diff --git a/LICENSE b/LICENSE
index d6f40ac882f3f2dd325dc20e7f7a1589621ed55e..e134aa41a38b0e7e427afeca0ab730ac4232f9d3 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,7 +1,7 @@
 The code of Project Gluon may be distributed under the following terms, unless
 noted otherwise in individual files or subtrees.
 
-Copyright (c) 2013-2021, Project Gluon
+Copyright (c) 2013-2022, Project Gluon
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
diff --git a/README.md b/README.md
index 647f0e5820af9026f9f3189de4aa44903e78d534..17bdb2772bb663b7c31d86f56539f6f9837860e3 100644
--- a/README.md
+++ b/README.md
@@ -30,7 +30,7 @@ the future development of Gluon.
 
 Please refrain from using the `master` branch for anything else but development purposes!
 Use the most recent release instead. You can list all releases by running `git tag`
-and switch to one by running `git checkout v2021.1 && make update`.
+and switch to one by running `git checkout v2021.1.2 && make update`.
 
 If you're using the autoupdater, do not autoupdate nodes with anything but releases.
 If you upgrade using random master commits the nodes *might break* eventually.
diff --git a/docs/conf.py b/docs/conf.py
index ea923d9282505045708e0fb8ed0b7deed07b1b88..f37058cc8bffb552dae6096581ee5eee9d0faa85 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -20,7 +20,7 @@
 # -- Project information -----------------------------------------------------
 
 project = 'Gluon'
-copyright = '2015-2021, Project Gluon'
+copyright = '2015-2022, Project Gluon'
 author = 'Project Gluon'
 
 # The short X.Y version
diff --git a/docs/releases/index.rst b/docs/releases/index.rst
index ddda8511515ed0c24513cbb0e895dbb76a378bfb..d1142e2b6c7885f866e77a8f9f96ba61be9aada4 100644
--- a/docs/releases/index.rst
+++ b/docs/releases/index.rst
@@ -5,6 +5,7 @@ Release Notes
    :caption: Gluon 2021.1
    :maxdepth: 2
 
+   v2021.1.2
    v2021.1.1
    v2021.1
 
diff --git a/docs/releases/v2021.1.2.rst b/docs/releases/v2021.1.2.rst
new file mode 100644
index 0000000000000000000000000000000000000000..70667555fc90edfd315c31aeb9c4a33c76fee50a
--- /dev/null
+++ b/docs/releases/v2021.1.2.rst
@@ -0,0 +1,131 @@
+Gluon 2021.1.2
+==============
+
+Important notes
+---------------
+
+This release fixes a **critical security vulnerability** in Gluon's
+autoupdater.
+
+Upgrades to v2021.1 and later releases are only supported from releases v2018.2
+and later. Migration code for upgrades from older versions has been removed to
+simplify maintenance.
+
+
+Updates
+-------
+
+- The Linux kernel was updated to version 4.14.275
+- The mac80211 wireless driver stack was updated to a version based on kernel
+  4.19.237
+
+Various minor package updates are not listed here and can be found in the commit
+log.
+
+
+Bugfixes
+--------
+
+* **[SECURITY]** Autoupdater: Fix signature verification
+
+  A recently discovered issue (CVE-2022-24884) in the *ecdsautils* package
+  allows forgery of cryptographic signatures. This vulnerability can be
+  exploited to create a manifest accepted by the autoupdater without knowledge
+  of the signers' private keys. By intercepting nodes' connections to the update
+  server, such a manifest allows to distribute malicious firmware updates.
+
+  This is a **critical** vulnerability. All nodes with autoupdater must be
+  updated. Requiring multiple signatures for an update does *not* mitigate the
+  issue.
+
+  As a temporary workaround, the issue can be mitigated on individual nodes by
+  disabling the autoupdater via config mode or using the following commands::
+
+    uci set autoupdater.settings.enabled=0
+    uci commit autoupdater
+
+  A fixed firmware should be installed manually before enabling the autoupdater
+  again.
+
+  See security advisory `GHSA-qhcg-9ffp-78pw
+  <https://github.com/freifunk-gluon/ecdsautils/security/advisories/GHSA-qhcg-9ffp-78pw>`_
+  for further information on this vulnerability.
+
+* **[SECURITY]** Config Mode: Prevent Cross-Site Request Forgery (CSRF)
+
+  The Config Mode was not validating the *Origin* header of POST requests.
+  This allowed arbitrary websites to modify   configuration (including SSH keys)
+  on a Gluon node in Config Mode reachable from a user's browser by sending POST
+  requests with form data to 192.168.1.1.
+
+  The impact of this issue is considered low, as nodes are only vulnerable while
+  in Config Mode.
+
+* Config Mode: Fix occasionally hanging page load after submitting the
+  configuration wizard causing the reboot message and VPN key not to be
+  displayed
+
+* Config Mode (OSM): Update default OpenLayers source URL
+
+  The OSM feature of the Config Mode was broken when the default source URL was
+  used for OpenLayers, as the old URL has become unavailable. The default was
+  updated to a URL that should not become unavailable again.
+
+* Config Mode (OSM): Fix error when using ``"`` character in attribution text
+
+* respondd-module-airtime: Fix respondd crash on devices with disabled WLAN
+  interfaces
+
+  Several improvements were made to the error handling of the
+  *respondd-module-airtime* package. The "PHY ID" field (introduced in Gluon
+  2021.1) was removed again.
+
+* ipq40xx: Fix bad WLAN performance on Plasma Cloud PA1200 and PA2200 devices
+
+* Fix occasional build failure in "perl" package with high number of threads
+  (``-j32`` or higher)
+
+
+Other improvements
+------------------
+
+* Several improvements were made to the status page:
+
+  - WLAN channel display does not require the *respondd-module-airtime* package
+    anymore
+  - The "gateway nexthop" label now links to the status page of the nexthop node
+  - The timeout to retrieve information from neighbour nodes was increased,
+    making the display of the name
+    of overloaded, slow or otherwise badly reachable nodes more likely to
+    succeed
+
+
+Known issues
+------------
+
+* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a
+  soft-bricked state due to bad blocks on the NAND flash which the NAND driver
+  before this release does not handle well.
+  (`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
+
+* The integration of the BATMAN_V routing algorithm is incomplete.
+
+  - Mesh neighbors don't appear on the status page.
+    (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
+    Many tools have the BATMAN_IV metric hardcoded, these need to be updated to
+    account for the new throughput metric.
+  - Throughput values are not correctly acquired for different interface types.
+    (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
+    This affects virtual interface types like bridges and VXLAN.
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are
+  unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* In configurations without VXLAN, the MAC address of the WAN interface is
+  modified even when Mesh-on-WAN is disabled
+  (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected
+  (like VMware when promiscuous mode is disallowed).