diff --git a/hapi-fhir-docs/src/main/resources/ca/uhn/hapi/fhir/changelog/5_4_0/2454-address-cve-2020-27223.yaml b/hapi-fhir-docs/src/main/resources/ca/uhn/hapi/fhir/changelog/5_4_0/2454-address-cve-2020-27223.yaml
new file mode 100644
index 00000000000..a67999c435f
--- /dev/null
+++ b/hapi-fhir-docs/src/main/resources/ca/uhn/hapi/fhir/changelog/5_4_0/2454-address-cve-2020-27223.yaml
@@ -0,0 +1,9 @@
+---
+type: security
+issue: 2454
+title: "Addressed the following CVE report by bumping the minor version for Jetty in the root POM:
+   <ul>
+      <li>
+         [CVE-2020-27223](https://nvd.nist.gov/vuln/detail/CVE-2020-27223)
+      </li>
+   </ul>"
diff --git a/pom.xml b/pom.xml
index e65670c96e1..8672a79a738 100644
--- a/pom.xml
+++ b/pom.xml
@@ -782,7 +782,7 @@
 		<jena_version>3.16.0</jena_version>
 		<jersey_version>3.0.0</jersey_version>
 		<!-- 9.4.17 seems to have issues -->
-		<jetty_version>9.4.35.v20201120</jetty_version>
+		<jetty_version>9.4.38.v20210224</jetty_version>
 		<jsr305_version>3.0.2</jsr305_version>
 		<junit_version>5.7.0</junit_version>
 		<flyway_version>6.5.4</flyway_version>