diff --git a/backport-CVE-2022-44571.patch b/backport-CVE-2022-44571.patch
new file mode 100644
index 0000000000000000000000000000000000000000..e44d4403e841e11165d04e94478e500b78f6f574
--- /dev/null
+++ b/backport-CVE-2022-44571.patch
@@ -0,0 +1,25 @@
+From ee25ab9a7ee981d7578f559701085b0cf39bde77 Mon Sep 17 00:00:00 2001
+From: Aaron Patterson <tenderlove@ruby-lang.org>
+Date: Tue, 17 Jan 2023 12:24:29 -0800
+Subject: [PATCH] Fix ReDoS vulnerability in multipart parser
+
+---
+ lib/rack/multipart.rb | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/rack/multipart.rb b/lib/rack/multipart.rb
+index 10f8e5f..8a04274 100644
+--- a/lib/rack/multipart.rb
++++ b/lib/rack/multipart.rb
+@@ -18,7 +18,7 @@ module Rack
+     VALUE = /"(?:\\"|[^"])*"|#{TOKEN}/
+     BROKEN = /^#{CONDISP}.*;\s*filename=(#{VALUE})/i
+     MULTIPART_CONTENT_TYPE = /Content-Type: (.*)#{EOL}/ni
+-    MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:.*;\s*name=(#{VALUE})/ni
++    MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:[^:]*;\s*name=(#{VALUE})/ni
+     MULTIPART_CONTENT_ID = /Content-ID:\s*([^#{EOL}]*)/ni
+     # Updated definitions from RFC 2231
+     ATTRIBUTE_CHAR = %r{[^ \x00-\x1f\x7f)(><@,;:\\"/\[\]?='*%]}
+-- 
+2.30.0.windows.2
+
diff --git a/rubygem-rack.spec b/rubygem-rack.spec
index db01685d1d81bc24693a3ffd10d873a5648f7f32..be2310906984bd3ba1b5f9037e41c1b1da73caa9 100644
--- a/rubygem-rack.spec
+++ b/rubygem-rack.spec
@@ -3,7 +3,7 @@
 Name:    rubygem-%{gem_name}
 Version: 2.2.3.1
 Epoch:   1
-Release: 3
+Release: 4
 Summary: A modular Ruby webserver interface
 License: MIT and BSD
 URL:     https://rack.github.io/
@@ -11,6 +11,7 @@ Source0: https://rubygems.org/downloads/%{gem_name}-%{version}.gem
 
 Patch6000: backport-CVE-2022-44570.patch
 Patch6001: backport-CVE-2022-44572.patch
+Patch6002: backport-CVE-2022-44571.patch
 
 BuildRequires: ruby(release) rubygems-devel ruby >= 2.2.2 memcached
 BuildArch: noarch
@@ -39,6 +40,7 @@ Documentation for %{name}.
 %setup -q -n %{gem_name}-%{version}
 %patch6000 -p1
 %patch6001 -p1
+%patch6002 -p1
 
 %build
 gem build ../%{gem_name}-%{version}.gemspec
@@ -96,6 +98,9 @@ popd
 %doc %{gem_instdir}/contrib
 
 %changelog
+* Mon Dec 25 2023 wangweichao <wangweichao@xfusion.com> - 1:2.2.3.1-4
+- fix CVE-2022-44571
+
 * Sun Dec 24 2023 mengwenhua <mengwenhua@xfusion.com> - 1:2.2.3.1-3
 - fix CVE-2022-44572