diff --git a/backport-CVE-2021-28957.patch b/backport-CVE-2021-28957.patch
deleted file mode 100644
index de583e45171517623ab437a4267b20d427ab50b4..0000000000000000000000000000000000000000
--- a/backport-CVE-2021-28957.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 2d01a1ba8984e0483ce6619b972832377f208a0d Mon Sep 17 00:00:00 2001
-From: Kevin Chung <kchung@nyu.edu>
-Date: Sun, 21 Mar 2021 10:03:09 -0400
-Subject: [PATCH] Add HTML-5 "formaction" attribute to "defs.link_attrs"
- (GH-316)
-
-Resolves https://bugs.launchpad.net/lxml/+bug/1888153
-See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28957
----
- src/lxml/html/defs.py             |  2 ++
- src/lxml/html/tests/test_clean.py | 15 +++++++++++++++
- 2 files changed, 17 insertions(+)
-
-diff --git a/src/lxml/html/defs.py b/src/lxml/html/defs.py
-index 1b3a75b36..2058ea330 100644
---- a/src/lxml/html/defs.py
-+++ b/src/lxml/html/defs.py
-@@ -23,6 +23,8 @@
-     'usemap',
-     # Not standard:
-     'dynsrc', 'lowsrc',
-+    # HTML5 formaction
-+    'formaction'
-     ])
- 
- # Not in the HTML 4 spec:
-diff --git a/src/lxml/html/tests/test_clean.py b/src/lxml/html/tests/test_clean.py
-index 0e669f98d..45c2e83ab 100644
---- a/src/lxml/html/tests/test_clean.py
-+++ b/src/lxml/html/tests/test_clean.py
-@@ -123,6 +123,21 @@ def test_sneaky_js_in_math_style(self):
-             b'<math><style>/* deleted */</style></math>',
-             lxml.html.tostring(clean_html(s)))
- 
-+    def test_formaction_attribute_in_button_input(self):
-+        # The formaction attribute overrides the form's action and should be
-+        # treated as a malicious link attribute
-+        html = ('<form id="test"><input type="submit" formaction="javascript:alert(1)"></form>'
-+        '<button form="test" formaction="javascript:alert(1)">X</button>')
-+        expected = ('<div><form id="test"><input type="submit" formaction=""></form>'
-+        '<button form="test" formaction="">X</button></div>')
-+        cleaner = Cleaner(
-+            forms=False,
-+            safe_attrs_only=False,
-+        )
-+        self.assertEqual(
-+            expected,
-+            cleaner.clean_html(html))
-+
- 
- def test_suite():
-     suite = unittest.TestSuite()
diff --git a/lxml-4.6.2.tar.gz b/lxml-4.7.1.tar.gz
similarity index 31%
rename from lxml-4.6.2.tar.gz
rename to lxml-4.7.1.tar.gz
index 75bd7eefdbfc5fa2a97665c20f657d2e70b464dd..ed75c459c06c53f7dddf8a21f6fa69ba35b436da 100644
Binary files a/lxml-4.6.2.tar.gz and b/lxml-4.7.1.tar.gz differ
diff --git a/python-lxml.spec b/python-lxml.spec
index 47576f7822b3d7e48cce959e73f6c9ea6a8833e7..25fa5d8d96c835387aa50707e806a5b3e86e4ba5 100644
--- a/python-lxml.spec
+++ b/python-lxml.spec
@@ -6,12 +6,12 @@ the simplicity of a native Python API, mostly compatible but superior to the wel
 The latest release works with all CPython versions from 2.7 to 3.7.
 
 Name:           python-%{modname}
-Version:        4.6.2
-Release:        2
+Version:        4.7.1
+Release:        1
 Summary:        XML processing library combining libxml2/libxslt with the ElementTree API
 License:        BSD
 URL:            https://files.pythonhosted.org
-Source0:        https://files.pythonhosted.org/packages/db/f7/43fecb94d66959c1e23aa53d6161231dca0e93ec500224cf31b3c4073e37/lxml-4.6.2.tar.gz
+Source0:        https://files.pythonhosted.org/packages/db/f7/43fecb94d66959c1e23aa53d6161231dca0e93ec500224cf31b3c4073e37/lxml-4.7.1.tar.gz
 
 Patch6000:      backport-CVE-2021-28957.patch
 
@@ -51,7 +51,10 @@ export WITH_CYTHON=true
 %files help
 %doc README.rst src/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/readme.txt
 
-%changelog 
+%changelog
+* Sat Dec 25 2021 liudabo<liudabo1@huawei.com> - 4.7.1-1
+- upgrade version to 4.7.1
+
 * Wed Apr 14 2021 shixuantong<shixuantong@huawei.com> - 4.6.2-2
 - fix CVE-2021-28957