diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5b0723c88..b92195a68 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,22 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).
 
+## [1.5.2](https://github.com/go-gitea/gitea/releases/tag/v1.5.2) - 2018-10-09
+* SECURITY
+  * Enforce token on api routes (#4840) (#4905)
+* BUGFIXES
+  * Remove links from topics in edit mode (#5030)
+  * Detect charset and convert non UTF-8 files for display (#4950) (#4994)
+  * Fix layout of the topics editing form (#4971) (#4993)
+  * Fix null pointer dereference in ParseCommitWithSignature (#4964)
+  * Fix url in discord webhook (#4951)
+  * Fix font-cropping UI bug in diff (#4726) (#4929)
+  * Fix bug forget to remove Stopwatch when remove repository (#4933)
+  * Fix bug when repo remained bare if multiple branches pushed (#4927)
+  * Fix redirect with non-ascii branch names (#4764) (#4887)
+  * Fix issues api allow pulls (#4852) (#4862)
+  * Fix trimming of markup section names (#4864)
+
 ## [1.5.1](https://github.com/go-gitea/gitea/releases/tag/v1.5.1) - 2018-09-03
 * SECURITY
   * Don't disclose emails of all users when sending out emails (#4784)
diff --git a/Gopkg.lock b/Gopkg.lock
index 1fea221b7..999e6d312 100644
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -339,29 +339,6 @@
   packages = ["."]
   revision = "5f1c01d9f64b941dd9582c638279d046eda6ca31"
 
-[[projects]]
-  name = "github.com/gorilla/context"
-  packages = ["."]
-  revision = "08b5f424b9271eedf6f9f0ce86cb9396ed337a42"
-  version = "v1.1.1"
-
-[[projects]]
-  name = "github.com/gorilla/mux"
-  packages = ["."]
-  revision = "757bef944d0f21880861c2dd9c871ca543023cba"
-
-[[projects]]
-  name = "github.com/gorilla/securecookie"
-  packages = ["."]
-  revision = "e59506cc896acb7f7bf732d4fdf5e25f7ccd8983"
-  version = "v1.1.1"
-
-[[projects]]
-  name = "github.com/gorilla/sessions"
-  packages = ["."]
-  revision = "ca9ada44574153444b00d3fd9c8559e4cc95f896"
-  version = "v1.1"
-
 [[projects]]
   name = "github.com/issue9/identicon"
   packages = ["."]
diff --git a/Gopkg.toml b/Gopkg.toml
index 97f736b5f..e6b8d62e0 100644
--- a/Gopkg.toml
+++ b/Gopkg.toml
@@ -40,14 +40,6 @@ ignored = ["google.golang.org/appengine*"]
   #version = "0.6.5"
   revision = "ad69f7d8f0861a29438154bb0a20b60501298480"
 
-[[override]]
-  name = "github.com/gorilla/mux"
-  revision = "757bef944d0f21880861c2dd9c871ca543023cba"
-
-[[constraint]]
-  name = "github.com/gorilla/context"
-  version = "1.1.1"
-
 [[constraint]]
   name = "github.com/lafriks/xormstore"
   version = "1.0.0"
diff --git a/cmd/web.go b/cmd/web.go
index bc3cee69e..c6333bc6d 100644
--- a/cmd/web.go
+++ b/cmd/web.go
@@ -20,7 +20,6 @@ import (
 	"code.gitea.io/gitea/routers/routes"
 
 	"github.com/Unknwon/com"
-	context2 "github.com/gorilla/context"
 	"github.com/urfave/cli"
 	ini "gopkg.in/ini.v1"
 )
@@ -64,7 +63,7 @@ func runHTTPRedirector() {
 		http.Redirect(w, r, target, http.StatusTemporaryRedirect)
 	})
 
-	var err = runHTTP(source, context2.ClearHandler(handler))
+	var err = runHTTP(source, handler)
 
 	if err != nil {
 		log.Fatal(4, "Failed to start port redirection: %v", err)
@@ -141,19 +140,19 @@ func runWeb(ctx *cli.Context) error {
 	var err error
 	switch setting.Protocol {
 	case setting.HTTP:
-		err = runHTTP(listenAddr, context2.ClearHandler(m))
+		err = runHTTP(listenAddr, m)
 	case setting.HTTPS:
 		if setting.RedirectOtherPort {
 			go runHTTPRedirector()
 		}
-		err = runHTTPS(listenAddr, setting.CertFile, setting.KeyFile, context2.ClearHandler(m))
+		err = runHTTPS(listenAddr, setting.CertFile, setting.KeyFile, m)
 	case setting.FCGI:
 		listener, err := net.Listen("tcp", listenAddr)
 		if err != nil {
 			log.Fatal(4, "Failed to bind %s", listenAddr, err)
 		}
 		defer listener.Close()
-		err = fcgi.Serve(listener, context2.ClearHandler(m))
+		err = fcgi.Serve(listener, m)
 	case setting.UnixSocket:
 		if err := os.Remove(listenAddr); err != nil && !os.IsNotExist(err) {
 			log.Fatal(4, "Failed to remove unix socket directory %s: %v", listenAddr, err)
@@ -169,7 +168,7 @@ func runWeb(ctx *cli.Context) error {
 		if err = os.Chmod(listenAddr, os.FileMode(setting.UnixSocketPermission)); err != nil {
 			log.Fatal(4, "Failed to set permission of unix socket: %v", err)
 		}
-		err = http.Serve(listener, context2.ClearHandler(m))
+		err = http.Serve(listener, m)
 	default:
 		log.Fatal(4, "Invalid protocol: %s", setting.Protocol)
 	}
diff --git a/models/mail.go b/models/mail.go
index 6b69e7b2a..eef70daad 100644
--- a/models/mail.go
+++ b/models/mail.go
@@ -73,7 +73,7 @@ func SendActivateAccountMail(c *macaron.Context, u *User) {
 
 // SendResetPasswordMail sends a password reset mail to the user
 func SendResetPasswordMail(c *macaron.Context, u *User) {
-	SendUserMail(c, u, mailAuthResetPassword, u.GenerateActivateCode(), c.Tr("mail.reset_password"), "reset password")
+	SendUserMail(c, u, mailAuthResetPassword, u.GenerateActivateCode(), c.Tr("mail.reset_password"), "recover account")
 }
 
 // SendActivateEmailMail sends confirmation email to confirm new email address
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 711c4d478..a74c66e76 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -200,19 +200,19 @@ forgot_password_title= Forgot Password
 forgot_password = Forgot password?
 sign_up_now = Need an account? Register now.
 confirmation_mail_sent_prompt = A new confirmation email has been sent to <b>%s</b>. Please check your inbox within the next %s to complete the registration process.
-reset_password_mail_sent_prompt = A confirmation email has been sent to <b>%s</b>. Please check your inbox within the next %s to complete the password reset process.
+reset_password_mail_sent_prompt = A confirmation email has been sent to <b>%s</b>. Please check your inbox within the next %s to complete the account recovery process.
 active_your_account = Activate Your Account
 prohibit_login = Sign In Prohibited
 prohibit_login_desc = Your account is prohibited to sign in, please contact your site administrator.
 resent_limit_prompt = You have already requested an activation email recently. Please wait 3 minutes and try again.
 has_unconfirmed_mail = Hi %s, you have an unconfirmed email address (<b>%s</b>). If you haven't received a confirmation email or need to resend a new one, please click on the button below.
-resend_mail = Click here to resend your activation email
+resend_mail = Resend Activation Email
 email_not_associate = The email address is not associated with any account.
-send_reset_mail = Click here to resend your password reset email
-reset_password = Reset Your Password
+send_reset_mail = Resend Account Recovery Email
+reset_password = Account Recovery
 invalid_code = Your confirmation code is invalid or has expired.
-reset_password_helper = Reset Password
-reset_password_wrong_user = You are signed in as %s, but the password reset link is for %s
+reset_password_helper = Recover Account
+reset_password_wrong_user = You are signed in as %s, but the account recovery link is for %s
 password_too_short = Password length cannot be less than %d characters.
 non_local_account = Non-local users can not update their password through the Gitea web interface.
 verify = Verify
@@ -235,12 +235,12 @@ openid_connect_desc = The chosen OpenID URI is unknown. Associate it with a new
 openid_register_title = Create new account
 openid_register_desc = The chosen OpenID URI is unknown. Associate it with a new account here.
 openid_signin_desc = Enter your OpenID URI. For example: https://anne.me, bob.openid.org.cn or gnusocial.net/carry.
-disable_forgot_password_mail = Password reset is disabled. Please contact your site administrator.
+disable_forgot_password_mail = Account recovery is disabled. Please contact your site administrator.
 
 [mail]
 activate_account = Please activate your account
 activate_email = Verify your email address
-reset_password = Reset your password
+reset_password = Recover your account
 register_success = Registration successful
 register_notify = Welcome to Gitea
 
@@ -1498,7 +1498,7 @@ config.mail_notify = Enable Email Notifications
 config.disable_key_size_check = Disable Minimum Key Size Check
 config.enable_captcha = Enable CAPTCHA
 config.active_code_lives = Active Code Lives
-config.reset_password_code_lives = Reset Password Code Expiry Time
+config.reset_password_code_lives = Recover Account Code Expiry Time
 config.default_keep_email_private = Hide Email Addresses by Default
 config.default_allow_create_organization = Allow Creation of Organizations by Default
 config.enable_timetracking = Enable Time Tracking
diff --git a/routers/routes/routes.go b/routers/routes/routes.go
index f5be1be19..547c9c6fd 100644
--- a/routers/routes/routes.go
+++ b/routers/routes/routes.go
@@ -184,10 +184,6 @@ func RegisterRoutes(m *macaron.Macaron) {
 	m.Get("/^:type(issues|pulls)$", reqSignIn, user.Issues)
 
 	// ***** START: User *****
-	m.Group("/user", func() {
-		m.Get("/reset_password", user.ResetPasswd)
-		m.Post("/reset_password", user.ResetPasswdPost)
-	})
 	m.Group("/user", func() {
 		m.Get("/login", user.SignIn)
 		m.Post("/login", bindIgnErr(auth.SignInForm{}), user.SignInPost)
@@ -295,6 +291,8 @@ func RegisterRoutes(m *macaron.Macaron) {
 		m.Any("/activate", user.Activate)
 		m.Any("/activate_email", user.ActivateEmail)
 		m.Get("/email2user", user.Email2User)
+		m.Get("/recover_account", user.ResetPasswd)
+		m.Post("/recover_account", user.ResetPasswdPost)
 		m.Get("/forgot_password", user.ForgotPasswd)
 		m.Post("/forgot_password", user.ForgotPasswdPost)
 		m.Get("/logout", user.SignOut)
diff --git a/routers/user/auth.go b/routers/user/auth.go
index aae814136..e6bc57e47 100644
--- a/routers/user/auth.go
+++ b/routers/user/auth.go
@@ -1144,7 +1144,7 @@ func ForgotPasswdPost(ctx *context.Context) {
 	ctx.HTML(200, tplForgotPassword)
 }
 
-// Keep consistent behavior between phases of password reset
+// Keep consistent behavior between phases of account recovery
 func commonResetPassword(ctx *context.Context) *models.User {
 	code := ctx.Query("code")
 
@@ -1178,7 +1178,7 @@ func commonResetPassword(ctx *context.Context) *models.User {
 	return u
 }
 
-// ResetPasswd render the reset password page
+// ResetPasswd render the account recovery page
 func ResetPasswd(ctx *context.Context) {
 	ctx.Data["IsResetForm"] = true
 
@@ -1187,7 +1187,7 @@ func ResetPasswd(ctx *context.Context) {
 	ctx.HTML(200, tplResetPassword)
 }
 
-// ResetPasswdPost response from reset password request
+// ResetPasswdPost response from account recovery request
 func ResetPasswdPost(ctx *context.Context) {
 	u := commonResetPassword(ctx)
 	if nil == u {
diff --git a/templates/mail/auth/reset_passwd.tmpl b/templates/mail/auth/reset_passwd.tmpl
index ea233d8f5..513a344fe 100644
--- a/templates/mail/auth/reset_passwd.tmpl
+++ b/templates/mail/auth/reset_passwd.tmpl
@@ -8,7 +8,7 @@
 <body>
 	<p>Hi <b>{{.Username}}</b>,</p>
 	<p>Please click the following link to reset your password within <b>{{.ResetPwdCodeLives}}</b>:</p>
-	<p><a href="{{AppUrl}}user/reset_password?code={{.Code}}">{{AppUrl}}user/reset_password?code={{.Code}}</a></p>
+	<p><a href="{{AppUrl}}user/recover_account?code={{.Code}}">{{AppUrl}}user/recover_account?code={{.Code}}</a></p>
 	<p>Not working? Try copying and pasting it to your browser.</p>
 	<p>© <a target="_blank" rel="noopener" href="{{AppUrl}}">{{AppName}}</a></p>
 </body>