diff --git a/CHANGELOG.md b/CHANGELOG.md
index fc91c68ad8ee81c2d33a12d48c0c040a1c3d8043..22e9479e55812df2e59f36fa8d04e3028641763b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,20 +5,31 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [Unreleased]
-
-### Added
-
-### Changed
-
-### Deprecated
-
-### Removed
+## [0.12.1] - 2023-12-13
+(Timm Fitschen)
 
 ### Fixed
 
+* Insufficient permission checks during subproperty filters of SELECT queries
+  when an entity with retrieve permissions references one without
+  [linkahead-server#244](https://gitlab.com/linkahead/linkahead-server/-/issues/244)
+* Insufficient permission checks in queries when a name of an invisible record
+  is used in a filter where a visible record references the invisible one
+  [linkahead-server#242](https://gitlab.com/linkahead/linkahead-server/-/issues/242)
+
 ### Security
 
+This is an important security patch release. The bugs
+[linkahead-server#244](https://gitlab.com/linkahead/linkahead-server/-/issues/244)
+and
+[linkahead-server#242](https://gitlab.com/linkahead/linkahead-server/-/issues/242)
+possibly leak sensitive data when an attacker with read access to linkahead
+(i.e. the attacker needs an active user account or anonymous needs to be
+enabled) can guess the name of entities or properties of referenced entities
+and construct a malicious FIND or SELECT statement and when the attacker has
+read permissions for an entity which references the entities containing the
+sensitive information. See the bug reports for more information.
+
 ## [0.12.0] - 2023-10-25
 (Timm Fitschen)
 
diff --git a/CITATION.cff b/CITATION.cff
index a7c72943398fe58430003e8412d7d01e911c9f43..77f724679e3c57ef44e9380af8ded72cb7a30410 100644
--- a/CITATION.cff
+++ b/CITATION.cff
@@ -23,6 +23,6 @@ authors:
     given-names: Stefan
     orcid: https://orcid.org/0000-0001-7214-8125
 title: "CaosDB - Server"
-version: 0.12.0
+version: 0.12.1
 doi: 10.3390/data4020083
-date-released: 2023-10-25
+date-released: 2023-12-13
diff --git a/caosdb-webui b/caosdb-webui
index d5f9090eca25a92fc44dbeeba305768e8d9f4bcb..6e4db2f99e1d441bbda9ccca85fae45526018406 160000
--- a/caosdb-webui
+++ b/caosdb-webui
@@ -1 +1 @@
-Subproject commit d5f9090eca25a92fc44dbeeba305768e8d9f4bcb
+Subproject commit 6e4db2f99e1d441bbda9ccca85fae45526018406
diff --git a/pom.xml b/pom.xml
index abe5e2827883f9445f02505294881134aefb4c1f..82ac0c1eb15525d5621a6fc374728543bf960842 100644
--- a/pom.xml
+++ b/pom.xml
@@ -25,7 +25,7 @@
   <modelVersion>4.0.0</modelVersion>
   <groupId>org.caosdb</groupId>
   <artifactId>caosdb-server</artifactId>
-  <version>0.13.0-SNAPSHOT</version>
+  <version>0.12.1</version>
   <packaging>jar</packaging>
   <name>CaosDB Server</name>
   <scm>
diff --git a/src/doc/conf.py b/src/doc/conf.py
index 530d8d653c6946b1c64738d7ad129f43d00afa8e..e1471488b869d1a4896bea774bade2c82b7ed26e 100644
--- a/src/doc/conf.py
+++ b/src/doc/conf.py
@@ -26,9 +26,9 @@ copyright = '2023, IndiScale GmbH'
 author = 'Daniel Hornung, Timm Fitschen'
 
 # The short X.Y version
-version = '0.13.0'
+version = '0.12.1'
 # The full version, including alpha/beta/rc tags
-release = '0.13.0-dev'
+release = '0.12.1'
 
 
 # -- General configuration ---------------------------------------------------