diff --git a/SECURITY.md b/SECURITY.md
index 659f4542..2e99a861 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,6 +2,8 @@
 
 Please disclose any vulnerabilities found responsibly - report any security problems found to the maintainers privately.
 
+PHPMailer versions prior to 5.2.22 (released January 2017) have a local file disclosure vulnerability if content passed into `msgHTML()` is sourced from unfiltered user input. Also note that `addAttachment` (just like `file_get_contents`, `passthru`, `unlink`, etc) should not be passed user-sourced params either!
+
 PHPMailer versions prior to 5.2.20 (released December 28th 2016) are vulnerable to [CVE-2016-10045](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10045) a remote code execution vulnerability, responsibly reported by [Dawid Golunski](https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html), and patched by Paul Buonopane (@Zenexer).
 
 PHPMailer versions prior to 5.2.18 (released December 2016) are vulnerable to [CVE-2016-10033](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10033) a remote code execution vulnerability, responsibly reported by [Dawid Golunski](http://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html).
diff --git a/VERSION b/VERSION
index 567eefa2..07b26572 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-5.2.21
+5.2.22
diff --git a/changelog.md b/changelog.md
index c00ea5e6..8d08e67a 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,10 @@
 # ChangeLog
 
+## Version 5.2.22 (January 5th 2017)
+* **SECURITY** Fix local file disclosure vulnerability if content passed to `msgHTML()` is sourced from unfiltered user input.
+* Add simple contact form example
+* Emoji in test content
+
 ## Version 5.2.21 (December 28th 2016)
 * Fix missed number update in version file - no functional changes
 
diff --git a/class.pop3.php b/class.pop3.php
index 373c886c..f10e688e 100644
--- a/class.pop3.php
+++ b/class.pop3.php
@@ -34,7 +34,7 @@ class POP3
      * @var string
      * @access public
      */
-    public $Version = '5.2.21';
+    public $Version = '5.2.22';
 
     /**
      * Default POP3 port number.
diff --git a/class.smtp.php b/class.smtp.php
index 270162b2..89321171 100644
--- a/class.smtp.php
+++ b/class.smtp.php
@@ -30,7 +30,7 @@ class SMTP
      * The PHPMailer SMTP version number.
      * @var string
      */
-    const VERSION = '5.2.21';
+    const VERSION = '5.2.22';
 
     /**
      * SMTP line break constant.
@@ -81,7 +81,7 @@ class SMTP
      * @deprecated Use the `VERSION` constant instead
      * @see SMTP::VERSION
      */
-    public $Version = '5.2.21';
+    public $Version = '5.2.22';
 
     /**
      * SMTP server port number.