diff --git a/fix-CVE-2023-21939.patch b/fix-CVE-2023-21939.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4e5b275390048cbf5d227a92415423afebda498b
--- /dev/null
+++ b/fix-CVE-2023-21939.patch
@@ -0,0 +1,157 @@
+From 86971aa3cf1328abf9ba28e6d79099ec37bf6838 Mon Sep 17 00:00:00 2001
+From: justinwm <mwenaa@hust.edu.cn>
+Date: Mon, 12 Jun 2023 16:06:20 +0800
+Subject: fix-CVE-2023-21939
+
+---
+ .../javax/swing/plaf/basic/BasicHTML.java     | 27 ++++++++++++++++---
+ .../javax/swing/text/html/HTMLEditorKit.java  |  7 ++++-
+ .../javax/swing/text/html/ObjectView.java     | 10 +++++++
+ .../classes/sun/swing/SwingAccessor.java      | 15 +++++++++++
+ 4 files changed, 55 insertions(+), 4 deletions(-)
+
+diff --git a/openjdk/jdk/src/share/classes/javax/swing/plaf/basic/BasicHTML.java b/openjdk/jdk/src/share/classes/javax/swing/plaf/basic/BasicHTML.java
+index 250c6d4..b13a9a1 100644
+--- a/openjdk/jdk/src/share/classes/javax/swing/plaf/basic/BasicHTML.java
++++ b/openjdk/jdk/src/share/classes/javax/swing/plaf/basic/BasicHTML.java
+@@ -33,6 +33,7 @@ import javax.swing.*;
+ import javax.swing.text.*;
+ import javax.swing.text.html.*;
+ 
++import sun.swing.SwingAccessor;
+ import sun.swing.SwingUtilities2;
+ 
+ /**
+@@ -204,7 +205,7 @@ public class BasicHTML {
+         View value = null;
+         View oldValue = (View)c.getClientProperty(BasicHTML.propertyKey);
+         Boolean htmlDisabled = (Boolean) c.getClientProperty(htmlDisable);
+-        if (htmlDisabled != Boolean.TRUE && BasicHTML.isHTMLString(text)) {
++        if (!(Boolean.TRUE.equals(htmlDisabled)) && BasicHTML.isHTMLString(text)) {
+             value = BasicHTML.createHTMLView(c, text);
+         }
+         if (value != oldValue && oldValue != null) {
+@@ -359,15 +360,35 @@ public class BasicHTML {
+      */
+     static class BasicHTMLViewFactory extends HTMLEditorKit.HTMLFactory {
+         public View create(Element elem) {
+-            View view = super.create(elem);
+ 
++            View view = null;
++            try {
++                setAllowHTMLObject();
++                view = super.create(elem);
++            } finally {
++                clearAllowHTMLObject();
++            }
+             if (view instanceof ImageView) {
+                 ((ImageView)view).setLoadsSynchronously(true);
+             }
+             return view;
+         }
+-    }
+ 
++        private static Boolean useOV = null;
++
++        private static void setAllowHTMLObject() {
++            if (useOV == null) {
++                useOV = java.security.AccessController.doPrivileged(
++                    new sun.security.action.GetBooleanAction(
++                        "swing.html.object"));
++            };
++            SwingAccessor.setAllowHTMLObject(useOV);
++        }
++
++        private static void clearAllowHTMLObject() {
++            SwingAccessor.setAllowHTMLObject(null);
++        }
++    }
+ 
+     /**
+      * The subclass of HTMLDocument that is used as the model. getForeground
+diff --git a/openjdk/jdk/src/share/classes/javax/swing/text/html/HTMLEditorKit.java b/openjdk/jdk/src/share/classes/javax/swing/text/html/HTMLEditorKit.java
+index 425ba5f..c49a1ed 100644
+--- a/openjdk/jdk/src/share/classes/javax/swing/text/html/HTMLEditorKit.java
++++ b/openjdk/jdk/src/share/classes/javax/swing/text/html/HTMLEditorKit.java
+@@ -40,6 +40,7 @@ import javax.accessibility.*;
+ import java.lang.ref.*;
+ import java.security.AccessController;
+ import java.security.PrivilegedAction;
++import sun.swing.SwingAccessor;
+ 
+ /**
+  * The Swing JEditorPane text component supports different kinds
+@@ -1182,7 +1183,11 @@ public class HTMLEditorKit extends StyledEditorKit implements Accessible {
+                            (kind == HTML.Tag.TEXTAREA)) {
+                     return new FormView(elem);
+                 } else if (kind == HTML.Tag.OBJECT) {
+-                    return new ObjectView(elem);
++                   if (SwingAccessor.getAllowHTMLObject()) {
++                        return new ObjectView(elem);
++                    } else {
++                        return new ObjectView(elem, false);
++                    }
+                 } else if (kind == HTML.Tag.FRAMESET) {
+                      if (elem.getAttributes().isDefined(HTML.Attribute.ROWS)) {
+                          return new FrameSetView(elem, View.Y_AXIS);
+diff --git a/openjdk/jdk/src/share/classes/javax/swing/text/html/ObjectView.java b/openjdk/jdk/src/share/classes/javax/swing/text/html/ObjectView.java
+index e163d3e..7673436 100644
+--- a/openjdk/jdk/src/share/classes/javax/swing/text/html/ObjectView.java
++++ b/openjdk/jdk/src/share/classes/javax/swing/text/html/ObjectView.java
+@@ -72,6 +72,8 @@ import sun.reflect.misc.ReflectUtil;
+  */
+ public class ObjectView extends ComponentView  {
+ 
++    private boolean createComp = true; // default
++
+     /**
+      * Creates a new ObjectView object.
+      *
+@@ -81,12 +83,20 @@ public class ObjectView extends ComponentView  {
+         super(elem);
+     }
+ 
++    ObjectView(Element elem, boolean createComp) {
++        super(elem);
++        this.createComp = createComp;
++    }
++
+     /**
+      * Create the component.  The classid is used
+      * as a specification of the classname, which
+      * we try to load.
+      */
+     protected Component createComponent() {
++        if (!createComp) {
++            return getUnloadableRepresentation();
++        }
+         AttributeSet attr = getElement().getAttributes();
+         String classname = (String) attr.getAttribute(HTML.Attribute.CLASSID);
+         try {
+diff --git a/openjdk/jdk/src/share/classes/sun/swing/SwingAccessor.java b/openjdk/jdk/src/share/classes/sun/swing/SwingAccessor.java
+index 797802a..8cec052 100644
+--- a/openjdk/jdk/src/share/classes/sun/swing/SwingAccessor.java
++++ b/openjdk/jdk/src/share/classes/sun/swing/SwingAccessor.java
+@@ -156,4 +156,19 @@ public final class SwingAccessor {
+         }
+         return repaintManagerAccessor;
+     }
++
++    private static ThreadLocal<Boolean> tlObj = new ThreadLocal<Boolean>();
++
++    public static Boolean getAllowHTMLObject() {
++        Boolean b = tlObj.get();
++        if (b == null) {
++            return Boolean.TRUE;
++        } else {
++            return b;
++        }
++    }
++
++    public static void setAllowHTMLObject(Boolean val) {
++        tlObj.set(val);
++    }
+ }
+-- 
+2.39.2 (Apple Git-143)
+
diff --git a/openjdk-1.8.0.spec b/openjdk-1.8.0.spec
index f1c6fec016b36c2c3332cde41d9966951c23c486..ad08c9eb879354c298945b5e2189317190f38f46 100644
--- a/openjdk-1.8.0.spec
+++ b/openjdk-1.8.0.spec
@@ -916,7 +916,7 @@ Provides: java-%{javaver}-%{origin}-accessibility%{?1} = %{epoch}:%{version}-%{r
 
 Name:    java-%{javaver}-%{origin}
 Version: %{javaver}.%{updatever}.%{buildver}
-Release: 2
+Release: 3
 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
 # and this change was brought into RHEL-4. java-1.5.0-ibm packages
 # also included the epoch in their virtual provides. This created a
@@ -1136,6 +1136,7 @@ Patch241: 8268819-SA-Remove-libthread_db-dependency-on-Linux.patch
 Patch242: fix-make-bugs-when-git-and-hg-not-exist.patch
 Patch243: Fix-compile-and-runtime-failures-for-minimal1-versio.patch
 Patch244: fix_X509TrustManagerImpl_symantec_distrust.patch
+Patch245: fix-CVE-2023-21939.patch
 
 #############################################
 #
@@ -1614,6 +1615,7 @@ pushd %{top_level_dir_name}
 %patch242 -p1
 %patch243 -p1
 %patch244 -p1
+%patch245 -p1
 popd
 
 # System library fixes
@@ -2238,6 +2240,9 @@ cjc.mainProgram(arg)
 %endif
 
 %changelog
+* Mon Jun 12 2023 justinwm <mwenaa@hust.edu.cn> - 1:1.8.0.332-b09.3
+- add fix-CVE-2023-21939.patch
+
 * Thu Apr 28 2022 kuenking111 <wangkun49@huawei.com> - 1:1.8.0.332-b09.2
 - add fix_X509TrustManagerImpl_symantec_distrust.patch