sessionCredentials":{"sessionCredentialCacheMaxEntries":null,"sessionCredentialRefreshGracePeriod":null,"stsClientsCacheMaxEntries":null},"transport":{"connectTimeout":null,"connectionAcquisitionTimeout":null,"connectionMaxIdleTime":null,"connectionTimeToLive":null,"expectContinueEnabled":null,"maxHttpConnections":null,"readTimeout":null,"retryAfter":null}}}` | Catalog storage settings. |
+| catalog.storage | object | `{"adls":{"advancedConfig":{},"defaultOptions":{"accountSecret":{"accountKey":null,"accountName":null,"name":null},"endpoint":null,"externalEndpoint":null,"maxRetries":null,"maxRetryDelay":null,"retryDelay":null,"retryPolicy":null,"sasTokenSecret":{"name":null,"sasToken":null},"tryTimeout":null},"filesystems":[],"transport":{"connectTimeout":null,"connectionIdleTimeout":null,"maxHttpConnections":null,"readBlockSize":null,"readTimeout":null,"writeBlockSize":null,"writeTimeout":null}},"gcs":{"buckets":[],"defaultOptions":{"authCredentialsJsonSecret":{"key":null,"name":null},"authType":null,"clientLibToken":null,"decryptionKey":null,"deleteBatchSize":null,"encryptionKey":null,"externalHost":null,"host":null,"oauth2TokenSecret":{"expiresAt":null,"name":null,"token":null},"projectId":null,"quotaProjectId":null,"readChunkSize":null,"userProject":null,"writeChunkSize":null},"transport":{"connectTimeout":null,"initialRetryDelay":null,"initialRpcTimeout":null,"logicalTimeout":null,"maxAttempts":null,"maxRetryDelay":null,"maxRpcTimeout":null,"readTimeout":null,"retryDelayMultiplier":null,"rpcTimeoutMultiplier":null,"totalTimeout":null}},"retryAfter":null,"s3":{"buckets":[],"defaultOptions":{"accessKeySecret":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"name":null},"accessPoint":null,"allowCrossRegionAccessPoint":false,"assumeRole":{"clientSessionDuration":null,"externalId":null,"roleArn":null,"roleSessionName":null,"sessionIamPolicy":null,"stsEndpoint":null},"clientAuthenticationMode":null,"endpoint":null,"externalEndpoint":null,"pathStyleAccess":false,"region":null,"serverAuthenticationMode":null},"sessionCredentials":{"sessionCredentialCacheMaxEntries":null,"sessionCredentialRefreshGracePeriod":null,"stsClientsCacheMaxEntries":null},"transport":{"connectTimeout":null,"connectionAcquisitionTimeout":null,"connectionMaxIdleTime":null,"connectionTimeToLive":null,"expectContinueEnabled":null,"maxHttpConnections":null,"readTimeout":null}}}` | Catalog storage settings. |
 | catalog.storage.adls.advancedConfig | object | `{}` | Custom ADLS configuration options, see javadocs of com.azure.core.util.Configuration. Not overridable on a per-filesystem basis. |
 | catalog.storage.adls.defaultOptions.accountSecret | object | `{"accountKey":null,"accountName":null,"name":null}` | A secret containing the account name and key to use. Either this option or sasTokenSecret must be set. If both are set, sasTokenSecret takes precedence. |
 | catalog.storage.adls.defaultOptions.accountSecret.accountKey | string | `nil` | Secret key containing the account key. |
@@ -98,28 +98,28 @@ $ helm uninstall --namespace nessie-ns nessie
 | catalog.storage.adls.defaultOptions.accountSecret.name | string | `nil` | Name of the secret containing the account name and key. |
 | catalog.storage.adls.defaultOptions.endpoint | string | `nil` | Custom HTTP endpoint. In case clients need to use a different URI, use externalEndpoint. |
 | catalog.storage.adls.defaultOptions.externalEndpoint | string | `nil` | Custom HTTP endpoint to be used by clients. If not set, the endpoint value is used. |
+| catalog.storage.adls.defaultOptions.maxRetries | string | `nil` | The maximum number of retries. Must be a positive integer. Default is 4. Optional. Valid if retryPolicy is EXPONENTIAL_BACKOFF or FIXED_DELAY. |
+| catalog.storage.adls.defaultOptions.maxRetryDelay | string | `nil` | Specifies the maximum delay allowed before retrying an operation, default value is PT120s (120 seconds). Must be a valid ISO duration. Valid if retryPolicy is EXPONENTIAL_BACKOFF. |
+| catalog.storage.adls.defaultOptions.retryDelay | string | `nil` | Specifies the amount of delay to use before retrying an operation, default value is PT4S (4 seconds) when retryPolicy is EXPONENTIAL_BACKOFF and PT30S (30 seconds) when retryPolicy is FIXED_DELAY. Must be a valid ISO duration. |
+| catalog.storage.adls.defaultOptions.retryPolicy | string | `nil` | The retry strategy to use. Valid values are: NONE, EXPONENTIAL_BACKOFF, FIXED_DELAY. The default is EXPONENTIAL_BACKOFF. |
 | catalog.storage.adls.defaultOptions.sasTokenSecret | object | `{"name":null,"sasToken":null}` | A secret containing the SAS token to use. Either this option or accountSecret must be set. If both are set, sasTokenSecret takes precedence. |
 | catalog.storage.adls.defaultOptions.sasTokenSecret.name | string | `nil` | Name of the secret containing the SAS token. |
 | catalog.storage.adls.defaultOptions.sasTokenSecret.sasToken | string | `nil` | Secret key containing the SAS token. |
+| catalog.storage.adls.defaultOptions.tryTimeout | string | `nil` | The maximum time allowed before a request is cancelled and assumed failed, default is Integer.MAX_VALUE. Optional. Must be a valid ISO duration. Valid if retryPolicy is EXPONENTIAL_BACKOFF or FIXED_DELAY. |
 | catalog.storage.adls.filesystems | list | `[]` | Per-filesystem ADLS settings. Override the general settings above. |
-| catalog.storage.adls.transport | object | `{"connectTimeout":null,"connectionIdleTimeout":null,"maxHttpConnections":null,"maxRetries":null,"maxRetryDelay":null,"readBlockSize":null,"readTimeout":null,"retryDelay":null,"retryPolicy":null,"tryTimeout":null,"writeBlockSize":null,"writeTimeout":null}` | ADLS transport settings. Not overridable on a per-bucket basis. |
+| catalog.storage.adls.transport | object | `{"connectTimeout":null,"connectionIdleTimeout":null,"maxHttpConnections":null,"readBlockSize":null,"readTimeout":null,"writeBlockSize":null,"writeTimeout":null}` | ADLS transport settings. Not overridable on a per-bucket basis. |
 | catalog.storage.adls.transport.connectTimeout | string | `nil` | Sets the connection timeout for a request to be sent. The default is PT10S (10 seconds). Must be a valid ISO duration. Not overridable on a per-filesystem basis. |
 | catalog.storage.adls.transport.connectionIdleTimeout | string | `nil` | Sets the maximum idle time for a connection to be kept alive. The default is PT60S (60 seconds). Must be a valid ISO duration. Not overridable on a per-filesystem basis. |
 | catalog.storage.adls.transport.maxHttpConnections | string | `nil` | The default maximum connection pool size is determined by the underlying HTTP client. Not overridable on a per-filesystem basis. |
-| catalog.storage.adls.transport.maxRetries | string | `nil` | The maximum number of retries. Must be a positive integer. Default is 4. Optional. Valid if retryPolicy is EXPONENTIAL_BACKOFF or FIXED_DELAY. |
-| catalog.storage.adls.transport.maxRetryDelay | string | `nil` | Specifies the maximum delay allowed before retrying an operation, default value is PT120s (120 seconds). Must be a valid ISO duration. Valid if retryPolicy is EXPONENTIAL_BACKOFF. |
 | catalog.storage.adls.transport.readBlockSize | string | `nil` | The size of each data chunk returned from the service in bytes. The default value is 4 MB. Not overridable on a per-filesystem basis. |
 | catalog.storage.adls.transport.readTimeout | string | `nil` | Sets the read timeout duration used when reading the server response. The default is PT60S (60 seconds). Must be a valid ISO duration. Not overridable on a per-filesystem basis. |
-| catalog.storage.adls.transport.retryDelay | string | `nil` | Specifies the amount of delay to use before retrying an operation, default value is PT4S (4 seconds) when retryPolicy is EXPONENTIAL_BACKOFF and PT30S (30 seconds) when retryPolicy is FIXED_DELAY. Must be a valid ISO duration. |
-| catalog.storage.adls.transport.retryPolicy | string | `nil` | The retry strategy to use. Valid values are: NONE, EXPONENTIAL_BACKOFF, FIXED_DELAY. The default is EXPONENTIAL_BACKOFF. |
-| catalog.storage.adls.transport.tryTimeout | string | `nil` | The maximum time allowed before a request is cancelled and assumed failed, default is Integer.MAX_VALUE. Optional. Must be a valid ISO duration. Valid if retryPolicy is EXPONENTIAL_BACKOFF or FIXED_DELAY. |
 | catalog.storage.adls.transport.writeBlockSize | string | `nil` | Sets the block size in bytes to transfer at a time. Not overridable on a per-filesystem basis. |
 | catalog.storage.adls.transport.writeTimeout | string | `nil` | Sets the write timeout duration used when writing the request to the server. The default is PT60S (60 seconds). Must be a valid ISO duration. Not overridable on a per-filesystem basis. |
 | catalog.storage.gcs.buckets | list | `[]` | Per-bucket GCS settings. Override the general settings above. |
 | catalog.storage.gcs.defaultOptions.authCredentialsJsonSecret | object | `{"key":null,"name":null}` | The Google Cloud service account key secret. This is required when authType is USER or SERVICE_ACCOUNT. |
 | catalog.storage.gcs.defaultOptions.authCredentialsJsonSecret.key | string | `nil` | The secret key storing the Google Cloud service account JSON key. |
 | catalog.storage.gcs.defaultOptions.authCredentialsJsonSecret.name | string | `nil` | The secret name to pull a valid Google Cloud service account key from. |
-| catalog.storage.gcs.defaultOptions.authType | string | `nil` | The authentication type to use. Valid values are: NONE, USER, SERVICE_ACCOUNT, ACCESS_TOKEN. The default is NONE. |
+| catalog.storage.gcs.defaultOptions.authType | string | `nil` | The authentication type to use. Valid values are: NONE, USER, SERVICE_ACCOUNT, ACCESS_TOKEN, APPLICATION_DEFAULT. The default is NONE. |
 | catalog.storage.gcs.defaultOptions.clientLibToken | string | `nil` | The Google client lib token. |
 | catalog.storage.gcs.defaultOptions.decryptionKey | string | `nil` | Customer-supplied AES256 key for blob decryption when reading. Currently unsupported. |
 | catalog.storage.gcs.defaultOptions.deleteBatchSize | string | `nil` | The delete batch size. |
@@ -144,6 +144,7 @@ $ helm uninstall --namespace nessie-ns nessie
 | catalog.storage.gcs.transport.retryDelayMultiplier | string | `nil` | Override the default retry delay multiplier. Must be a valid ISO duration. |
 | catalog.storage.gcs.transport.rpcTimeoutMultiplier | string | `nil` | Override the default RPC timeout multiplier. Must be a valid ISO duration. |
 | catalog.storage.gcs.transport.totalTimeout | string | `nil` | Override the default total timeout. Must be a valid ISO duration. |
+| catalog.storage.retryAfter | string | `nil` | Interval after which a request is retried when Storage responds with some "retry later" error. Must be a valid ISO duration. |
 | catalog.storage.s3.buckets | list | `[]` | Per-bucket S3 settings. Override the general settings above. |
 | catalog.storage.s3.defaultOptions.accessKeySecret | object | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"name":null}` | AWS credentials. Required when serverAuthenticationMode is STATIC. |
 | catalog.storage.s3.defaultOptions.accessKeySecret.awsAccessKeyId | string | `nil` | The secret key storing the AWS secret key id. |
@@ -167,7 +168,7 @@ $ helm uninstall --namespace nessie-ns nessie
 | catalog.storage.s3.sessionCredentials.sessionCredentialCacheMaxEntries | string | `nil` | Maximum number of entries to keep in the session credentials cache (assumed role credentials). Not overridable on a per-bucket basis. The default is 1000. |
 | catalog.storage.s3.sessionCredentials.sessionCredentialRefreshGracePeriod | string | `nil` | The time period to subtract from the S3 session credentials (assumed role credentials) expiry time to define the time when those credentials become eligible for refreshing. Not overridable on a per-bucket basis. The default is PT5M (5 minutes). |
 | catalog.storage.s3.sessionCredentials.stsClientsCacheMaxEntries | string | `nil` | Maximum number of entries to keep in the STS clients cache. Not overridable on a per-bucket basis. The default is 50. |
-| catalog.storage.s3.transport | object | `{"connectTimeout":null,"connectionAcquisitionTimeout":null,"connectionMaxIdleTime":null,"connectionTimeToLive":null,"expectContinueEnabled":null,"maxHttpConnections":null,"readTimeout":null,"retryAfter":null}` | S3 transport settings. Not overridable on a per-bucket basis. |
+| catalog.storage.s3.transport | object | `{"connectTimeout":null,"connectionAcquisitionTimeout":null,"connectionMaxIdleTime":null,"connectionTimeToLive":null,"expectContinueEnabled":null,"maxHttpConnections":null,"readTimeout":null}` | S3 transport settings. Not overridable on a per-bucket basis. |
 | catalog.storage.s3.transport.connectTimeout | string | `nil` | Override the default TCP connect timeout. Must be a valid ISO duration. |
 | catalog.storage.s3.transport.connectionAcquisitionTimeout | string | `nil` | Override default connection acquisition timeout. This is the time a request will wait for a connection from the pool. Must be a valid ISO duration. |
 | catalog.storage.s3.transport.connectionMaxIdleTime | string | `nil` | Override default max idle time of a pooled connection. Must be a valid ISO duration. |
@@ -175,7 +176,6 @@ $ helm uninstall --namespace nessie-ns nessie
 | catalog.storage.s3.transport.expectContinueEnabled | string | `nil` | Override default behavior whether to expect an HTTP/100-Continue. Must be a valid ISO duration. |
 | catalog.storage.s3.transport.maxHttpConnections | string | `nil` | Override the default maximum number of pooled connections. |
 | catalog.storage.s3.transport.readTimeout | string | `nil` | Override the default connection read timeout. Must be a valid ISO duration. |
-| catalog.storage.s3.transport.retryAfter | string | `nil` | Interval after which a request is retried when S3 response with some "retry later" response. Must be a valid ISO duration. |
 | configMapLabels | object | `{}` | Additional Labels to apply to nessie configmap. |
 | dynamodb.profile | string | `"default"` | The name of the profile that should be used, when loading AWS credentials from a profile file. Required only if no secret is provided below. |
 | dynamodb.region | string | `"us-west-2"` | The AWS region to use. |
diff --git a/site/docs/releases.md b/site/docs/releases.md
index 26debf61e85..f9ea80a80a0 100644
--- a/site/docs/releases.md
+++ b/site/docs/releases.md
@@ -2,6 +2,65 @@
 
 **See [Nessie Server upgrade notes](server-upgrade.md) for supported upgrade paths.**
 
+## 0.93.0 Release (July 19, 2024)
+
+See [Release information on GitHub](https://github.com/projectnessie/nessie/releases/tag/nessie-0.93.0).
+
+### Breaking changes
+
+- The `throttled-retry-after` advanced configuration property was renamed from
+  `nessie.catalog.service.s3.throttled-retry-after` to
+  `nessie.catalog.error-handling.throttled-retry-after`. The old property name is ignored.
+- Helm chart: a few ADLS-specific options under `catalog.storage.adls` were incorrectly placed and
+  therefore effectively ignored by Nessie; if you are using ADLS, please re-check your configuration
+  and adjust it accordingly.
+
+### New Features
+
+- CLI: New `REVERT CONTENT` command to update one or more tables or views to a previous state.
+
+### Changes
+
+- Catalog: ADLS + GCS credentials are no longer sent to the client. It is considered insecure to expose the
+  server's credentials to clients, even if this is likely very convenient. Unless we have a secure mechanism
+  to provide per-client/table credentials, users have to configure object store credentials when using GCS or
+  ADLS via the local Iceberg configuration(s).
+
+### Fixes
+
+- GC: Fix behavior of cutoff policy "num commits", it was 'off by one' and considered the n-th commit as non-live
+  vs the n-th commit as the last live one.
+- GC: Record failed "sweep"/"expire" runs in the repository. Before this fix, failures were reported on the console.
+- GC: Fix handling of broken manifest files written by pyiceberg up to 0.6.1
+- Catalog/ADLS: Don't let endpoint default to warehouse/object-store URI
+- Catalog/ADLS: More informative error message if mandatory `endpoint` is missing.
+- Catalog/ADLS: Use a less restrictive endpoint in the 'ObjectIO.ping' function used for health checks.
+
+### Commits
+* Add an Operating System check (#9139)
+* Cache invalidations: move code to `:nessie-quarkus` (#9137)
+* Catalog: decouple bucket name from bucket config key (#9116)
+* Catalog/ADLS: change 'ping' endpoint (#9134)
+* Add exception mappers to convert storage failures to Iceberg REST client exceptions (#8558)
+* CLI: Nicer syntax rendering (#9119)
+* CLI: Add `REVERT CONTENT` command (#9120)
+* Catalog: update `IcebergManifestFileReader` to handle broken manifest files (#9132)
+* Reference caching: update default for negative, update comments/docs (#9126)
+* Catalog/ADLS: More information if manadory ADLS endpoint is missing (#9128)
+* ninja: changelog
+* GC: Manifest file reading with `specById` (#9131)
+* Site: notes on Nessie server sizing + tips (#9127)
+* Catalog / GCS: minor enhancements (#9107)
+* Site: dynamo db note (#9113)
+* GC: Record expiry exception in repository + record stack trace as well (#9114)
+* Catalog: Don't expose ADLS + GCS credentials (#9100)
+* Renovate: automerge action updates (#9106)
+* Catalog: Accept object-store locations w/o trailing `/` (#9098)
+* Catalog/ADLS: Don't let endpoint default to warehouse/object-store URI (#9102)
+* Add `message` argument to `Objects.requireNonNull()` (#9099)
+* GC: Fix behavior of cutoff policy "num commits", 'off by one' (#9096)
+* Site: Fix links to nessie-bom (#9088)
+
 ## 0.92.1 Release (July 13, 2024)
 
 See [Release information on GitHub](https://github.com/projectnessie/nessie/releases/tag/nessie-0.92.1).
diff --git a/site/docs/server-upgrade.md b/site/docs/server-upgrade.md
index c3ff38a4e4b..47dc3f64b5e 100644
--- a/site/docs/server-upgrade.md
+++ b/site/docs/server-upgrade.md
@@ -14,7 +14,7 @@ are not supported and must be avoided.
 
 | Rolling Upgrade Supported | _From_ Nessie version | _To_ Nessie version |
 |---------------------------|-----------------------|---------------------|
-| :heavy_check_mark:        | 0.61.0 or newer       | 0.92.1 or newer     |
+| :heavy_check_mark:        | 0.61.0 or newer       | 0.93.0 or newer     |
 | :x:                       | 0.40.0 or newer       | 0.61.0 or newer     |
 | :heavy_check_mark:        | 0.40.0 or newer       | 0.60.0 or newer     |
 | :x:                       | < 0.40.0              | 0.40.0 or newer     |
diff --git a/site/mkdocs.yml b/site/mkdocs.yml
index 9c34b6663fb..2d0a0a7ed74 100644
--- a/site/mkdocs.yml
+++ b/site/mkdocs.yml
@@ -33,7 +33,7 @@ extra_css:
 
 extra:
   versions:
-    nessie: 0.92.1
+    nessie: 0.93.0
     iceberg: 1.5.2
   analytics:
     provider: google
diff --git a/site/nav.yml b/site/nav.yml
index 99aad149fba..cb982977329 100644
--- a/site/nav.yml
+++ b/site/nav.yml
@@ -53,6 +53,7 @@ nav:
     - Unreleased (nightly): '!include build/versions/nightly/mkdocs.yml'
 # Do NOT change, move or remove the following line!!
 # RELEASE_PLACEHOLDER_MARKER
+    - Nessie 0.93.0: '!include build/versions/0.93.0/mkdocs.yml'
     - Nessie 0.92.1: '!include build/versions/0.92.1/mkdocs.yml'
     - Nessie 0.92.0: '!include build/versions/0.92.0/mkdocs.yml'
     - Nessie 0.91.3: '!include build/versions/0.91.3/mkdocs.yml'
diff --git a/version.txt b/version.txt
index 6ca117dbf36..f71686ecb45 100644
--- a/version.txt
+++ b/version.txt
@@ -1 +1 @@
-0.92.2-SNAPSHOT
\ No newline at end of file
+0.93.0
\ No newline at end of file