diff --git a/History.md b/History.md
index 924f10537bb..c234f529cea 100644
--- a/History.md
+++ b/History.md
@@ -1,7 +1,16 @@
+4.21.2 / 2024-11-06
+==========
+
+  * deps: path-to-regexp@0.1.12
+    - Fix backtracking protection
+  * deps: path-to-regexp@0.1.11
+    - Throws an error on invalid path values
+
 4.21.1 / 2024-10-08
 ==========
 
-* Backported a fix for [CVE-2024-47764](https://nvd.nist.gov/vuln/detail/CVE-2024-47764)
+  * Backported a fix for [CVE-2024-47764](https://nvd.nist.gov/vuln/detail/CVE-2024-47764)
+
 
 4.21.0 / 2024-09-11
 ==========
diff --git a/package.json b/package.json
index a36e593c316..60f65fe2d37 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "express",
   "description": "Fast, unopinionated, minimalist web framework",
-  "version": "4.21.1",
+  "version": "4.21.2",
   "author": "TJ Holowaychuk <tj@vision-media.ca>",
   "contributors": [
     "Aaron Heckmann <aaron.heckmann+github@gmail.com>",
@@ -15,6 +15,10 @@
   "license": "MIT",
   "repository": "expressjs/express",
   "homepage": "http://expressjs.com/",
+  "funding": {
+    "type": "opencollective",
+    "url": "https://opencollective.com/express"
+  },
   "keywords": [
     "express",
     "framework",
@@ -47,7 +51,7 @@
     "methods": "~1.1.2",
     "on-finished": "2.4.1",
     "parseurl": "~1.3.3",
-    "path-to-regexp": "0.1.10",
+    "path-to-regexp": "0.1.12",
     "proxy-addr": "~2.0.7",
     "qs": "6.13.0",
     "range-parser": "~1.2.1",