diff --git a/CVE-2023-24998.patch b/CVE-2023-24998.patch
deleted file mode 100644
index 05f05dcb3c3499b48167c9fdc3f834fd0ab5070c..0000000000000000000000000000000000000000
--- a/CVE-2023-24998.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-Description: CVE-2023-24998
- Apache Commons FileUpload before 1.5 does not limit the number of
- request parts to be processed resulting in the possibility of an
- attacker triggering a DoS with a malicious upload or series of uploads.
-Origin: https://github.com/apache/commons-fileupload/commit/e20c04990f7420ca917e96a84cec58b13a1b3d17
-Author: Mark Thomas <markt@apache.org>
-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031733
-Forwarded: not-needed
-
---- /dev/null
-+++ b/src/main/java/org/apache/commons/fileupload/FileCountLimitExceededException.java
-@@ -0,0 +1,51 @@
-+/*
-+ * Licensed to the Apache Software Foundation (ASF) under one or more
-+ * contributor license agreements.  See the NOTICE file distributed with
-+ * this work for additional information regarding copyright ownership.
-+ * The ASF licenses this file to You under the Apache License, Version 2.0
-+ * (the "License"); you may not use this file except in compliance with
-+ * the License.  You may obtain a copy of the License at
-+ *
-+ *      http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing, software
-+ * distributed under the License is distributed on an "AS IS" BASIS,
-+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+ * See the License for the specific language governing permissions and
-+ * limitations under the License.
-+ */
-+package org.apache.commons.fileupload;
-+
-+/**
-+ * This exception is thrown if a request contains more files than the specified
-+ * limit.
-+ */
-+public class FileCountLimitExceededException extends FileUploadException {
-+
-+    private static final long serialVersionUID = 6904179610227521789L;
-+
-+	/**
-+     * The limit that was exceeded.
-+     */
-+    private final long limit;
-+
-+    /**
-+     * Creates a new instance.
-+     *
-+     * @param message The detail message
-+     * @param limit The limit that was exceeded
-+     */
-+    public FileCountLimitExceededException(final String message, final long limit) {
-+        super(message);
-+        this.limit = limit;
-+    }
-+
-+    /**
-+     * Retrieves the limit that was exceeded.
-+     *
-+     * @return The limit that was exceeded by the request
-+     */
-+    public long getLimit() {
-+        return limit;
-+    }
-+}
---- a/src/main/java/org/apache/commons/fileupload/FileUploadBase.java
-+++ b/src/main/java/org/apache/commons/fileupload/FileUploadBase.java
-@@ -166,6 +166,12 @@
-     private long fileSizeMax = -1;
- 
-     /**
-+     * The maximum permitted number of files that may be uploaded in a single
-+     * request. A value of -1 indicates no maximum.
-+     */
-+    private long fileCountMax = -1;
-+
-+    /**
-      * The content encoding to use when reading part headers.
-      */
-     private String headerEncoding;
-@@ -242,6 +248,25 @@
-     }
- 
-     /**
-+     * Returns the maximum number of files allowed in a single request.
-+     *
-+     * @return The maximum number of files allowed in a single request.
-+     */
-+    public long getFileCountMax() {
-+        return fileCountMax;
-+    }
-+
-+    /**
-+     * Sets the maximum number of files allowed per request.
-+     *
-+     * @param fileCountMax The new limit. {@code -1} means no limit.
-+     */
-+    public void setFileCountMax(final long fileCountMax) {
-+        this.fileCountMax = fileCountMax;
-+    }
-+
-+
-+    /**
-      * Retrieves the character encoding used when reading the headers of an
-      * individual part. When not specified, or <code>null</code>, the request
-      * encoding is used. If that is also not specified, or <code>null</code>,
-@@ -336,7 +361,11 @@
-                 throw new NullPointerException("No FileItemFactory has been set.");
-             }
-             while (iter.hasNext()) {
--                final FileItemStream item = iter.next();
-+                if (items.size() == fileCountMax) {
-+                    // The next item will exceed the limit.
-+                    throw new FileCountLimitExceededException(ATTACHMENT, getFileCountMax());
-+                }
-+            	final FileItemStream item = iter.next();
-                 // Don't use getName() here to prevent an InvalidFileNameException.
-                 final String fileName = ((FileItemIteratorImpl.FileItemStreamImpl) item).name;
-                 FileItem fileItem = fac.createItem(item.getFieldName(), item.getContentType(),
diff --git a/apache-commons-fileupload.spec b/apache-commons-fileupload.spec
index 508bab8478deea24883d4e7d5c1351e65d7318a2..9303ca4f778487d58ed682f46779498c552e3442 100644
--- a/apache-commons-fileupload.spec
+++ b/apache-commons-fileupload.spec
@@ -1,14 +1,13 @@
 %bcond_without  portlet
 Name:                apache-commons-fileupload
-Version:             1.4
-Release:             2
+Version:             1.5
+Release:             1
 Summary:             API to work with HTML file upload
 License:             ASL 2.0
 URL:                 http://commons.apache.org/fileupload/
 BuildArch:           noarch
 Source0:             http://archive.apache.org/dist/commons/fileupload/source/commons-fileupload-%{version}-src.tar.gz
 
-Patch0:	   	     CVE-2023-24998.patch
 BuildRequires:       maven-local mvn(commons-io:commons-io) mvn(javax.servlet:servlet-api)
 BuildRequires:       mvn(junit:junit) mvn(org.apache.commons:commons-parent:pom:)
 %if %{with portlet}
@@ -31,7 +30,6 @@ This package contains the API documentation for %{name}.
 
 %prep
 %setup -q -n commons-fileupload-%{version}-src
-%patch0 -p1
 sed -i 's/\r//' LICENSE.txt
 sed -i 's/\r//' NOTICE.txt
 %if %{with portlet}
@@ -42,6 +40,7 @@ sed -i "s|<groupId>portlet-api</groupId>|<groupId>javax.portlet</groupId>|" pom.
 %pom_xpath_remove pom:properties/pom:commons.osgi.dynamicImport
 rm -r src/main/java/org/apache/commons/fileupload/portlet
 %endif
+%pom_remove_plugin org.apache.maven.plugins:maven-checkstyle-plugin
 %mvn_file ":{*}" @1 %{name}
 %mvn_alias : org.apache.commons:
 
@@ -58,6 +57,9 @@ rm -r src/main/java/org/apache/commons/fileupload/portlet
 %license LICENSE.txt NOTICE.txt
 
 %changelog
+* Tue Apr 16 2024 Ge Wang <wang__ge@126.com> - 1.5-1
+- Update to version 1.5
+
 * Mon Mar 06 2023 liyuxiang<liyuxiang@ncti-gba.cn> - 1.4-2
 - fix CVE-2023-24998
 
diff --git a/commons-fileupload-1.4-src.tar.gz b/commons-fileupload-1.4-src.tar.gz
deleted file mode 100644
index 980c45a77c0572c40da62503b85a5178bbac67f7..0000000000000000000000000000000000000000
Binary files a/commons-fileupload-1.4-src.tar.gz and /dev/null differ
diff --git a/commons-fileupload-1.5-src.tar.gz b/commons-fileupload-1.5-src.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..dc4d35a84b89c8e7c445815e55f5c4241a2431bf
Binary files /dev/null and b/commons-fileupload-1.5-src.tar.gz differ