diff --git a/debian/changelog b/debian/changelog
index 117bcfb6..9954bd75 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,19 @@
+mosquitto (1.4.14-1) unstable; urgency=medium
+
+  * SECURITY UPDATE: Persistence file is world readable, which may expose
+    sensitive data. Fixed by upstream release 1.4.13.
+    - CVE-2017-9868
+  * New upstream release.
+  * Remove upstart support.
+  * Bumped standards version to 4.1.2.
+    - Removed invoke-rc.d conditionals.
+    - Changed "extra" priorities to "optional".
+  * Build-Depends: Add dh-systemd, bump libwebsockets to >=2.0.
+  * no-man-clean.patch - don't clean man pages from source directory.
+  * async_dns.patch - enable bridge async DNS lookups.
+
+ -- Roger A. Light <roger@atchoo.org>  Fri, 22 Dec 2017 07:14:19 +0000
+
 mosquitto (1.4.12-1) experimental; urgency=low
 
   * New upstream release.
diff --git a/debian/control b/debian/control
index 93fc9de3..195623d9 100644
--- a/debian/control
+++ b/debian/control
@@ -3,14 +3,15 @@ Section: net
 Priority: optional
 Maintainer: Roger A. Light <roger@atchoo.org>
 Build-Depends: debhelper (>= 10),
+               dh-systemd,
                libc-ares-dev,
                libssl-dev (>=1.0.0),
-               libwebsockets-dev (>=1.2),
+               libwebsockets-dev (>=2.0),
                libwrap0-dev,
                python-all (>= 2.6.6-3~),
                uthash-dev,
                uuid-dev
-Standards-Version: 3.9.8
+Standards-Version: 4.1.2
 Homepage: http://mosquitto.org/
 Vcs-Git: https://github.com/eclipse/mosquitto
 Vcs-Browser: https://github.com/eclipse/mosquitto/tree/debian
@@ -127,7 +128,7 @@ Description: Mosquitto command line MQTT clients
 Package: mosquitto-dbg
 Architecture: any
 Multi-Arch: foreign
-Priority: extra
+Priority: optional
 Section: debug
 Depends: mosquitto (= ${binary:Version}) | mosquitto-clients (= ${binary:Version}),
          ${misc:Depends}
@@ -139,7 +140,7 @@ Description: debugging symbols for mosquitto binaries
 Package: libmosquitto1-dbg
 Architecture: any
 Multi-Arch: same
-Priority: extra
+Priority: optional
 Section: debug
 Depends: libmosquitto1 (= ${binary:Version}), ${misc:Depends}
 Description: debugging symbols for libmosquitto binaries
@@ -149,7 +150,7 @@ Description: debugging symbols for libmosquitto binaries
 Package: libmosquittopp1-dbg
 Architecture: any
 Multi-Arch: same
-Priority: extra
+Priority: optional
 Section: debug
 Depends: libmosquittopp1 (= ${binary:Version}), ${misc:Depends}
 Description: debugging symbols for libmosquittopp binaries
diff --git a/debian/mosquitto.prerm b/debian/mosquitto.prerm
index 6fdbd4aa..11331548 100644
--- a/debian/mosquitto.prerm
+++ b/debian/mosquitto.prerm
@@ -7,13 +7,7 @@ set -e
 
 case "$1" in
 	remove|purge|deconfigure)
-		if [ -x /etc/init.d/mosquitto ]; then
-			if [ -x /usr/sbin/invoke-rc.d ]; then
-				invoke-rc.d mosquitto stop
-			else
-				/etc/init.d/mosquitto stop
-			fi
-		fi
+		invoke-rc.d mosquitto stop
 	;;
 
 	upgrade)
diff --git a/debian/patches/async_dns.patch b/debian/patches/async_dns.patch
new file mode 100644
index 00000000..4caa8f11
--- /dev/null
+++ b/debian/patches/async_dns.patch
@@ -0,0 +1,14 @@
+Description: Enable asynchronous DNS resolving for bridges.
+Author: Roger Light <roger@atchoo.org>
+Forwarded: not-needed
+--- a/config.mk
++++ b/config.mk
+@@ -77,7 +77,7 @@
+ WITH_SOCKS:=yes
+ 
+ # Build with async dns lookup support for bridges (temporary). Requires glibc.
+-#WITH_ADNS:=yes
++WITH_ADNS:=yes
+ 
+ # =============================================================================
+ # End of user configuration
diff --git a/debian/patches/build-timestamp.patch b/debian/patches/build-timestamp.patch
index 6710ce39..296fc284 100644
--- a/debian/patches/build-timestamp.patch
+++ b/debian/patches/build-timestamp.patch
@@ -6,7 +6,7 @@ Forwarded: not-needed
 @@ -87,7 +87,7 @@
  # Also bump lib/mosquitto.h, CMakeLists.txt,
  # installer/mosquitto.nsi, installer/mosquitto-cygwin.nsi
- VERSION=1.4.12
+ VERSION=1.4.14
 -TIMESTAMP:=$(shell date "+%F %T%z")
 +TIMESTAMP:=$(shell dpkg-parsechangelog -l../debian/changelog | grep Date | sed -e 's/Date: //')
  
diff --git a/debian/patches/series b/debian/patches/series
index 23aa9048..1f69158b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
+async_dns.patch
 enable-libwrap.patch
 fix-prefix.patch
 nostrip.patch
diff --git a/debian/rules b/debian/rules
index 00ee840a..bd5e442c 100755
--- a/debian/rules
+++ b/debian/rules
@@ -3,7 +3,7 @@
 export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
 
 %:
-	dh $@
+	dh $@ --with systemd
 
 override_dh_installchangelogs:
 	dh_installchangelogs ChangeLog.txt