diff --git a/Gemfile b/Gemfile
index be22d63..ea082c4 100644
--- a/Gemfile
+++ b/Gemfile
@@ -74,7 +74,7 @@ gem 'rubyzip', '~>1.3.0'
 # 1.9.24 is a fixed version (CVE-2018-1000201)
 gem 'ffi', '~>1.9.24'
 # 2.0.6 is a fixed version
-gem 'rack', '~>2.1.4'
+gem 'rack', '~>2.2.6'
 # 5.1.6.1 is fixed version (CVE-2018-16476)
 gem 'activejob', '>= 5.1.6.1'
 # 1.10.4 is fixed (CVE-2019-5477)
diff --git a/Gemfile.lock b/Gemfile.lock
index 93ddae0..cedc1f2 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -188,7 +188,7 @@ GEM
     puma (4.3.12)
       nio4r (~> 2.0)
     racc (1.7.1)
-    rack (2.1.4)
+    rack (2.2.6.4)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
     rails (5.1.6.2)
@@ -323,7 +323,7 @@ DEPENDENCIES
   prawn-rails (~> 0.1.1)
   prawn-table (~> 0.2.2)
   puma (~> 4.3)
-  rack (~> 2.1.4)
+  rack (~> 2.2.6)
   rails (= 5.1.6.2)
   rails-html-sanitizer (~> 1.4.4)
   rails-i18n (~> 5.0.4)