diff --git a/.gitignore b/.gitignore
index 918cc33..84741e1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
 SOURCES/pkg-varnish-cache-0ad2f22.tar.gz
-SOURCES/varnish-6.0.6.tgz
+SOURCES/varnish-6.0.8.tgz
diff --git a/.varnish.metadata b/.varnish.metadata
index aa082b2..597d7a5 100644
--- a/.varnish.metadata
+++ b/.varnish.metadata
@@ -1,2 +1,2 @@
 db2cd6c296e7f19d65c09e642b7011338d9d0e04 SOURCES/pkg-varnish-cache-0ad2f22.tar.gz
-c9cdd61f46d70b1bf8cb5eac3510aa3f4cf5c326 SOURCES/varnish-6.0.6.tgz
+7c5e50eabcd3c0ddb6c463ba4645678a2f71233a SOURCES/varnish-6.0.8.tgz
diff --git a/SOURCES/varnish-6.0.8.CVE-2022-23959.patch b/SOURCES/varnish-6.0.8.CVE-2022-23959.patch
new file mode 100644
index 0000000..27e3861
--- /dev/null
+++ b/SOURCES/varnish-6.0.8.CVE-2022-23959.patch
@@ -0,0 +1,13 @@
+diff --git a/bin/varnishd/cache/cache_req_body.c b/bin/varnishd/cache/cache_req_body.c
+index 463b75b..982bd73 100644
+--- a/bin/varnishd/cache/cache_req_body.c
++++ b/bin/varnishd/cache/cache_req_body.c
+@@ -254,6 +254,8 @@ VRB_Ignore(struct req *req)
+ 	if (req->req_body_status == REQ_BODY_WITH_LEN ||
+ 	    req->req_body_status == REQ_BODY_WITHOUT_LEN)
+ 		(void)VRB_Iterate(req, httpq_req_body_discard, NULL);
++	if (req->req_body_status == REQ_BODY_FAIL)
++		req->doclose = SC_RX_BODY;
+ 	return(0);
+ }
+ 
diff --git a/SPECS/varnish.spec b/SPECS/varnish.spec
index f2036a3..03b615a 100644
--- a/SPECS/varnish.spec
+++ b/SPECS/varnish.spec
@@ -18,8 +18,8 @@
 
 Summary: High-performance HTTP accelerator
 Name: varnish
-Version: 6.0.6
-Release: 2%{?dist}
+Version: 6.0.8
+Release: 1%{?dist}.1
 License: BSD
 Group: System Environment/Daemons
 URL: https://www.varnish-cache.org/
@@ -32,6 +32,9 @@ Patch9:  varnish-5.1.1.fix_python_version.patch
 # https://github.com/varnishcache/varnish-cache/commit/5220c394232c25bb7a807a35e7394059ecefa821#diff-2279587378a4426edde05f42e1acca5e
 Patch11: varnish-6.0.0.fix_el6_fortify_source.patch
 
+# https://bugzilla.redhat.com/show_bug.cgi?id=2045031
+Patch100: varnish-6.0.8.CVE-2022-23959.patch
+
 Obsoletes: varnish-libs
 
 %if %{with python3}
@@ -140,6 +143,8 @@ sed -i '8 i\RPM_BUILD_ROOT=%{buildroot}' find-provides
 %patch11 -p0
 %endif
 
+%patch100 -p1
+
 %build
 %if 0%{?rhel} == 6
 export CFLAGS="%{optflags} -fPIC"
@@ -371,6 +376,15 @@ fi
 
 
 %changelog
+* Tue Feb 01 2022 Luboš Uhliarik <luhliari@redhat.com> - 6.0.8-1.1
+- Resolves: #2047648 - CVE-2022-23959 varnish:6/varnish: Varnish HTTP/1 Request
+  Smuggling Vulnerability
+
+* Thu Jul 22 2021 Luboš Uhliarik <luhliari@redhat.com> - 6.0.8-1
+- new version 6.0.8
+- Resolves: #1982862 - CVE-2021-36740 varnish:6/varnish: HTTP/2 request
+  smuggling attack via a large Content-Length header for a POST request
+
 * Tue Apr 14 2020 Lubos Uhliarik <luhliari@redhat.com> - 6.0.6-2
 - new version 6.0.6
 - Resolves: #1795673 - RFE: rebase varnish:6 to latest 6.0.x LTS