diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6635070320864c5ddf20aeb41f28e929253c8682..f81160d115fbb75fba9c3807c4a35e93c2f6af6a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,17 @@
 # Changelog
 
+## 2.4.1
+This release fixes a security vulnerability caused by the CORS implementation.
+Origins allowed for CORS can now be set in the configuration via
+`security.cors.origins`. (Reported by Rainer Rillke at Wikimedia)
+
+Additionally, authentication via disabled services is now entirely blocked to
+fix a security vulnerability allowing guest access despite the setting
+`security.guest.enabled=false`. (Reported by Rainer Rillke at Wikimedia)
+
+Additional changes:
+* Libraries have been upgraded to fix potential bugs
+
 ## 2.3.3
 This release fixes a security vulnerability caused by the CORS implementation.
 Origins allowed for CORS can now be set in the configuration via
diff --git a/pom.xml b/pom.xml
index 390523a5f21dd96e6c783f29ec68c9815edf5bbb..3b543c8e7228f4b4a500ed944c3b957b4f46b31a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>de.thm.arsnova</groupId>
 	<artifactId>arsnova-backend</artifactId>
-	<version>2.4.1-SNAPSHOT</version>
+	<version>2.4.1</version>
 	<packaging>war</packaging>
 
 	<properties>