diff --git a/CHANGELOG b/CHANGELOG
index 1b4d484cc..cbf46a045 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,11 +1,17 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+RELEASE 1.3.11
+--------------
 - Enigma: Fix compatibility with Mail_Mime >= 1.10.5
 - Fix permissions on some folders created by bin/install-jsdeps.sh script (#6930)
 - Fix bug where inline images could have been ignored if Content-Id header contained redundant spaces (#6980)
 - Fix PHP Warning: Use of undefined constant LOG_EMERGE (#6991)
 - Fix PHP warning: "array_merge(): Expected parameter 2 to be an array, null given in sendmail.inc (#7003)
+- Security: Fix XSS issue in handling of CDATA in HTML messages
+- Security: Fix remote code execution via crafted 'im_convert_path' or 'im_identify_path' settings
+- Security: Fix local file inclusion (and code execution) via crafted 'plugins' option
+- Security: Fix CSRF bypass that could be used to log out an authenticated user (#7302)
 
 RELEASE 1.3.10
 --------------
diff --git a/index.php b/index.php
index 9cf7bbed7..e48fe8cab 100644
--- a/index.php
+++ b/index.php
@@ -2,7 +2,7 @@
 /**
  +-------------------------------------------------------------------------+
  | Roundcube Webmail IMAP Client                                           |
- | Version 1.3.10                                                          |
+ | Version 1.3.11                                                          |
  |                                                                         |
  | Copyright (C) 2005-2019, The Roundcube Dev Team                         |
  |                                                                         |
diff --git a/installer/index.php b/installer/index.php
index 3e8b69750..4dc67f0f2 100644
--- a/installer/index.php
+++ b/installer/index.php
@@ -3,7 +3,7 @@
 /**
  +-------------------------------------------------------------------------+
  | Roundcube Webmail setup tool                                            |
- | Version 1.3.10                                                          |
+ | Version 1.3.11                                                          |
  |                                                                         |
  | Copyright (C) 2009-2019, The Roundcube Dev Team                         |
  |                                                                         |
diff --git a/program/include/iniset.php b/program/include/iniset.php
index 57963e052..8f2e74e50 100644
--- a/program/include/iniset.php
+++ b/program/include/iniset.php
@@ -21,7 +21,7 @@
 */
 
 // application constants
-define('RCMAIL_VERSION', '1.3.10');
+define('RCMAIL_VERSION', '1.3.11');
 define('RCMAIL_START', microtime(true));
 
 if (!defined('INSTALL_PATH')) {
diff --git a/program/lib/Roundcube/bootstrap.php b/program/lib/Roundcube/bootstrap.php
index a2ed4f7e6..9a4229d5f 100644
--- a/program/lib/Roundcube/bootstrap.php
+++ b/program/lib/Roundcube/bootstrap.php
@@ -53,7 +53,7 @@ foreach ($config as $optname => $optval) {
 }
 
 // framework constants
-define('RCUBE_VERSION', '1.3.10');
+define('RCUBE_VERSION', '1.3.11');
 define('RCUBE_CHARSET', 'UTF-8');
 
 if (!defined('RCUBE_LIB_DIR')) {
diff --git a/public_html/index.php b/public_html/index.php
index a861ac7bb..d1261c54d 100644
--- a/public_html/index.php
+++ b/public_html/index.php
@@ -3,7 +3,7 @@
 /*
  +-----------------------------------------------------------------------+
  | Roundcube Webmail IMAP Client                                         |
- | Version 1.3.10                                                        |
+ | Version 1.3.11                                                        |
  |                                                                       |
  | Copyright (C) 2005-2017, The Roundcube Dev Team                       |
  |                                                                       |