diff --git a/django/contrib/auth/common-passwords.txt.gz b/django/contrib/auth/common-passwords.txt.gz
index e758dbe9a7..bc94fdec38 100644
Binary files a/django/contrib/auth/common-passwords.txt.gz and b/django/contrib/auth/common-passwords.txt.gz differ
diff --git a/django/contrib/auth/password_validation.py b/django/contrib/auth/password_validation.py
index 3f8f888ddc..a5002372d2 100644
--- a/django/contrib/auth/password_validation.py
+++ b/django/contrib/auth/password_validation.py
@@ -221,7 +221,7 @@ class CommonPasswordValidator:
     The password is rejected if it occurs in a provided list of passwords,
     which may be gzipped. The list Django ships with contains 20000 common
     passwords (lowercased and deduplicated), created by Royce Williams:
-    https://gist.github.com/roycewilliams/281ce539915a947a23db17137d91aeb7
+    https://gist.github.com/roycewilliams/226886fd01572964e1431ac8afc999ce
     The password list must be lowercased to match the comparison in validate().
     """
 
diff --git a/docs/releases/4.2.txt b/docs/releases/4.2.txt
index 6cfd0865f6..718f09b9dc 100644
--- a/docs/releases/4.2.txt
+++ b/docs/releases/4.2.txt
@@ -274,7 +274,8 @@ Utilities
 Validators
 ~~~~~~~~~~
 
-* ...
+* The list of common passwords used by ``CommonPasswordValidator`` is updated
+  to the most recent version.
 
 .. _backwards-incompatible-4.2:
 
diff --git a/docs/topics/auth/passwords.txt b/docs/topics/auth/passwords.txt
index cd6fdea811..7f92685775 100644
--- a/docs/topics/auth/passwords.txt
+++ b/docs/topics/auth/passwords.txt
@@ -615,12 +615,17 @@ Django includes four validators:
     Validates that the password is not a common password. This converts the
     password to lowercase (to do a case-insensitive comparison) and checks it
     against a list of 20,000 common password created by `Royce Williams
-    <https://gist.github.com/roycewilliams/281ce539915a947a23db17137d91aeb7>`_.
+    <https://gist.github.com/roycewilliams/226886fd01572964e1431ac8afc999ce>`_.
 
     The ``password_list_path`` can be set to the path of a custom file of
     common passwords. This file should contain one lowercase password per line
     and may be plain text or gzipped.
 
+    .. versionchanged:: 4.2
+
+        The list of 20,000 common passwords was updated to the most recent
+        version.
+
 .. class:: NumericPasswordValidator()
 
     Validate that the password is not entirely numeric.