diff --git a/CHANGELOG.md b/CHANGELOG.md
index e14fff4b1..3b9d1a6ed 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,19 +7,26 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 The changelog starts with version 1.19.0.
 Changes to prior versions can be found on the [Github release page](https://github.com/cryptomator/cryptomator/releases).
 
+## [1.19.2](https://github.com/cryptomator/cryptomator/releases/1.19.2) - 2026-03-20
+
+### Security
+* Cryptomamtor Hub Vaults: Additional patch for (#4179, [GHSA-34rf-rwr3-7g43](https://github.com/cryptomator/cryptomator/security/advisories/GHSA-34rf-rwr3-7g43))
+
 
 ## [1.19.1](https://github.com/cryptomator/cryptomator/releases/1.19.1) - 2026-03-12
 
-### Added
-* Cryptomator Hub: Trust on first use, adding new config properties `cryptomator.hub.allowedHosts` and `cryptomator.hub.enableTrustOnFirstUse` ([#4179](https://github.com/cryptomator/cryptomator/pull/4179))
-
-### Fixed
-* Fixed loading of masterkey file from arbitrary paths ([#4180](https://github.com/cryptomator/cryptomator/pull/4180))
-* **[Security]** Cryptomamtor Hub: Fixed possible man-in-the-middle attack with tampered vault config ([GHSA-34rf-rwr3-7g43](https://github.com/cryptomator/cryptomator/security/advisories/GHSA-34rf-rwr3-7g43))
-* Fixed Finder window opens twice when revealing vault on macOS ([#4177](https://github.com/cryptomator/cryptomator/pull/4177))
-* Fixed app does not start due to secret service detection failure on Linux ([#4175](https://github.com/cryptomator/cryptomator/pull/4175))
+### Security
+* Cryptomamtor Hub Vaults: Fixed possible man-in-the-middle attack with tampered vault config (#4179, [GHSA-34rf-rwr3-7g43](https://github.com/cryptomator/cryptomator/security/advisories/GHSA-34rf-rwr3-7g43))
+* Disallow unencrypted http connections to hub by default ([CVE-2026-32309](https://github.com/cryptomator/cryptomator/security/advisories/GHSA-vv33-h7qx-c264))
+* Disallow loading of masterkey file from arbitrary paths (#4180, [CVE-2026-32310](https://github.com/cryptomator/cryptomator/security/advisories/GHSA-5phc-5pfx-hr52))
 * Fixed not-configured plugin directory does not disable plugin search ([#4176](https://github.com/cryptomator/cryptomator/pull/4176))
 
+### Added
+* Trust on first use, adding new config properties `cryptomator.hub.allowedHosts` and `cryptomator.hub.enableTrustOnFirstUse` (#4179)
+
+### Fixed
+* Fixed Finder window opens twice when revealing vault on macOS ([#4177](https://github.com/cryptomator/cryptomator/pull/4177))
+* Fixed app does not start due to secret service detection failure on Linux ([#4175](https://github.com/cryptomator/cryptomator/pull/4175))
 
 ### Changed
 * Pin version of appimagetool([#4181](https://github.com/cryptomator/cryptomator/pull/4181))
diff --git a/dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml b/dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml
index 4fe637189..8a788e537 100644
--- a/dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml
+++ b/dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml
@@ -84,6 +84,9 @@
 	</content_rating>
 
 	<releases>
+		<release date="2026-03-20" version="1.19.2">
+			<url type="details">https://github.com/cryptomator/cryptomator/releases/1.19.2</url>
+		</release>
 		<release date="2026-03-12" version="1.19.1">
 			<url type="details">https://github.com/cryptomator/cryptomator/releases/1.19.1</url>
 		</release>
diff --git a/pom.xml b/pom.xml
index fdaf9b328..9a1d5fe00 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.cryptomator</groupId>
 	<artifactId>cryptomator</artifactId>
-	<version>1.19.1</version>
+	<version>1.19.2</version>
 	<name>Cryptomator Desktop App</name>
 
 	<organization>
diff --git a/src/main/java/org/cryptomator/ui/keyloading/hub/CheckHostTrustController.java b/src/main/java/org/cryptomator/ui/keyloading/hub/CheckHostTrustController.java
index 2201ed18d..18bdbfead 100644
--- a/src/main/java/org/cryptomator/ui/keyloading/hub/CheckHostTrustController.java
+++ b/src/main/java/org/cryptomator/ui/keyloading/hub/CheckHostTrustController.java
@@ -160,12 +160,11 @@ public class CheckHostTrustController implements FxController {
 	}
 
 	public static String getAuthority(URI uri) {
-		return switch (uri.getPort()) {
-			case -1 -> "%s://%s".formatted(uri.getScheme(), uri.getHost());
-			case 80 -> "http://%s".formatted(uri.getHost());
-			case 443 -> "https://%s".formatted(uri.getHost());
-			default -> "%s://%s:%s".formatted(uri.getScheme(), uri.getHost(), uri.getPort());
-		};
+		if (uri.getPort() == -1) {
+			return "%s://%s".formatted(uri.getScheme(), uri.getHost());
+		} else {
+			return "%s://%s:%s".formatted(uri.getScheme(), uri.getHost(), uri.getPort());
+		}
 	}
 
 	//--- JavaFX property getter & setter
diff --git a/src/test/java/org/cryptomator/ui/keyloading/hub/CheckHostTrustControllerTest.java b/src/test/java/org/cryptomator/ui/keyloading/hub/CheckHostTrustControllerTest.java
index d6d104b7d..d6feefdb6 100644
--- a/src/test/java/org/cryptomator/ui/keyloading/hub/CheckHostTrustControllerTest.java
+++ b/src/test/java/org/cryptomator/ui/keyloading/hub/CheckHostTrustControllerTest.java
@@ -34,8 +34,8 @@ class CheckHostTrustControllerTest {
 			"https://example.com/foo/bar, https://example.com",
 			"https://example.com:8080, https://example.com:8080",
 			"https://user@example.com:8080/foo/bar, https://example.com:8080",
-			"https://user@example.com:443/foo/bar, https://example.com",
-			"http://user@example.com:80/foo/bar?foo=bar, http://example.com",
+			"https://user@example.com:443/foo/bar, https://example.com:443",
+			"http://user@example.com:80/foo/bar?foo=bar, http://example.com:80",
 			"http://user@example.com:8080/foo/bar?foo=bar, http://example.com:8080"
 	})
 	void testGetAuthority(String input, String expected) {