diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3e25ec703..4bf5415ca 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,20 @@
+# v1.8.0-beta.27
+## mm/dd/2025
+
+1. [](#improved)
+    * Hardened Twig sandbox with expanded blacklist blocking 150+ dangerous functions and attack patterns
+    * Added static regex caching in Security class for improved performance
+    * Added path traversal protection to backup root configuration
+    * Added validation for language codes to prevent regex injection DoS
+1. [](#bugfix)
+    * Fixed path traversal vulnerability in username during account creation
+    * Fixed username uniqueness bypass allowing duplicate accounts
+    * Fixed arbitrary file read via `read_file()` Twig function
+    * Fixed DoS via malformed cron expressions in scheduler
+    * Fixed password hash exposure to frontend via JSON serialization
+    * Fixed email disclosure in user edit page title
+    * Fixed XSS via `isindex` tag bypass (CVE-2023-31506)
+
 # v1.8.0-beta.26
 ## 11/29/2025
 
diff --git a/system/defines.php b/system/defines.php
index 2acc3b370..8d17f0cee 100644
--- a/system/defines.php
+++ b/system/defines.php
@@ -9,7 +9,7 @@
 
 // Some standard defines
 define('GRAV', true);
-define('GRAV_VERSION', '1.8.0-beta.26');
+define('GRAV_VERSION', '1.8.0-beta.27');
 define('GRAV_SCHEMA', '1.8.0_2025-09-21_0');
 define('GRAV_TESTING', true);