diff --git a/gradle.properties b/gradle.properties
index aeeae20d263..e03290e1376 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -1 +1 @@
-version=3.2.0
+version=3.2.1
diff --git a/server/src/main/resources/templates/web/access_confirmation.html b/server/src/main/resources/templates/web/access_confirmation.html
index c22886da21c..faf2b82c80c 100644
--- a/server/src/main/resources/templates/web/access_confirmation.html
+++ b/server/src/main/resources/templates/web/access_confirmation.html
@@ -28,7 +28,7 @@ <h2 th:text="${client_display_name}">Cloudbees</h2>
                     <th:block th:with="index=${iter.index},code=${scope.get('code')}">
                         <li class="undecided">
                             <input type="checkbox" checked="checked" name="scope.0" id="scope.0" th:name="|scope.${index}|" th:value="${code}" th:id="|scope.${index}|"/>
-                            <label for="scope.0" th:for="|scope.${index}|" th:utext="${scope.get('text')}">Something new.</label>
+                            <label for="scope.0" th:for="|scope.${index}|" th:text="${scope.get('text')}">Something new.</label>
                         </li>
                     </th:block>
                 </th:block>
@@ -36,7 +36,7 @@ <h2 th:text="${client_display_name}">Cloudbees</h2>
                     <th:block th:with="index=${iter.index + undecided_scopes.size()},code=${scope.get('code')}">
                         <li>
                             <input type="checkbox" checked="checked" name="scope.1" id="scope.1" th:name="|scope.${index}|" th:value="${code}" th:id="|scope.${index}|"/>
-                            <label for="scope.1" th:for="|scope.${index}|" th:utext="${scope.get('text')}">Something already approved.</label>
+                            <label for="scope.1" th:for="|scope.${index}|" th:text="${scope.get('text')}">Something already approved.</label>
                         </li>
                     </th:block>
                 </th:block>
@@ -44,7 +44,7 @@ <h2 th:text="${client_display_name}">Cloudbees</h2>
                     <th:block th:with="index=${iter.index + undecided_scopes.size() + approved_scopes.size()},code=${scope.get('code')}">
                         <li>
                             <input type="checkbox" name="scope.2" id="scope.2" th:name="|scope.${index}|" th:value="${code}" th:id="|scope.${index}|"/>
-                            <label for="scope.2" th:for="|scope.${index}|" th:utext="${scope.get('text')}">Something previously denied.</label>
+                            <label for="scope.2" th:for="|scope.${index}|" th:text="${scope.get('text')}">Something previously denied.</label>
                         </li>
                     </th:block>
                 </th:block>
diff --git a/server/src/main/resources/templates/web/approvals.html b/server/src/main/resources/templates/web/approvals.html
index 3c54eceb715..b90a8874de2 100644
--- a/server/src/main/resources/templates/web/approvals.html
+++ b/server/src/main/resources/templates/web/approvals.html
@@ -66,7 +66,7 @@ <h3 th:text="${clientnames[client.key]}">
                                            th:checked="${approval.status.toString() == 'APPROVED'}" />
                                     <label for="scope.0"
                                            th:for="|scope.${iter.index}|"
-                                           th:utext="${#messages.msgOrNull(code) ?: approval.description}">Something new.</label>
+                                           th:text="${#messages.msgOrNull(code) ?: approval.description}">Something new.</label>
                                 </li>
                             </th:block>
                         </ul>
diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/AppApprovalIT.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/AppApprovalIT.java
index 0e9c969960d..760406dab5e 100644
--- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/AppApprovalIT.java
+++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/AppApprovalIT.java
@@ -165,6 +165,38 @@ public void testApprovingAnApp() throws Exception {
         Assert.assertThat(webDriver.findElements(By.xpath("//input[@value='app-password.write']")), Matchers.empty());
     }
 
+    @Test
+    public void testScopeDescriptions() throws Exception {
+        ResponseEntity<SearchResults<ScimGroup>> getGroups = restTemplate.exchange(baseUrl + "/Groups?filter=displayName eq '{displayName}'",
+            HttpMethod.GET,
+            null,
+            new ParameterizedTypeReference<SearchResults<ScimGroup>>() {
+            },
+            "cloud_controller.read");
+        ScimGroup group = getGroups.getBody().getResources().stream().findFirst().get();
+
+        group.setDescription("Read about <b>your</b> clouds.");
+        HttpHeaders headers = new HttpHeaders();
+        headers.add("If-Match", Integer.toString(group.getVersion()));
+        HttpEntity request = new HttpEntity(group, headers);
+        restTemplate.exchange(baseUrl + "/Groups/{group-id}", HttpMethod.PUT, request, Object.class, group.getId());
+
+        ScimUser user = createUnapprovedUser();
+
+        // Visit app
+        webDriver.get(appUrl);
+
+        // Sign in to login server
+        webDriver.findElement(By.name("username")).sendKeys(user.getUserName());
+        webDriver.findElement(By.name("password")).sendKeys(user.getPassword());
+        webDriver.findElement(By.xpath("//input[@value='Sign in']")).click();
+
+        // Authorize the app for some scopes
+        Assert.assertEquals("Application Authorization", webDriver.findElement(By.cssSelector("h1")).getText());
+
+        webDriver.findElement(By.xpath("//label[text()='Read about <b>your</b> clouds.']/preceding-sibling::input"));
+    }
+
     @Test
     public void testInvalidAppRedirectDisplaysError() throws Exception {
         ScimUser user = createUnapprovedUser();