diff --git a/docs/simplesamlphp-changelog.md b/docs/simplesamlphp-changelog.md
index 979e9c878f90fcc89516ddbd131a1b4876197b89..5cf1f56d3d948493914a221a120cba732cfbeb10 100644
--- a/docs/simplesamlphp-changelog.md
+++ b/docs/simplesamlphp-changelog.md
@@ -6,9 +6,39 @@ SimpleSAMLphp changelog
 This document lists the changes between versions of SimpleSAMLphp.
 See the upgrade notes for specific information about upgrading.
 
+## Version 1.14.4
+
+Released 2016-06-08
+
+  * Fixed two minor security issues that allowed malicious URLs to be presented to the user in a link. Reported by John Page.
+  * Fixed issue #366. The LDAP class was trying to authenticate even when no password was provided (using the CAS module).
+  * Fixed issue #401. The authenticate.php script was printing exceptions instead of throwing them for the exception handler to capture them.
+  * Fixed issue #399. The size limitation of the TEXT type in MySQL was creating problems in certain setups.
+  * Fixed issue #5. Incoherent population of the $_SERVER variable was creating broken links when running PHP with FastCGI.
+  * Other typos and minor bugs: #389, #392.
+
+## Version 1.14.3
+
+Released 2016-04-19
+
+  * Fixed a bug in the login form that prevented the login button to be displayed in mobile devices.
+  * Resolved an issue in the PHP session handler that made it impossible to use PHP sessions simultaneously with other applications.
+
+## Version 1.14.2
+
+Released 2016-03-11
+
+  * Use stable versions of the externalized modules to prevent possible issues when further developing them.
+
+## Version 1.14.1
+
+Released 2016-03-08
+
+  * Resolved an information leakage security issue in the sanitycheck module. See [SSPSA 201603-01](/security/201603-01).
+
 ## Version 1.14.0
 
-Released TBD
+Released 2016-02-15
 
 ### Security
 
@@ -32,7 +62,6 @@ Released TBD
   * Added the SAML NameID to the attributes status page, when available.
   * Added attribute definitions for schacGender (schac), sisSchoolGrade and sisLegalGuardianFor (skolfederation.se).
   * Attributes required in metadata are now taken into account when parsing.
-  * Allow regular expression matching of trusted.url.domains. Off by default, set trusted.url.regex to true to enable.
 
 ### Bug fixes