diff --git a/mod_auth_openidc-2.4.15.3.tar.gz b/mod_auth_openidc-2.4.15.3.tar.gz
deleted file mode 100644
index 2126c4863b8d66a115b249f101829d897ae46767..0000000000000000000000000000000000000000
Binary files a/mod_auth_openidc-2.4.15.3.tar.gz and /dev/null differ
diff --git a/mod_auth_openidc-2.4.16.5.tar.gz b/mod_auth_openidc-2.4.16.5.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..83a4b1f8bc5f1e37fa9b9b3ab7f2485632c4195a
Binary files /dev/null and b/mod_auth_openidc-2.4.16.5.tar.gz differ
diff --git a/mod_auth_openidc.spec b/mod_auth_openidc.spec
index 147a2b0719fbf9089e89c4643a7c35ac73d9c51e..343c42e2ed9779eaee826117cbf9500d44d108fa 100644
--- a/mod_auth_openidc.spec
+++ b/mod_auth_openidc.spec
@@ -6,7 +6,7 @@
 %global httpd_pkg_cache_dir /var/cache/httpd/mod_auth_openidc
 
 Name:           mod_auth_openidc
-Version:        2.4.15.3
+Version:        2.4.16.5
 Release:        1
 Summary:        OpenID Connect Relying Party module for Apache 2.x HTTP Server
 License:        ASL 2.0
@@ -60,6 +60,13 @@ install -m 700 -d $RPM_BUILD_ROOT%{httpd_pkg_cache_dir}/{metadata,cache}
 %dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/{metadata,cache}
 
 %changelog
+* Mon Nov 11 2024 zhangxianjun <zhangxianjun@kylinos.cn> -2.4.16.5-1
+- Upgrade to 2.4.16.5 
+- correct usage of free() for json_dumps return values instead of cjose_get_dealloc()()
+- use compact encoding and preserve order where appropriate for most calls to json_dumps
+- replace json_dumps/free combos with oidc_util_encode_json
+- refactor oidc_jwk_to_json
+
 * Sat Feb 17 2024 yaoxin <yao_xin001@hoperun.com> - 2.4.15.3-1
 - Upgrade to 2.4.15.3 for fix CVE-2024-24814