diff --git a/backport-CVE-2024-28182-1.patch b/backport-CVE-2024-28182-1.patch
deleted file mode 100644
index 76d6424618e53117a23ac0d5203dcbbb71ae7e63..0000000000000000000000000000000000000000
--- a/backport-CVE-2024-28182-1.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-From 00201ecd8f982da3b67d4f6868af72a1b03b14e0 Mon Sep 17 00:00:00 2001
-From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
-Date: Sat, 9 Mar 2024 16:26:42 +0900
-Subject: [PATCH] Limit CONTINUATION frames following an incoming HEADER frame
-
----
- lib/includes/nghttp2/nghttp2.h |  7 ++++++-
- lib/nghttp2_helper.c           |  2 ++
- lib/nghttp2_session.c          |  7 +++++++
- lib/nghttp2_session.h          | 10 ++++++++++
- 4 files changed, 25 insertions(+), 1 deletion(-)
-
-diff --git a/lib/includes/nghttp2/nghttp2.h b/lib/includes/nghttp2/nghttp2.h
-index 889176097d..a9629c7823 100644
---- a/lib/includes/nghttp2/nghttp2.h
-+++ b/lib/includes/nghttp2/nghttp2.h
-@@ -440,7 +440,12 @@ typedef enum {
-    * exhaustion on server side to send these frames forever and does
-    * not read network.
-    */
--  NGHTTP2_ERR_FLOODED = -904
-+  NGHTTP2_ERR_FLOODED = -904,
-+  /**
-+   * When a local endpoint receives too many CONTINUATION frames
-+   * following a HEADER frame.
-+   */
-+  NGHTTP2_ERR_TOO_MANY_CONTINUATIONS = -905,
- } nghttp2_error;
- 
- /**
-diff --git a/lib/nghttp2_helper.c b/lib/nghttp2_helper.c
-index 93dd4754b7..b3563d98e0 100644
---- a/lib/nghttp2_helper.c
-+++ b/lib/nghttp2_helper.c
-@@ -336,6 +336,8 @@ const char *nghttp2_strerror(int error_code) {
-            "closed";
-   case NGHTTP2_ERR_TOO_MANY_SETTINGS:
-     return "SETTINGS frame contained more than the maximum allowed entries";
-+  case NGHTTP2_ERR_TOO_MANY_CONTINUATIONS:
-+    return "Too many CONTINUATION frames following a HEADER frame";
-   default:
-     return "Unknown error code";
-   }
-diff --git a/lib/nghttp2_session.c b/lib/nghttp2_session.c
-index ea4fcbec57..fc4c77a3f0 100644
---- a/lib/nghttp2_session.c
-+++ b/lib/nghttp2_session.c
-@@ -496,6 +496,7 @@ static int session_new(nghttp2_session **session_ptr,
-   (*session_ptr)->max_send_header_block_length = NGHTTP2_MAX_HEADERSLEN;
-   (*session_ptr)->max_outbound_ack = NGHTTP2_DEFAULT_MAX_OBQ_FLOOD_ITEM;
-   (*session_ptr)->max_settings = NGHTTP2_DEFAULT_MAX_SETTINGS;
-+  (*session_ptr)->max_continuations = NGHTTP2_DEFAULT_MAX_CONTINUATIONS;
- 
-   if (option) {
-     if ((option->opt_set_mask & NGHTTP2_OPT_NO_AUTO_WINDOW_UPDATE) &&
-@@ -6778,6 +6779,8 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
-           }
-         }
-         session_inbound_frame_reset(session);
-+
-+        session->num_continuations = 0;
-       }
-       break;
-     }
-@@ -6899,6 +6902,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
-       }
- #endif /* DEBUGBUILD */
- 
-+      if (++session->num_continuations > session->max_continuations) {
-+        return NGHTTP2_ERR_TOO_MANY_CONTINUATIONS;
-+      }
-+
-       readlen = inbound_frame_buf_read(iframe, in, last);
-       in += readlen;
- 
-diff --git a/lib/nghttp2_session.h b/lib/nghttp2_session.h
-index b119329a04..ef8f7b27d6 100644
---- a/lib/nghttp2_session.h
-+++ b/lib/nghttp2_session.h
-@@ -110,6 +110,10 @@ typedef struct {
- #define NGHTTP2_DEFAULT_STREAM_RESET_BURST 1000
- #define NGHTTP2_DEFAULT_STREAM_RESET_RATE 33
- 
-+/* The default max number of CONTINUATION frames following an incoming
-+   HEADER frame. */
-+#define NGHTTP2_DEFAULT_MAX_CONTINUATIONS 8
-+
- /* Internal state when receiving incoming frame */
- typedef enum {
-   /* Receiving frame header */
-@@ -290,6 +294,12 @@ struct nghttp2_session {
-   size_t max_send_header_block_length;
-   /* The maximum number of settings accepted per SETTINGS frame. */
-   size_t max_settings;
-+  /* The maximum number of CONTINUATION frames following an incoming
-+     HEADER frame. */
-+  size_t max_continuations;
-+  /* The number of CONTINUATION frames following an incoming HEADER
-+     frame.  This variable is reset when END_HEADERS flag is seen. */
-+  size_t num_continuations;
-   /* Next Stream ID. Made unsigned int to detect >= (1 << 31). */
-   uint32_t next_stream_id;
-   /* The last stream ID this session initiated.  For client session,
diff --git a/backport-CVE-2024-28182-2.patch b/backport-CVE-2024-28182-2.patch
deleted file mode 100644
index 0ca62ed3d9ac5f44a7ca56bb559f889722d3865a..0000000000000000000000000000000000000000
--- a/backport-CVE-2024-28182-2.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From d71a4668c6bead55805d18810d633fbb98315af9 Mon Sep 17 00:00:00 2001
-From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
-Date: Sat, 9 Mar 2024 16:48:10 +0900
-Subject: [PATCH] Add nghttp2_option_set_max_continuations
-
----
- doc/Makefile.am                |  1 +
- lib/includes/nghttp2/nghttp2.h | 11 +++++++++++
- lib/nghttp2_option.c           |  5 +++++
- lib/nghttp2_option.h           |  5 +++++
- lib/nghttp2_session.c          |  4 ++++
- 5 files changed, 26 insertions(+)
-
-diff --git a/doc/Makefile.am b/doc/Makefile.am
-index 51945e4f0b..50d57b2217 100644
---- a/doc/Makefile.am
-+++ b/doc/Makefile.am
-@@ -73,6 +73,7 @@ APIDOCS= \
- 	nghttp2_option_set_peer_max_concurrent_streams.rst \
- 	nghttp2_option_set_server_fallback_rfc7540_priorities.rst \
- 	nghttp2_option_set_user_recv_extension_type.rst \
-+	nghttp2_option_set_max_continuations.rst \
- 	nghttp2_option_set_max_outbound_ack.rst \
- 	nghttp2_option_set_max_settings.rst \
- 	nghttp2_option_set_stream_reset_rate_limit.rst \
-diff --git a/lib/includes/nghttp2/nghttp2.h b/lib/includes/nghttp2/nghttp2.h
-index a9629c7823..92c3ccc6e4 100644
---- a/lib/includes/nghttp2/nghttp2.h
-+++ b/lib/includes/nghttp2/nghttp2.h
-@@ -2778,6 +2778,17 @@ NGHTTP2_EXTERN void
- nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option,
-                                            uint64_t burst, uint64_t rate);
- 
-+/**
-+ * @function
-+ *
-+ * This function sets the maximum number of CONTINUATION frames
-+ * following an incoming HEADER frame.  If more than those frames are
-+ * received, the remote endpoint is considered to be misbehaving and
-+ * session will be closed.  The default value is 8.
-+ */
-+NGHTTP2_EXTERN void nghttp2_option_set_max_continuations(nghttp2_option *option,
-+                                                         size_t val);
-+
- /**
-  * @function
-  *
-diff --git a/lib/nghttp2_option.c b/lib/nghttp2_option.c
-index 43d4e95229..53144b9b75 100644
---- a/lib/nghttp2_option.c
-+++ b/lib/nghttp2_option.c
-@@ -150,3 +150,8 @@ void nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option,
-   option->stream_reset_burst = burst;
-   option->stream_reset_rate = rate;
- }
-+
-+void nghttp2_option_set_max_continuations(nghttp2_option *option, size_t val) {
-+  option->opt_set_mask |= NGHTTP2_OPT_MAX_CONTINUATIONS;
-+  option->max_continuations = val;
-+}
-diff --git a/lib/nghttp2_option.h b/lib/nghttp2_option.h
-index 2259e1849d..c89cb97f8b 100644
---- a/lib/nghttp2_option.h
-+++ b/lib/nghttp2_option.h
-@@ -71,6 +71,7 @@ typedef enum {
-   NGHTTP2_OPT_SERVER_FALLBACK_RFC7540_PRIORITIES = 1 << 13,
-   NGHTTP2_OPT_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION = 1 << 14,
-   NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT = 1 << 15,
-+  NGHTTP2_OPT_MAX_CONTINUATIONS = 1 << 16,
- } nghttp2_option_flag;
- 
- /**
-@@ -98,6 +99,10 @@ struct nghttp2_option {
-    * NGHTTP2_OPT_MAX_SETTINGS
-    */
-   size_t max_settings;
-+  /**
-+   * NGHTTP2_OPT_MAX_CONTINUATIONS
-+   */
-+  size_t max_continuations;
-   /**
-    * Bitwise OR of nghttp2_option_flag to determine that which fields
-    * are specified.
-diff --git a/lib/nghttp2_session.c b/lib/nghttp2_session.c
-index fc4c77a3f0..004a4dffaa 100644
---- a/lib/nghttp2_session.c
-+++ b/lib/nghttp2_session.c
-@@ -585,6 +585,10 @@ static int session_new(nghttp2_session **session_ptr,
-                            option->stream_reset_burst,
-                            option->stream_reset_rate);
-     }
-+
-+    if (option->opt_set_mask & NGHTTP2_OPT_MAX_CONTINUATIONS) {
-+      (*session_ptr)->max_continuations = option->max_continuations;
-+    }
-   }
- 
-   rv = nghttp2_hd_deflate_init2(&(*session_ptr)->hd_deflater,
diff --git a/nghttp2-1.58.0.tar.xz b/nghttp2-1.58.0.tar.xz
deleted file mode 100644
index e7baf38c6f5f396a91e599538c0adb6015f47090..0000000000000000000000000000000000000000
Binary files a/nghttp2-1.58.0.tar.xz and /dev/null differ
diff --git a/nghttp2-1.62.1.tar.xz b/nghttp2-1.62.1.tar.xz
new file mode 100644
index 0000000000000000000000000000000000000000..f6f38e5710e418c7246e01a74dba3ecf5f852200
Binary files /dev/null and b/nghttp2-1.62.1.tar.xz differ
diff --git a/nghttp2.spec b/nghttp2.spec
index e3adb3eae9e441a1f9379de15808cef6e5e9fd19..ab763a33e553dde6cd2d4fddbfb365a832d105af 100644
--- a/nghttp2.spec
+++ b/nghttp2.spec
@@ -1,13 +1,11 @@
 Name:           nghttp2
-Version:        1.58.0
-Release:        2
+Version:        1.62.1
+Release:        1
 Summary:        Contains the HTTP/2 client, server and proxy programs.
 License:        MIT
 URL:            https://nghttp2.org/
 Source0:        https://github.com/nghttp2/nghttp2/releases/download/v%{version}/%{name}-%{version}.tar.xz
 
-Patch0:         backport-CVE-2024-28182-1.patch
-Patch1:         backport-CVE-2024-28182-2.patch
 
 BuildRequires:  CUnit-devel c-ares-devel gcc-c++ libev-devel openssl-devel automake
 BuildRequires:  python3-devel systemd-devel zlib-devel make libxml2-devel
@@ -92,6 +90,12 @@ export "LD_LIBRARY_PATH=$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH"
 %{_mandir}/man1/*
 
 %changelog
+* Fri Jul 05 2024 liweigang <liweiganga@uniontech.com> - 1.62.1-1
+- Type: requirements
+- ID: NA
+- SUG: NA
+- DESC: update nghttp2 to 1.62.1
+
 * Sun Apr 07 2024 lingsheng <lingsheng1@h-partners.com> - 1.58.0-2
 - Type:CVE
 - ID:CVE-2024-28182