diff --git a/README.md b/README.md
index 3d9087a468..898bd5d9f3 100644
--- a/README.md
+++ b/README.md
@@ -39,7 +39,7 @@ HackMD is built with one promise - **You own and control all your content**:
 
 ## CodiMD - The Open Source HackMD
 
-CodiMD is the free software version of [HackMD](https://hackmd.io), developed and opened source by the HackMD team with reduced features (without book mode), you can use CodiMD for your community and own all your data. *(See the [origin of the name CodiMD](https://github.com/hackmdio/hackmd/issues/720).)* 
+CodiMD is the free software version of [HackMD](https://hackmd.io), developed and open sourced by the HackMD team with reduced features (without book mode), you can use CodiMD for your community and own all your data. *(See the [origin of the name CodiMD](https://github.com/hackmdio/hackmd/issues/720).)* 
 
 CodiMD is perfect for open communities, while HackMD emphasizes on permission and access controls for commercial use cases. 
 
diff --git a/deployments/docker-compose.yml b/deployments/docker-compose.yml
index b5f2a4d20a..3289ce9928 100644
--- a/deployments/docker-compose.yml
+++ b/deployments/docker-compose.yml
@@ -11,10 +11,7 @@ services:
     restart: always
   codimd:
     # you can use image or custom build below,
-    # if you need CJK character with exported PDF files,
-    # please change the image tag with `cjk` postfix version
-    image: nabo.codimd.dev/hackmdio/hackmd:2.1.0
-    # image: nabo.codimd.dev/hackmdio/hackmd:2.1.0-cjk
+    image: nabo.codimd.dev/hackmdio/hackmd:2.5.3
     # build:
     #   context: ..
     #   dockerfile: ./deployments/Dockerfile
diff --git a/lib/imageRouter/filesystem.js b/lib/imageRouter/filesystem.js
index 49a811ef49..76dd92dcf6 100644
--- a/lib/imageRouter/filesystem.js
+++ b/lib/imageRouter/filesystem.js
@@ -22,8 +22,8 @@ function randomFilename () {
  */
 function pickFilename (defaultFilename) {
   let retryCounter = 5
-  let filename = defaultFilename
   const extname = path.extname(defaultFilename)
+  let filename = `${randomFilename()}${extname}`
   while (retryCounter-- > 0) {
     if (fs.existsSync(path.join(config.uploadsPath, filename))) {
       filename = `${randomFilename()}${extname}`
diff --git a/lib/migrations/20240114120250-revision-add-index.js b/lib/migrations/20240114120250-revision-add-index.js
new file mode 100644
index 0000000000..2260e918f2
--- /dev/null
+++ b/lib/migrations/20240114120250-revision-add-index.js
@@ -0,0 +1,11 @@
+'use strict'
+
+module.exports = {
+  up: (queryInterface, Sequelize) => {
+    return queryInterface.addIndex('Revisions', ['noteId'], {})
+  },
+
+  down: (queryInterface, Sequelize) => {
+    return queryInterface.removeIndex('Revisions', 'noteId')
+  }
+}
diff --git a/package-lock.json b/package-lock.json
index 82da5cb1bd..941dc9bcd2 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "codimd",
-  "version": "2.5.3",
+  "version": "2.5.4",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "codimd",
-      "version": "2.5.3",
+      "version": "2.5.4",
       "license": "AGPL-3.0",
       "dependencies": {
         "@aws-sdk/client-s3-node": "0.1.0-preview.2",
diff --git a/package.json b/package.json
index da2a000d28..32163a0a98 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "codimd",
-  "version": "2.5.3",
+  "version": "2.5.4",
   "description": "Realtime collaborative markdown notes on all platforms.",
   "keywords": [
     "Collaborative",
diff --git a/public/docs/release-notes.md b/public/docs/release-notes.md
index 63a9e0084f..9bccacbcf6 100644
--- a/public/docs/release-notes.md
+++ b/public/docs/release-notes.md
@@ -1,6 +1,23 @@
 Release Notes
 ===
 
+<i class="fa fa-tag"></i> 2.5.4 <i class="fa fa-clock-o"></i> 2024-06-06
+---
+
+[Check out the complete release note][v2_5_4]. Thank you CodiMD community and all our contributors. ❤️
+
+[v2_5_4]: https://hackmd.io/@codimd/release-notes/%2F%40codimd%2Fv2_5_4
+
+## Enhancements
+
+- Add index at revision table for improving system performance [#1856](https://github.com/hackmdio/codimd/pull/1856)
+- Refactor to reuse random filename in filesystem image provider [#1867](https://github.com/hackmdio/codimd/pull/1867)
+
+## Fixes
+
+- Fix exclusion of name attribute from iframe filterXSS allowlist [#1865](https://github.com/hackmdio/codimd/pull/1865)
+- Fix typo: "opened source" -> "open sourced" [#1869](https://github.com/hackmdio/codimd/pull/1869)
+
 <i class="fa fa-tag"></i> 2.5.3 <i class="fa fa-clock-o"></i> 2024-01-08
 ---
 
diff --git a/public/js/render.js b/public/js/render.js
index 4a9c3b25f7..db73a0ce31 100644
--- a/public/js/render.js
+++ b/public/js/render.js
@@ -20,7 +20,7 @@ whiteList.style = []
 // allow kbd tag
 whiteList.kbd = []
 // allow ifram tag with some safe attributes
-whiteList.iframe = ['allowfullscreen', 'name', 'referrerpolicy', 'src', 'width', 'height']
+whiteList.iframe = ['allowfullscreen', 'referrerpolicy', 'src', 'width', 'height']
 // allow summary tag
 whiteList.summary = []
 // allow ruby tag