diff --git a/dist b/dist
deleted file mode 100644
index ad8eb77ba59be071474988a034571694eaa9db8e..0000000000000000000000000000000000000000
--- a/dist
+++ /dev/null
@@ -1 +0,0 @@
-an7_9
diff --git a/squid.spec b/squid.spec
index ba9b9f7840ec6846e5a6f0bd4745372c17cb35e4..aba15235815a47ff92f8f92231ba0d7c2cc37031 100644
--- a/squid.spec
+++ b/squid.spec
@@ -4,7 +4,7 @@
 
 Name:     squid
 Version:  3.5.20
-Release:  17%{?dist}.10
+Release:  17%{?dist}.11
 Summary:  The Squid proxy caching server
 Epoch:    7
 # See CREDITS for breakdown of non GPLv2+ code
@@ -230,6 +230,9 @@ sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_docdir}/squid-%{version}/squid.c
 %endif
 LDFLAGS="$RPM_LD_FLAGS -pie -Wl,-z,relro -Wl,-z,now"
 
+# https://bugzilla.redhat.com/show_bug.cgi?id=2322154 (CVE-2023-45802)
+# --disable-esi
+
 %configure \
    --disable-strict-error-checking \
    --exec_prefix=/usr \
@@ -262,7 +265,7 @@ LDFLAGS="$RPM_LD_FLAGS -pie -Wl,-z,relro -Wl,-z,now"
    --enable-ssl-crtd \
    --enable-storeio="aufs,diskd,rock,ufs" \
    --enable-wccpv2 \
-   --enable-esi \
+   --disable-esi \
    --enable-ecap \
    --with-aio \
    --with-default-user="squid" \
@@ -444,6 +447,10 @@ fi
     chgrp squid /var/cache/samba/winbindd_privileged >/dev/null 2>&1 || :
 
 %changelog
+* Tue Nov 19 2024 zhuhongbo <zhuhongbo@uniontech.com> - 7:3.5.20-17.11
+- cve: fix CVE-2024-45802
+- update to squid-3.5.20-17.el7_9.11
+
 * Tue Feb 06 2024 Stepan Broz <sbroz@redhat.com> - 7:3.5.20-17.10
 - Resolves: RHEL-16779 - squid: NULL pointer dereference in the gopher protocol
   code -- Remove support for Gopher protocol (CVE-2023-46728)