diff --git a/CHANGES.md b/CHANGES.md
index 98ac54b..47a888c 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -3,6 +3,8 @@
 
 [full changelog](http://github.com/yolk/valvat/compare/v1.4.1...master)
 
+* Resolved [rexml security vulnerability](https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh) by [Riana Ferreira](https://github.com/bad-vegan)
+
 ### 1.4.1 / 2024-01-08
 
 [full changelog](http://github.com/yolk/valvat/compare/v1.4.0...v1.4.1)
diff --git a/valvat.gemspec b/valvat.gemspec
index e21bb5c..398e322 100644
--- a/valvat.gemspec
+++ b/valvat.gemspec
@@ -24,5 +24,5 @@ Gem::Specification.new do |s|
     'rubygems_mfa_required' => 'true'
   }
 
-  s.add_runtime_dependency('rexml', '>= 3.2', '< 4.0')
+  s.add_runtime_dependency('rexml', '>= 3.3.1', '< 4.0.0')
 end