diff --git a/CVE-2024-33664.patch b/CVE-2024-33664.patch
deleted file mode 100644
index d41a7ea04f914c620f5bb75e412654593dc2250d..0000000000000000000000000000000000000000
--- a/CVE-2024-33664.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff -Naur python-jose-3.3.0/jose/jwe.py python-jose-3.3.0_cve/jose/jwe.py
---- python-jose-3.3.0/jose/jwe.py	2021-06-05 00:11:22.000000000 +0800
-+++ python-jose-3.3.0_cve/jose/jwe.py	2024-04-26 17:33:01.319314391 +0800
-@@ -76,6 +76,10 @@
-         >>> jwe.decrypt(jwe_string, 'asecret128bitkey')
-         'Hello, World!'
-     """
-+    # limit the token size to 250 KB
-+    if len(jwe_str) > 250 * 1024:
-+        raise JWEError("JWE string exceeds 250 KB")
-+ 
-     header, encoded_header, encrypted_key, iv, cipher_text, auth_tag = _jwe_compact_deserialize(jwe_str)
- 
-     # Verify that the implementation understands and can process all
diff --git a/python-jose-3.3.0.tar.gz b/python-jose-3.3.0.tar.gz
deleted file mode 100644
index f9179deb3b1c31f86a7da1ca9012535c0066b349..0000000000000000000000000000000000000000
Binary files a/python-jose-3.3.0.tar.gz and /dev/null differ
diff --git a/python-jose.spec b/python-jose.spec
index d3a8d7a00b9c28db99aebf596a55349ca2c7a1e7..50c98ad7d2bdc91d4941cf81c63b31fe23134574 100644
--- a/python-jose.spec
+++ b/python-jose.spec
@@ -1,14 +1,13 @@
 %global _empty_manifest_terminate_build 0
 Name:		python-jose
-Version:	3.3.0
-Release:	2
+Version:	3.5.0
+Release:	1
 Summary:	An implementation of the JOSE draft
 License:	MIT License (MIT)
 URL:		https://github.com/Demonware/jose
-Source0:	https://files.pythonhosted.org/packages/e4/19/b2c86504116dc5f0635d29f802da858404d77d930a25633d2e86a64a35b3/python-jose-3.3.0.tar.gz
+Source0:	https://files.pythonhosted.org/packages/c6/77/3a1c9039db7124eb039772b935f2244fbb73fc8ee65b9acf2375da1c07bf/python_jose-3.5.0.tar.gz
 BuildArch:	noarch
 
-Patch0001:    CVE-2024-33664.patch
 
 %description
 JOSE is a framework intended to provide a method to securely transfer
@@ -62,7 +61,7 @@ This library implements JWS and JWEs along with a subset of the
 encryption / authentication algorithms recommended by the JOSE framework.
 
 %prep
-%autosetup -n %{name}-%{version} -p1
+%autosetup -n python_jose-%{version} -p1
 
 %build
 %py3_build
@@ -102,6 +101,9 @@ mv %{buildroot}/doclist.lst .
 %{_docdir}/*
 
 %changelog
+* Fri Jun 20 2025 zengyao <zengy@teligen.net> - 3.5.0-1
+- update to 3.5.0 
+
 * Fri Apr 26 2024 yueyaoqiang <yueyaoqiang@kylinos.cn> - 3.3.0-2
 - fix CVE-2024-33664
 
diff --git a/python_jose-3.5.0.tar.gz b/python_jose-3.5.0.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..aa100710384fef189c4035c814874401d668e3a8
Binary files /dev/null and b/python_jose-3.5.0.tar.gz differ