diff --git a/CMakeLists.txt b/CMakeLists.txt
index 7fc2595b..9840ec0a 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -11,7 +11,7 @@ project(mosquitto)
 cmake_minimum_required(VERSION 2.8)
 # Only for version 3 and up. cmake_policy(SET CMP0042 NEW)
 
-set (VERSION 1.6.5)
+set (VERSION 1.6.6)
 
 add_definitions (-DCMAKE -DVERSION=\"${VERSION}\")
 
diff --git a/ChangeLog.txt b/ChangeLog.txt
index 9919c610..abf74289 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,6 +1,10 @@
-1.6.6 - 20190915
+1.6.6 - 20190917
 ================
 
+Security:
+- Restrict topic hierarchy to 200 levels to prevent possible stack overflow.
+  Closes #1412.
+
 Broker:
 - Restrict topic hierarchy to 200 levels to prevent possible stack overflow.
   Closes #1412.
diff --git a/config.mk b/config.mk
index 471ed41c..a8a6debe 100644
--- a/config.mk
+++ b/config.mk
@@ -104,7 +104,7 @@ WITH_COVERAGE:=no
 
 # Also bump lib/mosquitto.h, CMakeLists.txt,
 # installer/mosquitto.nsi, installer/mosquitto64.nsi
-VERSION=1.6.5
+VERSION=1.6.6
 
 # Client library SO version. Bump if incompatible API/ABI changes are made.
 SOVERSION=1
diff --git a/installer/mosquitto.nsi b/installer/mosquitto.nsi
index d59028b6..11d37731 100644
--- a/installer/mosquitto.nsi
+++ b/installer/mosquitto.nsi
@@ -9,7 +9,7 @@
 !define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"'
 
 Name "Eclipse Mosquitto"
-!define VERSION 1.6.5
+!define VERSION 1.6.6
 OutFile "mosquitto-${VERSION}-install-windows-x86.exe"
 
 InstallDir "$PROGRAMFILES\mosquitto"
diff --git a/installer/mosquitto64.nsi b/installer/mosquitto64.nsi
index c89d9a7d..c43a66a8 100644
--- a/installer/mosquitto64.nsi
+++ b/installer/mosquitto64.nsi
@@ -9,7 +9,7 @@
 !define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"'
 
 Name "Eclipse Mosquitto"
-!define VERSION 1.6.5
+!define VERSION 1.6.6
 OutFile "mosquitto-${VERSION}-install-windows-x64.exe"
 
 !include "x64.nsh"
diff --git a/lib/mosquitto.h b/lib/mosquitto.h
index c8116fa9..1e1dff2e 100644
--- a/lib/mosquitto.h
+++ b/lib/mosquitto.h
@@ -48,7 +48,7 @@ extern "C" {
 
 #define LIBMOSQUITTO_MAJOR 1
 #define LIBMOSQUITTO_MINOR 6
-#define LIBMOSQUITTO_REVISION 5
+#define LIBMOSQUITTO_REVISION 6
 /* LIBMOSQUITTO_VERSION_NUMBER looks like 1002001 for e.g. version 1.2.1. */
 #define LIBMOSQUITTO_VERSION_NUMBER (LIBMOSQUITTO_MAJOR*1000000+LIBMOSQUITTO_MINOR*1000+LIBMOSQUITTO_REVISION)
 
diff --git a/set-version.sh b/set-version.sh
index 8c9f65e6..f7b82643 100755
--- a/set-version.sh
+++ b/set-version.sh
@@ -2,7 +2,7 @@
 
 MAJOR=1
 MINOR=6
-REVISION=5
+REVISION=6
 
 sed -i "s/^VERSION=.*/VERSION=${MAJOR}.${MINOR}.${REVISION}/" config.mk
 
diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml
index dec36750..91f7ed0d 100644
--- a/snap/snapcraft.yaml
+++ b/snap/snapcraft.yaml
@@ -1,5 +1,5 @@
 name: mosquitto
-version: 1.6.5
+version: 1.6.6
 summary: Eclipse Mosquitto MQTT broker
 description: This is a message broker that supports version 3.1 and 3.1.1 of the MQTT
     protocol.
diff --git a/www/pages/download.md b/www/pages/download.md
index 5499441d..a18abc72 100644
--- a/www/pages/download.md
+++ b/www/pages/download.md
@@ -1,7 +1,7 @@
 <!--
 .. title: Download
 .. slug: download
-.. date: 2019-09-12 15:12:00 UTC+1
+.. date: 2019-09-17 16:12:00 UTC+1
 .. tags: tag
 .. category: category
 .. link: link
@@ -11,7 +11,7 @@
 
 # Source
 
-* [mosquitto-1.6.5.tar.gz](https://mosquitto.org/files/source/mosquitto-1.6.5.tar.gz) (319kB) ([GPG signature](https://mosquitto.org/files/source/mosquitto-1.6.5.tar.gz.asc))
+* [mosquitto-1.6.6.tar.gz](https://mosquitto.org/files/source/mosquitto-1.6.6.tar.gz) (319kB) ([GPG signature](https://mosquitto.org/files/source/mosquitto-1.6.6.tar.gz.asc))
 * [Git source code repository](https://github.com/eclipse/mosquitto) (github.com)
 
 Older downloads are available at [https://mosquitto.org/files/](../files/)
@@ -24,8 +24,8 @@ distributions.
 
 ## Windows
 
-* [mosquitto-1.6.5-install-windows-x64.exe](https://mosquitto.org/files/binary/win64/mosquitto-1.6.5-install-windows-x64.exe) (~1.4 MB) (64-bit build, Windows Vista and up, built with Visual Studio Community 2017)
-* [mosquitto-1.6.5-install-windows-x32.exe](https://mosquitto.org/files/binary/win32/mosquitto-1.6.2-install-windows-x86.exe) (~1.4 MB) (32-bit build, Windows Vista and up, built with Visual Studio Community 2017)
+* [mosquitto-1.6.6-install-windows-x64.exe](https://mosquitto.org/files/binary/win64/mosquitto-1.6.6-install-windows-x64.exe) (~1.4 MB) (64-bit build, Windows Vista and up, built with Visual Studio Community 2017)
+* [mosquitto-1.6.6-install-windows-x32.exe](https://mosquitto.org/files/binary/win32/mosquitto-1.6.6-install-windows-x86.exe) (~1.4 MB) (32-bit build, Windows Vista and up, built with Visual Studio Community 2017)
 
 See also readme-windows.txt after installing.
 
diff --git a/www/posts/2019/09/version-1-6-5-released.md b/www/posts/2019/09/version-1-6-5-released.md
index ca6050d4..ce8b867f 100644
--- a/www/posts/2019/09/version-1-6-5-released.md
+++ b/www/posts/2019/09/version-1-6-5-released.md
@@ -1,6 +1,6 @@
 <!--
 .. title: Version 1.6.5 released
-.. slug: version-1-6-4-released
+.. slug: version-1-6-5-released
 .. date: 2019-09-12 15:00:00 UTC+1
 .. tags: Releases
 .. category:
diff --git a/www/posts/2019/09/version-1-6-6-released.md b/www/posts/2019/09/version-1-6-6-released.md
new file mode 100644
index 00000000..4f6ef8bb
--- /dev/null
+++ b/www/posts/2019/09/version-1-6-6-released.md
@@ -0,0 +1,59 @@
+<!--
+.. title: Security advisory: CVE-2018-12543
+.. slug: security-advisory-cve-2018-12543
+.. date: 2018-09-27 10:36:19 UTC+01:00
+.. tags: Security,Releases
+.. category:
+.. link:
+.. description:
+.. type: text
+-->
+
+Mosquitto 1.6.6 and 1.5.9 have been released to address two security vulnerabilities.
+
+Titles and links will be updated once the CVE numbers are assigned.
+
+# CVE-xxxx-xxxxx
+
+A vulnerability exists in Mosquitto versions 1.5 to 1.6.5 inclusive.
+
+If a client sends a SUBSCRIBE packet containing a topic that consists of
+approximately 65400 or more '/' characters, i.e. the topic hierarchy separator,
+then a stack overflow will occur.
+
+The issue is fixed in Mosquitto 1.6.6 and 1.5.9. Patches for older versions are
+available at <https://mosquitto.org/files/cve/2019-hier>
+
+The fix addresses the problem by restricting the allowed number of topic
+hierarchy levels to 200. An alternative fix is to increase the size of the
+stack by a small amount.
+
+# CVE-yyyy-yyyyy
+
+A vulnerability exists in Mosquitto version 1.6 to 1.6.4 inclusive.
+
+If an MQTT v5 client connects to Mosquitto, sets a last will and testament,
+sets a will delay interval, sets a session expiry interval, and the will delay
+interval is set longer than the session expiry interval, then a use after free
+error occurs, which has the potential to cause a crash in some situations.
+
+The issue is fixed in Mosquitto 1.6.5. Patches for older versions are available
+at <https://mosquitto.org/files/cve/2019-will-delay>
+
+# Version 1.6.6 Changes
+
+The complete list of fixes addressed in version 1.6.6 is:
+
+## Security
+
+* Restrict topic hierarchy to 200 levels to prevent possible stack overflow.
+  Closes [#1412].
+
+## Broker
+* Restrict topic hierarchy to 200 levels to prevent possible stack overflow.
+  Closes [#1412].
+* `mosquitto_passwd` now returns 1 when attempting to update a user that does
+  not exist. Closes [#1414].
+
+[#1412]: https://github.com/eclipse/mosquitto/issues/1412
+[#1414]: https://github.com/eclipse/mosquitto/issues/1414