diff --git a/History.md b/History.md
index 33f645a4..58df9745 100644
--- a/History.md
+++ b/History.md
@@ -1,3 +1,7 @@
+## 0.15.4
+
+* [fix] Verify hostname by default (CVE-2025-46551)
+
 ## 0.15.3
 
 * [fix] keep curve name when group is set into another key
diff --git a/lib/jopenssl/version.rb b/lib/jopenssl/version.rb
index 3a84cdf9..c635b8f5 100644
--- a/lib/jopenssl/version.rb
+++ b/lib/jopenssl/version.rb
@@ -1,5 +1,5 @@
 module JOpenSSL
-  VERSION = '0.15.3'
+  VERSION = '0.15.4'
   BOUNCY_CASTLE_VERSION = '1.79'
 end
 
diff --git a/lib/openssl/ssl.rb b/lib/openssl/ssl.rb
index b77f0b52..991f05e3 100644
--- a/lib/openssl/ssl.rb
+++ b/lib/openssl/ssl.rb
@@ -20,7 +20,7 @@ class SSLContext
       DEFAULT_PARAMS = { # :nodoc:
         :min_version => OpenSSL::SSL::TLS1_VERSION,
         :verify_mode => OpenSSL::SSL::VERIFY_PEER,
-        :verify_hostname => nil, # TODO => true needs JRuby support to call verify_certificate_identity
+        :verify_hostname => true,
         :options => OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_COMPRESSION
       }
 
diff --git a/pom.xml b/pom.xml
index ac6278e6..bb01f0f1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -11,7 +11,7 @@ DO NOT MODIFY - GENERATED CODE
   <modelVersion>4.0.0</modelVersion>
   <groupId>rubygems</groupId>
   <artifactId>jruby-openssl</artifactId>
-  <version>0.15.3</version>
+  <version>0.15.4</version>
   <packaging>gem</packaging>
   <name>JRuby OpenSSL</name>
   <description>JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library.</description>