diff --git a/0001-fix-CVE-2024-6762.patch b/0001-fix-CVE-2024-6762.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f0e86e73fdd46ee806dadbd009bf146d34a71bc7
--- /dev/null
+++ b/0001-fix-CVE-2024-6762.patch
@@ -0,0 +1,24 @@
+From c9fb33ab85959921ff3183311587af02772dda89 Mon Sep 17 00:00:00 2001
+From: Lachlan Roberts <lachlan@webtide.com>
+Date: Fri, 11 Oct 2024 00:40:06 +0800
+Subject: [PATCH] fix CVE-2024-6762
+
+---
+ .../java/org/eclipse/jetty/servlets/PushSessionCacheFilter.java  | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/PushSessionCacheFilter.java b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/PushSessionCacheFilter.java
+index 8e73a17..32df129 100644
+--- a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/PushSessionCacheFilter.java
++++ b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/PushSessionCacheFilter.java
+@@ -42,6 +42,7 @@ import org.eclipse.jetty.server.Response;
+ import org.eclipse.jetty.util.log.Log;
+ import org.eclipse.jetty.util.log.Logger;
+ 
++@Deprecated
+ public class PushSessionCacheFilter implements Filter
+ {
+     private static final String TARGET_ATTR = "PushCacheFilter.target";
+-- 
+2.43.0
+
diff --git a/0002-fix-CVE-2024-6762.patch b/0002-fix-CVE-2024-6762.patch
new file mode 100644
index 0000000000000000000000000000000000000000..bf81fc628fcf09faebfbd8f341656fb02677cba5
--- /dev/null
+++ b/0002-fix-CVE-2024-6762.patch
@@ -0,0 +1,38 @@
+From 2588cedddca989b6b96e6954ae6e8fc8f3e1c487 Mon Sep 17 00:00:00 2001
+From: Lachlan Roberts <lachlan@webtide.com>
+Date: Fri, 11 Oct 2024 00:57:36 +0800
+Subject: [PATCH] fix-CVE-2024-6762
+
+---
+ .../eclipse/jetty/servlets/PushSessionCacheFilter.java    | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/PushSessionCacheFilter.java b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/PushSessionCacheFilter.java
+index 32df129..f539fae 100644
+--- a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/PushSessionCacheFilter.java
++++ b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/PushSessionCacheFilter.java
+@@ -42,6 +42,9 @@ import org.eclipse.jetty.server.Response;
+ import org.eclipse.jetty.util.log.Log;
+ import org.eclipse.jetty.util.log.Logger;
+ 
++/**
++ * @deprecated no replacement for this deprecated http feature
++ */
+ @Deprecated
+ public class PushSessionCacheFilter implements Filter
+ {
+@@ -51,6 +54,11 @@ public class PushSessionCacheFilter implements Filter
+     private final ConcurrentMap<String, Target> _cache = new ConcurrentHashMap<>();
+     private long _associateDelay = 5000L;
+ 
++    public PushSessionCacheFilter()
++    {
++        LOG.warn(PushSessionCacheFilter.class.getSimpleName() + " is an example class not suitable for production.");
++    }
++
+     @Override
+     public void init(FilterConfig config) throws ServletException
+     {
+-- 
+2.43.0
+
diff --git a/jetty.spec b/jetty.spec
index 76e671caeace111d8e187aeafa7a1086152d9829..6b1f6762ceec93b2d2c59c44432ef35d1eb03973 100644
--- a/jetty.spec
+++ b/jetty.spec
@@ -12,7 +12,7 @@
 %bcond_with     jp_minimal
 Name:                jetty
 Version:             9.4.16
-Release:             6
+Release:             7
 Summary:             Java Webserver and Servlet Container
 License:             Apache-2.0 OR EPL-1.0
 URL:                 http://www.eclipse.org/jetty/
@@ -28,6 +28,8 @@ Patch3:              CVE-2021-28169.patch
 Patch4:              CVE-2021-34428.patch
 Patch5:              CVE-2022-2047.patch
 Patch6:              CVE-2022-2048.patch
+Patch7:              0001-fix-CVE-2024-6762.patch
+Patch8:              0002-fix-CVE-2024-6762.patch
 
 BuildRequires:       maven-local mvn(javax.servlet:javax.servlet-api) < 4.0.0
 BuildRequires:       mvn(org.apache.felix:maven-bundle-plugin)
@@ -796,6 +798,9 @@ exit 0
 %license LICENSE NOTICE.txt LICENSE-MIT
 
 %changelog
+* Tue Oct 18 2024 changtao <changtao@kylinos.cn> - 9.4.16-7
+- fix-CVE-2024-6762.patch
+
 * Thu Jul 18 2024 yaoxin <yao_xin001@hoperun.com> - 9.4.16-6
 - License compliance rectification