diff --git a/Changelog.md b/Changelog.md
index 03b2d9f9e..79fea2193 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -18,6 +18,8 @@
 * Handle duplicates for TagFollowing on account merging [#7807](https://github.com/diaspora/diaspora/pull/7807)
 
 ## Bug fixes
+* Fix compatibility with newer glibc versions [#7828](https://github.com/diaspora/diaspora/pull/7828)
+* Allow fonts to be served from asset host in CSP [#7825](https://github.com/diaspora/diaspora/pull/7825)
 
 ## Features
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 658d8c3c2..5d6ef38cd 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -353,7 +353,7 @@ GEM
       to_regexp (~> 0.2.1)
     jwt (1.5.6)
     kgio (2.11.2)
-    kostya-sigar (2.0.0)
+    kostya-sigar (2.0.4)
     leaflet-rails (1.3.1)
       rails (>= 4.2.0)
     listen (3.1.5)
@@ -921,4 +921,4 @@ DEPENDENCIES
   will_paginate (= 3.1.6)
 
 BUNDLED WITH
-   1.16.1
+   1.16.2
diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb
index bc0abb6e4..8ce56dce1 100644
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -23,6 +23,7 @@ SecureHeaders::Configuration.default do |config|
 
   if AppConfig.environment.assets.host.present?
     asset_host = Addressable::URI.parse(AppConfig.environment.assets.host.get).host
+    csp[:font_src] << asset_host
     csp[:script_src] << asset_host
     csp[:style_src] << asset_host
   end