diff --git a/CVE-2022-4065.patch b/CVE-2022-4065.patch
new file mode 100644
index 0000000..a18e5ec
--- /dev/null
+++ b/CVE-2022-4065.patch
@@ -0,0 +1,63 @@
+From 47afa2c8a29e2cf925238af1ad7c76fba282793f Mon Sep 17 00:00:00 2001
+From: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
+Date: Mon, 3 Oct 2022 21:21:05 +0000
+Subject: [PATCH] vuln-fix: Zip Slip Vulnerability
+
+This fixes a Zip-Slip vulnerability.
+
+This change does one of two things. This change either
+
+1. Inserts a guard to protect against Zip Slip.
+OR
+2. Replaces
+`dir.getCanonicalPath().startsWith(parent.getCanonicalPath())`, which is
+vulnerable to partial path traversal attacks, with the more secure
+`dir.getCanonicalFile().toPath().startsWith(parent.getCanonicalFile().toPath())`.
+
+For number 2, consider `"/usr/outnot".startsWith("/usr/out")`.
+The check is bypassed although `/outnot` is not under the `/out`
+directory.
+It's important to understand that the terminating slash may be removed
+when using various `String` representations of the `File` object.
+For example, on Linux, `println(new File("/var"))` will print `/var`,
+but `println(new File("/var", "/")` will print `/var/`;
+however, `println(new File("/var", "/").getCanonicalPath())` will print
+`/var`.
+
+Weakness: CWE-22: Improper Limitation of a Pathname to a Restricted
+Directory ('Path Traversal')
+Severity: High
+CVSSS: 7.4
+Detection: CodeQL
+(https://codeql.github.com/codeql-query-help/java/java-zipslip/) &
+OpenRewrite
+(https://public.moderne.io/recipes/org.openrewrite.java.security.ZipSlip)
+
+Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
+Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
+
+Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/16
+
+
+Co-authored-by: Moderne <team@moderne.io>
+---
+ src/main/java/org/testng/JarFileUtils.java | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/main/java/org/testng/JarFileUtils.java b/src/main/java/org/testng/JarFileUtils.java
+index 205a8c4..77c7991 100644
+--- a/src/main/java/org/testng/JarFileUtils.java
++++ b/src/main/java/org/testng/JarFileUtils.java
+@@ -64,6 +64,9 @@ class JarFileUtils {
+                 if (Parser.canParse(jeName.toLowerCase())){ 
+                     InputStream  inputStream = jf.getInputStream(je);
+                     File copyFile = new File(file, jeName);
++		    if (!copyFile.toPath().normalize().startsWith(file.toPath().normalize())) {
++		      throw new IOException("Bad zip entry");
++		    }
+                     Files.copyFile(inputStream, copyFile);
+                     if (matchesXmlPathInJar(je)) {
+                         suitePath = copyFile.toString();
+-- 
+2.30.0
+
diff --git a/generate-tarball.sh b/generate-tarball.sh
deleted file mode 100644
index 4947a6d..0000000
--- a/generate-tarball.sh
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-set -e
-
-name=testng
-version="$(sed -n 's/Version:\s*//p' *.spec)"
-
-# RETRIEVE
-wget "https://github.com/cbeust/testng/archive/${version}.tar.gz" -O "${name}-${version}.orig.tar.gz"
-
-rm -rf tarball-tmp
-mkdir tarball-tmp
-cd tarball-tmp
-tar xf "../${name}-${version}.orig.tar.gz"
-
-# CLEAN TARBALL
-rm -r */gradle* */kobalt*
-rm */src/main/resources/org/testng/jquery-*.js
-
-tar cf "../${name}-${version}.tar.gz" *
-cd ..
-rm -r tarball-tmp "${name}-${version}.orig.tar.gz"
diff --git a/testng-6.14.3.tar.gz b/testng-6.14.3.tar.gz
index e89b329..2165c88 100644
Binary files a/testng-6.14.3.tar.gz and b/testng-6.14.3.tar.gz differ
diff --git a/testng.spec b/testng.spec
index ac60675..d7ecdfe 100644
--- a/testng.spec
+++ b/testng.spec
@@ -1,15 +1,16 @@
 #Basic Information
 Name:           testng
 Version:        6.14.3
-Release:        6
+Release:        7
 Summary:        Java-based testing framework
 License:        Apache-2.0
 URL:            http://testng.org/
-Source0:        %{name}-%{version}.tar.gz
+Source0:        https://github.com/testng-team/testng/archive/%{version}/%{name}-%{version}.tar.gz
 Source1:        pom.xml
-Source2:        generate-tarball.sh
 Patch0:         0001-Avoid-accidental-javascript-in-javadoc.patch
 Patch1:         0002-Replace-bundled-jquery-with-CDN-link.patch
+# https://github.com/cbeust/testng/commit/9150736cd2c123a6a3b60e6193630859f9f0422b
+Patch2:         CVE-2022-4065.patch
 BuildArch:      noarch
 
 #Dependency
@@ -56,6 +57,10 @@ cp %{SOURCE1} .
 find ! -path "*/test/*" -name *.jar -print -delete
 find -name *.class -delete
 
+# CLEAN TARBALL
+rm -rf */gradle* */kobalt*
+rm -rf */src/main/resources/org/testng/jquery-*.js
+
 # these are unnecessary
 %pom_remove_plugin :maven-gpg-plugin
 %pom_remove_plugin :maven-source-plugin
@@ -84,6 +89,9 @@ cp -p ./src/main/java/*.dtd.html ./src/main/resources/.
 %license LICENSE.txt
 
 %changelog
+* Mon Dec 04 2023 yaoxin <yao_xin001@hoperun.com> - 6.14.3-7
+- Fix CVE-2022-4065 and change Source0
+
 * Fri Dec 06 2019 openEuler Buildteam <buildteam@openeuler.org> - 6.14.3-6
 - Package init