diff --git a/curl-8.4.0.tar.xz b/curl-8.4.0.tar.xz
deleted file mode 100644
index 5f555058a7ea9a7ab106443156019f4913a11dd4..0000000000000000000000000000000000000000
Binary files a/curl-8.4.0.tar.xz and /dev/null differ
diff --git a/curl-8.7.1.tar.xz b/curl-8.7.1.tar.xz
new file mode 100644
index 0000000000000000000000000000000000000000..7191821def91cb529a63750047641df629c683b8
Binary files /dev/null and b/curl-8.7.1.tar.xz differ
diff --git a/curl.spec b/curl.spec
index 7a4c7d6ed3b984c5e86f6cacee16d9cd111a5dd2..255a4a6a015692a6244cf0241aa68fa5b7f9e4fb 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,8 +1,8 @@
-%define anolis_release 3
+%define anolis_release 1
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Epoch: 1
-Version: 8.4.0
+Version: 8.7.1
 Release: %{anolis_release}%{?dist}
 License: MIT
 Source0: https://curl.se/download/%{name}-%{version}.tar.xz
@@ -330,7 +330,7 @@ rm -rf ${RPM_BUILD_ROOT}%{_datadir}/fish
 %files
 %{_bindir}/curl
 %{_mandir}/man1/curl.1*
-%{_datadir}/zsh
+#%{_datadir}/zsh
 
 %files -n libcurl
 %license COPYING
@@ -367,6 +367,9 @@ rm -rf ${RPM_BUILD_ROOT}%{_datadir}/fish
 %doc docs/TheArtOfHttpScripting.md
 
 %changelog
+* Wed Jun 12 2024 Cui lichen <cuilichen@redflag-os.com> - 8.7.1-1
+- fix CVE-2024-2004 CVE-2024-2379
+
 * Tue May 14 2024 yangxinyu <yangxinyu@nfschina.com> - 8.4.0-3
 - fix cve-2024-2398