diff --git a/NEWS.rst b/NEWS.rst
index baa9d834..514505e7 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -29,6 +29,14 @@ http://kozea.github.io/Radicale/1to2/ if you want to switch from 1.x.x to
   version control
 
 
+1.1.2 - Third Law of Nature
+===========================
+
+* **Security fix**: Add a random timer to avoid timing oracles and simple
+  bruteforce attacks when using the htpasswd authentication method.
+* Various minor fixes.
+
+
 1.1.1 - Second Law of Nature
 ============================
 
diff --git a/radicale/__init__.py b/radicale/__init__.py
index e6cd6904..d268ae0a 100644
--- a/radicale/__init__.py
+++ b/radicale/__init__.py
@@ -49,7 +49,7 @@ import vobject
 
 from . import auth, rights, storage, xmlutils
 
-VERSION = "2.0.0rc1"
+VERSION = "2.0.0rc2"
 
 NOT_ALLOWED = (
     client.FORBIDDEN, (("Content-Type", "text/plain"),),