diff --git a/0002-CVE-2022-41881.patch b/0002-CVE-2022-41881.patch
new file mode 100644
index 0000000..ca36e06
--- /dev/null
+++ b/0002-CVE-2022-41881.patch
@@ -0,0 +1,13 @@
+diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
+index 8dcf7af2f2..7b7974b5aa 100644
+--- a/gradle/dependencies.gradle
++++ b/gradle/dependencies.gradle
+@@ -100,7 +100,7 @@ versions += [
+   mavenArtifact: "3.8.1",
+   metrics: "2.2.0",
+   mockito: "3.6.0",
+-  netty: "4.1.73.Final",
++  netty: "4.1.86.Final",
+   owaspDepCheckPlugin: "6.0.3",
+   powermock: "2.0.9",
+   reflections: "0.9.12",
diff --git a/kafka.spec b/kafka.spec
index e91f701..c9c526c 100644
--- a/kafka.spec
+++ b/kafka.spec
@@ -4,7 +4,7 @@
 
 Name: kafka
 Version: 2.8.2
-Release: 1
+Release: 2
 Summary: A Distributed Streaming Platform.
 
 License: Apache-2.0
@@ -13,6 +13,7 @@ Source1: https://mirrors.huaweicloud.com/gradle/gradle-6.8.1-all.zip
 Source2: kafka.service
 Source3: gradle-wrapper.jar
 Patch0: 0001-adopt-huaweimaven.patch
+Patch1: 0002-CVE-2022-41881.patch
 
 BuildRequires: systemd java-1.8.0-openjdk-devel
 Provides: kafka = %{version}
@@ -64,6 +65,9 @@ cp -pr licenses/*   $RPM_BUILD_ROOT%{kafka_home}/licenses
 rm -rf %{buildroot}
 
 %changelog
+* Wed Aug 30 2023 sundapeng <sundapeng_yewu@cmss.chinamobile.com> - 2.8.2-2
+- fix CVE-2022-41881
+
 * Sat Sep 24 2022 xiexing <xiexing4@hisilicon.com> - 2.8.2-1
 - fix CVE-2022-34917