diff --git a/0005-CVE-2016-3189.patch b/0005-CVE-2016-3189.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f02c0509ecf13b5f6a250e150b023313ca40df80
--- /dev/null
+++ b/0005-CVE-2016-3189.patch
@@ -0,0 +1,103 @@
+diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
+index 8dcf7af2f2..5d56f19325 100644
+--- a/gradle/dependencies.gradle
++++ b/gradle/dependencies.gradle
+@@ -104,7 +104,7 @@ versions += [
+   owaspDepCheckPlugin: "6.0.3",
+   powermock: "2.0.9",
+   reflections: "0.9.12",
+-  rocksDB: "5.18.4",
++  rocksDB: "6.19.3",
+   scalaCollectionCompat: "2.3.0",
+   scalafmt: "1.5.1",
+   scalaJava8Compat : "0.9.1",
+diff --git a/streams/src/main/java/org/apache/kafka/streams/state/internals/RocksDBGenericOptionsToDbOptionsColumnFamilyOptionsAdapter.java b/streams/src/main/java/org/apache/kafka/streams/state/internals/RocksDBGenericOptionsToDbOptionsColumnFamilyOptionsAdapter.java
+index 2e2cb41100..ae08255fb6 100644
+--- a/streams/src/main/java/org/apache/kafka/streams/state/internals/RocksDBGenericOptionsToDbOptionsColumnFamilyOptionsAdapter.java
++++ b/streams/src/main/java/org/apache/kafka/streams/state/internals/RocksDBGenericOptionsToDbOptionsColumnFamilyOptionsAdapter.java
+@@ -123,11 +123,12 @@ public class RocksDBGenericOptionsToDbOptionsColumnFamilyOptionsAdapter extends
+         // (3) skipping because, not done in actual PrepareForBulkLoad() code in https://github.com/facebook/rocksdb/blob/master/options/options.cc
+         //columnFamilyOptions.setMemTableConfig(new VectorMemTableConfig());
+         // (4-5) below:
+-        dbOptions.setMaxBackgroundFlushes(4);
++       /* dbOptions.setMaxBackgroundFlushes(4);
+         columnFamilyOptions.setDisableAutoCompactions(true);
+         columnFamilyOptions.setLevel0FileNumCompactionTrigger(1 << 30);
+         columnFamilyOptions.setLevel0SlowdownWritesTrigger(1 << 30);
+-        columnFamilyOptions.setLevel0StopWritesTrigger(1 << 30);
++        columnFamilyOptions.setLevel0StopWritesTrigger(1 << 30);*/
++	super.prepareForBulkLoad();
+         return this;
+     }
+ 
+@@ -185,7 +186,7 @@ public class RocksDBGenericOptionsToDbOptionsColumnFamilyOptionsAdapter extends
+     }
+ 
+     @Override
+-    public Options setComparator(final AbstractComparator<? extends AbstractSlice<?>> comparator) {
++    public Options setComparator(final AbstractComparator comparator) {
+         columnFamilyOptions.setComparator(comparator);
+         return this;
+     }
+@@ -342,6 +343,7 @@ public class RocksDBGenericOptionsToDbOptionsColumnFamilyOptionsAdapter extends
+         return this;
+     }
+ 
++    @Deprecated
+     @Override
+     public int maxBackgroundCompactions() {
+         return dbOptions.maxBackgroundCompactions();
+@@ -358,6 +360,7 @@ public class RocksDBGenericOptionsToDbOptionsColumnFamilyOptionsAdapter extends
+         return dbOptions.statistics();
+     }
+ 
++    @Deprecated
+     @Override
+     public void setBaseBackgroundCompactions(final int baseBackgroundCompactions) {
+         dbOptions.setBaseBackgroundCompactions(baseBackgroundCompactions);
+@@ -368,6 +371,7 @@ public class RocksDBGenericOptionsToDbOptionsColumnFamilyOptionsAdapter extends
+         return dbOptions.baseBackgroundCompactions();
+     }
+ 
++    @Deprecated
+     @Override
+     public Options setMaxBackgroundCompactions(final int maxBackgroundCompactions) {
+         dbOptions.setMaxBackgroundCompactions(maxBackgroundCompactions);
+@@ -375,8 +379,9 @@ public class RocksDBGenericOptionsToDbOptionsColumnFamilyOptionsAdapter extends
+     }
+ 
+     @Override
+-    public void setMaxSubcompactions(final int maxSubcompactions) {
++    public Options setMaxSubcompactions(final int maxSubcompactions) {
+         dbOptions.setMaxSubcompactions(maxSubcompactions);
++	return this;
+     }
+ 
+     @Override
+@@ -384,11 +389,13 @@ public class RocksDBGenericOptionsToDbOptionsColumnFamilyOptionsAdapter extends
+         return dbOptions.maxSubcompactions();
+     }
+ 
++    @Deprecated
+     @Override
+     public int maxBackgroundFlushes() {
+         return dbOptions.maxBackgroundFlushes();
+     }
+ 
++    @Deprecated
+     @Override
+     public Options setMaxBackgroundFlushes(final int maxBackgroundFlushes) {
+         dbOptions.setMaxBackgroundFlushes(maxBackgroundFlushes);
+diff --git a/streams/src/main/java/org/apache/kafka/streams/state/internals/RocksDBStore.java b/streams/src/main/java/org/apache/kafka/streams/state/internals/RocksDBStore.java
+index e1c5df31d0..5b2b9cc7eb 100644
+--- a/streams/src/main/java/org/apache/kafka/streams/state/internals/RocksDBStore.java
++++ b/streams/src/main/java/org/apache/kafka/streams/state/internals/RocksDBStore.java
+@@ -136,7 +136,7 @@ public class RocksDBStore implements KeyValueStore<Bytes, byte[]>, BatchWritingS
+         tableConfig.setBlockSize(BLOCK_SIZE);
+ 
+         filter = new BloomFilter();
+-        tableConfig.setFilter(filter);
++        tableConfig.setFilterPolicy(filter);
+ 
+         userSpecifiedOptions.optimizeFiltersForHits();
+         userSpecifiedOptions.setTableFormatConfig(tableConfig);
diff --git a/kafka.spec b/kafka.spec
index 71fc6d0a43c79347bfa1eda13970af9fc1c77c96..821e462db72a5507f07eeed4948070db05296ce6 100644
--- a/kafka.spec
+++ b/kafka.spec
@@ -4,7 +4,7 @@
 
 Name: kafka
 Version: 2.8.2
-Release: 4
+Release: 5
 Summary: A Distributed Streaming Platform.
 
 License: Apache-2.0
@@ -16,6 +16,7 @@ Patch0: 0001-adopt-huaweimaven.patch
 Patch1: 0002-CVE-2022-41881.patch
 Patch2: 0003-CVE-2023-34455.patch
 Patch3: 0004-CVE-2022-42004.patch
+Patch4: 0005-CVE-2016-3189.patch
 
 BuildRequires: systemd java-1.8.0-openjdk-devel
 Provides: kafka = %{version}
@@ -67,6 +68,9 @@ cp -pr licenses/*   $RPM_BUILD_ROOT%{kafka_home}/licenses
 rm -rf %{buildroot}
 
 %changelog
+* Fri Nov 03 2023 sundapeng <sundapeng_yewu@cmss.chinamobile.com> - 2.8.2-5
+-fix CVE-2016-3189
+
 * Thu Sep 21 2023 sundapeng <sundapeng_yewu@cmss.chinamobile.com> - 2.8.2-4
 -fix CVE-2022-42004