diff --git a/tomcat.spec b/tomcat.spec
index 3cb52c0..b8f2d7b 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -692,12 +692,17 @@ fi
 %changelog
 * Thu Dec 13 2018 Coty Sutherland <csutherl@redhat.com> - 1:9.0.13-1
 - Update to 9.0.13
+- Resolves: rhbz#1636513 - CVE-2018-11784 tomcat: Open redirect in default servlet
 
 * Sun Oct 14 2018 Peter Robinson <pbrobinson@fedoraproject.org> 1:9.0.10-2
 - Drop legcy sys-v bits
 
 * Tue Jul 31 2018 Coty Sutherland <csutherl@redhat.com> - 1:9.0.10-1
 - Update to 9.0.10
+- Resolves: rhbz#1624929 - CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS
+- Resolves: rhbz#1579612 - CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
+- Resolves: rhbz#1607586 - CVE-2018-8034 tomcat: host name verification missing in WebSocket client
+- Resolves: rhbz#1607584 - CVE-2018-8037 tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up
 
 * Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:9.0.7-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild