diff --git a/Changelog.md b/Changelog.md
index 3dedf127c..954d1dba2 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -1,3 +1,9 @@
+# 0.5.1.2
+
+diaspora\* versions prior 0.5.1.2 leaked potentially private profile data (namely the bio, birthday, gender and location fields) to
+unauthorized users. While the frontend properly hid them, the backend missed a check to not include them in responses.
+Thanks to @cmrd-senya for finding and reporting the issue.
+
 # 0.5.1.1
 
 Update rails to 4.2.2, rack to 1.6.2 and jquery-rails to 4.0.4. This fixes
diff --git a/config/defaults.yml b/config/defaults.yml
index 442cd798a..aa8622b89 100644
--- a/config/defaults.yml
+++ b/config/defaults.yml
@@ -4,7 +4,7 @@
 
 defaults:
   version:
-    number: "0.5.1.1" # Do not touch unless doing a release, do not backport the version number that's in master
+    number: "0.5.1.2" # Do not touch unless doing a release, do not backport the version number that's in master
   heroku: false
   environment:
     url: "http://localhost:3000/"