diff --git a/golang.spec b/golang.spec
index 974dc4262fc9e9e91115ab294335827f04a2e042..ae67da651e8885ac109ae63d8b999a0fa6a39d3c 100644
--- a/golang.spec
+++ b/golang.spec
@@ -1,7 +1,7 @@
 # after we have putting golang into repo, we should shift bootstrap closing.
 %bcond_with bootstrap
 
-%global baserelease 11
+%global baserelease 1
 
 %global golibdir %{_libdir}/golang
 
@@ -75,7 +75,7 @@
 
 
 Name:           golang
-Version:        1.21.7
+Version:        1.21.13
 Release:        %{baserelease}%{?dist}
 Summary:        An open source programming language supported by Google
 License:        BSD and Public Domain
@@ -86,19 +86,6 @@ Source3:        loongarch64.tar.gz
 Source4:        loongarch64.conf
 Source5:        apply-patches
 
-#upstream: https://github.com/golang/go/commit/20586c0dbe03d144f914155f879fa5ee287591a1
-Patch0001:      fix-CVE-2023-45289.patch
-#upstream: https://github.com/golang/go/commit/bf80213b121074f4ad9b449410a4d13bae5e9be0
-Patch0002:      fix-CVE-2023-45290.patch
-#upstream: https://github.com/golang/go/commit/be5b52bea674190ef7de272664be6c7ae93ec5a0
-Patch0003:      fix-CVE-2024-24783.patch
-#upstream: https://github.com/golang/go/commit/263c059b09fdd40d9dd945f2ecb20c89ea28efe5
-Patch0004:      fix-CVE-2024-24784.patch
-#upstream: https://github.com/golang/go/commit/3643147a29352ca2894fd5d0d2069bc4b4335a7e
-Patch0005:      fix-CVE-2024-24785.patch
-#upstream: https://github.com/golang/go/commit/ae5913347d15cf7d1f218916c22717e5739a9ea3
-Patch0006:      fix-CVE-2023-45288.patch
-
 Patch3000:      0001-Modify-go.env.patch
 Patch3001:      0002-cmd-link-use-gold-on-ARM-ARM64-only-if-gold-is-avail.patch
 
@@ -367,6 +354,10 @@ fi
 
 
 %changelog
+* Fri Sep 20 2024 jackeyji <jackeyji@tencent.com> - 1.21.13-1
+- [Type] security
+- [DESC] upgrade to 1.21.13 to fix CVE-2024-24790 CVE-2024-34156 CVE-2024-24789 CVE-2024-24791 CVE-2024-34158 CVE-2024-34155 
+
 * Fri Aug 16 2024 OpenCloudOS Release Engineering <releng@opencloudos.tech> - 1.21.7-11
 - Rebuilt for loongarch release
 
diff --git a/sources b/sources
index fc17afe8a16dafe2b3ed2f2886e5f3667f695bac..00293e9130fc74420e6e27a8ac98f071fd488ca2 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (go1.21.7.src.tar.gz) = 5cadc458265deea2650fbbc5b0652e19e858fa7a7b929ea717e82ee4be2af45214a9dfc5b8b799003e83b92aa80141962a472d1d4f0653e97e99df5b68c88e5d
+SHA512 (go1.21.13.src.tar.gz) = f316984154ead8256d9ec0613e3cfef5699553387d87c24bb2a96265f986bf4450838e6451841def3713d65ebaa9bf55e36ff39c5690d79522e1c1ba7655be2f
 SHA512 (loongarch64.tar.gz) = 4d8285aae4ed466dff3e3f7d355cd7c2992dac600514107fceb9bf1198a03667c19b54c56e13446adc148cb563ed0c8f6c0fa8b019e0f420d956733b8ad5a893