diff --git a/CHANGELOG.md b/CHANGELOG.md
index 691988ee..1e16afdc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,10 @@
+## [4.10.15](https://github.com/parse-community/parse-server/compare/4.10.14...4.10.15) (2022-09-20)
+
+
+### Bug Fixes
+
+* session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](https://github.com/parse-community/parse-server/security/advisories/GHSA-6w4q-23cf-j9jp)) ([#8183](https://github.com/parse-community/parse-server/issues/8183)) ([7ca9ed0](https://github.com/parse-community/parse-server/commit/7ca9ed01424478d299e5576ee4208bd9fea78760))
+
 ## [4.10.14](https://github.com/parse-community/parse-server/compare/4.10.13...4.10.14) (2022-09-02)
 
 
diff --git a/package-lock.json b/package-lock.json
index 3c0bc7aa..25789a00 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "parse-server",
-  "version": "4.10.14",
+  "version": "4.10.15",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
diff --git a/package.json b/package.json
index f4a003b5..5ed70c54 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "parse-server",
-  "version": "4.10.14",
+  "version": "4.10.15",
   "description": "An express module providing a Parse-compatible API server",
   "main": "lib/index.js",
   "repository": {