diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 000000000..a57f120d5
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,10 @@
+# spring-petclinic Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+### Fixed
+- Upgrade spring boot to version 2.5.12 as a precaution to fix the [RCE CVE-2022-22965]( https://nvd.nist.gov/vuln/detail/CVE-2022-22965). The spring petclinic was generally not affected by this CVE as it runs with an embedded tomcat instead of a standalone version.
diff --git a/pom.xml b/pom.xml
index ce02939bd..fd7b5b245 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,12 +5,12 @@
   <modelVersion>4.0.0</modelVersion>
   <groupId>org.springframework.samples</groupId>
   <artifactId>spring-petclinic</artifactId>
-  <version>2.3.0.BUILD-SNAPSHOT</version>
+  <version>2.4.0.BUILD-SNAPSHOT</version>
 
   <parent>
     <groupId>org.springframework.boot</groupId>
     <artifactId>spring-boot-starter-parent</artifactId>
-    <version>2.3.3.RELEASE</version>
+    <version>2.5.12</version>
   </parent>
   <name>petclinic</name>