diff --git a/CHANGELOG.md b/CHANGELOG.md
index dab0bc85..b8bdd976 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,7 +18,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 -
 
 ### Fixed
--
+- Django 2.1.5 (security fix, https://nvd.nist.gov/vuln/detail/CVE-2019-3498)
 
 ### Security
 -
diff --git a/cvat/requirements/base.txt b/cvat/requirements/base.txt
index 764503dc..b7accdfb 100644
--- a/cvat/requirements/base.txt
+++ b/cvat/requirements/base.txt
@@ -1,5 +1,5 @@
 click==6.7
-Django==2.1.3
+Django==2.1.5
 django-appconf==1.0.2
 django-auth-ldap==1.4.0
 django-cacheops==4.0.6