diff --git a/changelog.md b/changelog.md
index 1830a912409..2c39ba8c28e 100644
--- a/changelog.md
+++ b/changelog.md
@@ -2,6 +2,29 @@
 
 ## 0.13.0~rc1
 
+## 0.12.2
+
+### Web Application
+
+* Remove NoScript upload instructions on Source Interface (#4160)
+* Disable Source Interface on instances running Trusty after April 30th (#4325)
+* SecureDrop application dependencies have been updated (#4346)
+
+### Operations
+
+* SecureDrop grsec kernels have been updated to 4.4.177 and provide support for Intel e1000e series NICs (#4308)
+* OSSEC test notifications will now generate ossec alerts (#4340)
+* Updated AppArmor for Apache2 (#4362)
+
+### Tails Environment
+
+* Backup script should now more reliably download large backups from the app server (#4326)
+* SecureDrop GUI updater should now be limited to a single running instance (#4309)
+
+### Documentation
+
+* Instruct admin to look up latest Tails version for Xenial upgrade (#4325)
+
 ## 0.12.1
 
 ### Web Application
@@ -11,7 +34,7 @@
 ### Operations
 
 * Ensured WiFi related packages are not installed on Xenial on upgrade (#4163)
-* Try harder to attach to a `tmux` session on upgrade (#4221) 
+* Try harder to attach to a `tmux` session on upgrade (#4221)
 * Control locale during Ansible runs (#4252)
 
 ### Tails Environment
@@ -134,7 +157,7 @@
 
 * Updated OSSEC to 3.0.0 and use GPG signatures for verifying sources (#3701)
 * Update paramiko to 2.4.2 (#3861)
-* Enforce use of the latest grsecurity-patched kernel on servers (#3842) 
+* Enforce use of the latest grsecurity-patched kernel on servers (#3842)
 
 ### Development
 
@@ -183,7 +206,7 @@ https://github.com/freedomofpress/securedrop/milestone/44
 
 ### Web Applications
 
-* Adds a new supported language: Swedish (#3570) 
+* Adds a new supported language: Swedish (#3570)
 * Replace PyCryptodome with pyca/cryptography (#3458)
 * Add explanatory text to source interface screensaver (#3439, #3455)
 * Rename "Delete collection" on journalist interface for clarity (#2419)
@@ -289,7 +312,7 @@ https://github.com/freedomofpress/securedrop/milestones/0.7.
 
 * Add commands to check for and apply updates to the securedrop-admin CLI (#2976).
 
-### Developer Workflow 
+### Developer Workflow
 
 * Make the Docker-based development environment the default (#2902).
 * Rebase branches prior to running CI jobs (#2934).
@@ -508,12 +531,12 @@ https://github.com/freedomofpress/securedrop/milestones/0.4.1.
 The issues for this release were tracked in the 0.4 milestone on Github:
 https://github.com/freedomofpress/securedrop/milestones/0.4.
 
-This changelog shows major changes below. Please diff the tags to see the full list of changes. 
+This changelog shows major changes below. Please diff the tags to see the full list of changes.
 
 ### Deployment
 
 * Enable optional HTTPS on the source interface (#1605).
-* Standardize SecureDrop server installation on a single username (#1796). 
+* Standardize SecureDrop server installation on a single username (#1796).
 * Add `securedrop-admin` script and update version of Ansible running in the workstation (#1146, #1885).
 * Add validation of user-provided values during SecureDrop installation (#1663, #749, #1257).
 * Removes `prod-specific.yml` configuration file (#1758).
@@ -526,10 +549,10 @@ This changelog shows major changes below. Please diff the tags to see the full l
 ### Developer Workflow
 
 * Reconciles divergent master and develop branches (#1559).
-* Increases unit test coverage to from 65% to 92%. 
-* Adds testinfra system configuration test suite (#1580). 
+* Increases unit test coverage to from 65% to 92%.
+* Adds testinfra system configuration test suite (#1580).
 * Removes unnecessary test wrappers (#1412).
-* Major improvements to SecureDrop CI and testing flow including adding the staging environment to CI (#1067). 
+* Major improvements to SecureDrop CI and testing flow including adding the staging environment to CI (#1067).
 
 ### Web App: Source
 
@@ -546,10 +569,10 @@ This changelog shows major changes below. Please diff the tags to see the full l
 * Adds minimum password length requirements for new journalist accounts (#980).
 * Delete submissions that have had their sources deleted (#1188).
 * Bugfix: Empty replies can no longer be sent to a source (#1715).
-* Bugfix: Handle non hexadecimal digits for the 2FA secret (#1869). 
+* Bugfix: Handle non hexadecimal digits for the 2FA secret (#1869).
 * Bugfix: Handle token reuse for the 2FA secret on /admin/2fa (#1687).
-* Bugfix: Handle attempts to make duplicate user accounts (#1693). 
-* Bugfix: Fix confusing UI on message/reply icons (#1258). 
+* Bugfix: Handle attempts to make duplicate user accounts (#1693).
+* Bugfix: Fix confusing UI on message/reply icons (#1258).
 
 ### Tails Environment