diff --git a/.gitignore b/.gitignore
index 65c71cd..3220bc4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/rtslib-fb-2.1.71.tar.gz
+SOURCES/rtslib-fb-2.1.73.tar.gz
diff --git a/.python-rtslib.metadata b/.python-rtslib.metadata
index 50577fd..ab92157 100644
--- a/.python-rtslib.metadata
+++ b/.python-rtslib.metadata
@@ -1 +1 @@
-9b8cf949711c104d5bf324847c37e386a4ea8ee1 SOURCES/rtslib-fb-2.1.71.tar.gz
+e9ed6768e70e1da748972b6e350f620db53a53ec SOURCES/rtslib-fb-2.1.73.tar.gz
diff --git a/SOURCES/0001-Turn-off-unsupported-fabrics.patch b/SOURCES/0001-Turn-off-unsupported-fabrics.patch
index 45b9088..3ef3e34 100644
--- a/SOURCES/0001-Turn-off-unsupported-fabrics.patch
+++ b/SOURCES/0001-Turn-off-unsupported-fabrics.patch
@@ -1,15 +1,16 @@
 diff --git a/rtslib/fabric.py b/rtslib/fabric.py
-index b529f14..8264c37 100644
+index 02e156c..ff7387f 100644
 --- a/rtslib/fabric.py
 +++ b/rtslib/fabric.py
-@@ -465,12 +465,12 @@ fabric_modules = {
+@@ -464,13 +464,13 @@ fabric_modules = {
+     "srpt": SRPTFabricModule,
      "iscsi": ISCSIFabricModule,
      "loopback": LoopbackFabricModule,
 -    "qla2xxx": Qla2xxxFabricModule,
-+#    "qla2xxx": Qla2xxxFabricModule,
 -    "sbp": SBPFabricModule,
-+#    "sbp": SBPFabricModule,
 -    "tcm_fc": FCoEFabricModule,
++#    "qla2xxx": Qla2xxxFabricModule,
++#    "sbp": SBPFabricModule,
 +#    "tcm_fc": FCoEFabricModule,
  #    "usb_gadget": USBGadgetFabricModule, # very rare, don't show
 -    "vhost": VhostFabricModule,
diff --git a/SOURCES/0002-default_dbroot.patch b/SOURCES/0002-default_dbroot.patch
index 7d21d38..1317489 100644
--- a/SOURCES/0002-default_dbroot.patch
+++ b/SOURCES/0002-default_dbroot.patch
@@ -1,13 +1,22 @@
 diff --git a/rtslib/root.py b/rtslib/root.py
-index b83d7ee..49c4dfc 100644
+index 2c5cf43..34bc57d 100644
 --- a/rtslib/root.py
 +++ b/rtslib/root.py
-@@ -166,13 +166,13 @@ class RTSRoot(CFSNode):
+@@ -166,21 +166,21 @@ class RTSRoot(CFSNode):
              self._dbroot = self._default_dbroot
              return
          self._dbroot = fread(dbroot_path)
 -        if self._dbroot != self._preferred_dbroot:
 +        if self._dbroot != self._default_dbroot:
+             if len(FabricModule.list_registered_drivers()) != 0:
+                 # Writing to dbroot_path after drivers have been registered will make the kernel emit this error:
+                 # db_root: cannot be changed: target drivers registered
+                 from warnings import warn
+                 warn("Cannot set dbroot to {}. Target drivers have already been registered."
+-                     .format(self._preferred_dbroot))
++                     .format(self._default_dbroot))
+                 return
+ 
              try:
 -                fwrite(dbroot_path, self._preferred_dbroot+"\n")
 +                fwrite(dbroot_path, self._default_dbroot+"\n")
diff --git a/SOURCES/0003-rtslib-safely-call-shutil.copy.patch b/SOURCES/0003-rtslib-safely-call-shutil.copy.patch
new file mode 100644
index 0000000..b04cc64
--- /dev/null
+++ b/SOURCES/0003-rtslib-safely-call-shutil.copy.patch
@@ -0,0 +1,76 @@
+From 75e73778dce1cb7a2816a936240ef75adfbd6ed9 Mon Sep 17 00:00:00 2001
+From: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
+Date: Thu, 16 Jul 2020 17:21:28 +0530
+Subject: [PATCH] rtslib: safely call shutil.copy()
+
+Previously we had to replace shutil.copyfile() with shutil.copy(),
+because we want to copy the file permissions to the destination file
+along with the data.
+
+It appears that shutil.copy() is opening the destination file with
+wide access (0666) first, and then it starts copying the data and
+at the end it is copying the permissions from source file to destination.
+
+If we closely notice there appears a window between destination file
+is opened vs permissions are set on the destination file, which could
+allow a user to get the contents of the file when opening it at the
+right time.
+
+The behavior is a bit unsteady here, it is noticed that, when
+saveconfig.json file exists, then on shutil.copy(), destination file is
+opened and a mask 0600 is applied on the file, in case shutil.copy() had
+to open a new destination saveconfig.json file, then mask 0644 is applied.
+
+Thanks and Credits to 'Stefan Cornelius <scorneli@redhat.com>' for
+reporting this, here is the strace he shared from RHEL-7/python-2.7.5
+env:
+
+Case 1: When /etc/target/saveconfig.json doesn't exist:
+
+open("/etc/target/saveconfig.json.temp", O_RDONLY) = 3
+open("/etc/target/saveconfig.json", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 4
+fstat(3, {st_mode=S_IFREG|0600, st_size=71, ...}) = 0
+fstat(4, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
+[...]
+chmod("/etc/target/saveconfig.json", 0600) = 0}")")}")
+
+Case 2: When /etc/target/saveconfig.json already exist:
+
+open("/etc/target/saveconfig.json.temp", O_RDONLY) = 3
+open("/etc/target/saveconfig.json", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 4
+fstat(3, {st_mode=S_IFREG|0600, st_size=71, ...}) = 0
+fstat(4, {st_mode=S_IFREG|0600, st_size=0, ...}) = 0
+[...]
+chmod("/etc/target/saveconfig.json", 0600) = 0}")")}")
+
+Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
+---
+ rtslib/root.py | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/rtslib/root.py b/rtslib/root.py
+index 2c5cf43..4ecc03c 100644
+--- a/rtslib/root.py
++++ b/rtslib/root.py
+@@ -476,8 +476,8 @@ class RTSRoot(CFSNode):
+         # prevent the file from being created if it exists due to a race
+         try:
+             fdesc = os.open(tmp_file, os.O_WRONLY | os.O_CREAT | os.O_EXCL, mode)
+-        finally:
+-            os.umask(umask_original)
++        except OSError:
++            raise ExecutionError("Could not open %s" % tmp_file)
+ 
+         with os.fdopen(fdesc, 'w') as f:
+             f.write(json.dumps(saveconf, sort_keys=True, indent=2))
+@@ -488,6 +488,7 @@ class RTSRoot(CFSNode):
+ 
+         # copy along with permissions
+         shutil.copy(tmp_file, save_file)
++        os.umask(umask_original)
+         os.remove(tmp_file)
+ 
+     def restore_from_file(self, restore_file=None, clear_existing=True,
+-- 
+2.26.2
+
diff --git a/SPECS/python-rtslib.spec b/SPECS/python-rtslib.spec
index 210e8ba..f1b7135 100644
--- a/SPECS/python-rtslib.spec
+++ b/SPECS/python-rtslib.spec
@@ -21,13 +21,14 @@ Name:             python-rtslib
 License:          ASL 2.0
 Group:            System Environment/Libraries
 Summary:          API for Linux kernel LIO SCSI target
-Version:          2.1.71
-Release:          4%{?dist}
-URL:              https://fedorahosted.org/targetcli-fb/
-Source:           https://fedorahosted.org/released/targetcli-fb/%{oname}-%{version}.tar.gz
+Version:          2.1.73
+Release:          2%{?dist}
+URL:              https://github.com/open-iscsi/%{oname}
+Source:           %{url}/archive/v%{version}/%{oname}-%{version}.tar.gz
 Source1:          target.service
 Patch0:           0001-Turn-off-unsupported-fabrics.patch
 Patch1:           0002-default_dbroot.patch
+Patch2:           0003-rtslib-safely-call-shutil.copy.patch
 BuildArch:        noarch
 BuildRequires:    systemd-units
 Requires(post):   systemd
@@ -102,6 +103,7 @@ on system restart.
 %setup -q -n %{oname}-%{version}
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 %if %{with python3}
 rm -rf %{py3dir}
@@ -191,6 +193,15 @@ install -m 644 doc/saveconfig.json.5.gz %{buildroot}%{_mandir}/man5/
 %endif # with python2
 
 %changelog
+* Tue Jul 21 2020 Maurizio Lombardi <mlombard@redhat.com> - 2.1.73-2
+- Merge a fix to prevent a potential data leak when saving the config file
+
+* Thu Jun 25 2020 Maurizio Lombardi <mlombard@redhat.com> - 2.1.73-1
+- Update to new upstream version
+
+* Mon May 11 2020 Maurizio Lombardi <mlombard@redhat.com> - 2.1.72-1
+- Update to new upstream version
+
 * Thu Dec 12 2019 Maurizio Lombardi <mlombard@redhat.com> - 2.1.71-4
 - LIO should use /var/target for its runtime files