diff --git a/CHANGELOG.md b/CHANGELOG.md
index ab6cffbe..f11a7f94 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [2.19.0] - 2024-06-05
+### Dependencies
+- Bumped `certifi` from 2022.12.7 to 2023.7.22 to resolve [SNYK-PYTHON-CERTIFI-5805047 CVE](https://security.snyk.io/vuln/SNYK-PYTHON-CERTIFI-5805047)
+- Bumped `Flask` from 2.1.1 to 2.2.5 to resolve [SNYK-PYTHON-FLASK-5490129 CVE](https://snyk.io/vuln/SNYK-PYTHON-FLASK-5490129)
+
 ## [2.18.2] - 2024-05-31
 ### Fixed
 - Instantiate S3 client in a thread-safe manner.
diff --git a/Dockerfile b/Dockerfile
index 3c01c8fb..345689c8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -49,6 +49,12 @@ COPY --from=codegen /app/lib/ /app/lib
 # additional required libraries necessary for developer authored controller/database
 # code.
 RUN mv lib/requirements.txt lib/bos/server/requirements.txt
+# The openapi-generator creates a requirements file that specifies exactly Flask==2.1.1
+# However, using Flask 2.2.5 is also compatible, and resolves a CVE.
+# Accordingly, we relax their requirements file.
+RUN cat lib/bos/server/requirements.txt && \
+    sed -i 's/Flask == 2\(.*\)$/Flask >= 2\1\nFlask < 3/' lib/bos/server/requirements.txt && \
+    cat lib/bos/server/requirements.txt
 # Then copy all src into the base image
 COPY src/bos/ /app/lib/bos/
 COPY constraints.txt requirements.txt /app/
diff --git a/constraints.txt.in b/constraints.txt.in
index 1b2a58d2..691bda26 100644
--- a/constraints.txt.in
+++ b/constraints.txt.in
@@ -4,13 +4,13 @@ bos.server==0.0.1
 boto3==1.26.165
 botocore==1.29.165
 cachetools==5.3.3
-certifi==2022.12.7
+certifi==2023.7.22
 charset-normalizer==3.1.0
 click==8.1.7
 clickclick==20.10.2
 connexion==2.14.2
 etcd3==0.12.0
-Flask==2.1.1
+Flask==2.2.5
 google-auth==2.16.3
 grpcio==1.51.3
 idna==3.4