diff --git a/CVE-2021-22904.patch b/CVE-2021-22904.patch
new file mode 100644
index 0000000000000000000000000000000000000000..bde17ee7d89a745802d9255ea1e1c2ffe0f70a3b
--- /dev/null
+++ b/CVE-2021-22904.patch
@@ -0,0 +1,30 @@
+From 9859372bf52ef4fd5df73e1bdfb40982058c9c81 Mon Sep 17 00:00:00 2001
+From: Aaron Patterson <aaron@rubyonrails.org>
+Date: Tue, 4 May 2021 15:49:21 -0700
+Subject: [PATCH] Prevent slow regex when parsing host authorization
+header
+
+The old regex could take too long when parsing an authorization header,
+and this could potentially cause a DoS vulnerability
+
+[CVE-2021-22904]
+---
+ .../lib/action_controller/metal/http_authentication.rb          | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/usr/share/gems/gems/actionpack-5.2.4.4/lib/action_controller/metal/http_authentication.rb b/usr/share/gems/gems/actionpack-5.2.4.4/lib/action_controller/metal/http_authentication.rb
+index 01676f3..d2e6674 100644
+--- a/usr/share/gems/gems/actionpack-5.2.4.4/lib/action_controller/metal/http_authentication.rb
++++ b/usr/share/gems/gems/actionpack-5.2.4.4/lib/action_controller/metal/http_authentication.rb
+@@ -406,7 +406,7 @@ module ActionController
+     module Token
+       TOKEN_KEY = "token="
+       TOKEN_REGEX = /^(Token|Bearer)\s+/
+-      AUTHN_PAIR_DELIMITERS = /(?:,|;|\t+)/
++      AUTHN_PAIR_DELIMITERS = /(?:,|;|\t)/
+       extend self
+ 
+       module ControllerMethods
+-- 
+2.23.0
+
diff --git a/rubygem-actionpack.spec b/rubygem-actionpack.spec
index e51156efff3d6edc2c816f7c0290cead48eaba1c..c6c664309630d5720dfead7ee512f3a5b4e48e19 100644
--- a/rubygem-actionpack.spec
+++ b/rubygem-actionpack.spec
@@ -4,13 +4,14 @@
 Name:                rubygem-%{gem_name}
 Epoch:               1
 Version:             5.2.4.4
-Release:             2
+Release:             3
 Summary:             Web-flow and rendering framework putting the VC in MVC (part of Rails)
 License:             MIT
 URL:                 http://rubyonrails.org
 Source0:             https://rubygems.org/gems/%{gem_name}-%{version}.gem
 Source1:             https://github.com/rails/rails/archive/v5.2.4.4.tar.gz
 Patch0:              CVE-2021-22885.patch
+Patch1:              CVE-2021-22904.patch
 BuildRequires:       ruby(release) rubygems-devel ruby >= 2.2.2
 %if ! 0%{?bootstrap}
 BuildRequires:       rubygem(activemodel) = %{version} rubygem(activerecord) = %{version}
@@ -35,6 +36,8 @@ Documentation for %{name}.
 %setup -q -c -T
 %gem_install -n %{SOURCE0}
 %patch0 -p1
+%patch1 -p1
+
 
 %build
 
@@ -65,6 +68,9 @@ popd
 %doc %{gem_instdir}/README.rdoc
 
 %changelog
+* Mon Jun 28 2021 liwu<liwu13@huawei.com> - 5.2.4.4-3
+* Fix CVE-2021-22904
+
 * Fri Jun 11 2021 wangyue<wangyue92@huawei.com> - 5.2.4.4-2
 - Fix CVE-2021-22885