From d6eb37d658e2e37e4ef4e2279b99eefa6f1d412b Mon Sep 17 00:00:00 2001
From: Ulises Gascon <ulisesgascongonzalez@gmail.com>
Date: Tue, 25 Nov 2025 21:54:50 +0100
Subject: [PATCH 1/2] 5.2.0

---
 History.md   | 4 ++++
 package.json | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/History.md b/History.md
index 5b6cba51ed8..fbe36f9677f 100644
--- a/History.md
+++ b/History.md
@@ -1,3 +1,7 @@
+5.2.0 / 2025-12-01
+========================
+  * Security fix for [CVE-2024-51999](https://www.cve.org/CVERecord?id=CVE-2024-51999) ([GHSA-pj86-cfqh-vqx6](https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6))
+
 5.1.0 / 2025-03-31
 ========================
 
diff --git a/package.json b/package.json
index db7661de46d..8a601b3b014 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "express",
   "description": "Fast, unopinionated, minimalist web framework",
-  "version": "5.1.0",
+  "version": "5.2.0",
   "author": "TJ Holowaychuk <tj@vision-media.ca>",
   "contributors": [
     "Aaron Heckmann <aaron.heckmann+github@gmail.com>",

From 7f600a046439b6697c72c8775ca91a14fb556a6d Mon Sep 17 00:00:00 2001
From: Ulises Gascon <ulisesgascongonzalez@gmail.com>
Date: Wed, 26 Nov 2025 15:22:43 +0100
Subject: [PATCH 2/2] docs: include deprecation message

---
 History.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/History.md b/History.md
index 002c286b9ad..287a8522d63 100644
--- a/History.md
+++ b/History.md
@@ -3,6 +3,7 @@
 
 * Security fix for [CVE-2024-51999](https://www.cve.org/CVERecord?id=CVE-2024-51999) ([GHSA-pj86-cfqh-vqx6](https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6))
 * deps: `body-parser@^2.2.1`
+* A deprecation warning was added when using `res.redirect` with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.
 
 5.1.0 / 2025-03-31
 ========================