diff --git a/CHANGES b/CHANGES
index bac56db..d4dba59 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,22 @@ Flask-Security Changelog
 
 Here you can see the full list of changes between each Flask-Security release.
 
+
+Version 1.5.4
+-------------
+
+Released January 6th 2013
+
+- Fix bug in forms with `csrf_enabled` parameter not accounting attempts to login using JSON data
+
+
+Version 1.5.3
+-------------
+
+Released December 23rd 2012
+
+- Change dependency requirement
+
 Version 1.5.2
 -------------
 
diff --git a/docs/conf.py b/docs/conf.py
index ece196b..b132fc2 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -49,7 +49,7 @@ copyright = u'2012, Matt Wright'
 # built documents.
 #
 # The short X.Y version.
-version = '1.5.2'
+version = '1.5.4'
 # The full version, including alpha/beta/rc tags.
 release = version
 
diff --git a/flask_security/__init__.py b/flask_security/__init__.py
index d25cdac..f665380 100644
--- a/flask_security/__init__.py
+++ b/flask_security/__init__.py
@@ -10,7 +10,7 @@
     :license: MIT, see LICENSE for more details.
 """
 
-__version__ = '1.5.2'
+__version__ = '1.5.4'
 
 from .core import Security, RoleMixin, UserMixin, AnonymousUser, current_user
 from .datastore import SQLAlchemyUserDatastore, MongoEngineUserDatastore
diff --git a/flask_security/core.py b/flask_security/core.py
index 94d60c8..c29de69 100644
--- a/flask_security/core.py
+++ b/flask_security/core.py
@@ -89,7 +89,9 @@ _default_messages = {
     'INVALID_LOGIN_TOKEN': ('Invalid login token.', 'error'),
     'DISABLED_ACCOUNT': ('Account is disabled.', 'error'),
     'PASSWORDLESS_LOGIN_SUCCESSFUL': ('You have successfuly logged in.', 'success'),
-    'PASSWORD_RESET': ('You successfully reset your password and you have been logged in automatically.', 'success')
+    'PASSWORD_RESET': ('You successfully reset your password and you have been logged in automatically.', 'success'),
+    'LOGIN': ('Please log in to access this page.', 'info'),
+    'REFRESH': ('Please reauthenticate to access this page.', 'info')
 }
 
 
@@ -131,6 +133,10 @@ def _get_login_manager(app):
     lm.login_view = '%s.login' % cv('BLUEPRINT_NAME', app=app)
     lm.user_loader(_user_loader)
     lm.token_loader(_token_loader)
+    lm.login_message = cv('MSG_LOGIN', app=app)
+    lm.login_message_category = 'info'
+    lm.needs_refresh_message = cv('MSG_REFRESH', app=app)
+    lm.needs_refresh_message_category = 'info'
     lm.init_app(app)
     return lm
 
diff --git a/flask_security/forms.py b/flask_security/forms.py
index 373debc..dc99118 100644
--- a/flask_security/forms.py
+++ b/flask_security/forms.py
@@ -42,7 +42,11 @@ def valid_user_email(form, field):
 
 class Form(BaseForm):
     def __init__(self, *args, **kwargs):
-        kwargs.setdefault('csrf_enabled', not current_app.testing)
+        if current_app.testing:
+            csrf_enabled = False
+        else:
+            csrf_enabled = request.json is None
+        kwargs.setdefault('csrf_enabled', csrf_enabled)
         super(Form, self).__init__(*args, **kwargs)
 
 
diff --git a/setup.py b/setup.py
index 20dede4..cfead93 100644
--- a/setup.py
+++ b/setup.py
@@ -20,7 +20,7 @@ from setuptools import setup
 
 setup(
     name='Flask-Security',
-    version='1.5.2',
+    version='1.5.4',
     url='https://github.com/mattupstate/flask-security',
     license='MIT',
     author='Matt Wright',
@@ -35,12 +35,12 @@ setup(
     platforms='any',
     install_requires=[
         'Flask>=0.8',
-        'Flask-Login==0.1.3',
-        'Flask-Mail==0.7.3',
-        'Flask-Principal==0.3.3',
-        'Flask-WTF==0.8',
-        'itsdangerous==0.17',
-        'passlib==1.6.1',
+        'Flask-Login>=0.1.3',
+        'Flask-Mail>=0.7.3',
+        'Flask-Principal>=0.3.3',
+        'Flask-WTF>=0.8',
+        'itsdangerous>=0.17',
+        'passlib>=1.6.1',
     ],
     test_suite='nose.collector',
     tests_require=[