diff --git a/mod_auth_openidc-2.4.15.3.tar.gz b/mod_auth_openidc-2.4.15.3.tar.gz
deleted file mode 100644
index 2126c4863b8d66a115b249f101829d897ae46767..0000000000000000000000000000000000000000
Binary files a/mod_auth_openidc-2.4.15.3.tar.gz and /dev/null differ
diff --git a/mod_auth_openidc-2.4.16.11.tar.gz b/mod_auth_openidc-2.4.16.11.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..8c2496491d992515b463e9dbbf310762d47d3f90
Binary files /dev/null and b/mod_auth_openidc-2.4.16.11.tar.gz differ
diff --git a/mod_auth_openidc.spec b/mod_auth_openidc.spec
index 147a2b0719fbf9089e89c4643a7c35ac73d9c51e..ec0983bff2888750e2edea40504314d7ac874bcd 100644
--- a/mod_auth_openidc.spec
+++ b/mod_auth_openidc.spec
@@ -6,10 +6,10 @@
 %global httpd_pkg_cache_dir /var/cache/httpd/mod_auth_openidc
 
 Name:           mod_auth_openidc
-Version:        2.4.15.3
+Version:        2.4.16.11
 Release:        1
 Summary:        OpenID Connect Relying Party module for Apache 2.x HTTP Server
-License:        ASL 2.0
+License:        Apache-2.0
 URL:            https://github.com/OpenIDC/mod_auth_openidc
 Source0:        %{url}/releases/download/v%{version}/%{name}-%{version}.tar.gz
 
@@ -60,6 +60,21 @@ install -m 700 -d $RPM_BUILD_ROOT%{httpd_pkg_cache_dir}/{metadata,cache}
 %dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/{metadata,cache}
 
 %changelog
+* Wed Apr 09 2025 yaoxin <1024769339@qq.com> - 2.4.16.11-1
+- Update to 2.4.16.11 for fix CVE-2025-31492
+
+* Mon Jan 13 2025 yaoxin <1024769339@qq.com> - 2.4.16.6-1
+- Update to 2.4.16.6:
+  * metadata: fix caching of JWKs from jwks_uri when using the default expiry setting
+  * info: fix requests to the info hook with extend_session=false
+  * cookie: OIDCCookieSameSite default behaviour Lax
+  * cookie: apply OIDCCookieSameSite Off/None properly to state cookies instead of always setting Lax
+  * cache: avoid segfault and improve error reporting in case apr_temp_dir_get fails when a temp directory
+    cannot be found on the system upon initaliizing cache mutexes and the file cache
+  * metadata: allow plain HTTP URLs in metadata elements jwks_uri and signed_jwks_uri to ensure backwards
+    compatibility with <=2.4.15.7 and to support private/test deployments
+  * code: address warnings from static code analysis tool CodeChecker
+
 * Sat Feb 17 2024 yaoxin <yao_xin001@hoperun.com> - 2.4.15.3-1
 - Upgrade to 2.4.15.3 for fix CVE-2024-24814