diff --git a/changelogs/CHANGELOG_release.md b/changelogs/CHANGELOG_release.md
index 25edd65b..57470605 100644
--- a/changelogs/CHANGELOG_release.md
+++ b/changelogs/CHANGELOG_release.md
@@ -1,3 +1,10 @@
+## [7.5.4](https://github.com/parse-community/parse-server/compare/7.5.3...7.5.4) (2025-11-05)
+
+
+### Bug Fixes
+
+* Uploading a file by providing an origin URL allows for Server-Side Request Forgery (SSRF); fixes vulnerability [GHSA-x4qj-2f4q-r4rx](https://github.com/parse-community/parse-server/security/advisories/GHSA-x4qj-2f4q-r4rx) ([#9904](https://github.com/parse-community/parse-server/issues/9904)) ([8bbe3ef](https://github.com/parse-community/parse-server/commit/8bbe3efbcf4a3b66f4a8db9bfb18cd98c050db51))
+
 ## [7.5.3](https://github.com/parse-community/parse-server/compare/7.5.2...7.5.3) (2025-07-10)
 
 
diff --git a/package-lock.json b/package-lock.json
index 59df2669..31003553 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "parse-server",
-  "version": "7.5.3",
+  "version": "7.5.4",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "parse-server",
-      "version": "7.5.3",
+      "version": "7.5.4",
       "hasInstallScript": true,
       "license": "Apache-2.0",
       "dependencies": {
diff --git a/package.json b/package.json
index 06fb17cc..647b8ea9 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "parse-server",
-  "version": "7.5.3",
+  "version": "7.5.4",
   "description": "An express module providing a Parse-compatible API server",
   "main": "lib/index.js",
   "repository": {