diff --git a/.gitignore b/.gitignore
index 7bd5a0c..3476ae7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -73,3 +73,5 @@ unbound-1.4.5.tar.gz
 /unbound-1.16.0.tar.gz.asc
 /unbound-1.16.2.tar.gz
 /unbound-1.16.2.tar.gz.asc
+/unbound-1.16.3.tar.gz
+/unbound-1.16.3.tar.gz.asc
diff --git a/sources b/sources
index abff2db..c6e4d53 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (unbound-1.16.2.tar.gz) = 0ea65ea63265be677441bd2a28df12098ec5e86c3372240c2874f9bd13752b8b818da81ae6076cf02cbeba3d36e397698a4c2b50570be1a6a8e47f57a0251572
-SHA512 (unbound-1.16.2.tar.gz.asc) = bc5241c86f90be76886209c81d6f1c025d4774fa00d114180b99d43999f31b1b4c8d123717b8a79a60bc3acfcbe9f46678b80b3d961431c7bfd05ff48c69ef4f
+SHA512 (unbound-1.16.3.tar.gz) = ef5cda926dd1082a750615d8687bccd756869c66e9f24f984fda4c6613f94f3e4884db328b8d7b490777a75d3e616dcb61c5258e7777923c0590e6fabacd207c
+SHA512 (unbound-1.16.3.tar.gz.asc) = b106f080d877e479d944a7ebe24a380f4c40c38308733f43f8a60d4e7aedc6597e6daa4a1428f596e705c9c75e6ee7b4187dbbc5750a9c406f59d76d4f1b4a8d
diff --git a/unbound.spec b/unbound.spec
index 69f962f..e923580 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -29,8 +29,8 @@
 
 Summary: Validating, recursive, and caching DNS(SEC) resolver
 Name: unbound
-Version: 1.16.2
-Release: 3%{?extra_version:.%{extra_version}}%{?dist}
+Version: 1.16.3
+Release: 1%{?extra_version:.%{extra_version}}%{?dist}
 License: BSD
 Url: https://nlnetlabs.nl/projects/unbound/
 Source: https://nlnetlabs.nl/downloads/%{name}/%{name}-%{version}%{?extra_version}.tar.gz
@@ -471,25 +471,20 @@ popd
 %{_mandir}/man1/unbound-*
 
 %changelog
+* Fri Sep 23 2022 Petr Menšík <pemensik@redhat.com> - 1.16.3-1
+- Update to 1.16.3 (#2128638)
+
 * Tue Aug 09 2022 Paul Wouters <pwouters@redhat.com> - 1.16.2-3
 - sync up to upstream unbound.conf
 - Enable Extended DNS Error codes (RFC8914)
+- Move unbound-anchor to separate package
+- Move unbound-host and unbound-streamtcp to unbound-utils package
 
 * Tue Aug 09 2022 Petr Menšík <pemensik@redhat.com> - 1.16.2-2
 - Require openssl tool for unbound-keygen (#2116790)
 
 * Wed Aug 03 2022 Petr Menšík <pemensik@redhat.com> - 1.16.2-1
-- Update to 1.16.2 (#2105947) for CVE-2022-30698 and CVE-2022-30699
-
-* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.16.0-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
-
-* Mon Jun 27 2022 Petr Menšík <pemensik@redhat.com> - 1.16.0-6
-- Move unbound-anchor to separate package
-- Move unbound-host and unbound-streamtcp to unbound-utils package
-
-* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 1.16.0-5
-- Rebuilt for Python 3.11
+- Update to 1.16.2 (#2105947)
 
 * Tue Jun 07 2022 Petr Menšík <pemensik@redhat.com> - 1.16.0-4
 - Restart keygen service before every unbound start
@@ -503,21 +498,6 @@ popd
 * Wed Apr 20 2022 Petr Menšík <pemensik@redhat.com> - 1.15.0-2
 - Update icannbundle.pem
 
-* Tue Mar 29 2022 Petr Menšík <pemensik@redhat.com> - 1.15.0-1
-- Update to 1.15.0 (#2030608)
-
-* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.13.2-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
-
-* Sat Nov 06 2021 Adrian Reber <adrian@lisas.de> - 1.13.2-4
-- Rebuilt for protobuf 3.19.0
-
-* Mon Oct 25 2021 Adrian Reber <adrian@lisas.de> - 1.13.2-3
-- Rebuilt for protobuf 3.18.1
-
-* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 1.13.2-2
-- Rebuilt with OpenSSL 3.0.0
-
 * Thu Aug 12 2021 Paul Wouters <paul.wouters@aiven.io> - 1.13.2-1
 - Resolves: rhbz#1992985 unbound-1.13.2 is available
 - Use system-wide crypto policies