diff --git a/CHANGELOG.md b/CHANGELOG.md
index e28fdc3..7c12104 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,7 +9,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 ### Removed
 ### Fixed
 ### Security
-
+- Upgraded `rubocop-rspec` to the latest 2.x version to resolve CVE in its rexml dependency ([#]())
 ---
 
 ## 1.2.1
diff --git a/Gemfile b/Gemfile
index f5f895b..8219565 100644
--- a/Gemfile
+++ b/Gemfile
@@ -21,7 +21,7 @@ gem 'yard', '~> 0.9', '>= 0.9.35'
 if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('2.4') && Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.5')
   gem 'rubocop', '~> 1.12.1'
   gem 'rubocop-rake', '~> 0.5.1'
-  gem 'rubocop-rspec', '~> 2.2.0'
+  gem 'rubocop-rspec', '~> 2'
   gem 'simplecov', '~> 0.18.5'
 else
   # We need to disable Bundler/DuplicatedGem only because of rubocop 1.12.1.