diff --git a/CHANGES b/CHANGES
index f58ed7e6e634fce59ae1b859d014cd80390997c9..85e50a0f21e86c87a803c1000149c9ffe52800d5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,8 @@
-0.49test1 - Mon 12 February 2007
+0.49 - Fri 23 February 2007
+
+- Security: dbclient previously would prompt to confirm a 
+  mismatching hostkey but wouldn't warn loudly. It will now
+  exit upon a mismatch.
 
 - Compile fixes, make sure that all variable definitions are at the start
   of a scope.
@@ -9,6 +13,9 @@
 
 - Add -f dbclient option for "background after auth"
 
+- Add ability to limit binding to particular addresses, use 
+  -p [address:]port, patch from Max-Gerd Retzlaff.
+
 - Try to finally fix ss_family compilation problems (for old
   glibc systems)
 
diff --git a/dbclient.1 b/dbclient.1
index c91c27246e4eaa4e021d1bf85a4c2d26ba632dcf..41453423c6ac20bf55b9bbf1d22524776f9d9897 100644
--- a/dbclient.1
+++ b/dbclient.1
@@ -70,6 +70,10 @@ This is useful when using password authentication.
 Allow non-local hosts to connect to forwarded ports. Applies to -L and -R
 forwarded ports, though remote connections to -R forwarded ports may be limited
 by the ssh server.
+.TP
+.B \-y
+Always accept hostkeys if they are unknown. If a hostkey mismatch occurs the
+connection will abort as normal.
 .SH AUTHOR
 Matt Johnston (matt@ucc.asn.au).
 .br
diff --git a/debian/changelog b/debian/changelog
index d201176654046a1d07145e3605f30b3729928ae8..0ad67efe5caf5238942ad20e1b0ebb67efc7b5dc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,8 @@
-dropbear (0.49test1-0.1) unstable; urgency=low
+dropbear (0.49-0.1) unstable; urgency=low
 
   * New upstream release.
 
- -- Matt Johnston <matt@ucc.asn.au>  Mon, 12 Feb 2007 23:59:00 +0900
+ -- Matt Johnston <matt@ucc.asn.au>  Fri, 23 Feb 2007 00:44:00 +0900
 
 dropbear (0.48.1-1) unstable; urgency=medium
 
diff --git a/options.h b/options.h
index 4ba51c3a80eefc26aee0a24b2ffce686918fe55c..cd6f7ca7c4d5452b6a9c153a7b8cf9287e8347ad 100644
--- a/options.h
+++ b/options.h
@@ -133,7 +133,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  * You can't enable both PASSWORD and PAM. */
 
 #define ENABLE_SVR_PASSWORD_AUTH
-/*#define ENABLE_SVR_PAM_AUTH */
+/*#define ENABLE_SVR_PAM_AUTH */ /* requires ./configure --enable-pam */
 #define ENABLE_SVR_PUBKEY_AUTH
 
 #define ENABLE_CLI_PASSWORD_AUTH
@@ -182,7 +182,8 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
 #define MAX_AUTH_TRIES 10
 #endif
 
-/* The file to store the daemon's process ID, for shutdown scripts etc */
+/* The default file to store the daemon's process ID, for shutdown
+   scripts etc. This can be overridden with the -P flag */
 #ifndef DROPBEAR_PIDFILE
 #define DROPBEAR_PIDFILE "/var/run/dropbear.pid"
 #endif
@@ -214,7 +215,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  *******************************************************************/
 
 #ifndef DROPBEAR_VERSION
-#define DROPBEAR_VERSION "0.49test1"
+#define DROPBEAR_VERSION "0.49"
 #endif
 
 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION