diff --git a/debian/control b/debian/control
index 159a7be34a..8033219c6a 100644
--- a/debian/control
+++ b/debian/control
@@ -102,7 +102,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends},
  ruby-bcrypt (>= 3.1.14~),
  ruby-doorkeeper (>= 5.5~),
  ruby-doorkeeper-openid-connect (>= 1.7.5~),
- ruby-rexml (>= 3.2.5~),
+ ruby-rexml (>= 3.2.3.1~),
  ruby-saml (>= 1.12.1~),
  ruby-omniauth (>= 1.8~),
  ruby-omniauth-auth0 (>= 2.0~),
diff --git a/debian/patches/0499-92-relax-rexml.patch b/debian/patches/0499-92-relax-rexml.patch
new file mode 100644
index 0000000000..55a00498ff
--- /dev/null
+++ b/debian/patches/0499-92-relax-rexml.patch
@@ -0,0 +1,13 @@
+libruby2.7 has rexml 3.2.3.1 which has latest security fixes
+
+--- a/Gemfile
++++ b/Gemfile
+@@ -28,7 +28,7 @@
+ gem 'bcrypt', '~> 3.1', '>= 3.1.14'
+ gem 'doorkeeper', '~> 5.5'
+ gem 'doorkeeper-openid_connect', '~> 1.7', '>= 1.7.5'
+-gem 'rexml', '~> 3.2', '>= 3.2.5'
++gem 'rexml', '~> 3.2', '>= 3.2.3.1'
+ gem 'ruby-saml', '~> 1.12', '>= 1.12.1'
+ gem 'omniauth', '~> 1.8'
+ gem 'omniauth-auth0', '~> 2.0'
diff --git a/debian/patches/series b/debian/patches/series
index 5df7ca4239..e23b177fe9 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -18,6 +18,7 @@
 0499-70-relax-graphlient.patch
 0499-90-relax-webrick.patch
 0499-91-relax-omniauth-azure-activedirectory-v2.patch
+0499-92-relax-rexml.patch
 0500-set-webpack-root.patch
 0510-remove-dev-dependencies.patch
 0520-add-system-lib-path-for-webpack.patch