diff --git a/.changeset/security-audit-verification.md b/.changeset/security-audit-verification.md
deleted file mode 100644
index fd4606e..0000000
--- a/.changeset/security-audit-verification.md
+++ /dev/null
@@ -1,31 +0,0 @@
----
-"mcp-taskflow": patch
----
-
-Security: Fix high-severity vulnerabilities via pnpm overrides
-
-Added pnpm overrides to fix security vulnerabilities:
-
-1. **tar <= 7.5.6** (6 high severity issues):
-   - Arbitrary File Overwrite and Symlink Poisoning
-   - Race Condition via Unicode Ligature Collisions
-   - Arbitrary File Creation/Overwrite via Hardlink Path Traversal
-   - Enforced tar >= 7.5.7 via pnpm override
-
-2. **@modelcontextprotocol/sdk** (2 high severity CVEs):
-   - CVE-2026-0621: Regular Expression Denial of Service (ReDoS) vulnerability (CVSS 8.7)
-   - CVE-2026-25536: Cross-Client Data Leak via shared server/transport instance (CVSS 7.1)
-   - Enforced @modelcontextprotocol/sdk >= 1.26.0 via pnpm override
-
-3. **axios <= 1.13.4** (1 high severity):
-   - GHSA-43fc-jf86-j433: Denial of Service via __proto__ Key in mergeConfig
-   - Enforced axios >= 1.13.5 via pnpm override
-
-Changes:
-- Added `tar: "^7.5.7"` to pnpm.overrides in package.json
-- Added `@modelcontextprotocol/sdk: ">=1.26.0"` to pnpm.overrides in package.json
-- Added `axios: ">=1.13.5"` to pnpm.overrides in package.json
-- Updated pnpm-lock.yaml with security fixes
-- Added package-lock.json to .gitignore (pnpm-only repository)
-
-All 593 tests pass.
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 24bb8df..487246b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,40 @@
 # Changelog
 
+## 0.1.4
+
+### Patch Changes
+
+### [0.1.4](https://www.npmjs.com/package/taskflow-mcp/v/0.1.4) - 2026-02-09
+
+Security: Fix high-severity vulnerabilities via pnpm overrides
+
+Added pnpm overrides to fix security vulnerabilities:
+
+1. **tar <= 7.5.6** (6 high severity issues):
+   - Arbitrary File Overwrite and Symlink Poisoning
+   - Race Condition via Unicode Ligature Collisions
+   - Arbitrary File Creation/Overwrite via Hardlink Path Traversal
+   - Enforced tar >= 7.5.7 via pnpm override
+
+2. **@modelcontextprotocol/sdk** (2 high severity CVEs):
+   - CVE-2026-0621: Regular Expression Denial of Service (ReDoS) vulnerability (CVSS 8.7)
+   - CVE-2026-25536: Cross-Client Data Leak via shared server/transport instance (CVSS 7.1)
+   - Enforced @modelcontextprotocol/sdk >= 1.26.0 via pnpm override
+
+3. **axios <= 1.13.4** (1 high severity):
+   - GHSA-43fc-jf86-j433: Denial of Service via **proto** Key in mergeConfig
+   - Enforced axios >= 1.13.5 via pnpm override
+
+Changes:
+
+- Added `tar: "^7.5.7"` to pnpm.overrides in package.json
+- Added `@modelcontextprotocol/sdk: ">=1.26.0"` to pnpm.overrides in package.json
+- Added `axios: ">=1.13.5"` to pnpm.overrides in package.json
+- Updated pnpm-lock.yaml with security fixes
+- Added package-lock.json to .gitignore (pnpm-only repository)
+
+All 593 tests pass.
+
 ## 0.1.3
 
 ### Patch Changes
diff --git a/package.json b/package.json
index 3f24e36..c6da854 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "mcp-taskflow",
-  "version": "0.1.3",
+  "version": "0.1.4",
   "description": "MCP server for workflow orchestration, planning, and structured development",
   "type": "module",
   "engines": {