diff --git a/Gemfile b/Gemfile
index 15acea5383fa5630b7dea29d3e122eb19049fac3..f2a3e7390f70dcafbc4560e94c739b6af6cdd0d3 100644
--- a/Gemfile
+++ b/Gemfile
@@ -587,7 +587,7 @@ gem 'cvss-suite', '~> 3.0.1', require: 'cvss_suite'
 gem 'arr-pm', '~> 0.0.12'
 
 # Apple plist parsing
-gem 'CFPropertyList'
+gem 'CFPropertyList', '~> 3.0.0'
 gem 'app_store_connect'
 
 # For phone verification
diff --git a/Gemfile.lock b/Gemfile.lock
index b4c561b9372d4ea02a21a9a0d5da6c4d433c2f62..d6f52ad6834b2810484be53c56cad7eeb59a6992 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1596,7 +1596,7 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  CFPropertyList
+  CFPropertyList (~> 3.0.0)
   RedCloth (~> 4.3.2)
   acme-client (~> 2.0)
   activerecord-explain-analyze (~> 0.1)