diff --git a/bower.json b/bower.json
index a515b631a..cd3a40608 100644
--- a/bower.json
+++ b/bower.json
@@ -49,7 +49,7 @@
     "requirejs-plugins": "^1.0.3",
     "dragula.js": "3.7.2",
     "MathJax": "3.0.5",
-    "drawio": "jgraph/drawio#v20.8.18",
+    "drawio": "jgraph/drawio#v21.5.2",
     "pako": "^2.1.0",
     "x2js": "x2js/x2js#^3.4.4"
   },
diff --git a/lib/defaults.js b/lib/defaults.js
index c209a49a6..6f69f5333 100644
--- a/lib/defaults.js
+++ b/lib/defaults.js
@@ -48,7 +48,7 @@ Default.padContentSecurity = function (Env) {
 };
 
 Default.diagramContentSecurity = function (Env) {
-    return (Default.commonCSP(Env).join('; ') + "script-src 'self' 'sha256-vrEVJkYyBW9H4tt1lYZtK5fDowIeRwUgYZfFTT36YpE=' 'sha256-6g514VrT/cZFZltSaKxIVNFF46+MFaTSDTPB8WfYK+c=' resource: " + Env.httpUnsafeOrigin).replace(/\s+/g, ' ');
+    return (Default.commonCSP(Env).join('; ') + "script-src 'self' 'sha256-6zAB96lsBZREqf0sT44BhH1T69sm7HrN34rpMOcWbNo=' 'sha256-6g514VrT/cZFZltSaKxIVNFF46+MFaTSDTPB8WfYK+c=' resource: " + Env.httpUnsafeOrigin).replace(/\s+/g, ' ');
 };
 
 Default.httpHeaders = function (Env) {