diff --git a/CMakeLists.txt b/CMakeLists.txt
index 4ddba1ab..07eff849 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -8,7 +8,7 @@ cmake_minimum_required(VERSION 3.0)
 cmake_policy(SET CMP0042 NEW)
 
 project(mosquitto)
-set (VERSION 2.0.11)
+set (VERSION 2.0.12)
 
 list(APPEND CMAKE_MODULE_PATH "${CMAKE_SOURCE_DIR}/cmake/")
 
diff --git a/ChangeLog.txt b/ChangeLog.txt
index da5d18ed..0380f397 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,4 +1,4 @@
-2.0.12 - 2021-07-xx
+2.0.12 - 2021-08-31
 ===================
 
 Security:
diff --git a/config.mk b/config.mk
index 619c1e13..1288aa30 100644
--- a/config.mk
+++ b/config.mk
@@ -127,7 +127,7 @@ WITH_XTREPORT=no
 
 # Also bump lib/mosquitto.h, CMakeLists.txt,
 # installer/mosquitto.nsi, installer/mosquitto64.nsi
-VERSION=2.0.11
+VERSION=2.0.12
 
 # Client library SO version. Bump if incompatible API/ABI changes are made.
 SOVERSION=1
diff --git a/include/mosquitto.h b/include/mosquitto.h
index 2cc32634..18a771f2 100644
--- a/include/mosquitto.h
+++ b/include/mosquitto.h
@@ -66,7 +66,7 @@ extern "C" {
 
 #define LIBMOSQUITTO_MAJOR 2
 #define LIBMOSQUITTO_MINOR 0
-#define LIBMOSQUITTO_REVISION 11
+#define LIBMOSQUITTO_REVISION 12
 /* LIBMOSQUITTO_VERSION_NUMBER looks like 1002001 for e.g. version 1.2.1. */
 #define LIBMOSQUITTO_VERSION_NUMBER (LIBMOSQUITTO_MAJOR*1000000+LIBMOSQUITTO_MINOR*1000+LIBMOSQUITTO_REVISION)
 
diff --git a/installer/mosquitto.nsi b/installer/mosquitto.nsi
index 0e45a147..8507c6c9 100644
--- a/installer/mosquitto.nsi
+++ b/installer/mosquitto.nsi
@@ -9,7 +9,7 @@
 !define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"'
 
 Name "Eclipse Mosquitto"
-!define VERSION 2.0.11
+!define VERSION 2.0.12
 OutFile "mosquitto-${VERSION}-install-windows-x86.exe"
 
 InstallDir "$PROGRAMFILES\mosquitto"
diff --git a/installer/mosquitto64.nsi b/installer/mosquitto64.nsi
index 09480b1f..aad1c751 100644
--- a/installer/mosquitto64.nsi
+++ b/installer/mosquitto64.nsi
@@ -9,7 +9,7 @@
 !define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"'
 
 Name "Eclipse Mosquitto"
-!define VERSION 2.0.11
+!define VERSION 2.0.12
 OutFile "mosquitto-${VERSION}-install-windows-x64.exe"
 
 !include "x64.nsh"
diff --git a/set-version.sh b/set-version.sh
index 3ab0982f..7606eae6 100755
--- a/set-version.sh
+++ b/set-version.sh
@@ -2,7 +2,7 @@
 
 MAJOR=2
 MINOR=0
-REVISION=11
+REVISION=12
 
 sed -i "s/^VERSION=.*/VERSION=${MAJOR}.${MINOR}.${REVISION}/" config.mk
 
diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml
index 5e0cf01b..34a62f52 100644
--- a/snap/snapcraft.yaml
+++ b/snap/snapcraft.yaml
@@ -1,5 +1,5 @@
 name: mosquitto
-version: 2.0.11
+version: 2.0.12
 summary: Eclipse Mosquitto MQTT broker
 description: This is a message broker that supports version 5.0, 3.1.1, and 3.1 of the MQTT
     protocol.
diff --git a/www/pages/download.md b/www/pages/download.md
index 96c53083..65ead50e 100644
--- a/www/pages/download.md
+++ b/www/pages/download.md
@@ -11,7 +11,7 @@
 
 # Source
 
-* [mosquitto-2.0.11.tar.gz](https://mosquitto.org/files/source/mosquitto-2.0.11.tar.gz) ([GPG signature](https://mosquitto.org/files/source/mosquitto-2.0.11.tar.gz.asc))
+* [mosquitto-2.0.12.tar.gz](https://mosquitto.org/files/source/mosquitto-2.0.12.tar.gz) ([GPG signature](https://mosquitto.org/files/source/mosquitto-2.0.12.tar.gz.asc))
 * [Git source code repository](https://github.com/eclipse/mosquitto) (github.com)
 
 Older downloads are available at [https://mosquitto.org/files/](../files/)
@@ -24,8 +24,8 @@ distributions.
 
 ## Windows
 
-* [mosquitto-2.0.11-install-windows-x64.exe](https://mosquitto.org/files/binary/win64/mosquitto-2.0.11-install-windows-x64.exe) (64-bit build, Windows Vista and up, built with Visual Studio Community 2019)
-* [mosquitto-2.0.11-install-windows-x32.exe](https://mosquitto.org/files/binary/win32/mosquitto-2.0.11-install-windows-x86.exe) (32-bit build, Windows Vista and up, built with Visual Studio Community 2019)
+* [mosquitto-2.0.12-install-windows-x64.exe](https://mosquitto.org/files/binary/win64/mosquitto-2.0.12-install-windows-x64.exe) (64-bit build, Windows Vista and up, built with Visual Studio Community 2019)
+* [mosquitto-2.0.12-install-windows-x32.exe](https://mosquitto.org/files/binary/win32/mosquitto-2.0.12-install-windows-x86.exe) (32-bit build, Windows Vista and up, built with Visual Studio Community 2019)
 
 Older installers can be found at [https://mosquitto.org/files/binary/](https://mosquitto.org/files/binary/).
 
diff --git a/www/posts/2021/08/version-2-0-12-released.md b/www/posts/2021/08/version-2-0-12-released.md
new file mode 100644
index 00000000..bef508eb
--- /dev/null
+++ b/www/posts/2021/08/version-2-0-12-released.md
@@ -0,0 +1,96 @@
+<!--
+.. title: Version 2.0.12 released.
+.. slug: version-2-0-12-released
+.. date: 2021-08-31 17:16:38 UTC+1
+.. tags: Releases
+.. category:
+.. link:
+.. description:
+.. type: text
+-->
+
+Versions 2.0.12 of Mosquitto has been released. This is a security
+and bugfix release.
+
+# Security
+- An MQTT v5 client connecting with a large number of user-property properties
+  could cause excessive CPU usage, leading to a loss of performance and
+  possible denial of service. This has been fixed.
+- Fix `max_keepalive` not applying to MQTT v3.1.1 and v3.1 connections.
+  These clients are now rejected if their keepalive value exceeds
+  max_keepalive. This option allows [CVE-2020-13849], which is for the MQTT
+  v3.1.1 protocol itself rather than an implementation, to be addressed.
+- Using certain listener related configuration options e.g. `cafile`, that
+  apply to the default listener without defining any listener would cause a
+  remotely accessible listener to be opened that was not confined to the local
+  machine but did have anonymous access enabled, contrary to the
+  documentation. This has been fixed. Closes [#2283].
+- [CVE-2021-34434]: If a plugin had granted ACL subscription access to a
+  durable/non-clean-session client, then removed that access, the client would
+  keep its existing subscription. This has been fixed.
+- Incoming QoS 2 messages that had not completed the QoS flow were not being
+  checked for ACL access when a clean session=False client was reconnecting.
+  This has been fixed.
+
+# Broker
+- Fix possible out of bounds memory reads when reading a corrupt/crafted
+  configuration file. Unless your configuration file is writable by untrusted
+  users this is not a risk. Closes [#567213].
+- Fix `max_connections` option not being correctly counted.
+- Fix TLS certificates and TLS-PSK not being able to be configured at the same
+  time.
+- Disable TLS v1.3 when using TLS-PSK, because it isn't correctly configured.
+- Fix `max_keepalive` not applying to MQTT v3.1.1 and v3.1 connections.
+  These clients are now rejected if their keepalive value exceeds
+  `max_keepalive`. This option allows CVE-2020-13849, which is for the MQTT
+  v3.1.1 protocol itself rather than an implementation, to be addressed.
+- Fix broker not quiting if e.g. the `password_file` is specified as a
+  directory. Closes [#2241].
+- Fix listener `mount_point` not being removed on outgoing messages.
+  Closes [#2244].
+- Strict protocol compliance fixes, plus test suite.
+- Fix $share subscriptions not being recovered for durable clients that
+  reconnect.
+- Update plugin configuration documentation. Closes [#2286].
+
+# Client library
+- If a client uses TLS-PSK then force the default cipher list to use "PSK"
+  ciphers only. This means that a client connecting to a broker configured
+  with x509 certificates only will now fail. Prior to this, the client would
+  connect successfully without verifying certificates, because they were not
+  configured.
+- Disable TLS v1.3 when using TLS-PSK, because it isn't correctly configured.
+- Threaded mode is deconfigured when the `mosquitto_loop_start()` thread ends,
+  which allows `mosquitto_loop_start()` to be called again. Closes [#2242].
+- Fix `MOSQ_OPT_SSL_CTX` not being able to be set to NULL. Closes [#2289].
+- Fix reconnecting failing when `MOSQ_OPT_TLS_USE_OS_CERTS` was in use, but none
+  of `capath`, `cafile`, `psk`, nor `MOSQ_OPT_SSL_CTX` were set, and
+  `MOSQ_OPT_SSL_CTX_WITH_DEFAULTS` was set to the default value of true.
+  Closes [#2288].
+
+# Apps
+- Fix `mosquitto_ctrl dynsec setDefaultACLAccess` command not working.
+
+# Clients
+- `mosquitto_sub` and `mosquitto_rr` now open stdout in binary mode on Windows
+  so binary payloads are not modified when printing.
+- Document TLS certificate behaviour when using `-p 8883`.
+
+# Build
+- Fix installation using `WITH_TLS=no`. Closes [#2281].
+- Fix builds with libressl 3.4.0. Closes [#2198].
+- Remove some unnecessary code guards related to libressl.
+- Fix printf format build warning on MIPS. Closes [#2271].
+
+[#2198]: https://github.com/eclipse/mosquitto/issues/2198
+[#2241]: https://github.com/eclipse/mosquitto/issues/2241
+[#2242]: https://github.com/eclipse/mosquitto/issues/2242
+[#2244]: https://github.com/eclipse/mosquitto/issues/2244
+[#2271]: https://github.com/eclipse/mosquitto/issues/2271
+[#2281]: https://github.com/eclipse/mosquitto/issues/2281
+[#2286]: https://github.com/eclipse/mosquitto/issues/2286
+[#2288]: https://github.com/eclipse/mosquitto/issues/2288
+[#2289]: https://github.com/eclipse/mosquitto/issues/2289
+[#567213]: https://bugs.eclipse.org/bugs/show_bug.cgi?id=567213
+[CVE-2020-13849]: https://nvd.nist.gov/vuln/detail/CVE-2020-13849
+[CVE-2021-34434]: https://nvd.nist.gov/vuln/detail/CVE-2021-34434