diff --git a/backport-CVE-2020-14352-Validate-path-read-from-repomd.xml.patch b/backport-CVE-2020-14352-Validate-path-read-from-repomd.xml.patch
deleted file mode 100644
index 13cd87b0f87648ab19abb440de31fc0df03325b0..0000000000000000000000000000000000000000
--- a/backport-CVE-2020-14352-Validate-path-read-from-repomd.xml.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 7daea2a2429a54dad68b1de9b37a5f65c5cf2600 Mon Sep 17 00:00:00 2001
-From: Jaroslav Rohel <jrohel@redhat.com>
-Date: Wed, 12 Aug 2020 08:35:28 +0200
-Subject: [PATCH] Validate path read from repomd.xml (RhBug:1868639)
-
-= changelog =
-msg: Validate path read from repomd.xml
-type: security
----
- librepo/yum.c | 17 +++++++++++++++++
- 1 file changed, 17 insertions(+)
-
-diff --git a/librepo/yum.c b/librepo/yum.c
-index 3059188..529257b 100644
---- a/librepo/yum.c
-+++ b/librepo/yum.c
-@@ -23,6 +23,7 @@
- #define  BITS_IN_BYTE 8
- 
- #include <stdio.h>
-+#include <libgen.h>
- #include <assert.h>
- #include <stdlib.h>
- #include <errno.h>
-@@ -770,6 +771,22 @@ prepare_repo_download_targets(LrHandle *handle,
-             continue;
- 
-         char *location_href = record->location_href;
-+
-+        char *dest_dir = realpath(handle->destdir, NULL);
-+        path = lr_pathconcat(handle->destdir, record->location_href, NULL);
-+        char *requested_dir = realpath(dirname(path), NULL);
-+        lr_free(path);
-+        if (!g_str_has_prefix(requested_dir, dest_dir)) {
-+            g_debug("%s: Invalid path: %s", __func__, location_href);
-+            g_set_error(err, LR_YUM_ERROR, LRE_IO, "Invalid path: %s", location_href);
-+            g_slist_free_full(*targets, (GDestroyNotify) lr_downloadtarget_free);
-+            free(requested_dir);
-+            free(dest_dir);
-+            return FALSE;
-+        }
-+        free(requested_dir);
-+        free(dest_dir);
-+
-         gboolean is_zchunk = FALSE;
-         #ifdef WITH_ZCHUNK
-         if (handle->cachedir && record->header_checksum)
--- 
-1.8.3.1
-
diff --git a/librepo-1.12.0.tar.gz b/librepo-1.12.0.tar.gz
deleted file mode 100644
index 8cb0323e3db29503c243ef88f73b5aae66a4e0a4..0000000000000000000000000000000000000000
Binary files a/librepo-1.12.0.tar.gz and /dev/null differ
diff --git a/librepo-1.12.1.tar.gz b/librepo-1.12.1.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..0716a852cfb882ea2f9d30e5e5f6d87044259716
Binary files /dev/null and b/librepo-1.12.1.tar.gz differ
diff --git a/librepo.spec b/librepo.spec
index 1122e4a1f7101d2a90fdcc52cc61f6ce26467b49..8b9cb24bf2c9a89ec32dfe1cf96fa1ba579d296b 100644
--- a/librepo.spec
+++ b/librepo.spec
@@ -5,15 +5,13 @@
 %bcond_with zchunk
 
 Name:                    librepo
-Version:                 1.12.0
-Release:                 2
+Version:                 1.12.1
+Release:                 1
 Summary:                 Repodata downloading library                 
 License:                 LGPLv2+
 URL:                     https://github.com/rpm-software-management/librepo
 Source0:                 %{url}/archive/%{version}/%{name}-%{version}.tar.gz
 
-Patch0:                  backport-CVE-2020-14352-Validate-path-read-from-repomd.xml.patch
-
 BuildRequires:           cmake check-devel doxygen pkgconfig(glib-2.0) gcc
 BuildRequires:           libcurl-devel >= %{libcurl_version} pkgconfig(libxml-2.0)
 BuildRequires:           pkgconfig(openssl) gpgme-devel libattr-devel pkgconfig(libcrypto)
@@ -80,6 +78,9 @@ popd
 %{python3_sitearch}/%{name}/
 
 %changelog
+* Wed Jan 27 2021 wangchen <wangchen137@huawei.com> - 1.12.1-1
+- update to 1.12.1
+
 * Mon Jan 25 2021 fuanan <fuanan3@huawei.com> - 1.12.0-2
 - fix CVE-2020-14352