diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3d4cbefe2..502c6cc83 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,8 @@
 # go-ipfs changelog
 
+## v0.12.1 2022-03-10
+This patch release [fixes](https://github.com/ipfs/go-ipfs/commit/816a128aaf963d72c4930852ce32b9a4e31924a1) a security issue with the `docker-compose.yaml` file, introduced in v0.11.0, in which the IPFS daemon API listens on all interfaces instead of only the loopback interface, which could allow remote callers to control your IPFS daemon. If you use the included `docker-compose.yaml` file, it is recommended to upgrade.
+
 ## v0.12.0 2022-02-17
 
 We're happy to announce go-ipfs 0.12.0. This release switches the storage of IPLD blocks to be keyed by multihash instead of CID.
diff --git a/docker-compose.yaml b/docker-compose.yaml
index eaf947cb3..447a1474b 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -10,11 +10,18 @@ services:
     environment:
       - IPFS_PATH=/data/ipfs
     ports:
+      # Swarm listens on all interfaces, so is remotely reachable.
       - 4001:4001/tcp
       - 4001:4001/udp
-      - 5001:5001
-      - 8080:8080
-      - 8081:8081
+      
+      # The following ports only listen on the loopback interface, so are not remotely reachable by default.
+      # If you want to override these or add more ports, see https://docs.docker.com/compose/extends/ .
+      
+      # API port, which includes admin operations, so you probably don't want this remotely accessible.
+      - 127.0.0.1:5001:5001
+      
+      # HTTP Gateway
+      - 127.0.0.1:8080:8080
 volumes:
   ipfs_path:
   ipfs_fuse:
diff --git a/version.go b/version.go
index 07019c1aa..128abc9e2 100644
--- a/version.go
+++ b/version.go
@@ -4,7 +4,7 @@ package ipfs
 var CurrentCommit string
 
 // CurrentVersionNumber is the current application's version literal
-const CurrentVersionNumber = "0.12.0"
+const CurrentVersionNumber = "0.12.1"
 
 const ApiVersion = "/go-ipfs/" + CurrentVersionNumber + "/"