diff --git a/CHANGELOG.md b/CHANGELOG.md
index e031cfc6f3af6cd8ee8cd02b1b5eff91a351526a..6f3195ebe8b5b9c055764e5ff5a4d60393aeb3a3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,20 @@
 # Changelog
 
+## 2.1.1
+This release fixes a security vulnerability in the account management API. It is
+highly recommended to upgrade if you are using database authentication.
+
+Additional changes:
+* Libraries have been upgraded to fix potential bugs
+
+## 2.0.3
+This release fixes a security vulnerability in the account management API. It is
+highly recommended to upgrade if you are using database authentication.
+
+Additional changes:
+* Libraries have been upgraded to fix potential bugs
+* Some unnecessary log warnings for Websocket communication are filtered
+
 ## 2.2
 This release massively improves performance of ARSnova and contains a critical
 bugfix so it is highly recommended to upgrade. Because of the newly introduced
diff --git a/src/main/java/de/thm/arsnova/controller/UserController.java b/src/main/java/de/thm/arsnova/controller/UserController.java
index a113f184a4569d881391c552f900580f4775234f..720edf81e841de1470cf58e7db797d8ac6008f4c 100644
--- a/src/main/java/de/thm/arsnova/controller/UserController.java
+++ b/src/main/java/de/thm/arsnova/controller/UserController.java
@@ -97,7 +97,7 @@ public class UserController extends AbstractController {
 		response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
 	}
 
-	@RequestMapping(value = { "/{username}" }, method = RequestMethod.DELETE)
+	@RequestMapping(value = { "/{username}/" }, method = RequestMethod.DELETE)
 	public void activate(
 			@PathVariable final String username,
 			final HttpServletRequest request,
diff --git a/src/main/java/de/thm/arsnova/services/UserService.java b/src/main/java/de/thm/arsnova/services/UserService.java
index 7fba2f8ae692847dc865f325051409bf63260128..a2fb705c622c1c6e51e074a8d2bd7a6b56627edc 100644
--- a/src/main/java/de/thm/arsnova/services/UserService.java
+++ b/src/main/java/de/thm/arsnova/services/UserService.java
@@ -424,7 +424,7 @@ public class UserService implements IUserService {
 	public DbUser deleteDbUser(String username) {
 		User user = getCurrentUser();
 		if (!user.getUsername().equals(username)
-				&& SecurityContextHolder.getContext().getAuthentication().getAuthorities()
+				&& !SecurityContextHolder.getContext().getAuthentication().getAuthorities()
 						.contains(new SimpleGrantedAuthority("ROLE_ADMIN"))) {
 			throw new UnauthorizedException();
 		}