diff --git a/unbound.conf b/unbound.conf
index 54c4d7b2533416aeef78a77140f16eb8081704f3..5d0063a603adb82f6b98b0b5c6d46d135020beec 100644
--- a/unbound.conf
+++ b/unbound.conf
@@ -1086,7 +1086,7 @@ remote-control:
 	# Enable remote control with unbound-control(8) here.
 	# set up the keys and certificates with unbound-control-setup.
 	# Note: required for unbound-munin package
-	control-enable: yes
+	control-enable: no
 
 	# Set to no and use an absolute path as control-interface to use
 	# a unix local named pipe for unbound-control.
@@ -1102,10 +1102,6 @@ remote-control:
 	# port number for remote control operations.
 	# control-port: 8953
 
-	# for localhost, you can disable use of TLS by setting this to "no"
-	# For local sockets this option is ignored, and TLS is not used.
-	control-use-cert: "no"
-
 	# Unbound server key file.
 	server-key-file: "/etc/unbound/unbound_server.key"
 
diff --git a/unbound.spec b/unbound.spec
index fa57e17059e618bf6ae452e899d57672e1958b9f..e717368b2e59cc0233e8017f3bfc409780eb11b8 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -2,7 +2,7 @@
 
 Name:          unbound
 Version:       1.17.1
-Release:       2
+Release:       3
 Summary:       Unbound is a validating, recursive, caching DNS resolver
 License:       BSD-3-Clause
 Url:           https://nlnetlabs.nl/projects/unbound/about/
@@ -235,6 +235,12 @@ popd
 %{_mandir}/man*
 
 %changelog
+* Tue Feb 27 2024 gaihuiying <eaglegai@163.com> - 1.17.1-3
+- Type:cves
+- CVE:CVE-2024-1488
+- SUG:NA
+- DESC:fix CVE-2024-1488
+
 * Fri Feb 23 2024 gaihuiying <eaglegai@163.com> - 1.17.1-2
 - Type:bugfix
 - CVE:NA