diff --git a/.shim.metadata b/.shim.metadata
index f997f90..24b7aab 100644
--- a/.shim.metadata
+++ b/.shim.metadata
@@ -1,3 +1,3 @@
-750bd7932437b1fb6610c233f69db1b70d67fab1 SOURCES/shimaa64.efi
-96ea5ec6612ad2d49dfa812897fc2f70ebee6b9d SOURCES/shimia32.efi
-b7adea991a31e4392910db8b7ee63faff39e9207 SOURCES/shimx64.efi
+8ab193ad7addd71e4a820081f36d47e5ef727d28 SOURCES/shimaa64.efi
+d3178fb0a2d662e2457e4a5cd13d1224e2aac1c2 SOURCES/shimia32.efi
+9fb692b46fc70fd07a9acbbabc8e1c50d0e9a481 SOURCES/shimx64.efi
diff --git a/SOURCES/shim.rpmmacros b/SOURCES/shim.rpmmacros
index ec33c1d..f477f25 100644
--- a/SOURCES/shim.rpmmacros
+++ b/SOURCES/shim.rpmmacros
@@ -13,9 +13,9 @@
 %global shimefix64 %{expand:%{SOURCE22}}
 #%%global shimefiarm %%{expand:%%{SOURCE23}
 
-%global shimveraa64 15-6.el8
-%global shimveria32 15-9.el8
-%global shimverx64 15-9.el8
+%global shimveraa64 15-7.el8_1
+%global shimveria32 15.4-4.el8_1
+%global shimverx64 15.4-4.el8_1
 #%%global shimverarm 15-1.el8
 
 %global shimdiraa64 %{_datadir}/shim/%{shimveraa64}/aa64
diff --git a/SPECS/shim.spec b/SPECS/shim.spec
index c21b6cb..e73f31f 100644
--- a/SPECS/shim.spec
+++ b/SPECS/shim.spec
@@ -1,6 +1,6 @@
 Name:		shim
-Version:	15
-Release:	16%{?dist}
+Version:	15.4
+Release:	2%{?dist}
 Summary:	First-stage UEFI bootloader
 License:	BSD
 URL:		https://github.com/rhboot/shim/
@@ -101,13 +101,27 @@ install -m 0700 %{shimefi} $RPM_BUILD_ROOT%{efi_esp_dir}/shim.efi
 %endif
 
 %changelog
-* Mon Sep 21 2020 Javier Martinez Canillas <javierm@redhat.com> - 15-16
-- Fix an incorrect allocation size
-  Resolves: rhbz#1877253
+* Tue Apr 06 2021 Peter Jones <pjones@redhat.com> - 15.4-2
+- Fix build-deps on our shim-unsigned-* packages.
+  Related: CVE-2020-14372 (and others)
+
+* Mon Apr 05 2021 Peter Jones <pjones@redhat.com> - 15.4-1
+- Update to shim 15.4
+  - Support for revocations via the ".sbat" section and SBAT EFI variable
+  - A new unit test framework and a bunch of unit tests
+  - No external gnu-efi dependency
+  - Better CI
+  Resolves: CVE-2020-14372
+  Resolves: CVE-2020-25632
+  Resolves: CVE-2020-25647
+  Resolves: CVE-2020-27749
+  Resolves: CVE-2020-27779
+  Resolves: CVE-2021-20225
+  Resolves: CVE-2021-20233
 
 * Fri Jul 31 2020 Peter Jones <pjones@redhat.com> - 15-15
 - Update once again for new signed shim builds.
-  Resolves: rhbz#1861977
+  Resolves: rhbz#1862231
 
 * Tue Jul 28 2020 Peter Jones <pjones@redhat.com> - 15-14
 - Get rid of our %%dist hack for now.
@@ -122,9 +136,7 @@ install -m 0700 %{shimefi} $RPM_BUILD_ROOT%{efi_esp_dir}/shim.efi
 
 * Thu Jun 11 2020 Javier Martinez Canillas <javierm@redhat.com> - 15-12
 - Fix firmware update bug in aarch64 caused by shim ignoring arguments
-  Resolves: rhbz#1830871
 - Fix a shim crash when attempting to netboot
-  Resolves: rhbz#1795654
 
 * Fri Jun 07 2019 Javier Martinez Canillas <javierm@redhat.com> - 15-11
 - Update the shim-unsigned-aarch64 version number