diff --git a/CHANGELOG b/CHANGELOG
index 8e24f16..dfec4fd 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,4 +1,6 @@
-Release xxx:
+Release 0.4:
+• Security: Refuse to run if wayland session is detected. Running in a wayland
+  is insecure.
 
 Release 0.3:
 • Enhancement: Make pyxtrlock conform to the XDG specification. Patch by
diff --git a/README.md b/README.md
index c5e67a3..78c9182 100644
--- a/README.md
+++ b/README.md
@@ -90,11 +90,14 @@ mailing list.
 
 Bugs & Limitations
 ------------------
-Additional input devices other than the keyboard and mouse are not disabled.
+Pyxtrlock can only securely lock X11 sessions. Running pyxtrlock in other
+session types, such as Wayland, is insecure and not supported. Pyxtrlock tries
+to detect Wayland sessions and abort with an error message.
+
+Pyxtrlock does not prevent a user from switching to a virtual
+terminal, so be advised to always log out from your terminals.
 
-Although this is not a bug, please note that pyxtrlock does not
-prevent a user from switching to a virtual terminal, so be advised to
-always log out from your terminals.
+Additional input devices other than the keyboard and mouse are not disabled.
 
 The length of the password is limited to 100 KiB to prevent memory
 exhaustion attacks. This limit can only be adapted in the source code.
diff --git a/setup.py b/setup.py
index d01dfd3..bfe9c07 100644
--- a/setup.py
+++ b/setup.py
@@ -33,14 +33,14 @@
 ]
 
 setup(name='pyxtrlock',
-      version='0.4alpha',
+      version='0.4',
       author=authors,
       author_email='leon@leonweber.de',
       requires=['simplepam', 'pyxdg'],
       packages=['pyxtrlock'],
       scripts=['bin/pyxtrlock'],
       license='GPLv3+',
-      url='https://zombofant.net/hacking/pyxtrlock',
+      url='https://github.com/leonnnn/pyxtrlock',
       description=desc,
       long_description=long_desc,
       classifiers=classifiers