diff --git a/Changelog.md b/Changelog.md
index b78c946fadb3d7abef38a34baac72288b2d87546..a62e25875d8096c70961cc65a44d8207e4df331b 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -1,3 +1,7 @@
+# 0.5.10.2
+
+Update to Rails 4.2.7.1 which fixes [CVE-2016-6316](https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE) and [CVE-2016-6317](https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA).
+
 # 0.5.10.1
 
 We made a mistake and removed `mysql2` from the `Gemfile.lock` in a recent gem update. Since this could cause some issues for some installations, we decided to release a hotfix.
diff --git a/config/defaults.yml b/config/defaults.yml
index f01e2dc49249c91dbbd727f519f186eaeaf6c2db..dee1020d2828b73634b5f9b9a9df33aa65fcac22 100644
--- a/config/defaults.yml
+++ b/config/defaults.yml
@@ -4,7 +4,7 @@
 
 defaults:
   version:
-    number: "0.5.10.1" # Do not touch unless doing a release, do not backport the version number that's in master
+    number: "0.5.10.2" # Do not touch unless doing a release, do not backport the version number that's in master
   heroku: false
   environment:
     url: "http://localhost:3000/"