diff --git a/Gemfile b/Gemfile
index 175d08a38..b51ffec4a 100644
--- a/Gemfile
+++ b/Gemfile
@@ -54,7 +54,7 @@ gem 'js-routes' # Not sure if this is used anymore
 gem 'bootstrap_form-datetimepicker' # not sure if this is used anymore
 
 # Stuff we're hardsetting because of security concerns
-gem 'loofah', '>= 2.2.1'
+gem 'loofah', '>= 2.2.3'
 gem 'rails-html-sanitizer', '>= 1.0.4'
 
 group :development do
diff --git a/Gemfile.lock b/Gemfile.lock
index 890a2a526..3efbcded0 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -170,7 +170,7 @@ GEM
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
       ruby_dep (~> 1.2)
-    loofah (2.2.2)
+    loofah (2.2.3)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.0)
@@ -401,7 +401,7 @@ DEPENDENCIES
   knapsack
   launchy
   listen
-  loofah (>= 2.2.1)
+  loofah (>= 2.2.3)
   mini_backtrace
   minitest-ci
   minitest-optional_retry
@@ -443,4 +443,4 @@ RUBY VERSION
    ruby 2.5.3p105
 
 BUNDLED WITH
-   1.16.6
+   1.17.1