diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6852beb..2b5a0f3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,12 @@ Changelog for Razorpay-Ruby SDK.
 
 ## Unreleased
 
+## [3.2.4] - 2026-06-08
+
+fix: Security fix for AES-GCM onboarding signature
+* Fixed nonce reuse vulnerability in `generate_onboarding_signature` by using a random nonce per call instead of a static IV derived from the secret key
+* New output format: `hex(iv[12] || ciphertext || tag[16])` — the receiver reads the first 24 hex chars as the IV before decrypting
+
 ## [3.2.3] - 2024-05-27
 
 feat: Added new API endpoints
diff --git a/lib/razorpay/constants.rb b/lib/razorpay/constants.rb
index 4822833..79c32b4 100644
--- a/lib/razorpay/constants.rb
+++ b/lib/razorpay/constants.rb
@@ -2,7 +2,7 @@
 module Razorpay
   BASE_URI = 'https://api.razorpay.com'.freeze
   TEST_URL = 'https://api.razorpay.com/'.freeze
-  VERSION  = '3.2.3'.freeze
+  VERSION  = '3.2.4'.freeze
   AUTH_URL = 'https://auth.razorpay.com'.freeze
   API_HOST = 'API'.freeze
   AUTH_HOST    = 'AUTH'.freeze