diff --git a/CVE-2021-33813.patch b/CVE-2021-33813.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f850266c522049e71dba1bda94244f7b1bcbdb75
--- /dev/null
+++ b/CVE-2021-33813.patch
@@ -0,0 +1,42 @@
+--- libjdom1-java-1.1.3.orig/src/java/org/jdom/input/SAXBuilder.java
++++ libjdom1-java-1.1.3/src/java/org/jdom/input/SAXBuilder.java
+@@ -442,6 +442,11 @@ public class SAXBuilder {
+     public void setFeature(String name, boolean value) {
+         // Save the specified feature for later.
+         features.put(name, value ? Boolean.TRUE : Boolean.FALSE);
++        if (name.equals("http://xml.org/sax/features/external-general-entities")) {
++            // See issue https://github.com/hunterhacker/jdom/issues/189
++            // And PR https://github.com/hunterhacker/jdom/pull/188
++            setExpandEntities(value);
++        }
+     }
+ 
+     /**
+@@ -766,13 +771,6 @@ public class SAXBuilder {
+             internalSetFeature(parser, name, value.booleanValue(), name);
+         }
+ 
+-        // Set any user-specified properties on the parser.
+-        iter = properties.keySet().iterator();
+-        while (iter.hasNext()) {
+-            String name = (String)iter.next();
+-            internalSetProperty(parser, name, properties.get(name), name);
+-        }
+-
+         if (coreFeatures) {
+             // Set validation.
+             try {
+@@ -810,6 +808,13 @@ public class SAXBuilder {
+         }
+         catch (SAXNotRecognizedException e) { /* Ignore... */ }
+         catch (SAXNotSupportedException  e) { /* Ignore... */ }
++
++        // Set any user-specified properties on the parser.
++        iter = properties.keySet().iterator();
++        while (iter.hasNext()) {
++            String name = (String)iter.next();
++            internalSetProperty(parser, name, properties.get(name), name);
++        }
+     }
+ 
+     /**
diff --git a/jdom.spec b/jdom.spec
index cfd9679a3bb7db6c16f388537f9d41597c684d87..88c602b1573a613497ec831ffd7f58748420a3f2 100644
--- a/jdom.spec
+++ b/jdom.spec
@@ -1,6 +1,6 @@
 Name:                jdom
 Version:             1.1.3
-Release:             18
+Release:             19
 Epoch:               0
 Summary:             Java alternative for DOM and SAX
 License:             Saxpath
@@ -9,6 +9,7 @@ Source0:             http://jdom.org/dist/binary/archive/jdom-%{version}.tar.gz
 Source1:             https://repo1.maven.org/maven2/org/jdom/jdom/%{version}/jdom-%{version}.pom
 Patch0000:           jdom-crosslink.patch
 Patch0001:           jdom-1.1-OSGiManifest.patch
+Patch0002:           CVE-2021-33813.patch
 
 BuildRequires:       ant javapackages-local mvn(jaxen:jaxen) mvn(xerces:xercesImpl)
 BuildArch:           noarch
@@ -61,5 +62,8 @@ cp -pr samples %{buildroot}%{_datadir}/jdom
 %doc LICENSE.txt
 
 %changelog
+* Tue Jan 14 2025 pengjian <pengjian23@mails.ucas.ac.cn> - 0:1.1.3-19
+- fix CVE-2021-33813
+
 * Mon Jun 8 2020 leiju <leiju4@huawei.com> - 1.1.3-18
 - Package init