diff --git a/Changelog.md b/Changelog.md
index e6a2d713e..69d13f635 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -1,6 +1,7 @@
 # 0.5.5.1
 
 * Fix XSS on profile pages
+* Bump nokogiri to fix several libxml2 CVEs, see http://www.ubuntu.com/usn/usn-2834-1/
 
 # 0.5.5.0
 
diff --git a/Gemfile b/Gemfile
index 263e8c4a4..d7f3e031a 100644
--- a/Gemfile
+++ b/Gemfile
@@ -126,7 +126,7 @@ gem "messagebus_ruby_api", "1.0.3"
 
 # Parsing
 
-gem "nokogiri",          "1.6.6.4"
+gem "nokogiri",          "1.6.7.1"
 gem "redcarpet",         "3.3.3"
 gem "twitter-text",      "1.13.0"
 gem "roxml",             "3.1.6"
diff --git a/Gemfile.lock b/Gemfile.lock
index a65ca2f33..30fcf3819 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -433,7 +433,7 @@ GEM
     method_source (0.8.2)
     mime-types (2.6.2)
     mini_magick (4.3.6)
-    mini_portile (0.6.2)
+    mini_portile2 (2.0.0)
     minitest (5.8.2)
     mobile-fu (1.3.1)
       rack-mobile-detect
@@ -450,8 +450,8 @@ GEM
       net-ssh (>= 2.6.5)
     net-ssh (3.0.1)
     nio4r (1.1.1)
-    nokogiri (1.6.6.4)
-      mini_portile (~> 0.6.0)
+    nokogiri (1.6.7.1)
+      mini_portile2 (~> 2.0.0.rc2)
     notiffany (0.0.8)
       nenv (~> 0.1)
       shellany (~> 0.0)
@@ -813,7 +813,7 @@ DEPENDENCIES
   minitest
   mobile-fu (= 1.3.1)
   mysql2 (= 0.3.20)
-  nokogiri (= 1.6.6.4)
+  nokogiri (= 1.6.7.1)
   omniauth (= 1.2.2)
   omniauth-facebook (= 2.0.1)
   omniauth-tumblr (= 1.1)