diff --git a/Gemfile b/Gemfile
index 5f5f21ecc..39515507f 100644
--- a/Gemfile
+++ b/Gemfile
@@ -68,7 +68,7 @@ gem 'parslet'
 gem 'posix-spawn'
 gem 'pundit', '~> 2.2'
 gem 'premailer-rails'
-gem 'rack-attack', '~> 6.5'
+gem 'rack-attack', '~> 6.6'
 gem 'rack-cors', '~> 1.1', require: 'rack/cors'
 gem 'rails-i18n', '~> 6.0'
 gem 'rails-settings-cached', '~> 0.6'
diff --git a/Gemfile.lock b/Gemfile.lock
index 075a4e9cb..89187d1b0 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -466,7 +466,7 @@ GEM
     raabro (1.4.0)
     racc (1.6.0)
     rack (2.2.3)
-    rack-attack (6.5.0)
+    rack-attack (6.6.0)
       rack (>= 1.0, < 3)
     rack-cors (1.1.1)
       rack (>= 2.0.0)
@@ -800,7 +800,7 @@ DEPENDENCIES
   puma (~> 5.6)
   pundit (~> 2.2)
   rack (~> 2.2.3)
-  rack-attack (~> 6.5)
+  rack-attack (~> 6.6)
   rack-cors (~> 1.1)
   rails (~> 6.1.4)
   rails-controller-testing (~> 1.0)
diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
index c3733e377..745eb5d3b 100644
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@@ -118,9 +118,9 @@ class Rack::Attack
     req.session[:attempt_user_id] || req.params.dig('user', 'email').presence if req.post? && req.path == '/auth/sign_in'
   end
 
-  self.throttled_response = lambda do |env|
+  self.throttled_responder = lambda do |request|
     now        = Time.now.utc
-    match_data = env['rack.attack.match_data']
+    match_data = request.env['rack.attack.match_data']
 
     headers = {
       'Content-Type'          => 'application/json',