diff --git a/CHANGELOG.md b/CHANGELOG.md
index a993332..45075cb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,11 @@
+6.0.3 / 2016-05-30
+------------------
+
+- Security fix: possible ReDOS in `linkify-it` (forced bump of `linkify-it` &
+  `uc-micro` dependencies). New installs will use fixed packages automatically,
+  but we bumped `markdown-it` version for sure & for web builds.
+
+
 6.0.2 / 2016-05-16
 ------------------
 
diff --git a/package.json b/package.json
index 305444b..8fdd0b7 100644
--- a/package.json
+++ b/package.json
@@ -27,9 +27,9 @@
   "dependencies": {
     "argparse": "^1.0.7",
     "entities": "~1.1.1",
-    "linkify-it": "~1.2.0",
+    "linkify-it": "~1.2.2",
     "mdurl": "~1.0.1",
-    "uc.micro": "^1.0.0"
+    "uc.micro": "^1.0.1"
   },
   "devDependencies": {
     "ansi": "~0.3.0",