diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7f27565092..906f5801e4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
 
 ## [UNRELEASED]
 
+No user facing changes.
+
+## 3.28.18 - 16 May 2025
+
 - Update default CodeQL bundle version to 2.21.3. [#2893](https://github.com/github/codeql-action/pull/2893)
 - Skip validating SARIF produced by CodeQL for improved performance. [#2894](https://github.com/github/codeql-action/pull/2894)
 - The number of threads and amount of RAM used by CodeQL can now be set via the `CODEQL_THREADS` and `CODEQL_RAM` runner environment variables. If set, these environment variables override the `threads` and `ram` inputs respectively. [#2891](https://github.com/github/codeql-action/pull/2891)
diff --git a/node_modules/.package-lock.json b/node_modules/.package-lock.json
index e738bf3b09..9a7e361ef4 100644
--- a/node_modules/.package-lock.json
+++ b/node_modules/.package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "3.28.18",
+  "version": "3.28.19",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
diff --git a/package-lock.json b/package-lock.json
index 59c09e9b89..93236d4b4c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "codeql",
-  "version": "3.28.18",
+  "version": "3.28.19",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "codeql",
-      "version": "3.28.18",
+      "version": "3.28.19",
       "license": "MIT",
       "dependencies": {
         "@actions/artifact": "^2.3.1",
diff --git a/package.json b/package.json
index 569f8945e1..197a34190e 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "3.28.18",
+  "version": "3.28.19",
   "private": true,
   "description": "CodeQL action",
   "scripts": {