diff --git a/.github/workflows/scorecards-analysis.yaml b/.github/workflows/scorecards-analysis.yaml
index ce461571bee..e4c73a5bf04 100644
--- a/.github/workflows/scorecards-analysis.yaml
+++ b/.github/workflows/scorecards-analysis.yaml
@@ -70,6 +70,6 @@ jobs:
           retention-days: 5
 
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911    # 2.1.22
+        uses: github/codeql-action/upload-sarif@379614612a29c9e28f31f39a59013eb8012a51f0    # 2.1.22
         with:
           sarif_file: results.sarif
diff --git a/log4j-parent/pom.xml b/log4j-parent/pom.xml
index bfa20619aba..f7ccf15d4c6 100644
--- a/log4j-parent/pom.xml
+++ b/log4j-parent/pom.xml
@@ -139,7 +139,7 @@
     <plexus-utils.version>3.5.1</plexus-utils.version>
     <slf4j.version>2.0.9</slf4j.version>
     <spring-boot.version>2.7.18</spring-boot.version>
-    <spring-framework.version>5.3.31</spring-framework.version>
+    <spring-framework.version>5.3.32</spring-framework.version>
     <system-stubs.version>2.0.3</system-stubs.version>
     <tomcat-juli.version>10.0.27</tomcat-juli.version>
     <velocity.version>1.7</velocity.version>
diff --git a/src/changelog/.2.x.x/update_github_codeql_action.xml b/src/changelog/.2.x.x/update_github_codeql_action.xml
new file mode 100644
index 00000000000..854d457233e
--- /dev/null
+++ b/src/changelog/.2.x.x/update_github_codeql_action.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<entry xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns="http://logging.apache.org/log4j/changelog"
+       xsi:schemaLocation="http://logging.apache.org/log4j/changelog https://logging.apache.org/log4j/changelog-0.1.3.xsd"
+       type="updated">
+  <issue id="2295" link="https://github.com/apache/logging-log4j2/pull/2295"/>
+  <description format="asciidoc">Update `github/codeql-action` to version `3.24.3`</description>
+</entry>
diff --git a/src/changelog/.2.x.x/update_org_springframework_spring_framework_bom.xml b/src/changelog/.2.x.x/update_org_springframework_spring_framework_bom.xml
new file mode 100644
index 00000000000..0c619c12d19
--- /dev/null
+++ b/src/changelog/.2.x.x/update_org_springframework_spring_framework_bom.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<entry xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns="http://logging.apache.org/log4j/changelog"
+       xsi:schemaLocation="http://logging.apache.org/log4j/changelog https://logging.apache.org/log4j/changelog-0.1.3.xsd"
+       type="updated">
+  <issue id="2293" link="https://github.com/apache/logging-log4j2/pull/2293"/>
+  <description format="asciidoc">Update `org.springframework:spring-framework-bom` to version `5.3.32`</description>
+</entry>
diff --git a/src/site/_release-notes/_2.x.x.adoc b/src/site/_release-notes/_2.x.x.adoc
index b72a804e9ea..8127b2ac7cd 100644
--- a/src/site/_release-notes/_2.x.x.adoc
+++ b/src/site/_release-notes/_2.x.x.adoc
@@ -58,8 +58,10 @@ This releases contains ...
 
 * Update `com.fasterxml.jackson:jackson-bom` to version `2.16.1` (https://github.com/apache/logging-log4j2/pull/2126[2126])
 * Update `commons-codec:commons-codec` to version `1.16.1` (https://github.com/apache/logging-log4j2/pull/2277[2277])
+* Update `github/codeql-action` to version `3.24.3` (https://github.com/apache/logging-log4j2/pull/2295[2295])
 * Update `io.netty:netty-bom` to version `4.1.107.Final` (https://github.com/apache/logging-log4j2/pull/2284[2284])
 * Update `org.apache.logging:logging-parent` to version `10.6.0` (https://github.com/apache/logging-log4j2/pull/2197[2197])
 * Update `org.eclipse.jetty:jetty-bom` to version `9.4.54.v20240208` (https://github.com/apache/logging-log4j2/pull/2287[2287])
 * Update `org.jctools:jctools-core` to version `4.0.3` (https://github.com/apache/logging-log4j2/pull/2270[2270])
+* Update `org.springframework:spring-framework-bom` to version `5.3.32` (https://github.com/apache/logging-log4j2/pull/2293[2293])
 * Update `org.zeromq:jeromq` to version `0.6.0` (https://github.com/apache/logging-log4j2/pull/2271[2271])