diff --git a/0014-CVE-2023-32732.patch b/0014-CVE-2023-32732.patch
new file mode 100644
index 0000000000000000000000000000000000000000..3e50c7f0b25b9b43cae43719e21f09a75792cf30
--- /dev/null
+++ b/0014-CVE-2023-32732.patch
@@ -0,0 +1,126 @@
+diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt
+index 0c11baa362..82b3f0af59 100644
+--- a/distribution/server/src/assemble/LICENSE.bin.txt
++++ b/distribution/server/src/assemble/LICENSE.bin.txt
+@@ -322,7 +322,7 @@ The Apache Software License, Version 2.0
+ - com.fasterxml.jackson.module-jackson-module-jsonSchema-2.13.4.jar
+ * Caffeine -- com.github.ben-manes.caffeine-caffeine-2.9.1.jar
+ * Conscrypt -- org.conscrypt-conscrypt-openjdk-uber-2.5.2.jar
+- * Proto Google Common Protos -- com.google.api.grpc-proto-google-common-protos-2.0.1.jar
++ * Proto Google Common Protos -- com.google.api.grpc-proto-google-common-protos-2.9.0.jar
+ * Bitbucket -- org.bitbucket.b_c-jose4j-0.7.6.jar
+ * Gson
+ - com.google.code.gson-gson-2.8.9.jar
+@@ -468,24 +468,26 @@ The Apache Software License, Version 2.0
+ - org.jetbrains.kotlin-kotlin-stdlib-jdk8-1.6.0.jar
+ - org.jetbrains-annotations-13.0.jar
+ * gRPC
+- - io.grpc-grpc-all-1.45.1.jar
+- - io.grpc-grpc-auth-1.45.1.jar
+- - io.grpc-grpc-context-1.45.1.jar
+- - io.grpc-grpc-core-1.45.1.jar
+- - io.grpc-grpc-netty-1.45.1.jar
+- - io.grpc-grpc-protobuf-1.45.1.jar
+- - io.grpc-grpc-protobuf-lite-1.45.1.jar
+- - io.grpc-grpc-stub-1.45.1.jar
+- - io.grpc-grpc-alts-1.45.1.jar
+- - io.grpc-grpc-api-1.45.1.jar
+- - io.grpc-grpc-grpclb-1.45.1.jar
+- - io.grpc-grpc-netty-shaded-1.45.1.jar
+- - io.grpc-grpc-services-1.45.1.jar
+- - io.grpc-grpc-xds-1.45.1.jar
+- - io.grpc-grpc-rls-1.45.1.jar
++ - io.grpc-grpc-all-1.55.3.jar
++ - io.grpc-grpc-auth-1.55.3.jar
++ - io.grpc-grpc-context-1.55.3.jar
++ - io.grpc-grpc-core-1.55.3.jar
++ - io.grpc-grpc-netty-1.55.3.jar
++ - io.grpc-grpc-protobuf-1.55.3.jar
++ - io.grpc-grpc-protobuf-lite-1.55.3.jar
++ - io.grpc-grpc-stub-1.55.3.jar
++ - io.grpc-grpc-alts-1.55.3.jar
++ - io.grpc-grpc-api-1.55.3.jar
++ - io.grpc-grpc-grpclb-1.55.3.jar
++ - io.grpc-grpc-netty-shaded-1.55.3.jar
++ - io.grpc-grpc-services-1.55.3.jar
++ - io.grpc-grpc-xds-1.55.3.jar
++ - io.grpc-grpc-rls-1.55.3.jar
++ - io.grpc-grpc-servlet-1.55.3.jar
++ - io.grpc-grpc-servlet-jakarta-1.55.3.jar
+ - com.google.auto.service-auto-service-annotations-1.0.jar
+ * Perfmark
+- - io.perfmark-perfmark-api-0.19.0.jar
++ - io.perfmark-perfmark-api-0.26.0.jar
+ * OpenCensus
+ - io.opencensus-opencensus-api-0.28.0.jar
+ - io.opencensus-opencensus-contrib-http-util-0.28.0.jar
+@@ -535,7 +537,7 @@ The Apache Software License, Version 2.0
+ - com.google.http-client-google-http-client-gson-1.41.0.jar
+ - com.google.http-client-google-http-client-1.41.0.jar
+ - com.google.auto.value-auto-value-annotations-1.9.jar
+- - com.google.re2j-re2j-1.5.jar
++ - com.google.re2j-re2j-1.6.jar
+ * Jetcd
+ - io.etcd-jetcd-common-0.5.11.jar
+ - io.etcd-jetcd-core-0.5.11.jar
+diff --git a/pom.xml b/pom.xml
+index 272da71732..3ee138c11a 100644
+--- a/pom.xml
++++ b/pom.xml
+@@ -132,9 +132,9 @@ flexible messaging model and an intuitive client API.
+ 0.5.0
+ 3.19.6
+ ${protobuf3.version}
+- 1.45.1
++ 1.55.3
+ 1.41.0
+- 0.19.0
++ 0.26.0
+ ${grpc.version}
+ 2.8.9
+ 1.2.1
+diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE
+index 47e4fbcfa5..3a3da7a4ca 100644
+--- a/pulsar-sql/presto-distribution/LICENSE
++++ b/pulsar-sql/presto-distribution/LICENSE
+@@ -258,14 +258,14 @@ The Apache Software License, Version 2.0
+ - netty-transport-native-unix-common-4.1.93.Final-linux-x86_64.jar
+ - netty-codec-http2-4.1.87.Final.jar
+ * GRPC
+- - grpc-api-1.45.1.jar
+- - grpc-context-1.45.1.jar
+- - grpc-core-1.45.1.jar
+- - grpc-grpclb-1.45.1.jar
+- - grpc-netty-1.45.1.jar
+- - grpc-protobuf-1.45.1.jar
+- - grpc-protobuf-lite-1.45.1.jar
+- - grpc-stub-1.45.1.jar
++ - grpc-api-1.55.3.jar
++ - grpc-context-1.55.3.jar
++ - grpc-core-1.55.3.jar
++ - grpc-grpclb-1.55.3.jar
++ - grpc-netty-1.55.3.jar
++ - grpc-protobuf-1.55.3.jar
++ - grpc-protobuf-lite-1.55.3.jar
++ - grpc-stub-1.55.3.jar
+ * JEtcd
+ - jetcd-common-0.5.11.jar
+ - jetcd-core-0.5.11.jar
+@@ -477,7 +477,7 @@ The Apache Software License, Version 2.0
+ * Swagger
+ - swagger-annotations-1.6.10.jar
+ * Perfmark
+- - perfmark-api-0.19.0.jar
++ - perfmark-api-0.26.0.jar
+ * Annotations
+ - auto-service-annotations-1.0.jar
+
+@@ -485,7 +485,7 @@ Protocol Buffers License
+ * Protocol Buffers
+ - protobuf-java-3.19.6.jar
+ - protobuf-java-util-3.19.6.jar
+- - proto-google-common-protos-2.0.1.jar
++ - proto-google-common-protos-2.9.0.jar
+
+ BSD 3-clause "New" or "Revised" License
+ * RE2J TD -- re2j-td-1.4.jar
diff --git a/pulsar.spec b/pulsar.spec
index f15c6c515b89a62a3e65e26d1827d9181dd8a654..cfbcb463f26d750d4e0a72210b16e44acdf384ee 100644
--- a/pulsar.spec
+++ b/pulsar.spec
@@ -1,6 +1,6 @@
%define debug_package %{nil}
%define pulsar_ver 2.10.4
-%define pkg_ver 13
+%define pkg_ver 14
%define _prefix /opt/pulsar
Summary: Cloud-Native, Distributed Messaging and Streaming
Name: pulsar
@@ -23,6 +23,7 @@ Patch0010: 0010-CVE-2022-22970.patch
Patch0011: 0011-CVE-2023-25194.patch
Patch0012: 0012-CVE-2023-2976.patch
Patch0013: 0013-fix-deadlock.patch
+Patch0014: 0014-CVE-2023-32732.patch
BuildRoot: /root/rpmbuild/BUILDROOT/
BuildRequires: java-1.8.0-openjdk-devel,maven,systemd
Requires: java-1.8.0-openjdk,systemd
@@ -48,6 +49,7 @@ Pulsar is a distributed pub-sub messaging platform with a very flexible messagin
%patch0011 -p1
%patch0012 -p1
%patch0013 -p1
+%patch0014 -p1
%build
mvn clean install -Pcore-modules,-main -DskipTests
@@ -73,6 +75,8 @@ getent passwd pulsar >/dev/null || useradd -r -g pulsar -d / -s /sbin/nologin pu
exit 0
%changelog
+* Thu Dec 7 2023 Dapeng Sun - 2.10.4-14
+- resolve cve-2023-32732
* Thu Dec 7 2023 Dapeng Sun - 2.10.4-13
- resolve fix deadlock
* Thu Dec 7 2023 Dapeng Sun - 2.10.4-12