diff --git a/0010-CVE-2022-22970.patch b/0010-CVE-2022-22970.patch
new file mode 100644
index 0000000000000000000000000000000000000000..1ec076c2938716ed728015ce4ba44e2db2edd7f1
--- /dev/null
+++ b/0010-CVE-2022-22970.patch
@@ -0,0 +1,58 @@
+diff --git a/pom.xml b/pom.xml
+index 5bdf7946f5..c6d4dcc9c7 100644
+--- a/pom.xml
++++ b/pom.xml
+@@ -206,7 +206,7 @@ flexible messaging model and an intuitive client API.</description>
+     <kotlin-stdlib.version>1.6.0</kotlin-stdlib.version>
+     <nsq-client.version>1.0</nsq-client.version>
+     <cron-utils.version>9.1.6</cron-utils.version>
+-    <spring-context.version>5.3.19</spring-context.version>
++    <spring.version>5.3.20</spring.version>
+     <apache-http-client.version>4.5.13</apache-http-client.version>
+     <jetcd.version>0.5.11</jetcd.version>
+     <snakeyaml.version>1.32</snakeyaml.version>
+diff --git a/pulsar-io/batch-data-generator/pom.xml b/pulsar-io/batch-data-generator/pom.xml
+index 8808917e5e..7611a27fe3 100644
+--- a/pulsar-io/batch-data-generator/pom.xml
++++ b/pulsar-io/batch-data-generator/pom.xml
+@@ -47,7 +47,7 @@
+         <dependency>
+             <groupId>org.springframework</groupId>
+             <artifactId>spring-context</artifactId>
+-            <version>${spring-context.version}</version>
++            <version>${spring.version}</version>
+         </dependency>
+ 
+         <dependency>
+diff --git a/pulsar-io/batch-discovery-triggerers/pom.xml b/pulsar-io/batch-discovery-triggerers/pom.xml
+index 66f7d4e17e..b8435ac1ac 100644
+--- a/pulsar-io/batch-discovery-triggerers/pom.xml
++++ b/pulsar-io/batch-discovery-triggerers/pom.xml
+@@ -47,7 +47,7 @@
+     <dependency>
+       <groupId>org.springframework</groupId>
+       <artifactId>spring-context</artifactId>
+-      <version>${spring-context.version}</version>
++      <version>${spring.version}</version>
+     </dependency>
+ 
+   </dependencies>
+diff --git a/pulsar-io/canal/pom.xml b/pulsar-io/canal/pom.xml
+index eef6d346e6..3519ab0f1c 100644
+--- a/pulsar-io/canal/pom.xml
++++ b/pulsar-io/canal/pom.xml
+@@ -33,7 +33,6 @@
+     <name>Pulsar IO :: Canal</name>
+ 
+     <properties>
+-        <spring.version>5.3.19</spring.version>
+         <canal.version>1.1.5</canal.version>
+     </properties>
+ 
+@@ -121,4 +120,4 @@
+     </build>
+ 
+ 
+-</project>
+\ No newline at end of file
++</project>
diff --git a/pulsar.spec b/pulsar.spec
index ccd1b220e3e272a677f39cae0c4bac99332cf0b1..04b978770f5c755e44ffaeac856ffe7fb0a46d77 100644
--- a/pulsar.spec
+++ b/pulsar.spec
@@ -1,6 +1,6 @@
 %define debug_package %{nil}
 %define pulsar_ver 2.10.4
-%define pkg_ver 9
+%define pkg_ver 10
 %define _prefix /opt/pulsar
 Summary: Cloud-Native, Distributed Messaging and Streaming
 Name: pulsar
@@ -19,6 +19,7 @@ Patch0006: 0006-fix-memory-leak.patch
 Patch0007: 0007-CVE-2022-1471.patch
 Patch0008: 0008-CVE-2023-26048.patch
 Patch0009: 0009-CVE-2022-24329.patch
+Patch0010: 0010-CVE-2022-22970.patch
 BuildRoot: /root/rpmbuild/BUILDROOT/
 BuildRequires: java-1.8.0-openjdk-devel,maven,systemd
 Requires: java-1.8.0-openjdk,systemd
@@ -40,6 +41,7 @@ Pulsar is a distributed pub-sub messaging platform with a very flexible messagin
 %patch0007 -p1
 %patch0008 -p1
 %patch0009 -p1
+%patch0010 -p1
 
 %build
 mvn clean install -Pcore-modules,-main -DskipTests
@@ -65,6 +67,8 @@ getent passwd pulsar >/dev/null || useradd -r -g pulsar -d / -s /sbin/nologin pu
 exit 0
 
 %changelog
+* Wed Dec 6 2023 Dapeng Sun <sundapeng@cmss.chinamobile.com> - 2.10.4-10
+- resolve cve-2022-22970
 * Mon Dec 5 2023 Dapeng Sun <sundapeng@cmss.chinamobile.com> - 2.10.4-9
 - resolve cve-2022-24329
 * Mon Dec 4 2023 Dapeng Sun <sundapeng@cmss.chinamobile.com> - 2.10.4-8