diff --git a/phpMyAdmin-4.6.2-all-languages.tar.xz b/phpMyAdmin-4.6.2-all-languages.tar.xz
deleted file mode 100644
index 7ab9532..0000000
--- a/phpMyAdmin-4.6.2-all-languages.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2ae6f6f0e8697b5ab5d0334bb16fa59da9143dce0d4576e6370ef54f7ad28872
-size 6128060
diff --git a/phpMyAdmin-4.6.2-all-languages.tar.xz.asc b/phpMyAdmin-4.6.2-all-languages.tar.xz.asc
deleted file mode 100644
index e6c9278..0000000
--- a/phpMyAdmin-4.6.2-all-languages.tar.xz.asc
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQIcBAABAgAGBQJXRdzsAAoJEM51LxeCWb2S6twP/RgEIqZLTb6owbFcluemz7Ca
-IPIjJAar09RAItb26AaASYEl4Hte9pTnGbXhF8Kob8uPRR28Zsv+WKjMa1TS3shx
-K05OXqe7lH49a0nCL1Ytcb7AhXr/vSOaoRGP8Y8HrzK9wnD6GdNf/2O9Ms9CKtvt
-4SJx0LyqRoW0jrqXUUzJ1vMNWuOehtPZm5eb5HnuvRWpg7hUBUaU8X+5jywuzDkT
-ueduW9plpuNtODZaYF0Awd2uyLgkaUM7BtC0wGB2B4BE4ywUTIVoq0XJhAhVyDqX
-f+xK/ynKSot3S5Hi5Ba/ZAINQ+4ckMQTBho2gA23poX6ieQXhogZAQKwgcoInsFz
-09E93crz6oInuUCKPvpmbCkJ1liIz340RETPsz6RF8nR4sNevzE/4kU6jPAlTljZ
-6JMArTE1T5rU7CZDEncqdNVZBbhCTK0aBJI9pVX/z8Fl+qUR9wNececfkBROaDyU
-1EmMEtFLgvI69OiCf1i6Zs/7N92WPNEuBq67SO57d4ddIG3jw46pXD5UiPhVWdw3
-jiP1FkTuO5rv3UJ8Csp2AGx1Mz9KejxxL+x/qkes8+Trmvtzy01yuUHaUWTxf3vO
-aZiWWtNPUYxwliNpN1O02FMtao1PczywXPdrUURLAIE0YJfnacyFRsVxBWOdJQLy
-Yap2geqJTeLyvjHDO/2b
-=EcxN
------END PGP SIGNATURE-----
diff --git a/phpMyAdmin-4.6.3-all-languages.tar.xz b/phpMyAdmin-4.6.3-all-languages.tar.xz
new file mode 100644
index 0000000..4ebfbad
--- /dev/null
+++ b/phpMyAdmin-4.6.3-all-languages.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:943bad38a95f21bb015bdb78c9c067e0ea7510c1b35d4b8e757cb89c413e3bac
+size 6111852
diff --git a/phpMyAdmin-4.6.3-all-languages.tar.xz.asc b/phpMyAdmin-4.6.3-all-languages.tar.xz.asc
new file mode 100644
index 0000000..cf613d7
--- /dev/null
+++ b/phpMyAdmin-4.6.3-all-languages.tar.xz.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAABAgAGBQJXa2bfAAoJEM51LxeCWb2SjXkP/jvbhg55etnApcymsTWy72Ho
+7BVvVlRmNdCISs8S2yuh8D417B9WDUGh4YLVu8gv+W0gd+/wUMY1D+WKmAgPJOBh
++Kb+gOMJ9YpGVdCSRpIvtQCyZPxGOAOPM552VfU5+seVOB9InxJAI2jKqVeVDp3Z
+j4dQVsp8BRVe3Fe/s2d85L+KaNaQefjehiOhNsIJ2II6mKPHgIECtFkKSBxqoiyx
+QpaucMiC6Oivuv3ucGuWc0wfDRbBeSl9zec3t2guikP0rPQORnAxs/xpUGASWmje
+Rki8QBcDxePDH62VGRV7Zf0dJfeekZON/aXY/DX3oeAoePACisjyslFZk1S2+yuN
++4NDpRm7Wlq8ZFtlqD5JWfjf+JVj2pAHwKidDDH2Mv+kLTExRefIjFLxGnHU6hVv
+Ee8jenDNJpy//JEwRInM3gi63CK0PTJMWAqVQ2OYb3PS9ic/yELQ3amlvnOHfCUF
++e7b3+HWzonV9MkAwkQhAwtmuXNo5/ykwKLCLc0cWGuUI8iAsGdOSKVFFI6WBQL9
+6JepwARr5Ej8Ah/0LI691EKoR3OWEXvRxD2wrZHqlpBQvN0vuy5+/2ZWz17JiYXE
+oYoAuE81B4T3k/epy30gR1qThysRyEYMSZ3ekbwLAZDKeeUovBmLq1Fn6TKJfDYe
+InisFtPxTLTWY5WuGYXV
+=+16s
+-----END PGP SIGNATURE-----
diff --git a/phpMyAdmin.changes b/phpMyAdmin.changes
index 6df2e89..6f33fb2 100644
--- a/phpMyAdmin.changes
+++ b/phpMyAdmin.changes
@@ -1,3 +1,58 @@
+-------------------------------------------------------------------
+Thu Jun 23 12:10:01 UTC 2016 - chris@computersalat.de
+
+- update to 4.6.3 (2016-06-23)
+  * gh#12249 Fixed cookie path on Windows
+  * gh#12279 Fixed error reporting on connect problems
+  * gh#12290 Fixed export of tables without explicitly set engine
+  * gh#12285 Designer JavaScript error: Show/Hide tables list
+  * gh#12293 Fix MySQL SSL connection with some PHP versions
+  * gh#12279 Fix MySQL connection error on version mismatch
+  * gh#12281 Keep user attributes (privileges, authentication mode, etc) when copying a user
+  * gh#12308 Fix division by zero in case of misconfigured MySQL server
+  * gh#12317 Fix editing server variables
+  * gh#12303 Fix table size calculation in some circumstances
+  * gh#12310 Fix listing routines for non privileged user
+  * issue Escape generated query in exporting a database
+  * issue Setup script did not properly use input type password for some input types
+- fix for boo#986154
+  * PMASA-2016-17 (CVE-2016-5701, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2016-17/
+    - BBCode injection vulnerability
+  * PMASA-2016-18 (CVE-2016-5702, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2016-18/
+    - Cookie attribute injection attack
+  * PMASA-2016-19 (CVE-2016-5703, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2016-19/
+    - SQL injection attack
+  * PMASA-2016-20 (CVE-2016-5704, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2016-20/
+    - XSS on table structure page
+  * PMASA-2016-21 (CVE-2016-5705, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2016-21/
+    - Multiple XSS vulnerabilities
+  * PMASA-2016-22 (CVE-2016-5706, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2016-22/
+    - DOS attack
+  * PMASA-2016-23 (CVE-2016-5730, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2016-23/
+    - Multiple full path disclosure vulnerabilities
+  * PMASA-2016-24 (CVE-2016-5731, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2016-24/
+    - XSS through FPD
+  * PMASA-2016-25 (CVE-2016-5732, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2016-25/
+    - XSS in partition range functionality
+  * PMASA-2016-26 (CVE-2016-5733, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2016-26/
+    - Multiple XSS vulnerabilities
+  * PMASA-2016-27 (CVE-2016-5734, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2016-27/
+    - Unsafe handling of preg_replace parameters
+  * PMASA-2016-28 (CVE-2016-5739, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2016-28/
+    - Referrer leak in transformations
+
 -------------------------------------------------------------------
 Sun May 29 15:07:43 UTC 2016 - chris@computersalat.de
 
diff --git a/phpMyAdmin.spec b/phpMyAdmin.spec
index 818d1c6..04ce3f7 100644
--- a/phpMyAdmin.spec
+++ b/phpMyAdmin.spec
@@ -29,7 +29,7 @@
 %define ap_grp nogroup
 %endif
 Name:           phpMyAdmin
-Version:        4.6.2
+Version:        4.6.3
 Release:        0
 Summary:        Administration of MySQL over the web
 License:        GPL-2.0+