diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2de4d0fb..5bacda7d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,10 +11,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Fixes a regression on [OOE-26](https://ortussolutions.atlassian.net/browse/OOE-26) where empty string values are coerced to `NULL` when an ORM type *is* declared. Originally reported against `6.4.0`, resolved in `6.5.0`, then regressed in `6.5.1`. - Resolves [OOE-26](https://ortussolutions.atlassian.net/browse/OOE-26).
 
-### 🔐 Security
-
-Bump Lucee build dependency to `6.0.0.585` to avoid [vulnerable dependencies in []`org.apache.commons:commons-compress`](https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-6254296), [`com.github.mwiede:jsch`](https://security.snyk.io/vuln/SNYK-JAVA-COMGITHUBMWIEDE-6130900), and [`org.apache.commons:commons-compress`](https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-6254297). NOTE: None of these vulnerabilities are realized in the Ortus ORM Extension, since we do not ship any Lucee code.
-
 ## [6.5.1] - 2024-02-20
 
 ### 🐛 Fixed
diff --git a/pom.xml b/pom.xml
index 06b81c43..ea53e937 100644
--- a/pom.xml
+++ b/pom.xml
@@ -307,7 +307,7 @@ lucee-core-version: ${minLuceeVersion}
 		<dependency>
 			<groupId>org.lucee</groupId>
 			<artifactId>lucee</artifactId>
-			<version>6.0.0.585</version>
+			<version>5.4.4.38</version>
 			<!-- https://www.baeldung.com/maven-dependency-scopes#2-provided -->
 			<scope>provided</scope>
 		</dependency>