diff --git a/.gitignore b/.gitignore
index 849fe2f..6907d80 100644
--- a/.gitignore
+++ b/.gitignore
@@ -66,3 +66,5 @@ openvpn-2.1.2.tar.gz.asc
 /openvpn-2.5.0.tar.xz.asc
 /openvpn-2.5.1.tar.xz
 /openvpn-2.5.1.tar.xz.asc
+/openvpn-2.5.2.tar.xz
+/openvpn-2.5.2.tar.xz.asc
diff --git a/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch b/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch
index 7e11fe8..aca649e 100644
--- a/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch
+++ b/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch
@@ -23,7 +23,7 @@ index 9a8a2c7..0ecda08 100644
  PrivateTmp=true
  WorkingDirectory=/etc/openvpn/server
 -ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
-+ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config %i.conf
++ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config %i.conf
  CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
  LimitNPROC=10
  DeviceAllow=/dev/null rw
diff --git a/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg b/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg
index d5abc3e..8272cee 100644
Binary files a/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg and b/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg differ
diff --git a/openvpn.spec b/openvpn.spec
index 2c22855..8432d48 100644
--- a/openvpn.spec
+++ b/openvpn.spec
@@ -5,8 +5,8 @@
 %bcond_without tests_long
 
 Name:              openvpn
-Version:           2.5.1
-Release:           2%{?dist}
+Version:           2.5.2
+Release:           1%{?dist}
 Summary:           A full-featured TLS VPN solution
 URL:               https://community.openvpn.net/
 Source0:           https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz
@@ -193,6 +193,11 @@ getent passwd openvpn &>/dev/null || \
 
 
 %changelog
+* Wed Apr 21 2021 David Sommerseth <davids@openvpn.net> - 2.5.2-1
+- Update to upstream OpenVPN 2.5.2
+- Fixes CVE-2020-15078
+- Replaces --ncp-ciphers with --data-ciphers in the server systemd service unit
+
 * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.5.1-2
 - Rebuilt for updated systemd-rpm-macros
   See https://pagure.io/fesco/issue/2583.
diff --git a/sources b/sources
index c3c4ce1..5a4d97e 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (openvpn-2.5.1.tar.xz) = 7c0adad384f908bd7dbd839a2b90cbe3a4222cac92ef484df89709ca5dd6cb22b3caf19b696c2bb74d7eda148904a8b25f1fe4640c91f0e68d6e65bcf922e0f4
-SHA512 (openvpn-2.5.1.tar.xz.asc) = 44075753973aaec67a2f01f8efa3a7998bfbac77fd333267ed918a56ef884d8264004296bfb3b3ffee3e724a1614dffccdc93a4abe5fe128d8ee668c03df73ed
+SHA512 (openvpn-2.5.2.tar.xz) = ae2cac00ae4b9e06e7e70b268ed47d36bbb45409650175e507d5bfa12b0a4f24bccc64f2494d1563f9269c8076d0f753a492f01ea33ce376ba00b7cdcb5c7bd0
+SHA512 (openvpn-2.5.2.tar.xz.asc) = 49a5f1828d8621e8d71665435efbc5fb55baee9db44c4d8768159667fdddf2ce30c964a11aa6fb28fee37adc34ff5ca8c9eb4c0669b4d847a9ffd0f8aab871b4