diff --git a/_config.yml b/_config.yml
index 83e8f0be3a1..57167c06439 100644
--- a/_config.yml
+++ b/_config.yml
@@ -101,8 +101,8 @@ social:
 # Home Assistant release details
 current_major_version: 0
 current_minor_version: 98
-current_patch_version: 4
-date_released: 2019-09-06
+current_patch_version: 5
+date_released: 2019-09-07
 
 # Either # or the anchor link to latest release notes in the blog post.
 # Must be prefixed with a # and have double quotes around it.
diff --git a/source/_posts/2019-08-28-release-98.markdown b/source/_posts/2019-08-28-release-98.markdown
index c2f62053513..f1e72510242 100644
--- a/source/_posts/2019-08-28-release-98.markdown
+++ b/source/_posts/2019-08-28-release-98.markdown
@@ -193,10 +193,16 @@ Screencap of the batcave video.
 [version docs]: https://www.home-assistant.io/components/version/
 [websocket_api docs]: https://www.home-assistant.io/components/websocket_api/
 
-## Release 0.98.3 - September 4
+## Release 0.98.4 - September 4
 
  - Fix Tuya switches ([@balloob])
 
+## Release 0.98.5 - September 6
+
+We have been notified by Gregor Godbersen that our markdown renderer was vulnerable for an XSS attack if exposed to specially crafted markdown. This was introduced in the Home Assistant 0.98 release. We have verified that Home Assistant 0.98.0 does not render unsafe markdown, yet still wanted to make sure to issue an update as soon as possible.
+
+More information in this [frontend pull request](https://github.com/home-assistant/home-assistant-polymer/pull/3640).
+
 ## If you need help...
 
 ...don't hesitate to use our very active [forums](https://community.home-assistant.io/) or join us for a little [chat](https://discord.gg/c5DvZ4e).