diff --git a/CVE-2022-34169.patch b/CVE-2022-34169.patch
deleted file mode 100644
index 4f01d785ea816a52e8b0c8ea91ac13a9da61465c..0000000000000000000000000000000000000000
--- a/CVE-2022-34169.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From 13bf52c8d876528a43be7cb77a1f452d29a21492 Mon Sep 17 00:00:00 2001
-From: Aleksei Voitylov <avoitylov@openjdk.org>
-Date: Mon, 30 May 2022 12:26:00 +0000
-Subject: [PATCH] 8285407: Improve Xalan supports
-
-Refer: https://github.com/openjdk/jdk11u/commit/13bf52c8d876528a43be7cb77a1f452d29a21492
----
- .../java/org/apache/bcel/classfile/ConstantPool.java | 12 ++++++++++--
- .../org/apache/bcel/generic/ConstantPoolGen.java     | 12 +++++++++++-
- 2 files changed, 21 insertions(+), 3 deletions(-)
-
-diff --git a/src/main/java/org/apache/bcel/classfile/ConstantPool.java b/src/main/java/org/apache/bcel/classfile/ConstantPool.java
-index c2926c0..cb38cbc 100644
---- a/src/main/java/org/apache/bcel/classfile/ConstantPool.java
-+++ b/src/main/java/org/apache/bcel/classfile/ConstantPool.java
-@@ -22,6 +22,7 @@ import java.io.DataOutputStream;
- import java.io.IOException;
- 
- import org.apache.bcel.Const;
-+import org.apache.bcel.generic.ConstantPoolGen;
- 
- /**
-  * This class represents the constant pool, i.e., a table of constants, of
-@@ -218,8 +219,15 @@ public class ConstantPool implements Cloneable, Node {
-      * @throws IOException
-      */
-     public void dump( final DataOutputStream file ) throws IOException {
--        file.writeShort(constantPool.length);
--        for (int i = 1; i < constantPool.length; i++) {
-+	/*
-+	 * Constants over the size of the constant pool shall not be written out.
-+	 * This is a redundant measure as the ConstantPoolGen should have already
-+	 * reported an error back in the situation.
-+	 */
-+        int size = constantPool.length < ConstantPoolGen.CONSTANT_POOL_SIZE - 1 ?
-+                    constantPool.length : ConstantPoolGen.CONSTANT_POOL_SIZE - 1;
-+        file.writeShort(size);
-+        for (int i = 1; i < size; i++) {
-             if (constantPool[i] != null) {
-                 constantPool[i].dump(file);
-             }
-diff --git a/src/main/java/org/apache/bcel/generic/ConstantPoolGen.java b/src/main/java/org/apache/bcel/generic/ConstantPoolGen.java
-index 5a09e0d..6f3d508 100644
---- a/src/main/java/org/apache/bcel/generic/ConstantPoolGen.java
-+++ b/src/main/java/org/apache/bcel/generic/ConstantPoolGen.java
-@@ -52,6 +52,7 @@ import org.apache.bcel.classfile.ConstantUtf8;
- public class ConstantPoolGen {
- 
-     private static final int DEFAULT_BUFFER_SIZE = 256;
-+    public static final int CONSTANT_POOL_SIZE = 65536;
- 
-     /**
-      * @deprecated (since 6.0) will be made private; do not access directly, use getter/setter
-@@ -95,7 +96,7 @@ public class ConstantPoolGen {
-     public ConstantPoolGen(final Constant[] cs) {
-         final StringBuilder sb = new StringBuilder(DEFAULT_BUFFER_SIZE);
- 
--        size = Math.max(DEFAULT_BUFFER_SIZE, cs.length + 64);
-+        size      = Math.min(cs.length, CONSTANT_POOL_SIZE);
-         constants = new Constant[size];
- 
-         System.arraycopy(cs, 0, constants, 0, cs.length);
-@@ -224,9 +225,18 @@ public class ConstantPoolGen {
-     /** Resize internal array of constants.
-      */
-     protected void adjustSize() {
-+        // 3 extra spaces are needed as some entries may take 3 slots
-+        if (index + 3 >= CONSTANT_POOL_SIZE) {
-+            throw new RuntimeException("The number of constants " + (index + 3)
-+                  + " is over the size of the constant pool: "
-+		  + (CONSTANT_POOL_SIZE - 1));
-+	}
-+
-         if (index + 3 >= size) {
-             final Constant[] cs = constants;
-             size *= 2;
-+            // the constant array shall not exceed the size of the constant pool
-+            size       = Math.min(size, CONSTANT_POOL_SIZE);
-             constants = new Constant[size];
-             System.arraycopy(cs, 0, constants, 0, index);
-         }
--- 
-2.27.0
-
diff --git a/bcel-6.5.0-src.tar.gz b/bcel-6.5.0-src.tar.gz
deleted file mode 100644
index dcc2f01fa6eb65be3f0fa0787a63167d4bb32740..0000000000000000000000000000000000000000
Binary files a/bcel-6.5.0-src.tar.gz and /dev/null differ
diff --git a/bcel-6.7.0-src.tar.gz b/bcel-6.7.0-src.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..3205d859f839618eaeb22f44798d7d74523ee366
Binary files /dev/null and b/bcel-6.7.0-src.tar.gz differ
diff --git a/bcel.spec b/bcel.spec
index 00c14c2045286069332188c6cdaede3141378604..ae302825e69b48e80ef6663a6cc86bc396b8e211 100644
--- a/bcel.spec
+++ b/bcel.spec
@@ -1,13 +1,13 @@
 Name:           bcel
-Version:        6.5.0
-Release:        2
+Version:        6.7.0
+Release:        1
 Summary:        Byte Code Engineering Library
 License:        Apache-2.0
 URL:            http://commons.apache.org/proper/commons-bcel/
 Source0:        http://archive.apache.org/dist/commons/bcel/source/bcel-%{version}-src.tar.gz
-Patch0:         CVE-2022-34169.patch
 BuildArch:      noarch
 BuildRequires:  maven-local mvn(org.apache.commons:commons-parent:pom:)
+BuildRequires:  mvn(org.apache.commons:commons-lang3)
 Obsoletes:      bcel-javadoc < %{version}-%{release}
 Provides:       bcel-javadoc = %{version}-%{release}
 
@@ -20,6 +20,7 @@ Java class files (those ending with .class).
 %autosetup -n %{name}-%{version}-src -p1
 %pom_remove_plugin :maven-source-plugin
 %pom_remove_plugin :spotbugs-maven-plugin
+%pom_remove_plugin :jacoco-maven-plugin
 %mvn_alias : bcel: apache:
 %mvn_file : %{name}
 
@@ -38,6 +39,9 @@ Java class files (those ending with .class).
 %{_javadocdir}/%{name}
 
 %changelog
+* Tue Aug 22 2023 yaoxin <yao_xin001@hoperun.com> - 6.7.0-1
+- Update to 6.7.0
+
 * Thu Sep 22 2022 wangkai <wangkai385@h-partners.com> - 6.5.0-2
 - Fix CVE-2022-34169 for xalan-j2