diff --git a/0005-cve-2023-34455.patch b/0005-cve-2023-34455.patch
new file mode 100644
index 0000000000000000000000000000000000000000..9863ed1c9cbe0b6881a1dd669781a7cef3c30885
--- /dev/null
+++ b/0005-cve-2023-34455.patch
@@ -0,0 +1,39 @@
+diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt
+index 1ce81c7344..ad93b3abef 100644
+--- a/distribution/server/src/assemble/LICENSE.bin.txt
++++ b/distribution/server/src/assemble/LICENSE.bin.txt
+@@ -526,7 +526,7 @@ The Apache Software License, Version 2.0
+ - org.apache.zookeeper-zookeeper-jute-3.6.3.jar
+ - org.apache.zookeeper-zookeeper-prometheus-metrics-3.6.3.jar
+ * Snappy Java
+- - org.xerial.snappy-snappy-java-1.1.7.jar
++ - org.xerial.snappy-snappy-java-1.1.10.1.jar
+ * Google HTTP Client
+ - com.google.http-client-google-http-client-jackson2-1.41.0.jar
+ - com.google.http-client-google-http-client-gson-1.41.0.jar
+diff --git a/pom.xml b/pom.xml
+index 69adebd4df..6ac97ee8e6 100644
+--- a/pom.xml
++++ b/pom.xml
+@@ -107,7 +107,7 @@ flexible messaging model and an intuitive client API.
+ 4.14.7
+ 3.6.3
+ 1.5.0
+- 1.1.7
++ 1.1.10.1
+ 3.2.5
+ 5.1.0
+ 4.1.87.Final
+diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE
+index 4087b9e83e..434d65f990 100644
+--- a/pulsar-sql/presto-distribution/LICENSE
++++ b/pulsar-sql/presto-distribution/LICENSE
+@@ -457,7 +457,7 @@ The Apache Software License, Version 2.0
+ * GSON
+ - gson-2.8.9.jar
+ * Snappy
+- - snappy-java-1.1.7.jar
++ - snappy-java-1.1.10.1.jar
+ * Jackson
+ - jackson-module-parameter-names-2.13.4.jar
+ * Java Assist
diff --git a/pulsar.spec b/pulsar.spec
index 5c77a6af518c019f5f8e789285a1adc9941a2d67..3dd940acffb3b32e1208e149ccabef64fa7c941e 100644
--- a/pulsar.spec
+++ b/pulsar.spec
@@ -1,6 +1,6 @@
%define debug_package %{nil}
%define pulsar_ver 2.10.4
-%define pkg_ver 4
+%define pkg_ver 5
%define _prefix /opt/pulsar
Summary: Cloud-Native, Distributed Messaging and Streaming
Name: pulsar
@@ -14,6 +14,7 @@ Patch0001: 0001-use-huawei-repository.patch
Patch0002: 0002-resolve-cve-2023-32697.patch
Patch0003: 0003-CVE-2023-2976.patch
Patch0004: 0004-netty-to-4.1.89.patch
+Patch0005: 0005-cve-2023-34455.patch
BuildRoot: /root/rpmbuild/BUILDROOT/
BuildRequires: java-1.8.0-openjdk-devel,maven,systemd
Requires: java-1.8.0-openjdk,systemd
@@ -30,6 +31,7 @@ Pulsar is a distributed pub-sub messaging platform with a very flexible messagin
%patch0002 -p1
%patch0003 -p1
%patch0004 -p1
+%patch0005 -p1
%build
mvn clean install -Pcore-modules,-main -DskipTests
@@ -55,6 +57,8 @@ getent passwd pulsar >/dev/null || useradd -r -g pulsar -d / -s /sbin/nologin pu
exit 0
%changelog
+* Fri Dec 1 2023 Dapeng Sun - 2.10.4-5
+- resolve CVE-2023-34455
* Fri Dec 1 2023 Dapeng Sun - 2.10.4-4
- upgrade netty to 4.1.89
* Mon Nov 27 2023 Dapeng Sun - 2.10.4-3