diff --git a/CHANGELOG.md b/CHANGELOG.md
index 35cb608..b0d51d0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,7 +1,18 @@
-## [*Unreleased*](https://github.com/thoughtbot/yesod-auth-oauth2/compare/v0.6.1.7...master)
+## [*Unreleased*](https://github.com/thoughtbot/yesod-auth-oauth2/compare/v0.6.2.0...master)
 
 None
 
+## [v0.6.2.0](https://github.com/thoughtbot/yesod-auth-oauth2/compare/v0.6.1.7...v0.6.2.0)
+
+- Filter `+` from `state` tokens
+
+  This decreases entropy in the token slightly, but ensures that providers
+  performing unexpected +/space/%20 encoding (e.g. ClassLink) still function.
+
+  See [#140](https://github.com/thoughtbot/yesod-auth-oauth2/pull/140).
+
+- Add ClassLink provider
+
 ## [v0.6.1.7](https://github.com/thoughtbot/yesod-auth-oauth2/compare/v0.6.1.6...v0.6.1.7)
 
 - Relax upper bounds on `hoauth2` and `http-client`
diff --git a/package.yaml b/package.yaml
index 8df438a..a834b40 100644
--- a/package.yaml
+++ b/package.yaml
@@ -1,6 +1,6 @@
 ---
 name: yesod-auth-oauth2
-version: '0.6.1.7'  # N.B. PVP-compliant Semver: 0.MAJOR.MINOR.PATCH
+version: '0.6.2.0'  # N.B. PVP-compliant Semver: 0.MAJOR.MINOR.PATCH
 synopsis: OAuth 2.0 authentication plugins
 description: Library to authenticate with OAuth 2.0 for Yesod web applications.
 category: Web
@@ -24,7 +24,7 @@ library:
   dependencies:
     - aeson >=0.6 && <1.6
     - bytestring >=0.9.1.4
-    - cryptonite
+    - cryptonite >=0.26 && <0.28
     - errors
     - hoauth2 >=1.11.0 && <1.17
     - http-client >=0.4.0 && <0.8