diff --git a/CHANGELOG.md b/CHANGELOG.md
index 35b218e734362076075fe34079639c2e585258b5..5e31586777ef4333cc4fe55ee075e64bee19d8ad 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,27 @@
 # Changelog
 
+## 2.2.1
+This release fixes a security vulnerability in the account management API. It is
+highly recommended to upgrade if you are using database authentication.
+
+Additional bug fixes:
+* The `security.authentication.login-try-limit` setting now works as intended.
+
+## 2.1.1
+This release fixes a security vulnerability in the account management API. It is
+highly recommended to upgrade if you are using database authentication.
+
+Additional changes:
+* Libraries have been upgraded to fix potential bugs
+
+## 2.0.3
+This release fixes a security vulnerability in the account management API. It is
+highly recommended to upgrade if you are using database authentication.
+
+Additional changes:
+* Libraries have been upgraded to fix potential bugs
+* Some unnecessary log warnings for Websocket communication are filtered
+
 ## 2.3.1
 Bug fixes:
 * Case-insensitive user IDs are now correctly handled for LDAP authentication.