diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index 157fce4ab..4a2fdac7f 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -1,6 +1,6 @@
 Changes in Shorewall 4.4.18.2
 
-1)  Handle mis-configured ipsec host group on a bridge.
+1)  Fix SAVE_IPSETS=Yes without dynamic zones.
 
 Changes in Shorewall 4.4.18.1
 
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 1f4f3d9ea..3bd14c0b2 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -15,11 +15,7 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
 
 4.4.18.2
 
-1)  If a bridge interface had subordinate ports defined in
-    /etc/shorewall/interface, then an ipsec entry (either ipsec zone or
-    the 'ipsec' option specified) in /etc/shorewall/hosts resulted in
-    the compiler generating an incorrect Netfilter configuration.
-
+1)  
 4.4.18.1
 
 1)  An issue with params processing on RHEL6 has been corrected. The
@@ -100,6 +96,14 @@ None.
 1)  On systems running Upstart, shorewall-init cannot reliably secure
     the firewall before interfaces are brought up.
 
+2)  If a bridge interface has subordinate ports defined in
+    /etc/shorewall/interface, then an ipsec entry (either ipsec zone or
+    the 'ipsec' option specified) in /etc/shorewall/hosts results in
+    an incorrect Netfilter configuration.
+
+    Workaround: Assign the ipsec entry to one or more of the bridge
+    ports rather than the bridge itself.
+
 ----------------------------------------------------------------------------
       I I I.  N E W   F E A T U R E S   I N   T H I S  R E L E A S E
 ----------------------------------------------------------------------------