diff --git a/CMakeLists.txt b/CMakeLists.txt
index 489105df..4963d4ca 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -8,7 +8,7 @@ cmake_minimum_required(VERSION 3.0)
 cmake_policy(SET CMP0042 NEW)
 
 project(mosquitto)
-set (VERSION 2.0.8)
+set (VERSION 2.0.9)
 
 list(APPEND CMAKE_MODULE_PATH "${CMAKE_SOURCE_DIR}/cmake/")
 
diff --git a/config.mk b/config.mk
index 73e5cc39..d31b1160 100644
--- a/config.mk
+++ b/config.mk
@@ -127,7 +127,7 @@ WITH_XTREPORT=no
 
 # Also bump lib/mosquitto.h, CMakeLists.txt,
 # installer/mosquitto.nsi, installer/mosquitto64.nsi
-VERSION=2.0.8
+VERSION=2.0.9
 
 # Client library SO version. Bump if incompatible API/ABI changes are made.
 SOVERSION=1
diff --git a/include/mosquitto.h b/include/mosquitto.h
index 587888a6..9aafcb32 100644
--- a/include/mosquitto.h
+++ b/include/mosquitto.h
@@ -66,7 +66,7 @@ extern "C" {
 
 #define LIBMOSQUITTO_MAJOR 2
 #define LIBMOSQUITTO_MINOR 0
-#define LIBMOSQUITTO_REVISION 8
+#define LIBMOSQUITTO_REVISION 9
 /* LIBMOSQUITTO_VERSION_NUMBER looks like 1002001 for e.g. version 1.2.1. */
 #define LIBMOSQUITTO_VERSION_NUMBER (LIBMOSQUITTO_MAJOR*1000000+LIBMOSQUITTO_MINOR*1000+LIBMOSQUITTO_REVISION)
 
diff --git a/installer/mosquitto.nsi b/installer/mosquitto.nsi
index e34c7847..20487814 100644
--- a/installer/mosquitto.nsi
+++ b/installer/mosquitto.nsi
@@ -9,7 +9,7 @@
 !define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"'
 
 Name "Eclipse Mosquitto"
-!define VERSION 2.0.8
+!define VERSION 2.0.9
 OutFile "mosquitto-${VERSION}-install-windows-x86.exe"
 
 InstallDir "$PROGRAMFILES\mosquitto"
diff --git a/installer/mosquitto64.nsi b/installer/mosquitto64.nsi
index 4bd80f54..5ca2ca38 100644
--- a/installer/mosquitto64.nsi
+++ b/installer/mosquitto64.nsi
@@ -9,7 +9,7 @@
 !define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"'
 
 Name "Eclipse Mosquitto"
-!define VERSION 2.0.8
+!define VERSION 2.0.9
 OutFile "mosquitto-${VERSION}-install-windows-x64.exe"
 
 !include "x64.nsh"
diff --git a/set-version.sh b/set-version.sh
index a96b6a77..ba9b855a 100755
--- a/set-version.sh
+++ b/set-version.sh
@@ -2,7 +2,7 @@
 
 MAJOR=2
 MINOR=0
-REVISION=8
+REVISION=9
 
 sed -i "s/^VERSION=.*/VERSION=${MAJOR}.${MINOR}.${REVISION}/" config.mk
 
diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml
index 0099409a..5e8289ba 100644
--- a/snap/snapcraft.yaml
+++ b/snap/snapcraft.yaml
@@ -1,5 +1,5 @@
 name: mosquitto
-version: 2.0.8
+version: 2.0.9
 summary: Eclipse Mosquitto MQTT broker
 description: This is a message broker that supports version 5.0, 3.1.1, and 3.1 of the MQTT
     protocol.
diff --git a/www/pages/download.md b/www/pages/download.md
index 0d16e248..c181fdca 100644
--- a/www/pages/download.md
+++ b/www/pages/download.md
@@ -1,7 +1,7 @@
 <!--
 .. title: Download
 .. slug: download
-.. date: 2022-02-25 17:18:38 UTC
+.. date: 2022-03-11 22:16:38 UTC
 .. tags: tag
 .. category: category
 .. link: link
@@ -11,7 +11,7 @@
 
 # Source
 
-* [mosquitto-2.0.8.tar.gz](https://mosquitto.org/files/source/mosquitto-2.0.8.tar.gz) (319kB) ([GPG signature](https://mosquitto.org/files/source/mosquitto-2.0.8.tar.gz.asc))
+* [mosquitto-2.0.9.tar.gz](https://mosquitto.org/files/source/mosquitto-2.0.9.tar.gz) (319kB) ([GPG signature](https://mosquitto.org/files/source/mosquitto-2.0.9.tar.gz.asc))
 * [Git source code repository](https://github.com/eclipse/mosquitto) (github.com)
 
 Older downloads are available at [https://mosquitto.org/files/](../files/)
@@ -24,8 +24,8 @@ distributions.
 
 ## Windows
 
-* [mosquitto-2.0.8-install-windows-x64.exe](https://mosquitto.org/files/binary/win64/mosquitto-2.0.8-install-windows-x64.exe) (64-bit build, Windows Vista and up, built with Visual Studio Community 2019)
-* [mosquitto-2.0.8-install-windows-x32.exe](https://mosquitto.org/files/binary/win32/mosquitto-2.0.8-install-windows-x86.exe) (32-bit build, Windows Vista and up, built with Visual Studio Community 2019)
+* [mosquitto-2.0.9-install-windows-x64.exe](https://mosquitto.org/files/binary/win64/mosquitto-2.0.9-install-windows-x64.exe) (64-bit build, Windows Vista and up, built with Visual Studio Community 2019)
+* [mosquitto-2.0.9-install-windows-x32.exe](https://mosquitto.org/files/binary/win32/mosquitto-2.0.9-install-windows-x86.exe) (32-bit build, Windows Vista and up, built with Visual Studio Community 2019)
 
 Older installers can be found at [https://mosquitto.org/files/binary/](https://mosquitto.org/files/binary/).
 
diff --git a/www/posts/2021/03/version-2-0-9-released.md b/www/posts/2021/03/version-2-0-9-released.md
new file mode 100644
index 00000000..799fd4e0
--- /dev/null
+++ b/www/posts/2021/03/version-2-0-9-released.md
@@ -0,0 +1,101 @@
+<!--
+.. title: Version 2.0.9 released.
+.. slug: version-2-0-9-released
+.. date: 2021-03-11 22:19:38 UTC
+.. tags: Releases
+.. category:
+.. link:
+.. description:
+.. type: text
+-->
+
+Versions 2.0.9, 1.6.14, and 1.5.11 of Mosquitto have been released. These are
+bugfix releases and include a minor security fix.
+
+# 2.0.9
+
+## Security
+- If an empty or invalid CA file was provided to the client library for
+  verifying the remote broker, then the initial connection would fail but
+  subsequent connections would succeed without verifying the remote broker
+  certificate. Closes [#2130].
+- If an empty or invalid CA file was provided to the broker for verifying the
+  remote broker for an outgoing bridge connection then the initial connection
+  would fail but subsequent connections would succeed without verifying the
+  remote broker certificate. Closes [#2130].
+
+## Broker
+- Fix encrypted bridge connections incorrectly connecting when `bridge_cafile`
+  is empty or invalid. Closes [#2130].
+- Fix `tls_version` behaviour not matching documentation. It was setting the
+  exact TLS version to use, not the minimium TLS version to use. Closes [#2110].
+- Fix messages to `$` prefixed topics being rejected. Closes [#2111].
+- Fix QoS 0 messages not being delivered when max_queued_bytes was configured.
+  Closes [#2123].
+- Fix bridge increasing backoff calculation.
+- Improve handling of invalid combinations of listener address and bind
+  interface configurations. Closes [#2081].
+- Fix `max_keepalive` option not applying to clients connecting with keepalive
+  set to 0. Closes [#2117].
+
+## Client library
+- Fix encrypted connections incorrectly connecting when the CA file passed to
+  `mosquitto_tls_set()` is empty or invalid. Closes [#2130].
+- Fix connections retrying very rapidly in some situations.
+
+## Build
+- Fix cmake epoll detection.
+
+# 1.6.14
+
+## Security
+- If an empty or invalid CA file was provided to the client library for
+  verifying the remote broker, then the initial connection would fail but
+  subsequent connections would succeed without verifying the remote broker
+  certificate. Closes [#2130].
+- If an empty or invalid CA file was provided to the broker for verifying the
+  remote broker for an outgoing bridge connection then the initial connection
+  would fail but subsequent connections would succeed without verifying the
+  remote broker certificate. Closes [#2130].
+
+## Broker
+- Fix encrypted bridge connections incorrectly connecting when `bridge_cafile`
+  is empty or invalid. Closes [#2130].
+
+## Client library
+- Fix encrypted connections incorrectly connecting when the CA file passed to
+  `mosquitto_tls_set()` is empty or invalid. Closes [#2130].
+- Fix connections retrying very rapidly in some situations.
+
+## Clients
+- Fix possible loss of data in `mosquitto_pub -l` when sending multiple long
+  lines. Closes [#2078].
+
+# 1.5.11
+
+## Security
+- If an empty or invalid CA file was provided to the client library for
+  verifying the remote broker, then the initial connection would fail but
+  subsequent connections would succeed without verifying the remote broker
+  certificate. Closes [#2130].
+- If an empty or invalid CA file was provided to the broker for verifying the
+  remote broker for an outgoing bridge connection then the initial connection
+  would fail but subsequent connections would succeed without verifying the
+  remote broker certificate. Closes [#2130].
+
+## Broker
+- Fix encrypted bridge connections incorrectly connecting when `bridge_cafile`
+  is empty or invalid. Closes [#2130].
+
+## Client library
+- Fix encrypted connections incorrectly connecting when the CA file passed to
+  `mosquitto_tls_set()` is empty or invalid. Closes [#2130].
+
+[#2040]: https://github.com/eclipse/mosquitto/issues/2040
+[#2078]: https://github.com/eclipse/mosquitto/issues/2078
+[#2081]: https://github.com/eclipse/mosquitto/issues/2081
+[#2110]: https://github.com/eclipse/mosquitto/issues/2110
+[#2111]: https://github.com/eclipse/mosquitto/issues/2111
+[#2117]: https://github.com/eclipse/mosquitto/issues/2117
+[#2123]: https://github.com/eclipse/mosquitto/issues/2123
+[#2130]: https://github.com/eclipse/mosquitto/issues/2130