diff --git a/CHANGES b/CHANGES
index e111dc4406de3122b71020d8f6fb7fd590ccc143..8df269a65480dc2e0f7d3e5e336ec2cce5863474 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,20 @@
+2012.55 - Wednesday 22 February 2012
+
+- Security: Fix use-after-free bug that could be triggered when multiple command sessions were
+  made when a command="" authorized_keys restriction was in effect. Possible arbitrary
+  code execution to an authenticated user, and probable bypass of the command="" restriction.
+  CVE-2012-0920. Thanks to Danny Fullerton of Mantor Organization for reporting the bug
+
+- Compile fix, only apply IPV6 socket options if they are available in headers
+  Thanks to Gustavo Zacarias for the patch
+
+- Clear key memory on exit
+
+- Fix minor memory leak in unusual PAM authentication configurations.
+  Thanks to Stathis Voukelatos
+
+- Other small code cleanups
+
 2011.54 - Tuesday 8 November 2011
 
 - Building statically works again, broke in 0.53 and 0.53.1
diff --git a/debian/changelog b/debian/changelog
index f41594303fdbea4324d378271d2e309be0f64833..acd9ec4112faeb3b52b2375d7729f24f70198000 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+dropbear (2012.55-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 22 Feb 2012 22:54:00 +0800
+
 dropbear (2011.54-0.1) unstable; urgency=low
 
   * New upstream release.
diff --git a/sysoptions.h b/sysoptions.h
index 1b417e59765de7a8bd75c0e948d4e9427cd3cef4..283229e9b3abe6533f9fcced74c26db0aa6f9d7d 100644
--- a/sysoptions.h
+++ b/sysoptions.h
@@ -4,7 +4,7 @@
  *******************************************************************/
 
 #ifndef DROPBEAR_VERSION
-#define DROPBEAR_VERSION "2011.54"
+#define DROPBEAR_VERSION "2012.55"
 #endif
 
 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION