diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4479c0a32..ec4b77030 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,8 @@
 - Fix a bug: unable to run scripts on systemts with legacy version of docker-compose
 - Fix a bug: unable to sign up if admin actived organization's additional fields with required
 - Fix a bug: undefined error in new member page
+- Fix a security issue: updated rack to 2.2.3.1 to fix [CVE-2022-30123](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123) and [CVE-2022-30122](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122)
+
 
 ## v5.4.1 2022 May 23
 
diff --git a/Gemfile.lock b/Gemfile.lock
index aef86fe98..6691a986b 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -300,7 +300,7 @@ GEM
       activesupport (>= 3.0.0)
     raabro (1.4.0)
     racc (1.6.0)
-    rack (2.2.3)
+    rack (2.2.3.1)
     rack-oauth2 (1.19.0)
       activesupport
       attr_required