diff --git a/Changelog.md b/Changelog.md
index a5f3a17d3..8cafbc3b7 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -9,6 +9,15 @@
 ## Features
 * Add configuration options for some debug logs [#6090](https://github.com/diaspora/diaspora/pull/6090)
 
+# 0.5.1.1
+
+Update rails to 4.2.2, rack to 1.6.2 and jquery-rails to 4.0.4. This fixes
+
+* [CVE-2015-3226](https://groups.google.com/d/msg/rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ)
+* [CVE-2015-3227](https://groups.google.com/d/msg/rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J)
+* [CVE-2015-1840](https://groups.google.com/d/msg/rubyonrails-security/XIZPbobuwaY/fqnzzpuOlA4J)
+* [CVE-2015-3225](https://groups.google.com/d/msg/rubyonrails-security/gcUbICUmKMc/qiCotVZwXrMJ)
+
 # 0.5.1.0
 
 ## Refactor
diff --git a/Gemfile b/Gemfile
index 05dfa9e82..83178baac 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,6 +1,6 @@
 source "https://rubygems.org"
 
-gem "rails", "4.2.1"
+gem "rails", "4.2.2"
 
 # Legacy Rails features, remove me!
 
@@ -85,7 +85,7 @@ gem "entypo-rails", "2.2.3"
 
 gem "backbone-on-rails",                                "1.1.2.1"
 gem "handlebars_assets",                                "0.20.1"
-gem "jquery-rails",                                     "4.0.3"
+gem "jquery-rails",                                     "4.0.4"
 gem "jquery-ui-rails",                                  "5.0.3"
 gem "js_image_paths",                                   "0.0.2"
 gem "js-routes",                                        "1.0.1"
diff --git a/Gemfile.lock b/Gemfile.lock
index 3321b3ec6..ab28d1872 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -3,15 +3,15 @@ GEM
   remote: https://rails-assets.org/
   specs:
     CFPropertyList (2.3.1)
-    actionmailer (4.2.1)
-      actionpack (= 4.2.1)
-      actionview (= 4.2.1)
-      activejob (= 4.2.1)
+    actionmailer (4.2.2)
+      actionpack (= 4.2.2)
+      actionview (= 4.2.2)
+      activejob (= 4.2.2)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 1.0, >= 1.0.5)
-    actionpack (4.2.1)
-      actionview (= 4.2.1)
-      activesupport (= 4.2.1)
+    actionpack (4.2.2)
+      actionview (= 4.2.2)
+      activesupport (= 4.2.2)
       rack (~> 1.6)
       rack-test (~> 0.6.2)
       rails-dom-testing (~> 1.0, >= 1.0.5)
@@ -20,27 +20,27 @@ GEM
       actionpack (>= 4.0.0, < 5.0)
     actionpack-page_caching (1.0.2)
       actionpack (>= 4.0.0, < 5)
-    actionview (4.2.1)
-      activesupport (= 4.2.1)
+    actionview (4.2.2)
+      activesupport (= 4.2.2)
       builder (~> 3.1)
       erubis (~> 2.7.0)
       rails-dom-testing (~> 1.0, >= 1.0.5)
       rails-html-sanitizer (~> 1.0, >= 1.0.1)
     active_model_serializers (0.9.3)
       activemodel (>= 3.2)
-    activejob (4.2.1)
-      activesupport (= 4.2.1)
+    activejob (4.2.2)
+      activesupport (= 4.2.2)
       globalid (>= 0.3.0)
-    activemodel (4.2.1)
-      activesupport (= 4.2.1)
+    activemodel (4.2.2)
+      activesupport (= 4.2.2)
       builder (~> 3.1)
-    activerecord (4.2.1)
-      activemodel (= 4.2.1)
-      activesupport (= 4.2.1)
+    activerecord (4.2.2)
+      activemodel (= 4.2.2)
+      activesupport (= 4.2.2)
       arel (~> 6.0)
     activerecord-import (0.7.0)
       activerecord (>= 3.0)
-    activesupport (4.2.1)
+    activesupport (4.2.2)
       i18n (~> 0.7)
       json (~> 1.7, >= 1.7.7)
       minitest (~> 5.1)
@@ -373,7 +373,7 @@ GEM
       rake
     jasmine-core (2.2.0)
     jasmine-jquery-rails (2.0.3)
-    jquery-rails (4.0.3)
+    jquery-rails (4.0.4)
       rails-dom-testing (~> 1.0)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
@@ -417,14 +417,14 @@ GEM
       thread_safe (~> 0.3, >= 0.3.1)
     messagebus_ruby_api (1.0.3)
     method_source (0.8.2)
-    mime-types (2.5)
+    mime-types (2.6.1)
     mini_magick (4.2.3)
     mini_portile (0.6.2)
     minitest (5.7.0)
     mobile-fu (1.3.1)
       rack-mobile-detect
       rails
-    multi_json (1.11.0)
+    multi_json (1.11.1)
     multi_test (0.1.2)
     multi_xml (0.5.5)
     multipart-post (2.0.0)
@@ -485,7 +485,7 @@ GEM
       pry
     quiet_assets (1.1.0)
       railties (>= 3.1, < 5.0)
-    rack (1.6.1)
+    rack (1.6.2)
     rack-cors (0.4.0)
     rack-google-analytics (1.2.0)
       actionpack
@@ -503,16 +503,16 @@ GEM
       rack
     rack-test (0.6.3)
       rack (>= 1.0)
-    rails (4.2.1)
-      actionmailer (= 4.2.1)
-      actionpack (= 4.2.1)
-      actionview (= 4.2.1)
-      activejob (= 4.2.1)
-      activemodel (= 4.2.1)
-      activerecord (= 4.2.1)
-      activesupport (= 4.2.1)
+    rails (4.2.2)
+      actionmailer (= 4.2.2)
+      actionpack (= 4.2.2)
+      actionview (= 4.2.2)
+      activejob (= 4.2.2)
+      activemodel (= 4.2.2)
+      activerecord (= 4.2.2)
+      activesupport (= 4.2.2)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.2.1)
+      railties (= 4.2.2)
       sprockets-rails
     rails-assets-diaspora_jsxc (0.1.1)
       rails-assets-jquery (~> 1.11.1)
@@ -580,9 +580,9 @@ GEM
       remotipart (~> 1.0)
       safe_yaml (~> 1.0)
       sass-rails (>= 4.0, < 6)
-    railties (4.2.1)
-      actionpack (= 4.2.1)
-      activesupport (= 4.2.1)
+    railties (4.2.2)
+      actionpack (= 4.2.2)
+      activesupport (= 4.2.2)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
     rainbow (2.0.0)
@@ -686,7 +686,7 @@ GEM
       multi_json (~> 1.0)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (2.3.0)
+    sprockets-rails (2.3.1)
       actionpack (>= 3.0)
       activesupport (>= 3.0)
       sprockets (>= 2.8, < 4.0)
@@ -786,7 +786,7 @@ DEPENDENCIES
   i18n-inflector-rails (= 1.0.7)
   jasmine (= 2.2.0)
   jasmine-jquery-rails (= 2.0.3)
-  jquery-rails (= 4.0.3)
+  jquery-rails (= 4.0.4)
   jquery-ui-rails (= 5.0.3)
   js-routes (= 1.0.1)
   js_image_paths (= 0.0.2)
@@ -816,7 +816,7 @@ DEPENDENCIES
   rack-protection (= 1.5.3)
   rack-rewrite (= 1.5.1)
   rack-ssl (= 1.4.1)
-  rails (= 4.2.1)
+  rails (= 4.2.2)
   rails-assets-diaspora_jsxc (~> 0.1.1)!
   rails-assets-highlightjs (= 8.5.0)!
   rails-assets-jakobmattsson--jquery-elastic (= 1.6.11)!