diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4ee51df545..8b5a95224b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,12 @@ It does not matter how slowly you go as long as you do not stop.
 First they ignore you, then they laugh at you, then they fight you,
 then you win. –- Mahatma Gandhi
 
+Sat Oct 27, 2018 (0.16.4)
+---------------------------------------------------------------------
+
+#### Fixed XSS flaw in tags_helper
+Credit Antonin Steinhauser (steinhause) for discovery and responsible disclosure.
+
 Wed Jan 24, 2018 (0.16.3)
 ---------------------------------------------------------------------
 CVE-2017-0889
diff --git a/lib/fat_free_crm/version.rb b/lib/fat_free_crm/version.rb
index 4a166857bf..e11c887200 100644
--- a/lib/fat_free_crm/version.rb
+++ b/lib/fat_free_crm/version.rb
@@ -7,7 +7,7 @@ module FatFreeCRM
   module VERSION #:nodoc:
     MAJOR = 0
     MINOR = 16
-    TINY  = 3
+    TINY  = 4
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')