diff --git a/README.md b/README.md
index c2e8f3cbdb..a8cbab9a0b 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,5 @@
-**cpprestsdk is in maintenance mode and we do not recommend its use in new projects. We will continue to fix critical bugs and address security issues.**
+**The C++ REST SDK is in maintenance-only mode and we do not recommend its use in new projects.
+We will continue to fix critical security issues only.**
 
 ## Welcome!
 
diff --git a/Release/CMakeLists.txt b/Release/CMakeLists.txt
index b8f3809dbc..14e43cedcd 100644
--- a/Release/CMakeLists.txt
+++ b/Release/CMakeLists.txt
@@ -11,7 +11,7 @@ endif()
 
 set(CPPREST_VERSION_MAJOR 2)
 set(CPPREST_VERSION_MINOR 10)
-set(CPPREST_VERSION_REVISION 18)
+set(CPPREST_VERSION_REVISION 19)
 
 enable_testing()
 
diff --git a/Release/include/cpprest/base_uri.h b/Release/include/cpprest/base_uri.h
index 7c6943119c..7e96b6c016 100644
--- a/Release/include/cpprest/base_uri.h
+++ b/Release/include/cpprest/base_uri.h
@@ -296,13 +296,14 @@ class uri
     /// A loopback URI is one which refers to a hostname or ip address with meaning only on the local machine.
     /// </summary>
     /// <remarks>
-    /// Examples include "localhost", or ip addresses in the loopback range (127.0.0.0/24).
+    /// Examples include "localhost", or "127.0.0.1". The only URIs for which this method returns true are "127.0.0.1", and "localhost",
+    /// all other URIs return false
     /// </remarks>
     /// <returns><c>true</c> if this URI references the local host, <c>false</c> otherwise.</returns>
     bool is_host_loopback() const
     {
         return !is_empty() &&
-               ((host() == _XPLATSTR("localhost")) || (host().size() > 4 && host().substr(0, 4) == _XPLATSTR("127.")));
+               ((host() == _XPLATSTR("localhost")) || (host() == _XPLATSTR("127.0.0.1")));
     }
 
     /// <summary>
diff --git a/Release/include/cpprest/version.h b/Release/include/cpprest/version.h
index d8771581ad..3f86f141fb 100644
--- a/Release/include/cpprest/version.h
+++ b/Release/include/cpprest/version.h
@@ -5,6 +5,6 @@
  */
 #define CPPREST_VERSION_MINOR 10
 #define CPPREST_VERSION_MAJOR 2
-#define CPPREST_VERSION_REVISION 18
+#define CPPREST_VERSION_REVISION 19
 
 #define CPPREST_VERSION (CPPREST_VERSION_MAJOR * 100000 + CPPREST_VERSION_MINOR * 100 + CPPREST_VERSION_REVISION)
diff --git a/Release/tests/common/UnitTestpp/src/TestRunner.cpp b/Release/tests/common/UnitTestpp/src/TestRunner.cpp
index 807a0e3b10..69551f3e2e 100644
--- a/Release/tests/common/UnitTestpp/src/TestRunner.cpp
+++ b/Release/tests/common/UnitTestpp/src/TestRunner.cpp
@@ -39,6 +39,7 @@
 #include <agents.h>
 #include <functional>
 #else
+#include <chrono>
 #include <future>
 #endif
 
diff --git a/Release/tests/functional/uri/constructor_tests.cpp b/Release/tests/functional/uri/constructor_tests.cpp
index ea6041c26a..ffcf5ada27 100644
--- a/Release/tests/functional/uri/constructor_tests.cpp
+++ b/Release/tests/functional/uri/constructor_tests.cpp
@@ -24,6 +24,11 @@ namespace uri_tests
 {
 SUITE(constructor_tests)
 {
+    TEST(not_really_a_loopback_uri)
+    {
+        uri u(uri::encode_uri(U("https://127.evil.com")));
+        VERIFY_IS_FALSE(u.is_host_loopback());
+    }
     TEST(parsing_constructor_char)
     {
         uri u(uri::encode_uri(U("net.tcp://steve:@testname.com:81/bleh%?qstring#goo")));
diff --git a/Release/tests/functional/uri/diagnostic_tests.cpp b/Release/tests/functional/uri/diagnostic_tests.cpp
index d8fb45d91c..3271898f60 100644
--- a/Release/tests/functional/uri/diagnostic_tests.cpp
+++ b/Release/tests/functional/uri/diagnostic_tests.cpp
@@ -82,7 +82,7 @@ SUITE(diagnostic_tests)
         VERIFY_IS_FALSE(uri(U("http://bleh/?qstring")).is_host_loopback());
         VERIFY_IS_FALSE(uri(U("http://+*/?qstring")).is_host_loopback());
         VERIFY_IS_TRUE(uri(U("http://127.0.0.1/")).is_host_loopback());
-        VERIFY_IS_TRUE(uri(U("http://127.155.0.1/")).is_host_loopback());
+        VERIFY_IS_FALSE(uri(U("http://127.155.0.1/")).is_host_loopback());
         VERIFY_IS_FALSE(uri(U("http://128.0.0.1/")).is_host_loopback());
     }
 
diff --git a/changelog.md b/changelog.md
index c547665912..7a9b6dfe04 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,3 +1,12 @@
+cpprestsdk (2.10.19)
+* PR#1982 make Uri.is_host_loopback() only return true for localhost and 127.0.0.1 exactly. 
+  The old behavior could potentially return "true" for URLs that were not, in fact, local,
+  and this could cause security issues if is_host_loopback was used in certain ways.
+* PR#1711 Fix likely typo in SafeInt3.hpp, that results in error with clang 15
+* PR#1496 Support for oauth2 with "client_credentials" grant type.
+* PR#1429 Add constructor from all integer types for json value.
+* PR#1577 export http_exception for non Windows builds using visibility macros.
+
 cpprestsdk (2.10.18)
 * PR#1571 Add ability to parse and emit the NT Epoch 1601-01-01T00:00:00Z
 * PR#1571 Update vcpkg submodule