diff --git a/10-bugfix-for-CVE-2025-27219.patch b/10-bugfix-for-CVE-2025-27219.patch
deleted file mode 100644
index 733bc241e1f0648de9de73307ebdd26e5b2b089f..0000000000000000000000000000000000000000
--- a/10-bugfix-for-CVE-2025-27219.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From fd8162a42ff3e4004b940030cfe34ce7a44a7e23 Mon Sep 17 00:00:00 2001
-From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
-Date: Fri, 21 Feb 2025 16:01:17 +0900
-Subject: [PATCH] Use String#concat instead of String#+ for reducing cpu usage
-
-Co-authored-by: "Yusuke Endoh" <mame@ruby-lang.org>
----
- lib/cgi/cookie.rb | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb
-index 1a9c1a82c1..7b8e761a94 100644
---- a/lib/cgi/cookie.rb
-+++ b/lib/cgi/cookie.rb
-@@ -190,9 +190,10 @@ def self.parse(raw_cookie)
-         values ||= ""
-         values = values.split('&').collect{|v| CGI.unescape(v,@@accept_charset) }
-         if cookies.has_key?(name)
--          values = cookies[name].value + values
-+          cookies[name].concat(values)
-+        else
-+          cookies[name] = Cookie.new(name, *values)
-         end
--        cookies[name] = Cookie.new(name, *values)
-       end
- 
-       cookies
diff --git a/8-bugfix-for-CVE-2025-27221.patch b/8-bugfix-for-CVE-2025-27221.patch
deleted file mode 100644
index d1c20a28b25fc026e86b7ca76c86a4a3e4b17854..0000000000000000000000000000000000000000
--- a/8-bugfix-for-CVE-2025-27221.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 4263c0d15a582b46d75aac57cd26a47d33941a53 Mon Sep 17 00:00:00 2001
-From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
-Date: Fri, 21 Feb 2025 16:29:36 +0900
-Subject: [PATCH] Truncate userinfo with URI#join, URI#merge and URI#+
-
----
- lib/uri/generic.rb       |  6 +++++-
- test/uri/test_generic.rb | 11 +++++++++++
- 2 files changed, 16 insertions(+), 1 deletion(-)
-
-diff --git a/lib/uri/generic.rb b/lib/uri/generic.rb
-index 69698c4..7d0b889 100644
---- a/lib/uri/generic.rb
-+++ b/lib/uri/generic.rb
-@@ -1141,7 +1141,11 @@ module URI
-       end
- 
-       # RFC2396, Section 5.2, 7)
--      base.set_userinfo(rel.userinfo) if rel.userinfo
-+      if rel.userinfo
-+        base.set_userinfo(rel.userinfo)
-+      else
-+        base.set_userinfo(nil)
-+      end
-       base.set_host(rel.host)         if rel.host
-       base.set_port(rel.port)         if rel.port
-       base.query = rel.query       if rel.query
-diff --git a/test/uri/test_generic.rb b/test/uri/test_generic.rb
-index 3897c3d..30f9cbf 100644
---- a/test/uri/test_generic.rb
-+++ b/test/uri/test_generic.rb
-@@ -164,6 +164,17 @@ class URI::TestGeneric < Test::Unit::TestCase
-     # must be empty string to identify as path-abempty, not path-absolute
-     assert_equal('', url.host)
-     assert_equal('http:////example.com', url.to_s)
-+
-+    # sec-2957667
-+    url = URI.parse('http://user:pass@example.com').merge('//example.net')
-+    assert_equal('http://example.net', url.to_s)
-+    assert_nil(url.userinfo)
-+    url = URI.join('http://user:pass@example.com', '//example.net')
-+    assert_equal('http://example.net', url.to_s)
-+    assert_nil(url.userinfo)
-+    url = URI.parse('http://user:pass@example.com') + '//example.net'
-+    assert_equal('http://example.net', url.to_s)
-+    assert_nil(url.userinfo)
-   end
- 
-   def test_parse_scheme_with_symbols
--- 
-2.33.0
-
-
diff --git a/9-bugfix-for-CVE-2025-27221.patch b/9-bugfix-for-CVE-2025-27221.patch
deleted file mode 100644
index 84996c8f5ecbe9858b288f482edb7a4d4a2b08e1..0000000000000000000000000000000000000000
--- a/9-bugfix-for-CVE-2025-27221.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 58adef476ef4b5e6deefaf92e7594ab29396c624 Mon Sep 17 00:00:00 2001
-From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
-Date: Fri, 21 Feb 2025 18:16:28 +0900
-Subject: [PATCH] Fix merger of URI with authority component
-
-https://hackerone.com/reports/2957667
-
-Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
----
- lib/uri/generic.rb       | 19 +++++++------------
- test/uri/test_generic.rb |  7 +++++++
- 2 files changed, 14 insertions(+), 12 deletions(-)
-
-diff --git a/lib/uri/generic.rb b/lib/uri/generic.rb
-index 7d0b889..f7eed57 100644
---- a/lib/uri/generic.rb
-+++ b/lib/uri/generic.rb
-@@ -1133,21 +1133,16 @@ module URI
-       base.fragment=(nil)
- 
-       # RFC2396, Section 5.2, 4)
--      if !authority
--        base.set_path(merge_path(base.path, rel.path)) if base.path && rel.path
--      else
--        # RFC2396, Section 5.2, 4)
--        base.set_path(rel.path) if rel.path
-+      if authority
-+        base.set_userinfo(rel.userinfo)
-+        base.set_host(rel.host)
-+        base.set_port(rel.port || base.default_port)
-+        base.set_path(rel.path)
-+      elsif base.path && rel.path
-+        base.set_path(merge_path(base.path, rel.path))
-       end
- 
-       # RFC2396, Section 5.2, 7)
--      if rel.userinfo
--        base.set_userinfo(rel.userinfo)
--      else
--        base.set_userinfo(nil)
--      end
--      base.set_host(rel.host)         if rel.host
--      base.set_port(rel.port)         if rel.port
-       base.query = rel.query       if rel.query
-       base.fragment=(rel.fragment) if rel.fragment
- 
-diff --git a/test/uri/test_generic.rb b/test/uri/test_generic.rb
-index 30f9cbf..4b5e12c 100644
---- a/test/uri/test_generic.rb
-+++ b/test/uri/test_generic.rb
-@@ -267,6 +267,13 @@ class URI::TestGeneric < Test::Unit::TestCase
-     assert_equal(u0, u1)
-   end
- 
-+  def test_merge_authority
-+    u = URI.parse('http://user:pass@example.com:8080')
-+    u0 = URI.parse('http://new.example.org/path')
-+    u1 = u.merge('//new.example.org/path')
-+    assert_equal(u0, u1)
-+  end
-+
-   def test_route
-     url = URI.parse('http://hoge/a.html').route_to('http://hoge/b.html')
-     assert_equal('b.html', url.to_s)
--- 
-2.33.0
-
-
diff --git a/ruby-3.3.7.tar.xz b/ruby-3.3.8.tar.xz
similarity index 65%
rename from ruby-3.3.7.tar.xz
rename to ruby-3.3.8.tar.xz
index 89382185e1feffb7e231f2ac6bc8660c6291ca33..60aa1c17e323bdc067a7ce2b5ca5ce037dfba674 100644
Binary files a/ruby-3.3.7.tar.xz and b/ruby-3.3.8.tar.xz differ
diff --git a/ruby.spec b/ruby.spec
index 8c2fa53f50eea9d181b7668ccc09825c19b867dd..9d6b25a4c74cfc0584bf4d4246890329570b8df3 100644
--- a/ruby.spec
+++ b/ruby.spec
@@ -1,7 +1,7 @@
-%define anolis_release 4
+%define anolis_release 1
 %global major_version 3
 %global minor_version 3
-%global teeny_version 7
+%global teeny_version 8
 %global major_minor_version %{major_version}.%{minor_version}
 
 %global ruby_version %{major_minor_version}.%{teeny_version}
@@ -49,9 +49,9 @@
 %global rexml_version 3.3.9
 %global rss_version 0.3.1
 %global net_ftp_version 0.3.4
-%global net_imap_version 0.4.9.1
+%global net_imap_version 0.4.19
 %global net_pop_version 0.1.2
-%global net_smtp_version 0.4.0.1
+%global net_smtp_version 0.5.1
 %global matrix_version 0.4.2
 %global prime_version 0.1.2
 %global rbs_version 3.4.0
@@ -104,9 +104,6 @@ Patch4: %{name}-2.1.0-custom-rubygems-location.patch
 Patch5: %{name}-2.7.0-Initialize-ABRT-hook.patch
 Patch6: %{name}-3.1.0-Don-t-query-RubyVM-FrozenCore-for-class-path.patch
 Patch7: %{name}-2.7.1-Timeout-the-test_bug_reporter_add-witout-raising-err.patch
-Patch8: 8-bugfix-for-CVE-2025-27221.patch
-Patch9: 9-bugfix-for-CVE-2025-27221.patch
-Patch10: 10-bugfix-for-CVE-2025-27219.patch
 
 Suggests: rubypick
 Requires: %{name}-libs = %{version}-%{release}
@@ -942,7 +939,10 @@ rm -rf %{buildroot}%{gem_dir}/gems/rake-%{rake_version}/.github
 %dir %{gem_dir}/gems/net-imap-%{net_imap_version}
 %{gem_dir}/gems/net-imap-%{net_imap_version}/Gemfile
 %license %{gem_dir}/gems/net-imap-%{net_imap_version}/LICENSE.txt
+%license %{gem_dir}/gems/net-imap-%{net_imap_version}/COPYING
 %doc %{gem_dir}/gems/net-imap-%{net_imap_version}/README.md
+%doc %{gem_dir}/gems/net-imap-%{net_imap_version}/BSDL
+%doc %{gem_dir}/gems/net-imap-%{net_imap_version}/sample/net-imap.rb
 %{gem_dir}/gems/net-imap-%{net_imap_version}/Rakefile
 %{gem_dir}/gems/net-imap-%{net_imap_version}/lib
 %{gem_dir}/gems/net-imap-%{net_imap_version}/rakelib
@@ -982,7 +982,7 @@ rm -rf %{buildroot}%{gem_dir}/gems/rake-%{rake_version}/.github
 %{gem_dir}/specifications/default/abbrev-0.1.2.gemspec
 %{gem_dir}/specifications/default/base64-0.2.0.gemspec
 %{gem_dir}/specifications/default/benchmark-0.3.0.gemspec
-%{gem_dir}/specifications/default/cgi-0.4.1.gemspec
+%{gem_dir}/specifications/default/cgi-0.4.2.gemspec
 %{gem_dir}/specifications/default/csv-3.2.8.gemspec
 %{gem_dir}/specifications/default/date-3.3.4.gemspec
 %{gem_dir}/specifications/default/delegate-0.3.1.gemspec
@@ -1036,7 +1036,7 @@ rm -rf %{buildroot}%{gem_dir}/gems/rake-%{rake_version}/.github
 %{gem_dir}/specifications/default/tmpdir-0.2.0.gemspec
 %{gem_dir}/specifications/default/tsort-0.2.0.gemspec
 %{gem_dir}/specifications/default/un-0.3.0.gemspec
-%{gem_dir}/specifications/default/uri-0.13.1.gemspec
+%{gem_dir}/specifications/default/uri-0.13.2.gemspec
 %{gem_dir}/specifications/default/weakref-0.1.3.gemspec
 %{gem_dir}/specifications/default/yaml-0.3.0.gemspec
 %{gem_dir}/specifications/default/zlib-3.1.1.gemspec
@@ -1196,6 +1196,10 @@ rm -rf %{buildroot}%{gem_dir}/gems/rake-%{rake_version}/.github
 %{_datadir}/ri
 
 %changelog
+* Wed Jul 16 2025 wh02252983 <wh02252983@alibaba-inc.com> - 3.3.8-1
+- update to 3.3.8 to Fix CVE-2025-25186
+- The patch was removed because the new version already included the patch content
+
 * Wed Jul 09 2025 tomcruiseqi <tomcruiseqi@inspur.com> - 3.3.7-4
 - Fix CVE-2025-27219