diff --git a/fix-cve-2021-23017.patch b/fix-cve-2021-23017.patch
new file mode 100644
index 0000000000000000000000000000000000000000..3ce4a1657254decefff6dcf5501d8387438d9e2e
--- /dev/null
+++ b/fix-cve-2021-23017.patch
@@ -0,0 +1,23 @@
+--- bundle/nginx-1.19.3/src/core/ngx_resolver.c.orig	2023-07-29 09:46:00.929124573 +0800
++++ bundle/nginx-1.19.3/src/core/ngx_resolver.c	2023-07-29 09:47:34.318660989 +0800
+@@ -4232,15 +4232,16 @@
+             n = *src++;
+ 
+         } else {
++
++            if (dst != name->data) {
++                *dst++ = '.';
++            }
++
+             ngx_strlow(dst, src, n);
+             dst += n;
+             src += n;
+ 
+             n = *src++;
+-
+-            if (n != 0) {
+-                *dst++ = '.';
+-            }
+         }
+ 
+         if (n == 0) {
diff --git a/openresty.spec b/openresty.spec
index 16fa620a7293a16ba33913c0102a6260a1d0710f..bf5ae131182c15ea87ea9b903978669f91e6c373 100644
--- a/openresty.spec
+++ b/openresty.spec
@@ -1,6 +1,6 @@
 Name:           openresty
 Version:        1.19.3.1
-Release:        2
+Release:        3
 Summary:        OpenResty, scalable web platform by extending NGINX with Lua
 
 Group:          System Environment/Daemons
@@ -20,6 +20,7 @@ Source1:        openresty.service
 Source2:        openresty.init
 
 Patch1:		0001-add-option-out-dir-on-configure.patch
+Patch2:		fix-cve-2021-23017.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -117,7 +118,7 @@ Group:          Development/Tools
 Requires:       perl, openresty >= %{version}-%{release}
 Requires:       perl(File::Spec), perl(FindBin), perl(List::Util), perl(Getopt::Long), perl(File::Temp), perl(POSIX), perl(Time::HiRes)
 
-%if 0%{?fedora} >= 10 || 0%{?rhel} >= 6 || 0%{?centos} >= 6 || 0%{?%openEuler} >= 2
+%if 0%{?fedora} >= 10 || 0%{?rhel} >= 6 || 0%{?centos} >= 6 || 0%{?openEuler} >= 2
 BuildArch:      noarch
 %endif
 
@@ -144,13 +145,13 @@ Requires:       perl, perl(Getopt::Std), perl(File::Spec), perl(FindBin), perl(C
 Requires:       groff
 %endif
 
-%if (0%{?rhel} && 0%{?rhel} >= 7) || 0%{?fedora} || 0%{?%openEuler} >= 2
+%if (0%{?rhel} && 0%{?rhel} >= 7) || 0%{?fedora} || 0%{?openEuler} >= 2
 Requires:       groff-base
 %endif
 
 Provides:       restydoc, restydoc-index, md2pod.pl
 
-%if 0%{?fedora} >= 10 || 0%{?rhel} >= 6 || 0%{?centos} >= 6 || 0%{?%openEuler} >= 2
+%if 0%{?fedora} >= 10 || 0%{?rhel} >= 6 || 0%{?centos} >= 6 || 0%{?openEuler} >= 2
 BuildArch:      noarch
 %endif
 
@@ -225,6 +226,7 @@ a single box.
 %setup -q -n "openresty-%{version}"
 
 %patch1 -p1
+%patch2
 
 %build
 ./configure \
@@ -443,6 +445,9 @@ fi
 %{orprefix_debug}/COPYRIGHT
 
 %changelog
+* Sat Jul 29 2023 Xinwei Hu <shinwell_hu@openeuler.sh> - 1.19.3.1-3
+- Fix CVE 2021-23017 for nginx
+
 * Thu Mar 24 2022 Ge Wang <wangge20@huawei.com> 1.19.3.1-2
 - Modify release number