diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4ad545af..4758e541 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,18 @@ Releases
 This high level changelog is usually updated when a release is tagged.
 On the master branch there may be changes that are not (yet) described here.
 
+### 1.12.0
+
+* [-] fix CVE-2020-7043: TLS Certificate CommonName NULL Byte Vulnerability
+* [-] fix CVE-2020-7042: use of uninitialized memory in X509_check_host
+* [-] fix CVE-2020-7041: incorrect use of X509_check_host (regarding return value).
+* [-] always hide cleartest password in -vv output
+* [+] add a clear warning about sensitive information in the debug output
+* [+] add a hint in debug output when password is read from config file
+* [-] fix segfault when connecting with empty password
+* [+] use resolvconf if available to update resolv.conf file
+* [~] replace semicolon by space in dns-suffix string
+
 ### 1.11.0
 
 * [+] allow to connect with empty password (and with smartcard instead of username)
diff --git a/configure.ac b/configure.ac
index 148dac7d..c67a11df 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ([2.63])
-AC_INIT([openfortivpn], [1.11.0])
+AC_INIT([openfortivpn], [1.12.0])
 AC_CONFIG_SRCDIR([src/main.c])
 AM_INIT_AUTOMAKE([foreign subdir-objects])