diff --git a/mod_security.spec b/mod_security.spec
index 34c58e2f397bcd68909ded3b05475f53931e83c3..1d38324bd7917db0245aca8d6c8b9560bf9b2e05 100644
--- a/mod_security.spec
+++ b/mod_security.spec
@@ -7,7 +7,7 @@
 
 Name: mod_security
 Version: 2.9.5
-Release: 6
+Release: 7
 Summary: Security module for the Apache HTTP Server
 License: ASL 2.0
 URL: http://www.modsecurity.org/
@@ -20,6 +20,7 @@ Patch0001: modsecurity-2.9.5-use-uid-if-user-name-is-not-available.patch
 Patch0002: modsecurity-2.9.5-Properly-cleanup-XML-parser-contexts-upon-completion.patch
 Patch0003: modsecurity-2.9.5-Add-SecRequestBodyJsonDepthLimit-to-modsecurity.conf.patch
 Patch0004: modsecurity-2.9.5-Fix-memory-leak-that-occurs-on-JSON-parsing-error.patch
+Patch0005: modsecurity-2.9.5-Set-SecStatusEngine-Off-in-modsecurity.conf.patch
 
 Requires: httpd httpd-mmn = %{_httpd_mmn}
 BuildRequires: gcc make perl-generators httpd-devel yajl yajl-devel
@@ -102,6 +103,9 @@ install -m0755 mlogc/mlogc-batch-load.pl %{buildroot}%{_bindir}/mlogc-batch-load
 %endif
 
 %changelog
+* Sat Jan 7 2023 yaoguangzhong <yaoguangzhong@xfusion.com> - 2.9.5-7
+- backport Set SecStatusEngine Off in modsecurity.conf-recommended
+
 * Sat Jan 7 2023 yaoguangzhong <yaoguangzhong@xfusion.com> - 2.9.5-6
 - backport fix memory leak that occurs on JSON parsing error
 
diff --git a/modsecurity-2.9.5-Set-SecStatusEngine-Off-in-modsecurity.conf.patch b/modsecurity-2.9.5-Set-SecStatusEngine-Off-in-modsecurity.conf.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ce14f7169e7c2052366fa59d78ce90a8f510a319
--- /dev/null
+++ b/modsecurity-2.9.5-Set-SecStatusEngine-Off-in-modsecurity.conf.patch
@@ -0,0 +1,28 @@
+From fc84c6a3f6c446760350f80189d4bbfc116c143c Mon Sep 17 00:00:00 2001
+From: yaoguangzhong <yaoguangzhong@xfusion.com>
+Date: Sat, 7 Jan 2023 15:26:23 +0800
+Subject: [PATCH] backport Set SecStatusEngine Off in
+ modsecurity.conf-recommended
+
+From Author: Martin Vierula <martin.vierula@trustwave.com>
+commit 733427197e2fe4fabcbb0f43bd1e636ef923a6b4
+---
+ modsecurity.conf-recommended | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/modsecurity.conf-recommended b/modsecurity.conf-recommended
+index c84ddce..923f5d8 100644
+--- a/modsecurity.conf-recommended
++++ b/modsecurity.conf-recommended
+@@ -234,5 +234,6 @@ SecUnicodeMapFile unicode.mapping 20127
+ # The following information will be shared: ModSecurity version,
+ # Web Server version, APR version, PCRE version, Lua version, Libxml2
+ # version, Anonymous unique id for host.
+-SecStatusEngine On
+-
+++# NB: As of April 2022, there is no longer any advantage to turning this
+++# setting On, as there is no active receiver for the information.
+++SecStatusEngine Off
+-- 
+2.27.0
+