diff --git a/CVE-2020-11078.patch b/CVE-2020-11078.patch
deleted file mode 100644
index 0b8a386..0000000
--- a/CVE-2020-11078.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From a1457cc31f3206cf691d11d2bf34e98865873e9e Mon Sep 17 00:00:00 2001
-From: Sergey Shepelev <temotor@gmail.com>
-Date: Wed, 20 May 2020 14:56:12 +0300
-Subject: [PATCH] IMPORTANT security vulnerability CWE-93 CRLF injection
-
-Force %xx quote of space, CR, LF characters in uri.
-
-Special thanks to Recar https://github.com/Ciyfly for discrete notification.
-
-https://cwe.mitre.org/data/definitions/93.html
----
- python2/httplib2/__init__.py |  3 +++
- python3/httplib2/__init__.py |  3 +++
- 2 files changed, 6 insertions(+)
-
-diff --git a/python2/httplib2/__init__.py b/python2/httplib2/__init__.py
-index 97e06c1..34281b7 100644
---- a/python2/httplib2/__init__.py
-+++ b/python2/httplib2/__init__.py
-@@ -1985,6 +1985,9 @@ class Http(object):
-                 headers["user-agent"] = "Python-httplib2/%s (gzip)" % __version__
- 
-             uri = iri2uri(uri)
-+            # Prevent CWE-75 space injection to manipulate request via part of uri.
-+            # Prevent CWE-93 CRLF injection to modify headers via part of uri.
-+            uri = uri.replace(" ", "%20").replace("\r", "%0D").replace("\n", "%0A")
- 
-             (scheme, authority, request_uri, defrag_uri) = urlnorm(uri)
- 
-diff --git a/python3/httplib2/__init__.py b/python3/httplib2/__init__.py
-index 8785cc1..c0b1418 100644
---- a/python3/httplib2/__init__.py
-+++ b/python3/httplib2/__init__.py
-@@ -1790,6 +1790,9 @@ a string that contains the response entity body.
-                 headers["user-agent"] = "Python-httplib2/%s (gzip)" % __version__
- 
-             uri = iri2uri(uri)
-+            # Prevent CWE-75 space injection to manipulate request via part of uri.
-+            # Prevent CWE-93 CRLF injection to modify headers via part of uri.
-+            uri = uri.replace(" ", "%20").replace("\r", "%0D").replace("\n", "%0A")
- 
-             (scheme, authority, request_uri, defrag_uri) = urlnorm(uri)
- 
--- 
-2.23.0
-
diff --git a/httplib2-0.13.1.tar.gz b/httplib2-0.13.1.tar.gz
deleted file mode 100644
index 4d6f4de..0000000
Binary files a/httplib2-0.13.1.tar.gz and /dev/null differ
diff --git a/httplib2-0.19.0.tar.gz b/httplib2-0.19.0.tar.gz
new file mode 100644
index 0000000..0f9372e
Binary files /dev/null and b/httplib2-0.19.0.tar.gz differ
diff --git a/python-httplib2.spec b/python-httplib2.spec
index 7dfbb59..4c0e026 100644
--- a/python-httplib2.spec
+++ b/python-httplib2.spec
@@ -1,11 +1,10 @@
 Name:           python-httplib2
-Version:        0.13.1
-Release:        6
+Version:        0.19.0
+Release:        1
 Summary:        Small, fast HTTP client library for Python.
 License:        MIT
-URL:	        https://github.com/httplib2/httplib2
-Source0:        https://files.pythonhosted.org/packages/78/23/bb9606e87a66fd8c72a2b1a75b049d3859a122bc2648915be845bc44e04f/httplib2-0.13.1.tar.gz
-Patch0001:      CVE-2020-11078.patch
+URL:            https://github.com/httplib2/httplib2
+Source0:        https://files.pythonhosted.org/packages/ed/ef/f0e05d5886a9c25dea4b18be06cd7bcaddbae0168cc576f3568f9bd6a35a/httplib2-0.19.0.tar.gz
 
 %if 0%{?with_python3}
 BuildRequires:  python3-setuptools python3-devel
@@ -55,6 +54,9 @@ popd
 %endif
 
 %changelog
+* Tue Mar 2 2021 zhanghua <zhanghua40@huawei.com> - 0.19.0-1
+- update to 0.19.0 to fix CVE-2021-21240
+
 * Wed Oct 21 2020 leiju <leiju4@huawei.com> - 0.13.1-6
 - remove python2 subpackage