diff --git a/History.md b/History.md
index 68f854bd52f..9b60a6439b5 100644
--- a/History.md
+++ b/History.md
@@ -1,6 +1,6 @@
-UNRELEASED
+4.22.0 / 2025-12-01
 ==========
-
+  * Security fix for [CVE-2024-51999](https://www.cve.org/CVERecord?id=CVE-2024-51999) ([GHSA-pj86-cfqh-vqx6](https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6))
   * deps: use tilde notation for dependencies
   * deps: qs@6.14.0
 
diff --git a/package.json b/package.json
index 52ec4e2168a..44f55d1274c 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "express",
   "description": "Fast, unopinionated, minimalist web framework",
-  "version": "4.21.2",
+  "version": "4.22.0",
   "author": "TJ Holowaychuk <tj@vision-media.ca>",
   "contributors": [
     "Aaron Heckmann <aaron.heckmann+github@gmail.com>",