diff --git a/CHANGES.md b/CHANGES.md
index 1c943af6068729ba9f02952fd31bc2715639fa96..22541f6c1586d8fd8c0198d6c770add49eb63d56 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -11,6 +11,7 @@ Release Notes.
 #### OAP Server
 
 * Fix potential NPE in OAL string match and a bug when right-hand-side variable includes double quotes.
+* Bump up Armeria version to fix CVE.
 
 #### UI
 
diff --git a/dist-material/release-docs/LICENSE b/dist-material/release-docs/LICENSE
index dbd92aff997281cb0b7806c216dfc1bcc0e73a76..d93a167251a70cd659b0cfa897764f382ed8cd58 100755
--- a/dist-material/release-docs/LICENSE
+++ b/dist-material/release-docs/LICENSE
@@ -324,9 +324,9 @@ The text of each license is the standard Apache 2.0 license.
     simpleclient_httpserver 0.12.0 from prometheus https://github.com/prometheus/client_java Apache 2.0
     jetcd 0.5.3, https://github.com/etcd-io/jetcd, Apache 2.0
     failasfe 2.3.4, https://github.com/jhalterman/failsafe, Apache 2.0
-    Armeria 1.12.0, http://github.com/line/armeria, Apache 2.0
+    Armeria 1.13.4, http://github.com/line/armeria, Apache 2.0
     Brotli4j 1.6.0, https://github.com/hyperxpro/Brotli4j, Apache 2.0
-    micrometer 1.7.4, https://github.com/micrometer-metrics/micrometer, Apache 2.0
+    micrometer 1.7.6, https://github.com/micrometer-metrics/micrometer, Apache 2.0
     iotdb-session 0.12.3: https://github.com/apache/iotdb, Apache 2.0
     iotdb-thrift 0.12.3: https://github.com/apache/iotdb, Apache 2.0
     service-rpc 0.12.3: https://github.com/apache/iotdb, Apache 2.0
diff --git a/oap-server-bom/pom.xml b/oap-server-bom/pom.xml
index cd807350b7490d868eeb1379fd7bb5fe1dd3afed..96af99e116d444d58d0652aecdb3c693dadde07b 100644
--- a/oap-server-bom/pom.xml
+++ b/oap-server-bom/pom.xml
@@ -73,7 +73,7 @@
         <postgresql.version>42.2.18</postgresql.version>
         <jetcd.version>0.5.3</jetcd.version>
         <testcontainers.version>1.15.3</testcontainers.version>
-        <armeria.version>1.12.0</armeria.version>
+        <armeria.version>1.13.4</armeria.version>
         <awaitility.version>3.0.0</awaitility.version>
         <httpcore.version>4.4.13</httpcore.version>
         <commons-compress.version>1.21</commons-compress.version>
diff --git a/tools/dependencies/known-oap-backend-dependencies.txt b/tools/dependencies/known-oap-backend-dependencies.txt
index f29d69d17e2b5c012b1c542d31d4de7e3548041f..15bcc731909cf2e1d79f56e5dce9e04aadf57da5 100755
--- a/tools/dependencies/known-oap-backend-dependencies.txt
+++ b/tools/dependencies/known-oap-backend-dependencies.txt
@@ -7,7 +7,7 @@ antlr4-runtime-4.7.1.jar
 aopalliance-1.0.jar
 apollo-client-1.8.0.jar
 apollo-core-1.8.0.jar
-armeria-1.12.0.jar
+armeria-1.13.4.jar
 audience-annotations-0.5.0.jar
 bcpkix-jdk15on-1.69.jar
 bcprov-ext-jdk15on-1.69.jar
@@ -99,7 +99,7 @@ log4j-over-slf4j-1.7.30.jar
 log4j-slf4j-impl-2.14.1.jar
 logging-interceptor-3.13.1.jar
 lz4-java-1.6.0.jar
-micrometer-core-1.7.4.jar
+micrometer-core-1.7.6.jar
 moshi-1.5.0.jar
 msgpack-core-0.8.16.jar
 mvel2-2.4.8.Final.jar