diff --git a/SOURCES/pki-core-rhel-7-9-rhcs-9-7-bu-19.patch b/SOURCES/pki-core-rhel-7-9-rhcs-9-7-bu-19.patch
new file mode 100644
index 0000000..5b18ee7
--- /dev/null
+++ b/SOURCES/pki-core-rhel-7-9-rhcs-9-7-bu-19.patch
@@ -0,0 +1,338 @@
+From b6b624d191a003f273283a1bc00278f534ff41a6 Mon Sep 17 00:00:00 2001
+From: Chris Kelley <ckelley@redhat.com>
+Date: Wed, 19 Oct 2022 16:42:43 +0100
+Subject: [PATCH 1/2] Use internal JAXP implementation.
+
+JAXP will attempt to use xerces if the JAR is installed, so force the
+application to use the internal parsers instead.
+
+(cherry picked from commit ce5876dae1888cae0631f039694762811d6dab94)
+---
+ .../cmscore/src/com/netscape/cmscore/apps/CMSEngine.java | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java
+index db341d5..de98f74 100644
+--- a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java
++++ b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java
+@@ -43,6 +43,8 @@ import java.util.Vector;
+ 
+ import javax.servlet.ServletException;
+ import javax.servlet.http.HttpServlet;
++import javax.xml.parsers.DocumentBuilder;
++import javax.xml.parsers.DocumentBuilderFactory;
+ 
+ import org.apache.commons.lang.StringUtils;
+ import org.apache.xerces.parsers.DOMParser;
+@@ -58,6 +60,7 @@ import org.mozilla.jss.crypto.PrivateKey;
+ import org.mozilla.jss.crypto.Signature;
+ import org.mozilla.jss.crypto.SignatureAlgorithm;
+ import org.mozilla.jss.util.PasswordCallback;
++import org.w3c.dom.Document;
+ import org.w3c.dom.Element;
+ import org.w3c.dom.NodeList;
+ 
+@@ -618,9 +621,16 @@ public class CMSEngine implements ICMSEngine {
+         try {
+             String instanceRoot = mConfig.getString("instanceRoot");
+             String path = instanceRoot + File.separator + "conf" + File.separator + SERVER_XML;
+-            DOMParser parser = new DOMParser();
+-            parser.parse(path);
+-            NodeList nodes = parser.getDocument().getElementsByTagName("Connector");
++            DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(
++                    "com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl",
++                    this.getClass().getClassLoader());
++            factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
++            factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
++            factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
++            DocumentBuilder builder = factory.newDocumentBuilder();
++            Document doc = builder.parse(new File(path));
++            doc.getDocumentElement().normalize();
++            NodeList nodes = doc.getElementsByTagName("Connector");
+             String parentName = "";
+             String name = "";
+             String port = "";
+-- 
+1.8.3.1
+
+
+From 646e4eda892d17236ba67f659292ecfcb7790466 Mon Sep 17 00:00:00 2001
+From: Chris Kelley <ckelley@redhat.com>
+Date: Thu, 20 Oct 2022 15:04:40 +0100
+Subject: [PATCH 2/2] Remove references to Xerces JAR
+
+Requesting use of the internal JAXP DocumentBuilderFactory
+implementation renders the JAR unnecessary (from the perspective of PKI,
+it is still required and installed by dependencies of PKI).
+---
+ base/CMakeLists.txt                                          |  8 --------
+ base/ca/shared/conf/jkconfig.manifest                        |  2 +-
+ base/common/src/CMakeLists.txt                               | 10 +---------
+ base/java-tools/src/CMakeLists.txt                           | 10 +---------
+ base/javadoc/CMakeLists.txt                                  |  2 +-
+ base/kra/shared/conf/jkconfig.manifest                       |  2 +-
+ base/ocsp/shared/conf/jkconfig.manifest                      |  2 +-
+ base/server/CMakeLists.txt                                   |  3 +--
+ .../cmscore/src/com/netscape/cmscore/apps/CMSEngine.java     |  1 -
+ base/server/share/conf/catalina.properties                   |  2 +-
+ base/server/test/CMakeLists.txt                              |  2 +-
+ base/test/src/CMakeLists.txt                                 |  2 +-
+ base/tks/shared/conf/jkconfig.manifest                       |  2 +-
+ base/tps/shared/conf/jkconfig.manifest                       |  2 +-
+ base/util/src/CMakeLists.txt                                 | 12 ++----------
+ base/util/test/CMakeLists.txt                                |  2 +-
+ 16 files changed, 15 insertions(+), 49 deletions(-)
+
+diff --git a/base/CMakeLists.txt b/base/CMakeLists.txt
+index 5be5b24..d5548a1 100644
+--- a/base/CMakeLists.txt
++++ b/base/CMakeLists.txt
+@@ -196,14 +196,6 @@ find_file(XALAN_JAR
+         /usr/share/java
+ )
+ 
+-find_file(XERCES_JAR
+-    NAMES
+-        xerces-j2.jar
+-    PATHS
+-        ${JAVA_LIB_INSTALL_DIR}
+-        /usr/share/java
+-)
+-
+ # The order is important!
+ if (APPLICATION_FLAVOR_PKI_CORE OR
+     APPLICATION_FLAVOR_PKI_CONSOLE)
+diff --git a/base/ca/shared/conf/jkconfig.manifest b/base/ca/shared/conf/jkconfig.manifest
+index 3ba1f2e..5731b47 100644
+--- a/base/ca/shared/conf/jkconfig.manifest
++++ b/base/ca/shared/conf/jkconfig.manifest
+@@ -1,2 +1,2 @@
+ Main-Class: org.apache.jk.config.WebXml2Jk
+-Class-Path: tomcat-jk2.jar commons-logging.jar crimson.jar xercesImpl.jar xmlApis.jar tomcat-util.jar log4j.jar log4j-core.jar
++Class-Path: tomcat-jk2.jar commons-logging.jar crimson.jar xmlApis.jar tomcat-util.jar log4j.jar log4j-core.jar
+diff --git a/base/common/src/CMakeLists.txt b/base/common/src/CMakeLists.txt
+index 705d62c..85b3a4c 100644
+--- a/base/common/src/CMakeLists.txt
++++ b/base/common/src/CMakeLists.txt
+@@ -53,14 +53,6 @@ find_file(XALAN_JAR
+         /usr/share/java
+ )
+ 
+-find_file(XERCES_JAR
+-    NAMES
+-        xerces-j2.jar
+-    PATHS
+-        ${JAVA_LIB_INSTALL_DIR}
+-        /usr/share/java
+-)
+-
+ find_file(RESTEASY_JAXRS_JAR
+     NAMES
+         resteasy-jaxrs.jar
+@@ -102,7 +94,7 @@ javac(pki-certsrv-classes
+         *.java
+     CLASSPATH
+         ${SLF4J_API_JAR}
+-        ${LDAPJDK_JAR} ${SERVLET_JAR} ${VELOCITY_JAR} ${XALAN_JAR} ${XERCES_JAR}
++        ${LDAPJDK_JAR} ${SERVLET_JAR} ${VELOCITY_JAR} ${XALAN_JAR}
+         ${JSS_JAR} ${COMMONS_CODEC_JAR} ${COMMONS_HTTPCLIENT_JAR} ${COMMONS_IO_JAR}
+         ${APACHE_COMMONS_LANG_JAR}
+         ${TOMCAT_CATALINA_JAR} ${TOMCAT_UTIL_JAR} ${SYMKEY_JAR}
+diff --git a/base/java-tools/src/CMakeLists.txt b/base/java-tools/src/CMakeLists.txt
+index 7c57eaa..527aff2 100644
+--- a/base/java-tools/src/CMakeLists.txt
++++ b/base/java-tools/src/CMakeLists.txt
+@@ -45,14 +45,6 @@ find_file(XALAN_JAR
+         /usr/share/java
+ )
+ 
+-find_file(XERCES_JAR
+-    NAMES
+-        xerces-j2.jar
+-    PATHS
+-        ${JAVA_LIB_INSTALL_DIR}
+-        /usr/share/java
+-)
+-
+ find_file(RESTEASY_JAXRS_JAR
+     NAMES
+         resteasy-jaxrs.jar
+@@ -87,7 +79,7 @@ javac(pki-tools-classes
+         *.java
+     CLASSPATH
+         ${PKI_NSUTIL_JAR} ${PKI_CMSUTIL_JAR} ${PKI_CERTSRV_JAR}
+-        ${XALAN_JAR} ${XERCES_JAR}
++        ${XALAN_JAR}
+         ${JSS_JAR} ${LDAPJDK_JAR} ${COMMONS_CODEC_JAR} ${COMMONS_IO_JAR}
+         ${APACHE_COMMONS_CLI_JAR} ${APACHE_COMMONS_LANG_JAR}
+         ${JAXRS_API_JAR} ${RESTEASY_JAXRS_JAR} ${RESTEASY_ATOM_PROVIDER_JAR}
+diff --git a/base/javadoc/CMakeLists.txt b/base/javadoc/CMakeLists.txt
+index c477a33..8e00141 100644
+--- a/base/javadoc/CMakeLists.txt
++++ b/base/javadoc/CMakeLists.txt
+@@ -89,7 +89,7 @@ javadoc(pki-javadoc
+         org.dogtagpki
+     CLASSPATH
+         ${SLF4J_API_JAR}
+-        ${XALAN_JAR} ${XERCES_JAR}
++        ${XALAN_JAR}
+         ${APACHE_COMMONS_CLI_JAR} ${APACHE_COMMONS_LANG_JAR}
+         ${COMMONS_CODEC_JAR} ${COMMONS_HTTPCLIENT_JAR} ${COMMONS_IO_JAR}
+         ${LDAPJDK_JAR} ${VELOCITY_JAR}
+diff --git a/base/kra/shared/conf/jkconfig.manifest b/base/kra/shared/conf/jkconfig.manifest
+index 3ba1f2e..5731b47 100644
+--- a/base/kra/shared/conf/jkconfig.manifest
++++ b/base/kra/shared/conf/jkconfig.manifest
+@@ -1,2 +1,2 @@
+ Main-Class: org.apache.jk.config.WebXml2Jk
+-Class-Path: tomcat-jk2.jar commons-logging.jar crimson.jar xercesImpl.jar xmlApis.jar tomcat-util.jar log4j.jar log4j-core.jar
++Class-Path: tomcat-jk2.jar commons-logging.jar crimson.jar xmlApis.jar tomcat-util.jar log4j.jar log4j-core.jar
+diff --git a/base/ocsp/shared/conf/jkconfig.manifest b/base/ocsp/shared/conf/jkconfig.manifest
+index 3ba1f2e..5731b47 100644
+--- a/base/ocsp/shared/conf/jkconfig.manifest
++++ b/base/ocsp/shared/conf/jkconfig.manifest
+@@ -1,2 +1,2 @@
+ Main-Class: org.apache.jk.config.WebXml2Jk
+-Class-Path: tomcat-jk2.jar commons-logging.jar crimson.jar xercesImpl.jar xmlApis.jar tomcat-util.jar log4j.jar log4j-core.jar
++Class-Path: tomcat-jk2.jar commons-logging.jar crimson.jar xmlApis.jar tomcat-util.jar log4j.jar log4j-core.jar
+diff --git a/base/server/CMakeLists.txt b/base/server/CMakeLists.txt
+index ec2d37b..09ded9c 100644
+--- a/base/server/CMakeLists.txt
++++ b/base/server/CMakeLists.txt
+@@ -46,7 +46,7 @@ javac(pki-server-classes
+         ${HTTPCORE_JAR} ${HTTPCLIENT_JAR}
+         ${JSS_JAR} ${SYMKEY_JAR}
+         ${LDAPJDK_JAR}
+-        ${XALAN_JAR} ${XERCES_JAR}
++        ${XALAN_JAR}
+         ${SERVLET_JAR} ${TOMCAT_CATALINA_JAR} ${TOMCAT_UTIL_JAR}
+         ${TOMCATJSS_JAR} ${VELOCITY_JAR}
+         ${JAXRS_API_JAR} ${RESTEASY_JAXRS_JAR} ${RESTEASY_ATOM_PROVIDER_JAR}
+@@ -130,7 +130,6 @@ add_custom_command(
+     COMMAND /usr/bin/ln -sf /usr/lib/java/symkey.jar ${CMAKE_CURRENT_BINARY_DIR}/common/lib/symkey.jar
+     COMMAND ${CMAKE_COMMAND} -E create_symlink /usr/share/java/tomcatjss.jar common/lib/tomcatjss.jar
+     COMMAND ${CMAKE_COMMAND} -E create_symlink /usr/share/java/velocity.jar common/lib/velocity.jar
+-    COMMAND ${CMAKE_COMMAND} -E create_symlink /usr/share/java/xerces-j2.jar common/lib/xerces-j2.jar
+     COMMAND ${CMAKE_COMMAND} -E create_symlink /usr/share/java/xml-commons-apis.jar common/lib/xml-commons-apis.jar
+     COMMAND ${CMAKE_COMMAND} -E create_symlink /usr/share/java/xml-commons-resolver.jar common/lib/xml-commons-resolver.jar
+ )
+diff --git a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java
+index de98f74..23beb96 100644
+--- a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java
++++ b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java
+@@ -47,7 +47,6 @@ import javax.xml.parsers.DocumentBuilder;
+ import javax.xml.parsers.DocumentBuilderFactory;
+ 
+ import org.apache.commons.lang.StringUtils;
+-import org.apache.xerces.parsers.DOMParser;
+ import org.dogtagpki.legacy.core.policy.GeneralNameUtil;
+ import org.dogtagpki.legacy.policy.IGeneralNameAsConstraintsConfig;
+ import org.dogtagpki.legacy.policy.IGeneralNamesAsConstraintsConfig;
+diff --git a/base/server/share/conf/catalina.properties b/base/server/share/conf/catalina.properties
+index 2199a78..f7edc01 100644
+--- a/base/server/share/conf/catalina.properties
++++ b/base/server/share/conf/catalina.properties
+@@ -108,7 +108,7 @@ jstl.jar,\
+ geronimo-spec-jaxrpc*.jar,wsdl4j*.jar,\
+ ant.jar,ant-junit*.jar,aspectj*.jar,jmx.jar,h2*.jar,hibernate*.jar,httpclient*.jar,\
+ jmx-tools.jar,jta*.jar,log4j*.jar,mail*.jar,slf4j*.jar,\
+-xercesImpl.jar,xmlParserAPIs.jar,xml-apis.jar,\
++xmlParserAPIs.jar,xml-apis.jar,\
+ dnsns.jar,ldapsec.jar,localedata.jar,sunjce_provider.jar,sunmscapi.jar,\
+ sunpkcs11.jar,jhall.jar,tools.jar,\
+ sunec.jar,zipfs.jar,\
+diff --git a/base/server/test/CMakeLists.txt b/base/server/test/CMakeLists.txt
+index 707493f..ea24f86 100644
+--- a/base/server/test/CMakeLists.txt
++++ b/base/server/test/CMakeLists.txt
+@@ -36,7 +36,7 @@ javac(pki-server-test-classes
+     CLASSPATH
+         ${PKI_NSUTIL_JAR} ${PKI_CMSUTIL_JAR}
+         ${PKI_CERTSRV_JAR} ${PKI_CMS_JAR} ${PKI_CMSCORE_JAR} ${PKI_CMSBUNDLE_JAR}
+-        ${LDAPJDK_JAR} ${SERVLET_JAR} ${VELOCITY_JAR} ${XALAN_JAR} ${XERCES_JAR}
++        ${LDAPJDK_JAR} ${SERVLET_JAR} ${VELOCITY_JAR} ${XALAN_JAR}
+         ${JSS_JAR} ${COMMONS_CODEC_JAR} ${SYMKEY_JAR}
+         ${HAMCREST_JAR} ${JUNIT_JAR}
+         ${CMAKE_BINARY_DIR}/test/classes
+diff --git a/base/test/src/CMakeLists.txt b/base/test/src/CMakeLists.txt
+index 24e72aa..4a8355a 100644
+--- a/base/test/src/CMakeLists.txt
++++ b/base/test/src/CMakeLists.txt
+@@ -6,7 +6,7 @@ javac(pki-test-classes
+     SOURCES
+         *.java
+     CLASSPATH
+-        ${XALAN_JAR} ${XERCES_JAR}
++        ${XALAN_JAR}
+         ${HAMCREST_JAR} ${JUNIT_JAR}
+     OUTPUT_DIR
+         ${CMAKE_BINARY_DIR}/test/classes
+diff --git a/base/tks/shared/conf/jkconfig.manifest b/base/tks/shared/conf/jkconfig.manifest
+index 3ba1f2e..5731b47 100644
+--- a/base/tks/shared/conf/jkconfig.manifest
++++ b/base/tks/shared/conf/jkconfig.manifest
+@@ -1,2 +1,2 @@
+ Main-Class: org.apache.jk.config.WebXml2Jk
+-Class-Path: tomcat-jk2.jar commons-logging.jar crimson.jar xercesImpl.jar xmlApis.jar tomcat-util.jar log4j.jar log4j-core.jar
++Class-Path: tomcat-jk2.jar commons-logging.jar crimson.jar xmlApis.jar tomcat-util.jar log4j.jar log4j-core.jar
+diff --git a/base/tps/shared/conf/jkconfig.manifest b/base/tps/shared/conf/jkconfig.manifest
+index 3ba1f2e..5731b47 100644
+--- a/base/tps/shared/conf/jkconfig.manifest
++++ b/base/tps/shared/conf/jkconfig.manifest
+@@ -1,2 +1,2 @@
+ Main-Class: org.apache.jk.config.WebXml2Jk
+-Class-Path: tomcat-jk2.jar commons-logging.jar crimson.jar xercesImpl.jar xmlApis.jar tomcat-util.jar log4j.jar log4j-core.jar
++Class-Path: tomcat-jk2.jar commons-logging.jar crimson.jar xmlApis.jar tomcat-util.jar log4j.jar log4j-core.jar
+diff --git a/base/util/src/CMakeLists.txt b/base/util/src/CMakeLists.txt
+index a2269b2..883ead0 100644
+--- a/base/util/src/CMakeLists.txt
++++ b/base/util/src/CMakeLists.txt
+@@ -52,14 +52,6 @@ find_file(XALAN_JAR
+         /usr/share/java
+ )
+ 
+-find_file(XERCES_JAR
+-    NAMES
+-        xerces-j2.jar
+-    PATHS
+-        ${JAVA_LIB_INSTALL_DIR}
+-        /usr/share/java
+-)
+-
+ find_file(NUXWDOG_JAR
+     NAMES
+         nuxwdog.jar
+@@ -73,7 +65,7 @@ javac(pki-nsutil-classes
+     SOURCES
+         netscape/*.java
+     CLASSPATH
+-        ${APACHE_COMMONS_LANG_JAR} ${LDAPJDK_JAR} ${XALAN_JAR} ${XERCES_JAR}
++        ${APACHE_COMMONS_LANG_JAR} ${LDAPJDK_JAR} ${XALAN_JAR}
+         ${JSS_JAR} ${COMMONS_CODEC_JAR}
+         ${SLF4J_API_JAR}
+     OUTPUT_DIR
+@@ -118,7 +110,7 @@ javac(pki-cmsutil-classes
+         com/netscape/cmsutil/*.java
+     CLASSPATH
+         ${APACHE_COMMONS_LANG_JAR} ${HTTPCORE_JAR} ${HTTPCLIENT_JAR}
+-        ${LDAPJDK_JAR} ${XALAN_JAR} ${XERCES_JAR}
++        ${LDAPJDK_JAR} ${XALAN_JAR}
+         ${JSS_JAR} ${COMMONS_CODEC_JAR} ${NUXWDOG_JAR}
+         ${SLF4J_API_JAR}
+     OUTPUT_DIR
+diff --git a/base/util/test/CMakeLists.txt b/base/util/test/CMakeLists.txt
+index cc5c07a..3267c66 100644
+--- a/base/util/test/CMakeLists.txt
++++ b/base/util/test/CMakeLists.txt
+@@ -7,7 +7,7 @@ javac(pki-util-test-classes
+         *.java
+     CLASSPATH
+         ${PKI_NSUTIL_JAR} ${PKI_CMSUTIL_JAR}
+-        ${JSS_JAR} ${LDAPJDK_JAR} ${COMMONS_CODEC_JAR} ${XALAN_JAR} ${XERCES_JAR}
++        ${JSS_JAR} ${LDAPJDK_JAR} ${COMMONS_CODEC_JAR} ${XALAN_JAR}
+         ${HAMCREST_JAR} ${JUNIT_JAR}
+     OUTPUT_DIR
+         ${CMAKE_BINARY_DIR}/test/classes
+-- 
+1.8.3.1
+
diff --git a/SPECS/pki-core.spec b/SPECS/pki-core.spec
index 9f64b5b..a1cb8c2 100644
--- a/SPECS/pki-core.spec
+++ b/SPECS/pki-core.spec
@@ -65,13 +65,13 @@
 Name:             pki-core
 %if 0%{?rhel}
 Version:                10.5.18
-%define redhat_release  23
+%define redhat_release  24
 %define redhat_stage    0
 #%define default_release %{redhat_release}.%{redhat_stage}
 %define default_release %{redhat_release}
 %else
 Version:                10.5.18
-%define fedora_release  23
+%define fedora_release  24
 %define fedora_stage    0
 #%define default_release %{fedora_release}.%{fedora_stage}
 %define default_release %{fedora_release}
@@ -121,7 +121,6 @@ BuildRequires:    python-lxml
 BuildRequires:    python-sphinx
 BuildRequires:    velocity
 BuildRequires:    xalan-j2
-BuildRequires:    xerces-j2
 
 %if 0%{?rhel} && 0%{?rhel} <= 7
 # 'resteasy-base' is a subset of the complete set of
@@ -228,6 +227,7 @@ Patch17: pki-core-rhel-7-9-rhcs-9-7-bu-11.patch
 Patch19: pki-core-rhel-7-9-rhcs-9-7-bu-15.patch
 #Patch20: pki-core-rhel-7-9-rhcs-9-7-bu-17.patch
 Patch21: pki-core-rhel-7-9-rhcs-9-7-bu-18.patch
+Patch22: pki-core-rhel-7-9-rhcs-9-7-bu-19.patch
 
 # Obtain version phase number (e. g. - used by "alpha", "beta", etc.)
 #
@@ -429,7 +429,6 @@ Requires:    resteasy-jackson-provider >= 3.0.17-1
 %endif
 
 Requires:         xalan-j2
-Requires:         xerces-j2
 Requires:         xml-commons-apis
 Requires:         xml-commons-resolver
 
@@ -850,6 +849,7 @@ This package is a part of the PKI Core used by the Certificate System.
 %patch19 -p1
 #%patch20 -p1
 %patch21 -p1
+%patch22 -p1
 
 %clean
 %{__rm} -rf %{buildroot}
@@ -996,7 +996,6 @@ if [ -f /etc/debian_version ]; then
     ln -sf /usr/share/java/jackson-xc.jar %{buildroot}%{_datadir}/pki/server/common/lib/jackson-xc.jar
     ln -sf /usr/share/java/jss4.jar %{buildroot}%{_datadir}/pki/server/common/lib/jss4.jar
     ln -sf /usr/share/java/symkey.jar %{buildroot}%{_datadir}/pki/server/common/lib/symkey.jar
-    ln -sf /usr/share/java/xercesImpl.jar %{buildroot}%{_datadir}/pki/server/common/lib/xerces-j2.jar
     ln -sf /usr/share/java/xml-apis.jar %{buildroot}%{_datadir}/pki/server/common/lib/xml-commons-apis.jar
     ln -sf /usr/share/java/xml-resolver.jar %{buildroot}%{_datadir}/pki/server/common/lib/xml-commons-resolver.jar
 fi
@@ -1387,6 +1386,19 @@ fi
 %endif # %{with server}
 
 %changelog
+* Wed Oct 26 2022 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-24
+- ##########################################################################
+- # RHEL 7.9 (Batch Update 19):
+- ##########################################################################
+- Bugzilla Bug #2107329 - CVE-2022-2414 pki-core: access to external
+  entities when parsing XML can lead to XXE [rhel-7.9.z] (ckelley, mharmsen)
+- ##########################################################################
+- # RHCS 9.7 (Batch Update 19):
+- ##########################################################################
+- Bugzilla Bug #2107325 - CVE-2022-2414 pki-core: access to external
+  entities when parsing XML can lead to XXE [certificate_system_9.7.z]
+  (ckelley, mharmsen)
+
 * Mon Oct 10 2022 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-23
 - ##########################################################################
 - # RHEL 7.9 (Batch Update 18):