diff --git a/.gitignore b/.gitignore
index 7fdc123..02d8877 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
 SOURCES/container-selinux.tgz
-SOURCES/selinux-policy-13afa66.tar.gz
-SOURCES/selinux-policy-contrib-4221121.tar.gz
+SOURCES/selinux-policy-2049cb7.tar.gz
+SOURCES/selinux-policy-contrib-1debe42.tar.gz
diff --git a/.selinux-policy.metadata b/.selinux-policy.metadata
index 754698f..05667c0 100644
--- a/.selinux-policy.metadata
+++ b/.selinux-policy.metadata
@@ -1,3 +1,3 @@
-b314e3dd86901e3eac1b9f45dc87550764339875 SOURCES/container-selinux.tgz
-dbc37c4f43c34a5e0a3dfb816b41476dc1c4005a SOURCES/selinux-policy-13afa66.tar.gz
-168cee2e06d02873b674db2681a901cd9a399b69 SOURCES/selinux-policy-contrib-4221121.tar.gz
+b4449b72eb942612b111105c501bf6ded157c1d5 SOURCES/container-selinux.tgz
+a5d2bba6d46a871fa8bd0cb83ffea26f86d8a21e SOURCES/selinux-policy-2049cb7.tar.gz
+0cc01efc49dfc5c792175482071f08cfb94089ee SOURCES/selinux-policy-contrib-1debe42.tar.gz
diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec
index 225cc51..af19d51 100644
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@@ -1,11 +1,11 @@
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 13afa66082aa47acba05fffbf1348b1be22c7f8c
+%global commit0 2049cb7a3ba6f00fd0e9630889c4a05ed38c79be
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 42211213de1e0296bf2c16d6dc30af33e2c157c1
+%global commit1 1debe424a9d4d91c0eb5be1911a682bc8d42b701
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -29,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.3
-Release: 49%{?dist}
+Release: 51%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -715,6 +715,36 @@ exit 0
 %endif
 
 %changelog
+* Mon Aug 03 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-51
+- Allow kadmind manage kerberos host rcache
+Resolves: rhbz#1863043
+- Allow virtlockd only getattr and lock block devices
+Resolves: rhbz#1832756
+- Allow qemu-ga read all non security file types conditionally
+Resolves: rhbz#1747960
+- Allow virtlockd manage VMs posix file locks
+Resolves: rhbz#1832756
+- Add dev_lock_all_blk_files() interface
+Resolves: rhbz#1832756
+- Allow systemd-logind dbus chat with fwupd
+Resolves: rhbz#1851932
+- Update xserver_rw_session macro
+Resolves: rhbz#1851448
+
+* Wed Jul 29 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-50
+- Revert "Allow qemu-kvm read and write /dev/mapper/control"
+This reverts commit f948eaf3d010215fc912e42013e4f88870279093.
+- Allow smbd get attributes of device files labeled samba_share_t
+Resolves: rhbz#1851816
+- Allow tomcat read user temporary files
+Resolves: rhbz#1857675
+- Revert "Dontaudit and disallow sys_admin capability for keepalived_t domain"
+Resolves: rhbz#1815281
+- Label /tmp/krb5_0.rcache2 with krb5_host_rcache_t
+Resolves: rhbz#1848953
+- Allow auditd manage kerberos host rcache files
+Resolves: rhbz#1855770
+
 * Thu Jul 09 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-49
 - Additional support for keepalived running in a namespace
 Resolves: rhbz#1815281