diff --git a/yesod-core/ChangeLog.md b/yesod-core/ChangeLog.md
index c4bd2b17..8a63723f 100644
--- a/yesod-core/ChangeLog.md
+++ b/yesod-core/ChangeLog.md
@@ -1,3 +1,7 @@
+## 1.4.7
+
+SSL-only session security [#894](https://github.com/yesodweb/yesod/pull/894)
+
 ## 1.4.6.2
 
 monad-control 1.0
diff --git a/yesod-core/Yesod/Core/Class/Yesod.hs b/yesod-core/Yesod/Core/Class/Yesod.hs
index fa22715d..ba1bda67 100644
--- a/yesod-core/Yesod/Core/Class/Yesod.hs
+++ b/yesod-core/Yesod/Core/Class/Yesod.hs
@@ -318,6 +318,8 @@ defaultYesodMiddleware handler = do
 -- includes disabling HTTP traffic to the site or issuing redirects from
 -- HTTP urls, and composing 'sslOnlyMiddleware' with the site's
 -- 'yesodMiddleware'.
+--
+-- Since 1.4.7
 sslOnlySessions :: IO (Maybe SessionBackend) -> IO (Maybe SessionBackend)
 sslOnlySessions = (fmap . fmap) secureSessionCookies
   where
@@ -331,6 +333,8 @@ sslOnlySessions = (fmap . fmap) secureSessionCookies
 -- against hijacking attacks on the sessions of users who attempt to access
 -- the site using an http url. This middleware makes a site functionally
 -- inaccessible over vanilla http in all standard browsers.
+--
+-- Since 1.4.7
 sslOnlyMiddleware :: Yesod site
                      => Int -- ^ minutes
                      -> HandlerT site IO res
diff --git a/yesod-core/yesod-core.cabal b/yesod-core/yesod-core.cabal
index 240412fc..e16d1760 100644
--- a/yesod-core/yesod-core.cabal
+++ b/yesod-core/yesod-core.cabal
@@ -1,5 +1,5 @@
 name:            yesod-core
-version:         1.4.6.2
+version:         1.4.7
 license:         MIT
 license-file:    LICENSE
 author:          Michael Snoyman <michael@snoyman.com>