diff --git a/jq.spec b/jq.spec
index 16dae8d9f4f8ba8e417c289d213bc07a4fc60a6c..09c7b828cafc47237f9ad4e5beebd764c9207dc1 100644
--- a/jq.spec
+++ b/jq.spec
@@ -1,4 +1,4 @@
-%define anolis_release 1
+%define anolis_release 2
 Name:           jq
 Version:        1.7.1
 Release:        %{anolis_release}%{?dist}
@@ -96,6 +96,11 @@ make check
 %{_libdir}/pkgconfig/libjq.pc
 
 %changelog
+* Mon Jun 25 2025 Upstream Sync - 1.7.1-%{release}
+- Sync upstream changes from commit 1193d6b4b4ee04fe34f255d36652c699dca8facd
+- Fix signed integer overflow in jvp_array_write and jvp_object_rehash (CVE-2024-23337)
+- Limit array/object size to 536870912 to prevent integer overflow
+
 * Fri Feb 21 2025 Xiaoping Liu <lxp01404969@alibaba-inc.com> - 1.7.1-1
 - update to 1.7.1 from 1.6
 - Remove patches because the changes already exist upstream