diff --git a/main/mbedtls/APKBUILD b/main/mbedtls/APKBUILD
index 5f780b144d94de593ae3ace9aa2cf7b6d6543330..85516437e9a6dab3b96b91ef3e4a8ab92369fdee 100644
--- a/main/mbedtls/APKBUILD
+++ b/main/mbedtls/APKBUILD
@@ -2,7 +2,7 @@
 # Contributor: Łukasz Jendrysik <scadu@yandex.com>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=mbedtls
-pkgver=2.28.8 # long-time support branch
+pkgver=2.28.9 # long-time support branch
 pkgrel=0
 pkgdesc="Light-weight cryptographic and SSL/TLS library"
 url="https://www.trustedfirmware.org/projects/mbed-tls/"
@@ -13,9 +13,11 @@ subpackages="$pkgname-static $pkgname-dev $pkgname-utils"
 source="$pkgname-$pkgver.tar.gz::https://github.com/ARMmbed/mbedtls/archive/v$pkgver.tar.gz"
 
 # Track security issues
-# https://tls.mbed.org/security
+# https://mbed-tls.readthedocs.io/en/latest/security-advisories/
 
 # secfixes:
+#   2.28.9-r0:
+#     - CVE-2024-45157
 #   2.28.8-r0:
 #     - CVE-2024-28960
 #   2.28.7-r0:
@@ -93,5 +95,5 @@ static() {
 }
 
 sha512sums="
-72a25a6b2a132545d32c7a6819bde569a315f2e83049467653af6347c918e4781462dceca21c64c76a4af7d19cedaf968f48b3f0309a6b0289466c087e49dd38  mbedtls-2.28.8.tar.gz
+95cc33e052670ae69a0d6779e1e675d176cecc263d795cedaebb8e01bc89ee6e91d843fd94337a7ef885440a08a30bbd8bdaf26664ae45f3c4fc18eb0a00c033  mbedtls-2.28.9.tar.gz
 "