diff --git a/Gemfile b/Gemfile
index 8e6de12b728..8c7a4947c00 100644
--- a/Gemfile
+++ b/Gemfile
@@ -121,7 +121,7 @@ gem 'rack-protection', '~> 2.1.0'
 # It allows whitelisting, blacklisting, throttling, and tracking based
 # on arbitrary properties of the request.
 # https://github.com/kickstarter/rack-attack
-gem 'rack-attack', '~> 6.5.0'
+gem 'rack-attack', '~> 6.6.0'
 
 # CSP headers
 gem 'secure_headers', '~> 6.3.0'
diff --git a/Gemfile.lock b/Gemfile.lock
index 38dc55f5123..d2e268403c5 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -712,7 +712,7 @@ GEM
     rack (2.2.3)
     rack-accept (0.4.5)
       rack (>= 0.4)
-    rack-attack (6.5.0)
+    rack-attack (6.6.0)
       rack (>= 1.0, < 3)
     rack-cors (1.1.1)
       rack (>= 2.0.0)
@@ -1080,7 +1080,7 @@ DEPENDENCIES
   puffing-billy (~> 2.4.0)
   puma (~> 5.5)
   puma-plugin-statsd (~> 2.0)
-  rack-attack (~> 6.5.0)
+  rack-attack (~> 6.6.0)
   rack-cors (~> 1.1.1)
   rack-mini-profiler
   rack-protection (~> 2.1.0)