diff --git a/Release_Notes_2.13.3.md b/Release_Notes_2.13.3.md
index 3c427f7..08ca31f 100644
--- a/Release_Notes_2.13.3.md
+++ b/Release_Notes_2.13.3.md
@@ -29,34 +29,30 @@ Translations
 
 Build Infrastructure
 --------------------
-- add files to .gitignore
-  - swig auto generated files for ruby ([MR366][MR366])
+- add files to .gitignore: swig auto generated files for ruby ([MR366][MR366])
 - fix libapparmor swig 4 failure 'aa\_log\_record' object has no attribute '\_\_getattr\_\_' ([BUG33][AABUG33])
 
-
 libapparmor
 -----------
-- fix segfault in overlaydirat_for_each causing overlayed cache directory failures
-- fix segfault when loading policy cache files
-- fix failure to merge overlay directories in some situations
+- fix segfault in `overlaydirat_for_each()` causing overlaid cache directory failures
+- fix segfault when loading policy cache files ([MR348][MR348])
+- fix failure to merge overlay directories in some situations ([MR348][MR348])
 
 Policy Compiler (a.k.a apparmor\_parser)
 ----------------------------------------
 - clean up error handling ([dbug921866][dbug921866], [LP1815294][LP1815294])
-- fix parsing of target profile NAME in directed transitions “px -> NAME"
-- improve runtime attachment by determine xmatch priority based on smallest DFA match
+- fix parsing of target profile NAME in directed transitions “px -> NAME" ([MR334][MR334])
+- improve runtime attachment by determine xmatch priority based on smallest DFA match ([MR326][MR326])
 - don't skip cache loads just because optimizations flags are specified
-
+  ([MR385][MR385], [LP1820068][LP1820068])
 
 Init
 ----
-- apparmor.systemd: fix minor issues detected by shellcheck
+- apparmor.systemd: fix minor issues detected by shellcheck ([MR293][MR293])
 - ensure error value is returned correctly ([MR352][MR352])
 
-
 Utils
 -----
-
 -  genprof/logprof
   - drop failing corner-case check in logparser.py ([bso1120472][bso1120472], [MR297][MR297])
   - drop unused `get_profile_filename()` from logparser.py ([MR297][MR297])
@@ -68,71 +64,72 @@ Utils
 Policy
 ------
 - Profiles
-  - dovecot
-    - allow FD passing between dovecot and dovecot's anvil
-    - allow chroot'ing the auth processes
-    - let dovecot/anvil rw the auth-penalty socket
-    - auth processes need to read from postfix auth socket
-    - add abstractions/ssl_certs to lmtp
-    - allow master to use SIGTERM on children that are slow to die
-    - align {pop3,managesieve}-login to imap-login
-  - identd: allow network netlink dgram ([MR353][MR353])
-  - syslog-ng: add abstractions/python for python-parser
-  - lsb_release profile: new abstraction
   - dnsmasq:
-    - allow peer=libvirtd to support named profile
-    - Work around breakage caused by {bin,sbin} alternation ([bso1127073][bso1127073], [MR346][MR346])
-    - Revert /usr/{bin,sbin}/ alternation in dnsmasq profile name
-  - msqld:
+    - allow peer=libvirtd to support named profile ([MR304][MR304])
+    - work around breakage caused by {bin,sbin} alternation ([bso1127073][bso1127073], [MR346][MR346])
+    - revert /usr/{bin,sbin}/ alternation in dnsmasq profile name ([bso1127073][bso1127073], [MR346][MR346])
+  - dovecot
+    - allow FD passing between dovecot and dovecot's anvil ([MR336][MR336])
+    - allow chroot'ing the auth processes ([MR336][MR336])
+    - let dovecot/anvil rw the auth-penalty socket ([MR336][MR336])
+    - auth processes need to read from postfix auth socket ([MR336][MR336])
+    - add abstractions/ssl\_certs to lmtp ([MR336][MR336])
+    - allow master to use SIGTERM on children that are slow to die ([MR357][MR357])
+    - align {pop3,managesieve}-login to imap-login ([MR389][MR389])
+  - identd: allow network netlink dgram ([MR353][MR353])
+  - lsb\_release profile: new abstraction ([MR154][MR154])
+  - mysqld ([MR310][MR310]):
     - add mmap permission for mysqld (4.8 semantic change)
     - allow mysql to determine which cpus are online
     - allow locking of mysql files
+  - syslog-ng: add abstractions/python for python-parser ([MR361][MR361])
 
 
 - Tunables
   - share:
-    - make it play well with aliases
-    - fix buggy syntax that broke the ~/.local/share part of the @{user\_share\_dirs} tunable
+    - make it play well with aliases ([MR300][MR300])
+    - fix buggy syntax that broke the ~/.local/share part of the @{user\_share\_dirs} tunable ([LP1816470][LP1816470], [MR344][MR344])
 
 - Abstractions
-  - move dirc.d access from mesa to dir-common
-  - base: allow mr permission on all *.so* common library paths
-  - dri-common: allow reading /dev/dri/
-  - ssl\_certs,keys - add support for libdehydrated in /var/lib/
-  - qt5: allow reading user configuration
-  - qt5-settings-write: fix anonymous shared memory access
-  - qt5-compose-cache-write: fix anonymous shared memory access
-  - nameservice: allow access to /run/netconfig/resolv.conf ([bso1097370][bso1097370])
-  - mesa: allow reading drirc.d
-  - vulcan:  allow reading /etc/vulkan/icd.d/ ([MR329][MR329])
-  - nvidia: allow reading nvidia application profiles
-  - postfix-common: make compatible with updated postfix profiles naming
-  - python: allow reading /usr/local/lib/python3
-  - ldapclient: allow rw access to the nslcd socket
-  - ubuntu-browsers.d/multimedia: allow creating/writing config dirs
   - audio:
     - fix alsa settings access
     - grant read access to the system-wide asound.conf ([dbug920669][dbug920669], [MR320][MR320])
     - grant read access to the libao configuration files ([dbug920670][dbug920670], [MR320][MR320])
+  - base: allow mr permission on all *.so* common library paths ([MR345][MR345])
+  - dri-common: allow reading /dev/dri/ ([AABUG29][AABUG29], [MR382][MR382])
   - fonts:
-    - Allow to read conf-avail dir itself.
-    - Add various openSUSE-specific font config directories
-    - allow creating/writing config dirs
+    - allow to read conf-avail dir itself ([MR165][MR165])
+    - allow creating/writing config dirs ([MR165][MR165])
+    - add various openSUSE-specific font config directories ([MR309][MR309])
+  - gnome:
+    - allow reading gtk-3.0 cache files ([MR342][MR342])
+    - allow creating config dirs ([MR165][MR165])
   - kde:
     - allow access to common KDE-specific settings ([MR327][MR327])
     - allow access to global KDE settings ([MR327][MR327])
-  - gnome:
-    - allow reading gtk-3.0 cache files
-    - allow creating config dirs
+  - ldapclient: allow rw access to the nslcd socket ([LP1575438][LP1575438])
+  - mesa:
+    - allow reading drirc.d ([MR308][MR308])
+    - move dirc.d access to dir-common ([MR314][MR314])
+  - nameservice: allow access to /run/netconfig/resolv.conf ([bso1097370][bso1097370])
+  - nvidia: allow reading nvidia application profiles ([MR125][MR125])
+  - postfix-common: make compatible with updated postfix profiles naming ([MR387][MR387])
+  - python: allow reading /usr/local/lib/python3 ([MR171][MR171])
+  - qt5: allow reading user configuration ([MR335][MR335])
+  - qt5-compose-cache-write: fix anonymous shared memory access ([MR301][MR301])
+  - qt5-settings-write: fix anonymous shared memory access ([MR302][MR302])
+  - ssl\_certs,keys - add support for libdehydrated in /var/lib/ ([MR299][MR299])
+  - ubuntu-browsers.d/multimedia: allow creating/writing config dirs ([MR165][MR165])
+  - vulcan: allow reading /etc/vulkan/icd.d/ ([MR329][MR329])
 
 
 Tests
 -----
 - fix mount test to use next available loop device ([MR379][MR379])
 - update tests to support distros with user-merge where /bin and /sbin are symlinks ([MR331][MR331])
-- fix regression test failures around new binary cache layout
-- update tests for new network domain keywords
-- update tests for base abstraction changes
+- fix regression test failures around new binary cache layout ([MR348][MR348])
+- update tests for new network domain keywords ([MR349][MR349])
+- update tests for base abstraction changes ([MR358][MR358])
 
 
 Documentation
@@ -150,6 +147,7 @@ enforcement. Specifically it affects when the m permission bit is
 checked for elf binary executables. Policy and tests within apparmor
 2.12 and later have been updated to support running on pre 4.8 and 4.8+ kernels.
 
+[AABUG29]: https://gitlab.com/apparmor/apparmor/issues/29
 [AABUG33]: https://gitlab.com/apparmor/apparmor/issues/33
 [bso1097370]: https://bugzilla.opensuse.org/show_bug.cgi?id=1097370
 [bso1120472]: https://bugzilla.opensuse.org/show_bug.cgi?id=1120472
@@ -157,19 +155,49 @@ checked for elf binary executables. Policy and tests within apparmor
 [dbug920669]: https://bugs.debian.org/920669
 [dbug920670]: https://bugs.debian.org/920670
 [dbug921866]: https://bugs.debian.org/921866
+[LP1575438]: https://bugs.launchpad.net/bugs/1575438
 [LP1815294]: https://bugs.launchpad.net/bugs/1815294
+[LP1815294]: https://bugs.launchpad.net/bugs/1815294
+[LP1816470]: https://bugs.launchpad.net/bugs/1816470
+[MR125]: https://gitlab.com/apparmor/apparmor/merge_requests/125
+[MR154]: https://gitlab.com/apparmor/apparmor/merge_requests/154
+[MR165]: https://gitlab.com/apparmor/apparmor/merge_requests/165
+[MR171]: https://gitlab.com/apparmor/apparmor/merge_requests/171
+[MR293]: https://gitlab.com/apparmor/apparmor/merge_requests/293
 [MR297]: https://gitlab.com/apparmor/apparmor/merge_requests/297
+[MR299]: https://gitlab.com/apparmor/apparmor/merge_requests/299
+[MR300]: https://gitlab.com/apparmor/apparmor/merge_requests/300
+[MR301]: https://gitlab.com/apparmor/apparmor/merge_requests/301
+[MR302]: https://gitlab.com/apparmor/apparmor/merge_requests/302
+[MR304]: https://gitlab.com/apparmor/apparmor/merge_requests/304
+[MR308]: https://gitlab.com/apparmor/apparmor/merge_requests/308
+[MR310]: https://gitlab.com/apparmor/apparmor/merge_requests/310
+[MR314]: https://gitlab.com/apparmor/apparmor/merge_requests/314
 [MR320]: https://gitlab.com/apparmor/apparmor/merge_requests/320
+[MR326]: https://gitlab.com/apparmor/apparmor/merge_requests/326
 [MR327]: https://gitlab.com/apparmor/apparmor/merge_requests/327
 [MR329]: https://gitlab.com/apparmor/apparmor/merge_requests/329
 [MR331]: https://gitlab.com/apparmor/apparmor/merge_requests/331
+[MR334]: https://gitlab.com/apparmor/apparmor/merge_requests/334
+[MR335]: https://gitlab.com/apparmor/apparmor/merge_requests/335
+[MR336]: https://gitlab.com/apparmor/apparmor/merge_requests/336
+[MR344]: https://gitlab.com/apparmor/apparmor/merge_requests/344
+[MR345]: https://gitlab.com/apparmor/apparmor/merge_requests/345
 [MR346]: https://gitlab.com/apparmor/apparmor/merge_requests/346
+[MR348]: https://gitlab.com/apparmor/apparmor/merge_requests/348
+[MR349]: https://gitlab.com/apparmor/apparmor/merge_requests/349
 [MR349]: https://gitlab.com/apparmor/apparmor/merge_requests/349
 [MR350]: https://gitlab.com/apparmor/apparmor/merge_requests/350
 [MR352]: https://gitlab.com/apparmor/apparmor/merge_requests/352
 [MR353]: https://gitlab.com/apparmor/apparmor/merge_requests/353
+[MR357]: https://gitlab.com/apparmor/apparmor/merge_requests/357
+[MR358]: https://gitlab.com/apparmor/apparmor/merge_requests/358
+[MR361]: https://gitlab.com/apparmor/apparmor/merge_requests/361
 [MR365]: https://gitlab.com/apparmor/apparmor/merge_requests/365
 [MR366]: https://gitlab.com/apparmor/apparmor/merge_requests/366
 [MR368]: https://gitlab.com/apparmor/apparmor/merge_requests/368
 [MR378]: https://gitlab.com/apparmor/apparmor/merge_requests/378
 [MR379]: https://gitlab.com/apparmor/apparmor/merge_requests/379
+[MR382]: https://gitlab.com/apparmor/apparmor/merge_requests/382
+[MR387]: https://gitlab.com/apparmor/apparmor/merge_requests/387
+[MR389]: https://gitlab.com/apparmor/apparmor/merge_requests/389