diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7a5e6abc4e..3293327af0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,7 +2,12 @@
 
 ## [UNRELEASED]
 
+No user facing changes.
+
+## 2.3.5 - 25 May 2023
+
 - Allow invalid URIs to be used as values to `artifactLocation.uri` properties. This reverses a change from [#1668](https://github.com/github/codeql-action/pull/1668) that inadvertently led to stricter validation of some URI values. [#1705](https://github.com/github/codeql-action/pull/1705)
+- Gracefully handle invalid URIs when fingerprinting. [#1694](https://github.com/github/codeql-action/pull/1694)
 
 ## 2.3.4 - 24 May 2023
 
diff --git a/node_modules/.package-lock.json b/node_modules/.package-lock.json
index 2b9e4f8462..6d7a3e0b3d 100644
--- a/node_modules/.package-lock.json
+++ b/node_modules/.package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "2.3.5",
+  "version": "2.3.6",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
diff --git a/package-lock.json b/package-lock.json
index 4b2007085b..afdb7c7709 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "codeql",
-  "version": "2.3.5",
+  "version": "2.3.6",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "codeql",
-      "version": "2.3.5",
+      "version": "2.3.6",
       "license": "MIT",
       "dependencies": {
         "@actions/artifact": "^1.1.0",
diff --git a/package.json b/package.json
index 65fc02e503..f7af949a89 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "2.3.5",
+  "version": "2.3.6",
   "private": true,
   "description": "CodeQL action",
   "scripts": {