diff --git a/CHANGES b/CHANGES
index 07e631c..99d1647 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,32 @@
+Version 2.6
+===========
+
+Released 2014-02-11
+
+* Security:
+
+  - CVE-2013-6401: The hash function used by the hashtable
+    implementation has been changed, and is automatically seeded with
+    random data when the first JSON object is created. This prevents
+    an attacker from causing large JSON objects with specially crafted
+    keys perform poorly.
+
+* New features:
+
+  - `json_object_seed()`: Set the seed value of the hash function.
+
+* Bug fixes:
+
+  - Include CMake specific files in the release tarball.
+
+* Documentation:
+
+  - Fix tutorial source to send a User-Agent header, which is now
+    required by the GitHub API.
+
+  - Set all memory to zero in secure_free() example.
+
+
 Version 2.5
 ===========
 
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 1043c9a..5e6b9e0 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -78,10 +78,10 @@ endif (WIN32)
 # set (JANSSON_VERSION "2.3.1")
 # set (JANSSON_SOVERSION 2)
 
-set(JANSSON_DISPLAY_VERSION "2.5")
+set(JANSSON_DISPLAY_VERSION "2.6")
 
 # This is what is required to match the same numbers as automake's
-set (JANSSON_VERSION "4.5.0")
+set (JANSSON_VERSION "4.6.0")
 set (JANSSON_SOVERSION 4)
 
 # for CheckFunctionKeywords
diff --git a/configure.ac b/configure.ac
index 113cb85..e871f5f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
 AC_PREREQ([2.60])
-AC_INIT([jansson], [2.5], [petri@digip.org])
+AC_INIT([jansson], [2.6], [petri@digip.org])
 
 AM_INIT_AUTOMAKE([1.10 foreign])
 
diff --git a/doc/conf.py b/doc/conf.py
index ddf5833..98d03f8 100644
--- a/doc/conf.py
+++ b/doc/conf.py
@@ -48,7 +48,7 @@ copyright = u'2009-2013, Petri Lehtinen'
 # built documents.
 #
 # The short X.Y version.
-version = '2.5'
+version = '2.6'
 # The full version, including alpha/beta/rc tags.
 release = version
 
diff --git a/src/Makefile.am b/src/Makefile.am
index b4af562..489a957 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -11,6 +11,7 @@ libjansson_la_SOURCES = \
 	hashtable_seed.c \
 	jansson_private.h \
 	load.c \
+	lookup3.h \
 	memory.c \
 	pack_unpack.c \
 	strbuffer.c \
@@ -22,4 +23,4 @@ libjansson_la_SOURCES = \
 libjansson_la_LDFLAGS = \
 	-no-undefined \
 	-export-symbols-regex '^json_' \
-	-version-info 9:0:5
+	-version-info 10:0:6
diff --git a/src/jansson.h b/src/jansson.h
index ea23085..3f67edf 100644
--- a/src/jansson.h
+++ b/src/jansson.h
@@ -21,11 +21,11 @@ extern "C" {
 /* version */
 
 #define JANSSON_MAJOR_VERSION  2
-#define JANSSON_MINOR_VERSION  5
+#define JANSSON_MINOR_VERSION  6
 #define JANSSON_MICRO_VERSION  0
 
 /* Micro version is omitted if it's 0 */
-#define JANSSON_VERSION  "2.5"
+#define JANSSON_VERSION  "2.6"
 
 /* Version as a 3-byte hex number, e.g. 0x010201 == 1.2.1. Use this
    for numeric comparisons, e.g. #if JANSSON_VERSION_HEX >= ... */