diff --git a/_service b/_service
index 15e10ec..665868d 100644
--- a/_service
+++ b/_service
@@ -4,7 +4,7 @@
     <param name="scm">git</param>
     <param name="submodules">disable</param>
     <param name="exclude">.git</param>
-    <param name="revision">v14.1.2</param>
+    <param name="revision">v14.1.3</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>
     <param name="versionrewrite-pattern">v(.*)</param>
diff --git a/_servicedata b/_servicedata
index 3ab2553..a10c921 100644
--- a/_servicedata
+++ b/_servicedata
@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/gravitational/teleport</param>
-              <param name="changesrevision">47a97d98c1ea8c44d954e3508064f89fce6c3f8f</param></service></servicedata>
\ No newline at end of file
+              <param name="changesrevision">748fa4e13472fbf93bc0d4833c5647bc82e7fbf4</param></service></servicedata>
\ No newline at end of file
diff --git a/teleport-14.1.2.obscpio b/teleport-14.1.2.obscpio
deleted file mode 100644
index b8d2134..0000000
--- a/teleport-14.1.2.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f57d6b4254ce60c3c09c677e457aa30f99f6b377968410aa512ac22c9fde58c4
-size 257082382
diff --git a/teleport-14.1.3.obscpio b/teleport-14.1.3.obscpio
new file mode 100644
index 0000000..2b60021
--- /dev/null
+++ b/teleport-14.1.3.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:61da350436bc0db3c9b0b9d5446ea00ca73fbe2804ed7c75b64c7be4b7b7104b
+size 257082382
diff --git a/teleport.changes b/teleport.changes
index feb2fdc..2df152d 100644
--- a/teleport.changes
+++ b/teleport.changes
@@ -1,3 +1,64 @@
+-------------------------------------------------------------------
+Thu Nov 16 14:24:38 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 14.1.3:
+  * Security Fixes
+    - [Medium] Arbitrary code execution with LD_PRELOAD and SFTP
+      Teleport implements SFTP using a subcommand. Prior to this
+      release it was possible to inject environment variables into
+      the execution of this subcommand, via shell init scripts or
+      via the SSH environment request.
+      This is addressed by preventing LD_PRELOAD and other
+      dangerous environment variables from being forwarded during
+      re-exec.
+  * [Medium] Outbound SSH from Proxy can lead to IP spoofing
+      If the Teleport auth or proxy services are configured to
+      accept PROXY protocol headers, a malicious actor can use this
+      to spoof their IP address.
+      This is addressed by requiring that the first bytes of any
+      SSH connection are the SSH protocol prefix, denying a
+      malicious actor the opportunity to send their own proxy
+      headers.
+  * Other Fixes & Improvements
+    - Fixed issue where tbot would select the wrong address for
+      Kubernetes Access when in ports separate mode #34283
+    - Added post-review state of Access Request in audit log
+      description #34213
+    - Updated Operator Reconciliation to skip Teleport Operator on
+      status updates #34194
+    - Updated Kube Agent Auto-Discovery to install the Teleport
+      version provided by Automatic Upgrades #34157
+    - Updated Server Auto-Discovery installer script to use bash
+      instead of sh #34144
+    - When a promotable Access Request targets a resource that
+      belongs to an Access List, owners of that list will now
+      automatically be added as reviewers. #34131
+    - Added Database Automatic User Provisioning support for
+      Redshift #34126
+    - Added teleport_auth_type config parameter to the AWS
+      Terraform examples #34124
+    - Fixed issue where an auto-provisioned PostgreSQL user may
+      keep old roles indefinitely #34121
+    - Fixed incorrectly set file mode for Windows TPM files #34113
+    - Added dynamic credential reloading for access plugins #34079
+    - Fixed Azure Identity federated Application ID #33960
+    - Fixed issue where Kubernetes Audit Events reported incorrect
+      information in the exec audit #33950
+    - Added support for formatting hostname as host:port to tsh
+      puttyconfig #33883
+    - Added support for --set-context-name to tsh proxy kube
+    - Fixed various Access List bookkeeping issues #33834
+    - Fixed issue where tsh aws ecs execute-command would always
+      fail #33833
+    - Updated UI to automatically redirect to login page on missing
+      session cookie #33806
+    - Added Dynamic Discovery matching for Databases #33693
+    - Fixed formatting errors on empty result sets in tsh #33633
+    - Added Database Automatic User Provisioning support for
+      MariaDB #34256
+    - Fixed issue where MySQL auto-user deletion fails on usernames
+      with quotes #34304
+
 -------------------------------------------------------------------
 Thu Nov 09 06:48:36 UTC 2023 - kastl@b1-systems.de
 
diff --git a/teleport.obsinfo b/teleport.obsinfo
index 31183cb..122b7c5 100644
--- a/teleport.obsinfo
+++ b/teleport.obsinfo
@@ -1,4 +1,4 @@
 name: teleport
-version: 14.1.2
-mtime: 1699479548
-commit: 47a97d98c1ea8c44d954e3508064f89fce6c3f8f
+version: 14.1.3
+mtime: 1699485178
+commit: 748fa4e13472fbf93bc0d4833c5647bc82e7fbf4
diff --git a/teleport.spec b/teleport.spec
index 25113ec..aed15c0 100644
--- a/teleport.spec
+++ b/teleport.spec
@@ -19,7 +19,7 @@
 %define __arch_install_post export NO_BRP_STRIP_DEBUG=true
 
 Name:           teleport
-Version:        14.1.2
+Version:        14.1.3
 Release:        0
 Summary:        Identity-aware, multi-protocol access proxy
 License:        Apache-2.0
diff --git a/vendor.tar.gz b/vendor.tar.gz
index 72993f8..31510ba 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:de0295ba1aca450550fa2423c5ebe248f0700011298e1dbf709b48f4b359d783
-size 39643323
+oid sha256:cb42b2dc64b3ae449fb4f448a9b098fd7cf5798a67083e32eac6756ef7b71868
+size 39644500
