diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 2d3dd6b1c903b4e9c8b49696b4705c329e3a8363..363e50e9266d62124b74509a7d5709287c7c42d7 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,7 +1,12 @@
 // $Id$
 
-Drupal 5.15, xxxx-xx-xx (development version)
+Drupal 5.15, 2009-01-14
 -----------------------
+- Fixed security issues, (Hardening against SQL injection), see
+  SA-CORE-2009-001
+- Fixed HTTP_HOST checking to work again with HTTP 1.0 clients and basic shell
+  scripts.
+- Fixed a variety of small bugs.
 
 
 Drupal 5.14, 2008-12-11
diff --git a/modules/node/node.module b/modules/node/node.module
index a3156017fc0e365360193c5a1380e4ca8d1bd83f..0127945822a15c7e66deea6e59b50416137eb428 100644
--- a/modules/node/node.module
+++ b/modules/node/node.module
@@ -2753,6 +2753,11 @@ function node_search_validate($form_id, $form_values, $form) {
 function node_access($op, $node = NULL) {
   global $user;
 
+  if (!$node || !in_array($op, array('view', 'update', 'delete', 'create'), TRUE)) {
+    // If there was no node to check against, or the $op was not one of the
+    // supported ones, we return access denied.
+    return FALSE;
+  }
   // Convert the node to an object if necessary:
   if ($op != 'create') {
     $node = (object)$node;
diff --git a/modules/system/system.module b/modules/system/system.module
index aec703e4a81c7ccf878681c1294a675bc0393ee1..3c8a51f8d9320b11485360da4000e6418946998f 100644
--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -6,7 +6,7 @@
  * Configuration system that lets administrators modify the workings of the site.
  */
 
-define('VERSION', '5.15-dev');
+define('VERSION', '5.15');
 
 /**
  * Implementation of hook_help().