diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4264d9e3162..ce978ab996e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # CHANGELOG
 
+# Version 2.6.4
+* Update `applicationinsights-logging-log4j2` artifact to not pull in log4j2 dependency on its own. Users should already be bringing their own version of log4j2 (and should be upgrading that version or applying the mitigation steps from [CVE-2021-44228](https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/)). The update ensures that users *have* to bring their own version of log4j2.
+  ([#2002](https://github.com/microsoft/ApplicationInsights-Java/issues/2002))
+
 # Version 2.6.3
 * Update xstream dependency [#1580](https://github.com/microsoft/ApplicationInsights-Java/issues/1479)
 * Upgrade gradle from 5.5.1 to 6.8.3
diff --git a/gradle.properties b/gradle.properties
index fbab2029578..8cb95980d95 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -1,3 +1,3 @@
 // Project properties
-version=2.6.3
+version=2.6.4
 group=com.microsoft.azure
\ No newline at end of file