diff --git a/UPDATING b/UPDATING
index d2e59aaf34a1..70bb315d049a 100644
--- a/UPDATING
+++ b/UPDATING
@@ -5,6 +5,15 @@ they are unavoidable.
 You should get into the habit of checking this file for changes each time
 you update your ports collection, before attempting any port upgrades.
 
+20160621
+  AFFECTS: users of ftp/wget
+  AUTHOR: vlad-fbsd@acheronmedia.com
+
+  Wget 1.18 fixes a security vulnerability (CVE-2016-4971) and the fix
+  introduces a backward-incompatibility for HTTP->FTP redirects. Any script that
+  relies on the old behaviour must use --trust-server-names in order to trust
+  the HTTP response and redirect to the new filename.
+
 20160619
   AFFECTS: users of databases/py-apsw
   AUTHOR: rm@FreeBSD.org
diff --git a/ftp/wget/Makefile b/ftp/wget/Makefile
index 6a59f31f38bf..abe0975c9513 100644
--- a/ftp/wget/Makefile
+++ b/ftp/wget/Makefile
@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	wget
-DISTVERSION=	1.16.3
-PORTREVISION=	1
+DISTVERSION=	1.18
 CATEGORIES=	ftp www ipv6
 MASTER_SITES=	GNU
 
diff --git a/ftp/wget/distinfo b/ftp/wget/distinfo
index b649efd90159..37dac5c89c81 100644
--- a/ftp/wget/distinfo
+++ b/ftp/wget/distinfo
@@ -1,2 +1,3 @@
-SHA256 (wget-1.16.3.tar.xz) = 67f7b7b0f5c14db633e3b18f53172786c001e153d545cfc85d82759c5c2ffb37
-SIZE (wget-1.16.3.tar.xz) = 1794148
+TIMESTAMP = 1466495244
+SHA256 (wget-1.18.tar.xz) = b5b55b75726c04c06fe253daec9329a6f1a3c0c1878e3ea76ebfebc139ea9cc1
+SIZE (wget-1.18.tar.xz) = 1922376