diff --git a/CHANGELOG.md b/CHANGELOG.md
index 43c66f47b2c..3ee5f977c88 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,31 @@
 
 This file documents all notable changes to Falco. The release numbering uses [semantic versioning](http://semver.org).
 
+## v0.12.0
+
+Released 2018-09-11
+
+## Major Changes
+
+* Improved IPv6 Support to fully support use of IPv6 addresses in events, connections and filters [[#sysdig/1204](https://github.com/draios/sysdig/pull/1204)]
+
+* Ability to associate connections with dns names: new filterchecks `fd.*ip.name` allow looking up the DNS name for a connection's IP address. This can be used to identify or restrict connections by dns names e.g. `evt.type=connect and fd.sip.name=github.com`. [[#412](https://github.com/draios/falco/pull/412)] [[#sysdig/1213](https://github.com/draios/sysdig/pull/1213)]
+
+* New filterchecks `user.loginuid` and `user.loginname` can be used to match the login uid, which stays consistent across sudo/su. This can be used to find the actual user running a given process [[#sysdig/1189](https://github.com/draios/sysdig/pull/1189)]
+
+## Minor Changes
+
+* Upgrade zlib to 1.2.11, openssl to 1.0.2n, and libcurl to 7.60.0 to address software vulnerabilities [[#402](https://github.com/draios/falco/pull/402)]
+* New `endswith` operator can be used for suffix matching on strings [[#sysdig/1209](https://github.com/draios/sysdig/pull/1209)]
+
+## Bug Fixes
+
+* Better control of specifying location of lua source code [[#406](https://github.com/draios/falco/pull/406)]
+
+## Rule Changes
+
+* None for this release.
+
 ## v0.11.1
 
 Released 2018-07-31
diff --git a/CMakeLists.txt b/CMakeLists.txt
index ad46ee5023b..c74e8183eae 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -78,8 +78,10 @@ else()
         set(ZLIB_INCLUDE "${ZLIB_SRC}")
         set(ZLIB_LIB "${ZLIB_SRC}/libz.a")
         ExternalProject_Add(zlib
-		URL "http://s3.amazonaws.com/download.draios.com/dependencies/zlib-1.2.8.tar.gz"
-		URL_MD5 "44d667c142d7cda120332623eab69f40"
+		# START CHANGE for CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843
+		URL "http://s3.amazonaws.com/download.draios.com/dependencies/zlib-1.2.11.tar.gz"
+                URL_MD5 "1c9f62f0778697a09d36121ead88e08e"
+		# END CHANGE for CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843
 		CONFIGURE_COMMAND "./configure"
 		BUILD_COMMAND ${CMD_MAKE}
 		BUILD_IN_SOURCE 1
@@ -215,8 +217,10 @@ else()
 	message(STATUS "Using bundled openssl in '${OPENSSL_BUNDLE_DIR}'")
 
 	ExternalProject_Add(openssl
-		URL "http://s3.amazonaws.com/download.draios.com/dependencies/openssl-1.0.2j.tar.gz"
-		URL_MD5 "96322138f0b69e61b7212bc53d5e912b"
+		# START CHANGE for CVE-2017-3735, CVE-2017-3731, CVE-2017-3737, CVE-2017-3738, CVE-2017-3736
+		URL "http://s3.amazonaws.com/download.draios.com/dependencies/openssl-1.0.2n.tar.gz"
+                URL_MD5 "13bdc1b1d1ff39b6fd42a255e74676a4"
+		# END CHANGE for CVE-2017-3735, CVE-2017-3731, CVE-2017-3737, CVE-2017-3738, CVE-2017-3736
 		CONFIGURE_COMMAND ./config shared --prefix=${OPENSSL_INSTALL_DIR}
 		BUILD_COMMAND ${CMD_MAKE}
 		BUILD_IN_SOURCE 1
@@ -246,8 +250,10 @@ else()
 
 	ExternalProject_Add(curl
 		DEPENDS openssl
-		URL "http://s3.amazonaws.com/download.draios.com/dependencies/curl-7.56.0.tar.bz2"
-		URL_MD5 "e0caf257103e0c77cee5be7e9ac66ca4"
+		# START CHANGE for CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-1000007
+		URL "http://s3.amazonaws.com/download.draios.com/dependencies/curl-7.60.0.tar.bz2"
+		URL_MD5 "bd2aabf78ded6a9aec8a54532fd6b5d7"
+		# END CHANGE for CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-1000007
 		CONFIGURE_COMMAND ./configure ${CURL_SSL_OPTION} --disable-shared --enable-optimize --disable-curldebug --disable-rt --enable-http --disable-ftp --disable-file --disable-ldap --disable-ldaps --disable-rtsp --disable-telnet --disable-tftp --disable-pop3 --disable-imap --disable-smb --disable-smtp --disable-gopher --disable-sspi --disable-ntlm-wb --disable-tls-srp --without-winssl --without-darwinssl --without-polarssl --without-cyassl --without-nss --without-axtls --without-ca-path --without-ca-bundle --without-libmetalink --without-librtmp --without-winidn --without-libidn --without-nghttp2 --without-libssh2 --disable-threaded-resolver
 		BUILD_COMMAND ${CMD_MAKE}
 		BUILD_IN_SOURCE 1
@@ -389,6 +395,32 @@ else()
                 INSTALL_COMMAND sh -c "cp -R ${PROJECT_BINARY_DIR}/lyaml-prefix/src/lyaml/lib/* ${PROJECT_SOURCE_DIR}/userspace/engine/lua")
 endif()
 
+option(USE_BUNDLED_TBB "Enable building of the bundled tbb" ${USE_BUNDLED_DEPS})
+if(NOT USE_BUNDLED_TBB)
+	find_path(TBB_INCLUDE tbb.h PATH_SUFFIXES tbb)
+	find_library(TBB_LIB NAMES tbb)
+	if(TBB_INCLUDE AND TBB_LIB)
+		message(STATUS "Found tbb: include: ${TBB_INCLUDE}, lib: ${TBB_LIB}")
+	else()
+		message(FATAL_ERROR "Couldn't find system tbb")
+	endif()
+else()
+	set(TBB_SRC "${PROJECT_BINARY_DIR}/tbb-prefix/src/tbb")
+
+	message(STATUS "Using bundled tbb in '${TBB_SRC}'")
+
+	set(TBB_INCLUDE "${TBB_SRC}/include/")
+	set(TBB_LIB "${TBB_SRC}/build/lib_release/libtbb.a")
+	ExternalProject_Add(tbb
+		URL "http://s3.amazonaws.com/download.draios.com/dependencies/tbb-2018_U5.tar.gz"
+		URL_MD5 "ff3ae09f8c23892fbc3008c39f78288f"
+		CONFIGURE_COMMAND ""
+		BUILD_COMMAND ${CMD_MAKE} tbb_build_dir=${TBB_SRC}/build tbb_build_prefix=lib extra_inc=big_iron.inc
+		BUILD_IN_SOURCE 1
+		BUILD_BYPRODUCTS ${TBB_LIB}
+		INSTALL_COMMAND "")
+endif()
+
 install(FILES falco.yaml
 	DESTINATION "${FALCO_ETC_DIR}")
 
diff --git a/README.md b/README.md
index f3ed790ce4d..9b127546b84 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 
 #### Latest release
 
-**v0.11.1**
+**v0.12.0**
 Read the [change log](https://github.com/draios/falco/blob/dev/CHANGELOG.md)
 
 Dev Branch: [![Build Status](https://travis-ci.org/draios/falco.svg?branch=dev)](https://travis-ci.org/draios/falco)<br />
diff --git a/userspace/engine/falco_engine.cpp b/userspace/engine/falco_engine.cpp
index 511407cb41e..f9c86c7809e 100644
--- a/userspace/engine/falco_engine.cpp
+++ b/userspace/engine/falco_engine.cpp
@@ -39,7 +39,7 @@ string lua_print_stats = "print_stats";
 
 using namespace std;
 
-falco_engine::falco_engine(bool seed_rng)
+falco_engine::falco_engine(bool seed_rng, const std::string& source_dir)
 	: m_rules(NULL), m_next_ruleset_id(0),
 	  m_min_priority(falco_common::PRIORITY_DEBUG),
 	  m_sampling_ratio(1), m_sampling_multiplier(0),
@@ -48,7 +48,7 @@ falco_engine::falco_engine(bool seed_rng)
 	luaopen_lpeg(m_ls);
 	luaopen_yaml(m_ls);
 
-	falco_common::init(m_lua_main_filename.c_str(), FALCO_ENGINE_SOURCE_LUA_DIR);
+	falco_common::init(m_lua_main_filename.c_str(), source_dir.c_str());
 	falco_rules::init(m_ls);
 
 	m_evttype_filter.reset(new sinsp_evttype_filter());
diff --git a/userspace/engine/falco_engine.h b/userspace/engine/falco_engine.h
index e19fb6e52a5..abf0ac846df 100644
--- a/userspace/engine/falco_engine.h
+++ b/userspace/engine/falco_engine.h
@@ -27,6 +27,7 @@ along with falco.  If not, see <http://www.gnu.org/licenses/>.
 
 #include "rules.h"
 
+#include "config_falco_engine.h"
 #include "falco_common.h"
 
 //
@@ -38,7 +39,7 @@ along with falco.  If not, see <http://www.gnu.org/licenses/>.
 class falco_engine : public falco_common
 {
 public:
-	falco_engine(bool seed_rng=true);
+	falco_engine(bool seed_rng=true, const std::string& rules_dir=FALCO_ENGINE_SOURCE_LUA_DIR);
 	virtual ~falco_engine();
 
 	//
diff --git a/userspace/falco/CMakeLists.txt b/userspace/falco/CMakeLists.txt
index 3ef7d86897e..736f60434cd 100644
--- a/userspace/falco/CMakeLists.txt
+++ b/userspace/falco/CMakeLists.txt
@@ -5,6 +5,7 @@ include_directories("${PROJECT_SOURCE_DIR}/../sysdig/userspace/libscap")
 include_directories("${PROJECT_SOURCE_DIR}/../sysdig/userspace/libsinsp")
 include_directories("${PROJECT_SOURCE_DIR}/userspace/engine")
 include_directories("${PROJECT_BINARY_DIR}/userspace/falco")
+include_directories("${PROJECT_BINARY_DIR}/userspace/engine")
 include_directories("${CURL_INCLUDE_DIR}")
 include_directories("${YAMLCPP_INCLUDE_DIR}")
 include_directories("${DRAIOS_DEPENDENCIES_DIR}/yaml-${DRAIOS_YAML_VERSION}/target/include")