diff --git a/CHANGES.md b/CHANGES.md
index 1c943af6068729ba9f02952fd31bc2715639fa96..22541f6c1586d8fd8c0198d6c770add49eb63d56 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -11,6 +11,7 @@ Release Notes.
#### OAP Server
* Fix potential NPE in OAL string match and a bug when right-hand-side variable includes double quotes.
+* Bump up Armeria version to fix CVE.
#### UI
diff --git a/dist-material/release-docs/LICENSE b/dist-material/release-docs/LICENSE
index dbd92aff997281cb0b7806c216dfc1bcc0e73a76..d93a167251a70cd659b0cfa897764f382ed8cd58 100755
--- a/dist-material/release-docs/LICENSE
+++ b/dist-material/release-docs/LICENSE
@@ -324,9 +324,9 @@ The text of each license is the standard Apache 2.0 license.
simpleclient_httpserver 0.12.0 from prometheus https://github.com/prometheus/client_java Apache 2.0
jetcd 0.5.3, https://github.com/etcd-io/jetcd, Apache 2.0
failasfe 2.3.4, https://github.com/jhalterman/failsafe, Apache 2.0
- Armeria 1.12.0, http://github.com/line/armeria, Apache 2.0
+ Armeria 1.13.4, http://github.com/line/armeria, Apache 2.0
Brotli4j 1.6.0, https://github.com/hyperxpro/Brotli4j, Apache 2.0
- micrometer 1.7.4, https://github.com/micrometer-metrics/micrometer, Apache 2.0
+ micrometer 1.7.6, https://github.com/micrometer-metrics/micrometer, Apache 2.0
iotdb-session 0.12.3: https://github.com/apache/iotdb, Apache 2.0
iotdb-thrift 0.12.3: https://github.com/apache/iotdb, Apache 2.0
service-rpc 0.12.3: https://github.com/apache/iotdb, Apache 2.0
diff --git a/oap-server-bom/pom.xml b/oap-server-bom/pom.xml
index cd807350b7490d868eeb1379fd7bb5fe1dd3afed..96af99e116d444d58d0652aecdb3c693dadde07b 100644
--- a/oap-server-bom/pom.xml
+++ b/oap-server-bom/pom.xml
@@ -73,7 +73,7 @@
42.2.18
0.5.3
1.15.3
- 1.12.0
+ 1.13.4
3.0.0
4.4.13
1.21
diff --git a/tools/dependencies/known-oap-backend-dependencies.txt b/tools/dependencies/known-oap-backend-dependencies.txt
index f29d69d17e2b5c012b1c542d31d4de7e3548041f..15bcc731909cf2e1d79f56e5dce9e04aadf57da5 100755
--- a/tools/dependencies/known-oap-backend-dependencies.txt
+++ b/tools/dependencies/known-oap-backend-dependencies.txt
@@ -7,7 +7,7 @@ antlr4-runtime-4.7.1.jar
aopalliance-1.0.jar
apollo-client-1.8.0.jar
apollo-core-1.8.0.jar
-armeria-1.12.0.jar
+armeria-1.13.4.jar
audience-annotations-0.5.0.jar
bcpkix-jdk15on-1.69.jar
bcprov-ext-jdk15on-1.69.jar
@@ -99,7 +99,7 @@ log4j-over-slf4j-1.7.30.jar
log4j-slf4j-impl-2.14.1.jar
logging-interceptor-3.13.1.jar
lz4-java-1.6.0.jar
-micrometer-core-1.7.4.jar
+micrometer-core-1.7.6.jar
moshi-1.5.0.jar
msgpack-core-0.8.16.jar
mvel2-2.4.8.Final.jar