diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 0b565500..10e82656 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -1,3 +1,11 @@
+6.0.0
+=====
+Date: 2024-02-23
+
+- `#551`_ Resolves security issue that results in RCE. The fix breaks backwards compatibility for those that rely on the `__array__` attribute used by `numpy`. This RCE is only exploitable when the server-side gets the attribute `__array__` and calls it (e.g., `np.array(x)`). This issues effects all versions since major release 4.
+
+.. _#551: https://github.com/tomerfiliba-org/rpyc/issues/551
+
 5.3.1
 =====
 Date: 2023-02-21
diff --git a/rpyc/core/netref.py b/rpyc/core/netref.py
index a5e9a2eb..eed559d5 100644
--- a/rpyc/core/netref.py
+++ b/rpyc/core/netref.py
@@ -251,6 +251,9 @@ def method(self, start, stop, *args):
         def __array__(self):
             # Note that protocol=-1 will only work between python
             # interpreters of the same version.
+            if not object.__getattribute__(self,'____conn__')._config["allow_pickle"]:
+                # Security check that server side allows pickling per #551
+                raise ValueError("pickling is disabled")
             return pickle.loads(syncreq(self, consts.HANDLE_PICKLE, -1))
         __array__.__doc__ = doc
         return __array__
diff --git a/rpyc/version.py b/rpyc/version.py
index b8b27deb..d8049802 100644
--- a/rpyc/version.py
+++ b/rpyc/version.py
@@ -1,3 +1,3 @@
-__version__ = '5.3.1'
+__version__ = '6.0.0'
 version = tuple(__version__.split('.'))
-release_date = "2023-02-21"
+release_date = "2024-02-23"