diff --git a/flatpak-1.14.3.tar.xz b/flatpak-1.14.3.tar.xz
deleted file mode 100644
index 46050c8..0000000
--- a/flatpak-1.14.3.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:59f0470ccb894d852e4c6fbc1043d8bcc95e38033c5c36f2aa90dd295257eebe
-size 1630824
diff --git a/flatpak-1.14.4.tar.xz b/flatpak-1.14.4.tar.xz
new file mode 100644
index 0000000..bfc970e
--- /dev/null
+++ b/flatpak-1.14.4.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8a34dbd0b67c434e7598b98ec690953d046f0db26e480aeafb46d72aec716799
+size 1637484
diff --git a/flatpak.changes b/flatpak.changes
index 907687a..45aff4e 100644
--- a/flatpak.changes
+++ b/flatpak.changes
@@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Thu Mar 16 16:15:42 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 1.14.4 (CVE-2023-28101, CVE-2023-28100):
+  + Escape special characters when displaying permissions and
+    metadata, preventing malicious apps from manipulating the
+    appearance of the permissions list using crafted metadata
+    (CVE-2023-28101).
+  + If a Flatpak app is run on a Linux virtual console (tty1, tty2,
+    etc.), don't allow copy/paste via the TIOCLINUX ioctl
+    (CVE-2023-28100). Note that this is specific to virtual
+    consoles: Flatpak is not vulnerable to this if run from a
+    graphical terminal emulator such as xterm, gnome-terminal or
+    Konsole.
+  + Updated translations.
+
 -------------------------------------------------------------------
 Mon Feb 27 14:07:03 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
 
diff --git a/flatpak.spec b/flatpak.spec
index 51c4cb7..e527e67 100644
--- a/flatpak.spec
+++ b/flatpak.spec
@@ -34,7 +34,7 @@
 %define support_environment_generators 1
 %endif
 Name:           flatpak
-Version:        1.14.3
+Version:        1.14.4
 Release:        0
 Summary:        OSTree based application bundles management
 License:        LGPL-2.1-or-later