diff --git a/CHANGELOG.md b/CHANGELOG.md
index bc0dce8ae9..99852ab57c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,12 @@
 # Change Log
 
+## [3.3.1](https://github.com/TheHive-Project/TheHive/tree/3.3.1) (2019-05-22)
+[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.3.0...3.3.1)
+
+**Fixed bugs:**
+
+- THP-SEC-ADV-2017-001: Privilege Escalation in all Versions of TheHive [\#408](https://github.com/TheHive-Project/TheHive/issues/408)
+
 ## [3.3.0](https://github.com/TheHive-Project/TheHive/tree/3.3.0) (2019-03-19)
 
 [Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.3.0-RC6...3.3.0)
diff --git a/thehive-backend/app/controllers/UserCtrl.scala b/thehive-backend/app/controllers/UserCtrl.scala
index 53b3d528a2..29d5354414 100644
--- a/thehive-backend/app/controllers/UserCtrl.scala
+++ b/thehive-backend/app/controllers/UserCtrl.scala
@@ -52,7 +52,7 @@ class UserCtrl @Inject() (
       else if (request.body.contains("key")) {
         Future.failed(AuthorizationError("You must use dedicated API (renewKey, removeKey) to update key"))
       }
-      else if (request.body.contains("role") && !request.authContext.roles.contains(Roles.admin)) {
+      else if (request.body.contains("roles") && !request.authContext.roles.contains(Roles.admin)) {
         Future.failed(AuthorizationError("You are not permitted to change user role"))
       }
       else if (request.body.contains("status") && !request.authContext.roles.contains(Roles.admin)) {
diff --git a/ui/bower.json b/ui/bower.json
index bc7d1b9bb3..adf2062f85 100644
--- a/ui/bower.json
+++ b/ui/bower.json
@@ -1,6 +1,6 @@
 {
   "name": "thehive",
-  "version": "3.3.0",
+  "version": "3.3.1",
   "license": "AGPL-3.0",
   "dependencies": {
     "angular": "1.5.8",
diff --git a/ui/package.json b/ui/package.json
index ba8f5b8e8e..c28af19c2a 100644
--- a/ui/package.json
+++ b/ui/package.json
@@ -1,6 +1,6 @@
 {
     "name": "thehive",
-    "version": "3.3.0",
+    "version": "3.3.1",
     "license": "AGPL-3.0",
     "repository": {
         "type": "git",
diff --git a/version.sbt b/version.sbt
index 9e1a15392a..9b1f80021c 100644
--- a/version.sbt
+++ b/version.sbt
@@ -1 +1 @@
-version in ThisBuild := "3.3.0-1"
+version in ThisBuild := "3.3.1-1"