diff --git a/website/sphinx/releases.rst b/website/sphinx/releases.rst
index 05af64fe..24aebe3e 100644
--- a/website/sphinx/releases.rst
+++ b/website/sphinx/releases.rst
@@ -4,6 +4,7 @@ Release notes
 .. toctree::
    :maxdepth: 2
 
+   releases/v2.2.1
    releases/v2.2.0
    releases/v2.1.1
    releases/v2.1.0
diff --git a/website/sphinx/releases/v2.2.1.rst b/website/sphinx/releases/v2.2.1.rst
new file mode 100644
index 00000000..a47b1b47
--- /dev/null
+++ b/website/sphinx/releases/v2.2.1.rst
@@ -0,0 +1,20 @@
+What's new in Tornado 2.2.1
+===========================
+
+Apr 23, 2012
+------------
+
+Security fixes
+~~~~~~~~~~~~~~
+
+* `tornado.web.RequestHandler.set_header` now properly sanitizes input
+  values to protect against header injection, response splitting, etc.
+  (it has always attempted to do this, but the check was incorrect).
+  Note that redirects, the most likely source of such bugs, are protected
+  by a separate check in `RequestHandler.redirect`.
+
+Bug fixes
+~~~~~~~~~
+
+* Colored logging configuration in `tornado.options` is compatible with
+  Python 3.2.3 (and 3.3).