diff --git a/VERSION b/VERSION
index 884ab35c7124..81f363239f55 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-1.12.3-dev
+1.12.3
diff --git a/docs/root/intro/version_history.rst b/docs/root/intro/version_history.rst
index b476fa6db748..6c65a3cf4003 100644
--- a/docs/root/intro/version_history.rst
+++ b/docs/root/intro/version_history.rst
@@ -1,14 +1,13 @@
 Version history
 ---------------
 
-1.12.3 (Pending)
-================
-* rbac: added :ref:`url_path <envoy_api_field_config.rbac.v2.Permission.url_path>` for matching URL path without the query and fragment string.
-==========================
+1.12.3 (March 3, 2020)
+======================
 * buffer: force copy when appending small slices to OwnedImpl buffer to avoid fragmentation.
+* http: added HTTP/1.1 flood protection. Can be temporarily disabled using the runtime feature `envoy.reloadable_features.http1_flood_protection`.
 * listeners: fixed issue where :ref:`TLS inspector listener filter <config_listener_filters_tls_inspector>` could have been bypassed by a client using only TLS 1.3.
+* rbac: added :ref:`url_path <envoy_api_field_config.rbac.v2.Permission.url_path>` for matching URL path without the query and fragment string.
 * sds: fixed the SDS vulnerability that TLS validation context (e.g., subject alt name or hash) cannot be effectively validated in some cases.
-* http: added HTTP/1.1 flood protection. Can be temporarily disabled using the runtime feature `envoy.reloadable_features.http1_flood_protection`.
 
 1.12.2 (December 10, 2019)
 ==========================