diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2e13f6d..cbd4e5a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,7 @@ version released to date for the Jekyll Heroku Starter Kit.
 
 - [#bugfix](#bugfix)
   - Fixed OS Command Injection in Rake [CVE-2020-8130](https://github.com/advisories/GHSA-jppv-gw3r-w3q8).
+  - Fixed Directory traversal in Rack::Directory app bundled with Rack [CVE-2020-8161](https://github.com/advisories/GHSA-5f9h-9pjv-v6j7).
   - Fixed Percent-encoded cookies can be used to overwrite existing prefixed cookie names [CVE-2020-8184](https://github.com/advisories/GHSA-j6w9-fv6q-3q52).
 - [#enhancement](#enhancement)
   - Updated `jekyll` to `3.7.8`.
diff --git a/Gemfile b/Gemfile
index 0250c2d..153ea77 100644
--- a/Gemfile
+++ b/Gemfile
@@ -2,6 +2,7 @@ source 'https://rubygems.org'
 ruby '2.6.3'
 gem 'bundler', '1.17.2'
 gem "jekyll"
+gem "rack", ">= 2.1.4"
 gem 'rack-jekyll'
 gem 'rake'
 gem 'jekyll-theme-minimal'
diff --git a/Gemfile.lock b/Gemfile.lock
index ffe44d0..f7f2ffe 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -59,11 +59,10 @@ GEM
       forwardable-extended (~> 2.6)
     posix-spawn (0.3.14)
     public_suffix (4.0.5)
-    rack (1.6.13)
-    rack-jekyll (0.5.0)
-      jekyll (>= 1.3)
-      listen (>= 1.3)
-      rack (~> 1.5)
+    rack (2.2.3)
+    rack-jekyll (0.3.5)
+      jekyll
+      rack
     rake (13.0.1)
     rb-fsevent (0.10.4)
     rb-inotify (0.10.1)
@@ -90,6 +89,7 @@ DEPENDENCIES
   jekyll-seo-tag
   jekyll-sitemap
   jekyll-theme-minimal
+  rack (>= 2.1.4)
   rack-jekyll
   rake