diff --git a/CHANGELOG.md b/CHANGELOG.md
index c04410d9..8f897adc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,13 @@
+## 0.5.1 / 2021-01-15
+
+This release includes a bugfix for a side-channel security issue that would
+allow an attacker to verify if a user is defined in the configuration by timing
+request. #39
+
+* [ENHANCEMENT] Cache basic authentication results to significantly improve
+  performance. #32
+* [BUGFIX] Prevent user enumeration by timing requests. #39
+
 ## 0.5.0 / 2021-01-13
 
 * [CHANGE] rename `https` package to `web`. #29
diff --git a/VERSION b/VERSION
index 8f0916f7..4b9fcbec 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.5.0
+0.5.1