diff --git a/History.md b/History.md
index 44914404760..287a8522d63 100644
--- a/History.md
+++ b/History.md
@@ -1,7 +1,9 @@
-UNRELEASED
-=======================
+5.2.0 / 2025-12-01
+========================
 
+* Security fix for [CVE-2024-51999](https://www.cve.org/CVERecord?id=CVE-2024-51999) ([GHSA-pj86-cfqh-vqx6](https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6))
 * deps: `body-parser@^2.2.1`
+* A deprecation warning was added when using `res.redirect` with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.
 
 5.1.0 / 2025-03-31
 ========================
diff --git a/package.json b/package.json
index 5492eb215e9..ade9ed9d6af 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "express",
   "description": "Fast, unopinionated, minimalist web framework",
-  "version": "5.1.0",
+  "version": "5.2.0",
   "author": "TJ Holowaychuk <tj@vision-media.ca>",
   "contributors": [
     "Aaron Heckmann <aaron.heckmann+github@gmail.com>",