diff --git a/CHANGELOG b/CHANGELOG
index c002cec..b80c8f4 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -15,6 +15,12 @@ and this project **does not adhere to [Semantic Versioning](http://semver.org/sp
 
 ### Security
 
+## [21.10] 2021-10-01
+
+### Fixed
+
+* IS_DEBIANSECURITY: optional trailing slash 
+
 ## [21.09] 2021-09-30
 
 ### Added
diff --git a/evocheck.sh b/evocheck.sh
index 311c5f3..52b144d 100755
--- a/evocheck.sh
+++ b/evocheck.sh
@@ -4,7 +4,7 @@
 # Script to verify compliance of a Debian/OpenBSD server
 # powered by Evolix
 
-VERSION="21.09"
+VERSION="21.10"
 readonly VERSION
 
 # base functions
@@ -235,11 +235,11 @@ check_syslogconf() {
 check_debiansecurity() {
     if is_debian_bullseye; then
         # https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.html#security-archive
-        pattern="^deb https://deb\.debian\.org/debian-security bullseye-security main"
+        pattern="^deb https://deb\.debian\.org/debian-security/? bullseye-security main"
     elif is_debian_buster; then
-        pattern="^deb http://security\.debian\.org/debian-security buster/updates main"
+        pattern="^deb http://security\.debian\.org/debian-security/? buster/updates main"
     elif is_debian_stretch; then
-        pattern="^deb http://security\.debian\.org/debian-security stretch/updates main"
+        pattern="^deb http://security\.debian\.org/debian-security/? stretch/updates main"
     else
         pattern="^deb.*security"
     fi