diff --git a/CHANGES b/CHANGES
index bf07122e2b..f04258e7b8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,11 @@
 
+4.1.0-dev.228 | 2021-02-16 11:10:40 -0800
+
+  * Fix `major_subsys_version` field in `pe_optional_header` event
+
+    It was incorrectly set the same as the `minor_subsys_version` field
+    of the `PE::OptionalHeader` record. (Jon Siwek, Corelight)
+
 4.1.0-dev.225 | 2021-02-12 14:40:14 -0800
 
   * Fix CentOS 8 CI Dockerfile (Jon Siwek, Corelight)
diff --git a/VERSION b/VERSION
index 227ba086f2..5c98de0722 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-4.1.0-dev.225
+4.1.0-dev.228
diff --git a/src/file_analysis/analyzer/pe/pe-analyzer.pac b/src/file_analysis/analyzer/pe/pe-analyzer.pac
index 2316289ad5..0527a12189 100644
--- a/src/file_analysis/analyzer/pe/pe-analyzer.pac
+++ b/src/file_analysis/analyzer/pe/pe-analyzer.pac
@@ -146,7 +146,7 @@ refine flow File += {
 			oh->Assign(13, zeek::val_mgr->Count(${h.os_version_minor}));
 			oh->Assign(14, zeek::val_mgr->Count(${h.major_image_version}));
 			oh->Assign(15, zeek::val_mgr->Count(${h.minor_image_version}));
-			oh->Assign(16, zeek::val_mgr->Count(${h.minor_subsys_version}));
+			oh->Assign(16, zeek::val_mgr->Count(${h.major_subsys_version}));
 			oh->Assign(17, zeek::val_mgr->Count(${h.minor_subsys_version}));
 			oh->Assign(18, zeek::val_mgr->Count(${h.size_of_image}));
 			oh->Assign(19, zeek::val_mgr->Count(${h.size_of_headers}));