diff --git a/mod_security-2.9.3-remote-rules-timeout.patch b/mod_security-2.9.8-remote-rules-timeout.patch
similarity index 98%
rename from mod_security-2.9.3-remote-rules-timeout.patch
rename to mod_security-2.9.8-remote-rules-timeout.patch
index 1d347ac9b74fa5e883e836d940c0b3c428569509..2814fdab59e278729989bcb26a299657f20179be 100644
--- a/mod_security-2.9.3-remote-rules-timeout.patch
+++ b/mod_security-2.9.8-remote-rules-timeout.patch
@@ -26,7 +26,7 @@ index 80f8f2b..7912d84 100644
 +
  static const char *cmd_status_engine(cmd_parms *cmd, void *_dcfg, const char *p1)
  {
-     if (strcasecmp(p1, "on") == 0) {
+     assert(cmd != NULL);
 @@ -3667,6 +3685,14 @@ const command_rec module_directives[] = {
          "Abort or Warn"
      ),
diff --git a/mod_security.spec b/mod_security.spec
index 219652165650268e72cd70aaee88db685d54cae7..e9ec030af0d4c05fbe55ff1dbb59d45b987746e1 100644
--- a/mod_security.spec
+++ b/mod_security.spec
@@ -6,23 +6,22 @@
 %global mod_audit_log_collector 0
 
 Name: mod_security
-Version: 2.9.7
+Version: 2.9.9
 Release: 1
 Summary: Security module for the Apache HTTP Server
-License: ASL 2.0
-URL: http://www.modsecurity.org/
-Source: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-%{version}.tar.gz
+License: Apache-2.0
+URL: https://www.modsecurity.org/
+Source: https://github.com/owasp-modsecurity/ModSecurity/releases/download/v%{version}/modsecurity-v%{version}.tar.gz
 Source1: mod_security.conf
 Source2: 10-mod_security.conf
 Source3: modsecurity_localrules.conf
-Patch0000: modsecurity-2.9.3-lua-54.patch
 Patch0001: modsecurity-2.9.3-apulibs.patch
-Patch0002: mod_security-2.9.3-remote-rules-timeout.patch
+Patch0002: mod_security-2.9.8-remote-rules-timeout.patch
 
 
 Requires: httpd httpd-mmn = %{_httpd_mmn}
 BuildRequires: gcc make perl-generators httpd-devel yajl yajl-devel pcre2-devel
-BuildRequires: pkgconfig(lua) pkgconfig(libcurl) pkgconfig(libxml-2.0) pkgconfig(libpcre)
+BuildRequires: pkgconfig(lua) pkgconfig(libcurl) pkgconfig(libxml-2.0)
 BuildRequires: autoconf automake libtool
 
 %description
@@ -41,7 +40,7 @@ This package collects mod_security audit log.
 %endif
 
 %prep
-%autosetup -p1 -n modsecurity-%{version}
+%autosetup -p1 -n modsecurity-v%{version}
 
 %build
 ./autogen.sh
@@ -54,7 +53,7 @@ This package collects mod_security audit log.
 
 sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
 sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
-make %{_smp_mflags}
+%make_build
 
 %install
 install -d %{buildroot}%{_bindir}
@@ -65,14 +64,14 @@ install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/
 install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/local_rules
 install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules
 install -m 700 -d $RPM_BUILD_ROOT%{_localstatedir}/lib/%{name}
-install -Dp -m0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/local_rules/
+install -Dp -m0644 %{S:3} %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/local_rules/
 %if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
-install -Dp -m0644 %{SOURCE1} %{buildroot}%{_httpd_confdir}/mod_security.conf
+install -Dp -m0644 %{S:1} %{buildroot}%{_httpd_confdir}/mod_security.conf
 sed  -i 's/Include/IncludeOptional/'  %{buildroot}%{_httpd_confdir}/mod_security.conf
-install -Dp -m0644 %{SOURCE2} %{buildroot}%{_httpd_modconfdir}/10-mod_security.conf
+install -Dp -m0644 %{S:2} %{buildroot}%{_httpd_modconfdir}/10-mod_security.conf
 %else
 install -d -m0755 %{buildroot}%{_httpd_confdir}
-cat %{SOURCE2} %{SOURCE1} > %{buildroot}%{_httpd_confdir}/mod_security.conf
+cat %{S:2} %{S:1} > %{buildroot}%{_httpd_confdir}/mod_security.conf
 %endif
 
 %if %mod_audit_log_collector
@@ -84,7 +83,8 @@ install -m0755 mlogc/mlogc-batch-load.pl %{buildroot}%{_bindir}/mlogc-batch-load
 %endif
 
 %files
-%doc README.* NOTICE LICENSE CHANGES
+%license LICENSE
+%doc README.* NOTICE CHANGES
 %{_httpd_moddir}/mod_security2.so
 %config(noreplace) %{_httpd_confdir}/*.conf
 %if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
@@ -107,6 +107,12 @@ install -m0755 mlogc/mlogc-batch-load.pl %{buildroot}%{_bindir}/mlogc-batch-load
 %endif
 
 %changelog
+* Mon May 26 2025 wangkai <13474090681@163.com> - 2.9.9-1
+- Update to 2.9.9 for fix CVE-2025-47947
+
+* Mon Sep 09 2024 Funda Wang <fundawang@yeah.net> - 2.9.8-1
+- update to 2.9.8
+
 * Mon Jul 17 2023 chenchen <chen_aka_jan@163.com> - 2.9.7-1
 - Upgrade to version 2.9.7
 
diff --git a/mod_security.yaml b/mod_security.yaml
index 7c8b49d3b0f39e66e680c466c4db67d7a951fb8f..69478be180b0c434ea41cfdb22315efe1727dc85 100644
--- a/mod_security.yaml
+++ b/mod_security.yaml
@@ -1,4 +1,4 @@
 version_control: github
-src_repo: SpiderLabs/ModSecurity
+src_repo: owasp-modsecurity/ModSecurity
 tag_prefix: ^v
-seperator: .
+separator: .
diff --git a/modsecurity-2.9.3-lua-54.patch b/modsecurity-2.9.3-lua-54.patch
deleted file mode 100644
index ca6e56024f158b0feb9d0100a2ba5c412de51292..0000000000000000000000000000000000000000
--- a/modsecurity-2.9.3-lua-54.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-diff -ru modsecurity-2.9.3/apache2/msc_lua.c modsecurity-2.9.3-lua-patch/apache2/msc_lua.c
---- modsecurity-2.9.3/apache2/msc_lua.c	2018-12-04 18:49:37.000000000 +0000
-+++ modsecurity-2.9.3-lua-patch/apache2/msc_lua.c	2020-08-08 16:55:14.936045777 +0000
-@@ -429,12 +429,12 @@
- #else
- 
-     /* Create new state. */
--#if LUA_VERSION_NUM == 502 || LUA_VERSION_NUM == 503 || LUA_VERSION_NUM == 501
-+#if LUA_VERSION_NUM == 502 || LUA_VERSION_NUM == 503 || LUA_VERSION_NUM == 501 || LUA_VERSION_NUM == 504
-     L = luaL_newstate();
- #elif LUA_VERSION_NUM == 500
-     L = lua_open();
- #else
--#error We are only tested under Lua 5.0, 5.1, 5.2, or 5.3.
-+#error We are only tested under Lua 5.0, 5.1, 5.2, 5.3 or 5.4.
- #endif
-     luaL_openlibs(L);
- 
-@@ -459,10 +459,10 @@
-     /* Register functions. */
- #if LUA_VERSION_NUM == 500 || LUA_VERSION_NUM == 501
-     luaL_register(L, "m", mylib);
--#elif LUA_VERSION_NUM == 502 || LUA_VERSION_NUM == 503
-+#elif LUA_VERSION_NUM == 502 || LUA_VERSION_NUM == 503 || LUA_VERSION_NUM == 504
-     luaL_setfuncs(L, mylib, 0);
- #else
--#error We are only tested under Lua 5.0, 5.1, 5.2, or 5.3.
-+#error We are only tested under Lua 5.0, 5.1, 5.2, 5.3 or 5.4.
- #endif
- 
-     lua_setglobal(L, "m");
diff --git a/modsecurity-2.9.7.tar.gz b/modsecurity-v2.9.9.tar.gz
similarity index 55%
rename from modsecurity-2.9.7.tar.gz
rename to modsecurity-v2.9.9.tar.gz
index 5f2e728e857e2826964e669b34107b933e68a00f..f3649b8e3b452c031dd1d8e826cc1d896eef1e00 100644
Binary files a/modsecurity-2.9.7.tar.gz and b/modsecurity-v2.9.9.tar.gz differ