diff --git a/Changelog.md b/Changelog.md
index 197bffbf9..b3b9fd1c6 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -96,6 +96,10 @@ This maintenance is not enabled by default. Podmins can enable it by for example
 * Maintenance feature to automatically expire inactive accounts [#5288](https://github.com/diaspora/diaspora/pull/5288)
 * Add LibreJS markers to JavaScript [5320](https://github.com/diaspora/diaspora/pull/5320)
 
+# 0.4.1.2
+
+* Update Rails, fixes [CVE-2014-7818](https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo).
+
 # 0.4.1.1
 
 * Fix XSS issue in poll questions [#5274](https://github.com/diaspora/diaspora/issues/5274)
diff --git a/Gemfile b/Gemfile
index d8377cc89..fad30aeea 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,7 +1,7 @@
 source 'https://rubygems.org'
 source 'https://rails-assets.org'
 
-gem 'rails', '4.1.6'
+gem 'rails', '4.1.7'
 
 # Legacy Rails features, remove me!
 
diff --git a/Gemfile.lock b/Gemfile.lock
index bf762efe9..acd5d5851 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -2,29 +2,29 @@ GEM
   remote: https://rubygems.org/
   remote: https://rails-assets.org/
   specs:
-    actionmailer (4.1.6)
-      actionpack (= 4.1.6)
-      actionview (= 4.1.6)
+    actionmailer (4.1.7)
+      actionpack (= 4.1.7)
+      actionview (= 4.1.7)
       mail (~> 2.5, >= 2.5.4)
-    actionpack (4.1.6)
-      actionview (= 4.1.6)
-      activesupport (= 4.1.6)
+    actionpack (4.1.7)
+      actionview (= 4.1.7)
+      activesupport (= 4.1.7)
       rack (~> 1.5.2)
       rack-test (~> 0.6.2)
     actionpack-action_caching (1.1.1)
       actionpack (>= 4.0.0, < 5.0)
     actionpack-page_caching (1.0.2)
       actionpack (>= 4.0.0, < 5)
-    actionview (4.1.6)
-      activesupport (= 4.1.6)
+    actionview (4.1.7)
+      activesupport (= 4.1.7)
       builder (~> 3.1)
       erubis (~> 2.7.0)
-    activemodel (4.1.6)
-      activesupport (= 4.1.6)
+    activemodel (4.1.7)
+      activesupport (= 4.1.7)
       builder (~> 3.1)
-    activerecord (4.1.6)
-      activemodel (= 4.1.6)
-      activesupport (= 4.1.6)
+    activerecord (4.1.7)
+      activemodel (= 4.1.7)
+      activesupport (= 4.1.7)
       arel (~> 5.0.0)
     activerecord-import (0.6.0)
       activerecord (>= 3.0)
@@ -32,7 +32,7 @@ GEM
       activemodel (~> 4.0)
       activesupport (~> 4.0)
       rails-observers (~> 0.1.1)
-    activesupport (4.1.6)
+    activesupport (4.1.7)
       i18n (~> 0.6, >= 0.6.9)
       json (~> 1.7, >= 1.7.7)
       minitest (~> 5.1)
@@ -282,7 +282,7 @@ GEM
       redcarpet (>= 2.0)
     messagebus_ruby_api (1.0.3)
     method_source (0.8.2)
-    mime-types (2.4.1)
+    mime-types (2.4.3)
     mini_magick (3.8.1)
       subexec (~> 0.2.1)
     mini_portile (0.5.3)
@@ -360,15 +360,15 @@ GEM
       rack
     rack-test (0.6.2)
       rack (>= 1.0)
-    rails (4.1.6)
-      actionmailer (= 4.1.6)
-      actionpack (= 4.1.6)
-      actionview (= 4.1.6)
-      activemodel (= 4.1.6)
-      activerecord (= 4.1.6)
-      activesupport (= 4.1.6)
+    rails (4.1.7)
+      actionmailer (= 4.1.7)
+      actionpack (= 4.1.7)
+      actionview (= 4.1.7)
+      activemodel (= 4.1.7)
+      activerecord (= 4.1.7)
+      activesupport (= 4.1.7)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.1.6)
+      railties (= 4.1.7)
       sprockets-rails (~> 2.0)
     rails-assets-jeresig--jquery.hotkeys (0.2.0)
       rails-assets-jquery (>= 1.4.2)
@@ -402,9 +402,9 @@ GEM
       remotipart (~> 1.0)
       safe_yaml (~> 1.0)
       sass-rails (~> 4.0)
-    railties (4.1.6)
-      actionpack (= 4.1.6)
-      activesupport (= 4.1.6)
+    railties (4.1.7)
+      actionpack (= 4.1.7)
+      activesupport (= 4.1.7)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
     raindrops (0.13.0)
@@ -598,7 +598,7 @@ DEPENDENCIES
   rack-protection (= 1.2)
   rack-rewrite (= 1.5.0)
   rack-ssl (= 1.4.1)
-  rails (= 4.1.6)
+  rails (= 4.1.7)
   rails-assets-jeresig--jquery.hotkeys (= 0.2.0)
   rails-assets-jquery (= 1.11.1)
   rails-assets-jquery-idletimer (= 1.0.1)