diff --git a/CHANGELOG.md b/CHANGELOG.md
index 02dea3b..da8ab59 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [1.2.7] - 2022-10-06
 ### Security
+- Upgrade nokogiri to v1.3.9 to resolve GHSA-2qc6-mcvw-92cw
+  [cyberark/conjur-service-broker#296](https://github.com/cyberark/conjur-service-broker/pull/296)
 - Upgrade cucumber (2.99.0 -> 7.1.0) and aruba (1.1.2 -> 2.0.0)
   to resolve medium severity security issue on Snyk
   [cyberark/conjur-service-broker#294](https://github.com/cyberark/conjur-service-broker/pull/294)
diff --git a/Gemfile.lock b/Gemfile.lock
index 9ca709f..cfd3b19 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -117,7 +117,7 @@ GEM
     multi_test (0.1.2)
     netrc (0.11.0)
     nio4r (2.5.8)
-    nokogiri (1.13.6)
+    nokogiri (1.13.9)
       mini_portile2 (~> 2.8.0)
       racc (~> 1.4)
     pry (0.13.1)