diff --git a/CVE-2019-20372.patch b/CVE-2019-20372.patch
deleted file mode 100644
index ae85e3e33fe4d2c806f8838c5e45b7c8249d0e21..0000000000000000000000000000000000000000
--- a/CVE-2019-20372.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From c1be55f97211d38b69ac0c2027e6812ab8b1b94e Mon Sep 17 00:00:00 2001
-From: Ruslan Ermilov <ru@nginx.com>
-Date: Mon, 23 Dec 2019 15:45:46 +0300
-Subject: [PATCH] Discard request body when redirecting to a URL via
- error_page.
-
-Reported by Bert JW Regeer and Francisco Oca Gonzalez.
----
- src/http/ngx_http_special_response.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/src/http/ngx_http_special_response.c b/src/http/ngx_http_special_response.c
-index 4ffb2cc8ad..76e6705889 100644
---- a/src/http/ngx_http_special_response.c
-+++ b/src/http/ngx_http_special_response.c
-@@ -606,6 +606,12 @@ ngx_http_send_error_page(ngx_http_request_t *r, ngx_http_err_page_t *err_page)
-         return ngx_http_named_location(r, &uri);
-     }
- 
-+    r->expect_tested = 1;
-+
-+    if (ngx_http_discard_request_body(r) != NGX_OK) {
-+        r->keepalive = 0;
-+    }
-+
-     location = ngx_list_push(&r->headers_out.headers);
- 
-     if (location == NULL) {
diff --git a/CVE-2021-23017.patch b/CVE-2021-23017.patch
deleted file mode 100644
index b226f2d734363c40d625a16aee453b6e08aeb7b6..0000000000000000000000000000000000000000
--- a/CVE-2021-23017.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 7199ebc203f74fd9e44595474de6bdc41740c5cf Mon Sep 17 00:00:00 2001
-From: Maxim Dounin <mdounin@mdounin.ru>
-Date: Tue, 25 May 2021 15:17:36 +0300
-Subject: [PATCH] Resolver: fixed off-by-one write in ngx_resolver_copy().
-
-Reported by Luis Merino, Markus Vervier, Eric Sesterhenn, X41 D-Sec GmbH.
----
- src/core/ngx_resolver.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
-index 7939070102..63b26193df 100644
---- a/src/core/ngx_resolver.c
-+++ b/src/core/ngx_resolver.c
-@@ -4008,15 +4008,15 @@ ngx_resolver_copy(ngx_resolver_t *r, ngx_str_t *name, u_char *buf, u_char *src,
-             n = *src++;
- 
-         } else {
-+            if (dst != name->data) {
-+                *dst++ = '.';
-+            }
-+
-             ngx_strlow(dst, src, n);
-             dst += n;
-             src += n;
- 
-             n = *src++;
--
--            if (n != 0) {
--                *dst++ = '.';
--            }
-         }
- 
-         if (n == 0) {
diff --git a/nginx-1.16.1.tar.gz b/nginx-1.16.1.tar.gz
deleted file mode 100644
index d172fc5bfac01c198d0ce22e877f25234f8b63ea..0000000000000000000000000000000000000000
Binary files a/nginx-1.16.1.tar.gz and /dev/null differ
diff --git a/nginx-1.21.5.tar.gz b/nginx-1.21.5.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..207d55ca58ce3176bf02c79d043b5b32dd2a5ac1
Binary files /dev/null and b/nginx-1.21.5.tar.gz differ
diff --git a/nginx.conf b/nginx.conf
index 3c5c787a780d4f3a6aca7058e6c057b6105369d4..f85920a863387006605204bf4676c32a7a1464ec 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -25,7 +25,7 @@ http {
     tcp_nopush          on;
     tcp_nodelay         on;
     keepalive_timeout   65;
-    types_hash_max_size 2048;
+    types_hash_max_size 4096;
 
     include             /etc/nginx/mime.types;
     default_type        application/octet-stream;
@@ -36,17 +36,14 @@ http {
     include /etc/nginx/conf.d/*.conf;
 
     server {
-        listen       80 default_server;
-        listen       [::]:80 default_server;
+        listen       80;
+        listen       [::]:80;
         server_name  _;
         root         /usr/share/nginx/html;
 
         # Load configuration files for the default server block.
         include /etc/nginx/default.d/*.conf;
 
-        location / {
-        }
-
         error_page 404 /404.html;
             location = /40x.html {
         }
@@ -59,8 +56,8 @@ http {
 # Settings for a TLS enabled server.
 #
 #    server {
-#        listen       443 ssl http2 default_server;
-#        listen       [::]:443 ssl http2 default_server;
+#        listen       443 ssl http2;
+#        listen       [::]:443 ssl http2;
 #        server_name  _;
 #        root         /usr/share/nginx/html;
 #
@@ -74,9 +71,6 @@ http {
 #        # Load configuration files for the default server block.
 #        include /etc/nginx/default.d/*.conf;
 #
-#        location / {
-#        }
-#
 #        error_page 404 /404.html;
 #            location = /40x.html {
 #        }
diff --git a/nginx.spec b/nginx.spec
index e87ca0a8ba399bfc2f18b0397278147d742a0ac3..2feccaa0f2c159bf9fc099ce85c2f5a4aed77d2f 100644
--- a/nginx.spec
+++ b/nginx.spec
@@ -13,8 +13,8 @@
 
 Name:              nginx
 Epoch:             1
-Version:           1.16.1
-Release:           11
+Version:           1.21.5
+Release:           1
 Summary:           A HTTP server, reverse proxy and mail proxy server
 License:           BSD
 URL:               http://nginx.org/
@@ -33,9 +33,7 @@ Source210:         UPGRADE-NOTES-1.6-to-1.10
 
 Patch0:            nginx-auto-cc-gcc.patch
 Patch2:            nginx-1.12.1-logs-perm.patch
-Patch3:		   CVE-2019-20372.patch
 Patch4:            nginx-fix-pidfile.patch
-Patch5:            CVE-2021-23017.patch
 
 BuildRequires:     gcc openssl-devel pcre-devel zlib-devel systemd gperftools-devel
 Requires:          nginx-filesystem = %{epoch}:%{version}-%{release} openssl pcre
@@ -349,6 +347,10 @@ fi
 %{_mandir}/man8/nginx.8*
 
 %changelog
+* Sun Apr 24 2022 houyingchao <houyingchao@h-partners.com> - 1:1.21.5-1
+- Upgrade to 1.21.5
+- Fix CVE-2021-3618
+
 * Tue Jun 22 2021 lingsheng <lingsheng@huawei.com> - 1:1.16.1-11
 - Fix file conflict in nginx upgrade