diff --git a/python-kdcproxy.spec b/python-kdcproxy.spec
index 7b50a1900409f64cb067d89519fbe937030418b1..417e4c11fec33f73b1dbb7a2b6bc021af651c859 100644
--- a/python-kdcproxy.spec
+++ b/python-kdcproxy.spec
@@ -1,8 +1,8 @@
-%define anolis_release 3
+%define anolis_release		1
 %global realname kdcproxy
 
 Name:           python-%{realname}
-Version:        1.0.0
+Version: 1.4
 Release:        %{anolis_release}%{?dist}
 Summary:        MS-KKDCP (kerberos proxy) WSGI module
 
@@ -56,6 +56,13 @@ minimal configuration.
 %{python3_sitelib}/%{realname}-%{version}-*.egg-info
 
 %changelog
+* Mon Apr 05 2025 Upstream Bot - 1.4-1
+- Sync upstream changes from commit 1773f28eeea72ec6efcd433d3b66595c44d1253f
+- Fix SSRF vulnerability (CVE-2025-59088) by restricting DNS discovery to declared realms only
+- Add wildcard realm section support for hierarchical realm configurations
+- Introduce dns_realm_discovery option to restore legacy behavior (not recommended)
+- Log warning for non-standard KDC ports discovered via DNS
+
 * Tue Mar 26 2024 Zhao Hang <wb-zh951434@alibaba-inc.com> - 1.0.0-3
 - Rebuild with python3.11