diff --git a/backport-Core-fixed-memory-leak-on-configuration-reload-with-PCRE2.patch b/backport-Core-fixed-memory-leak-on-configuration-reload-with-PCRE2.patch
new file mode 100644
index 0000000000000000000000000000000000000000..49c4d6f3f286c41de28099d40b08b9f296598f4d
--- /dev/null
+++ b/backport-Core-fixed-memory-leak-on-configuration-reload-with-PCRE2.patch
@@ -0,0 +1,54 @@
+From 284a0c73771e3a2c57af6e74d96d9a6878b2e7b4 Mon Sep 17 00:00:00 2001
+From: Maxim Dounin <mdounin@mdounin.ru>
+Date: Tue, 17 Oct 2023 02:39:38 +0300
+Subject: [PATCH] Core: fixed memory leak on configuration reload with PCRE2.
+
+In ngx_regex_cleanup() allocator wasn't configured when calling
+pcre2_compile_context_free() and pcre2_match_data_free(), resulting
+in no ngx_free() call and leaked memory.  Fix is ensure that allocator
+is configured for global allocations, so that ngx_free() is actually
+called to free memory.
+
+Additionally, ngx_regex_compile_context was cleared in
+ngx_regex_module_init().  It should be either not cleared, so it will
+be freed by ngx_regex_cleanup(), or properly freed.  Fix is to
+not clear it, so ngx_regex_cleanup() will be able to free it.
+
+Reported by ZhenZhong Wu,
+https://mailman.nginx.org/pipermail/nginx-devel/2023-September/3Z5FIKUDRN2WBSL3JWTZJ7SXDA6YIWPB.html
+---
+ src/core/ngx_regex.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/core/ngx_regex.c b/src/core/ngx_regex.c
+index 91381f49942..5b13c5db389 100644
+--- a/src/core/ngx_regex.c
++++ b/src/core/ngx_regex.c
+@@ -600,6 +600,8 @@ ngx_regex_cleanup(void *data)
+      * the new cycle, these will be re-allocated.
+      */
+ 
++    ngx_regex_malloc_init(NULL);
++
+     if (ngx_regex_compile_context) {
+         pcre2_compile_context_free(ngx_regex_compile_context);
+         ngx_regex_compile_context = NULL;
+@@ -611,6 +613,8 @@ ngx_regex_cleanup(void *data)
+         ngx_regex_match_data_size = 0;
+     }
+ 
++    ngx_regex_malloc_done();
++
+ #endif
+ }
+ 
+@@ -706,9 +710,6 @@ ngx_regex_module_init(ngx_cycle_t *cycle)
+     ngx_regex_malloc_done();
+ 
+     ngx_regex_studies = NULL;
+-#if (NGX_PCRE2)
+-    ngx_regex_compile_context = NULL;
+-#endif
+ 
+     return NGX_OK;
+ }
diff --git a/backport-Fixed-segfault-if-regex-studies-list-allocation-fails.patch b/backport-Fixed-segfault-if-regex-studies-list-allocation-fails.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f5c0b160978bdcc89bcae92e494ab3d64dad40a6
--- /dev/null
+++ b/backport-Fixed-segfault-if-regex-studies-list-allocation-fails.patch
@@ -0,0 +1,34 @@
+From 25c546ac37ba622b93c1a7075bd7eb447bac17b2 Mon Sep 17 00:00:00 2001
+From: Maxim Dounin <mdounin@mdounin.ru>
+Date: Tue, 18 Apr 2023 06:28:46 +0300
+Subject: [PATCH] Fixed segfault if regex studies list allocation fails.
+
+The rcf->studies list is unconditionally accessed by ngx_regex_cleanup(),
+and this used to cause NULL pointer dereference if allocation
+failed.  Fix is to set cleanup handler only when allocation succeeds.
+---
+ src/core/ngx_regex.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/core/ngx_regex.c b/src/core/ngx_regex.c
+index bebf3b6a83e..91381f49942 100644
+--- a/src/core/ngx_regex.c
++++ b/src/core/ngx_regex.c
+@@ -732,14 +732,14 @@ ngx_regex_create_conf(ngx_cycle_t *cycle)
+         return NULL;
+     }
+ 
+-    cln->handler = ngx_regex_cleanup;
+-    cln->data = rcf;
+-
+     rcf->studies = ngx_list_create(cycle->pool, 8, sizeof(ngx_regex_elt_t));
+     if (rcf->studies == NULL) {
+         return NULL;
+     }
+ 
++    cln->handler = ngx_regex_cleanup;
++    cln->data = rcf;
++
+     ngx_regex_studies = rcf->studies;
+ 
+     return rcf;
diff --git a/nginx.spec b/nginx.spec
index 62c14e88768a9a42f52e3cbd6a823419fc9c8e94..70e3ac108b98ef0ec336235fcc34f73bb36d945c 100644
--- a/nginx.spec
+++ b/nginx.spec
@@ -17,7 +17,7 @@
 Name:              nginx
 Epoch:             1
 Version:           1.21.5
-Release:           6
+Release:           7
 Summary:           A HTTP server, reverse proxy and mail proxy server
 License:           BSD
 URL:               http://nginx.org/
@@ -44,6 +44,8 @@ Patch6:            backport-CVE-2023-44487.patch
 # https://nginx.org/download/patch.2024.mp4.txt
 Patch7:            backport-CVE-2024-7347.patch
 Patch8:            backport-CVE-2025-23419.patch
+Patch9:            backport-Fixed-segfault-if-regex-studies-list-allocation-fails.patch
+Patch10:           backport-Core-fixed-memory-leak-on-configuration-reload-with-PCRE2.patch
 
 BuildRequires:     gcc openssl-devel pcre-devel zlib-devel systemd gperftools-devel
 Requires:          nginx-filesystem = %{epoch}:%{version}-%{release} openssl pcre
@@ -389,6 +391,9 @@ fi
 
 
 %changelog
+* Wed Apr 02 2025 gaihuiying <eaglegai@163.com> - 1:1.21.5-7
+- backport upstreams to fix memory leak and possible segfault
+
 * Thu Feb 06 2025 gaihuiying <eaglegai@163.com> - 1:1.21.5-6
 - fix CVE-2025-23419