diff --git a/expat-2.2.7.tar.xz b/expat-2.2.7.tar.xz
deleted file mode 100644
index b7b3e04..0000000
--- a/expat-2.2.7.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:30e3f40acf9a8fdbd5c379bdcc8d1178a1d9af306de29fc8ece922bc4c57bef8
-size 424264
diff --git a/expat-2.2.7.tar.xz.asc b/expat-2.2.7.tar.xz.asc
deleted file mode 100644
index 2eee835..0000000
--- a/expat-2.2.7.tar.xz.asc
+++ /dev/null
@@ -1,6 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iF0EABECAB0WIQQ9fpWdifrP7jg3GSGwC8ZqQBoWAAUCXQpmTQAKCRCwC8ZqQBoW
-AEIpAJ9+jIcvEUpNEhXku8RShzGrE5gc3gCgml4U3lnpbC7+avvh3F17U7+vSuE=
-=Jbtz
------END PGP SIGNATURE-----
diff --git a/expat-2.2.8.tar.xz b/expat-2.2.8.tar.xz
new file mode 100644
index 0000000..0440aa1
--- /dev/null
+++ b/expat-2.2.8.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:61caa81a49d858afb2031c7b1a25c97174e7f2009aa1ec4e1ffad2316b91779b
+size 422324
diff --git a/expat-2.2.8.tar.xz.asc b/expat-2.2.8.tar.xz.asc
new file mode 100644
index 0000000..1dfbf74
--- /dev/null
+++ b/expat-2.2.8.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAl18EWEACgkQliYqz/vT
+rsbjsg/+Lu9ULWosv29viYV7Q9t5506vwMKLea029/JjeuBw/TnHdN/Nfth4BMtb
+Iq8nw88C1+wFMX3xvqHoZsswjBsT4c6qMtSno3vAljS7mDh0Npt85qbA6IZpqDAh
+Lh+lJTInwCrsWVtkDEInrqiY15zs5NMaX85NFknlANZwhXHtnqVqBedt0jNe3URM
+He4NxIHDyLYs/4vnkEafKLwOPLEJ7ylsRCMjwcdL2WFUjbf/ZRG9Rz0z7fmXEWZm
+WGCfNFnPOK2Mt0XRxEVsjAg1zkkMMEqOyY3XSz0pg5Kej8yJI0UU/FnemaPgGt6U
+mEiLJJwvSyx3gIuLfTM6Sdi6MBHXHrbNN7XR1GRlH6w9x1HSzJQfJ4xVeHheykBq
+K9IY6ZWqhjoPC0kBWuWOXnwlkOuoK3/E91G2/S1MKEHeSlDTD81sNjfdUxeXfX1L
+LXk16BUeRsbj5Ykin+Cuw3lSin9RM6vNvr5gYfgw2Oeiye5b8vQ12CNUyHytU7fO
+HseMaoT+ZTbgc7bs7LYzSJh/Ba+O+RDXB9gJ2iYwqQfTgBjgXZWuvVNLNdTwNWXJ
+x7Hd0z+MjHFY5rOljQY/FvG8YOSHoiNhD5me+O3ZwQCz4jWXxEaW3JsxnXn/GmNV
+O2zQuB74tRZbCylNC0iocdhWu2OHFDjQGTl0GoaXNQEpo+tGEsM=
+=JAwW
+-----END PGP SIGNATURE-----
diff --git a/expat.changes b/expat.changes
index 3cdf302..3cb3dad 100644
--- a/expat.changes
+++ b/expat.changes
@@ -1,3 +1,49 @@
+-------------------------------------------------------------------
+Mon Sep 16 08:21:52 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
+
+- Version update to 2.2.8
+  * Security fixes: (CVE-2019-15903, bsc#1149429)
+    - CVE-2019-15903 -- Fix heap overflow triggered by XML_GetCurrentLineNumber
+      (or XML_GetCurrentColumnNumber), and deny internal entities closing the doctype;
+  * Bug fixes:
+    - Fix cases where XML_StopParser did not have any effect
+      when called from inside of an end element handler
+    - xmlwf: Fix exit code for operation without "-d DIRECTORY";
+      previously, only "-d DIRECTORY" would give you a proper exit code:
+      Now both cases return exit code 2.
+  * Other changes:
+    - examples: Improve elements.c
+    - Autotools: Add argument --enable-xml-attr-info
+    - Autotools: Add arguments --with-getrandom --without-getrandom --with-sys-getrandom --without-sys-getrandom
+    - Autotools: Fix linking issues with "./configure LD=clang"
+    - Autotools: Fix "make run-xmltest" for out-of-source builds
+    - CMake: Pull all options from Expat <=2.2.7 into namespace
+    - CMake: Add argument -DEXPAT_ATTR_INFO=(ON|OFF), default OFF
+    - CMake: Add argument -DEXPAT_LARGE_SIZE=(ON|OFF), default OFF
+    - CMake: Add argument -DEXPAT_MIN_SIZE=(ON|OFF), default OFF
+    - CMake: Add arguments -DEXPAT_WITH_GETRANDOM=(ON|OFF|AUTO), default AUTO
+    - CMake: Add arguments -DEXPAT_WITH_SYS_GETRANDOM=(ON|OFF|AUTO), default AUTO
+    - CMake: Install expat_config.h to include directory
+    - CMake: Generate and install configuration files for future find_package(expat [..] CONFIG [..])
+    - CMake: Now produces a summary of applied configuration
+    - CMake: Require C++ compiler only when tests are enabled
+    - CMake: Fix compilation for 16bit character types, i.e. ex -DXML_UNICODE=ON (and ex -DXML_UNICODE_WCHAR_T=ON)
+    - CMake: Port "make run-xmltest" from GNU Autotools to CMake
+    - CMake: Integrate OSS-Fuzz fuzzers, option -DEXPAT_BUILD_FUZZERS=(ON|OFF), default OFF
+- Removed patches fixed in the update:
+  * expat-CVE-2019-15903.patch
+  * expat-CVE-2019-15903-tests.patch
+
+-------------------------------------------------------------------
+Wed Sep  4 17:11:38 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
+
+- Security fix (CVE-2019-15903, bsc#1149429)
+  * Crafted XML input results in heap-based buffer over-read by fooling
+    the parser into changing from DTD parsing to document parsing
+  * Added patches:
+    - expat-CVE-2019-15903.patch
+    - expat-CVE-2019-15903-tests.patch
+
 -------------------------------------------------------------------
 Tue Jul  2 10:33:51 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
 
diff --git a/expat.spec b/expat.spec
index a3cde2c..bea29e8 100644
--- a/expat.spec
+++ b/expat.spec
@@ -16,14 +16,14 @@
 #
 
 
-%global unversion 2_2_7
+%global unversion 2_2_8
 Name:           expat
-Version:        2.2.7
+Version:        2.2.8
 Release:        0
 Summary:        XML Parser Toolkit
 License:        MIT
 Group:          Development/Libraries/C and C++
-URL:            http://libexpat.github.io
+URL:            https://libexpat.github.io
 Source0:        https://github.com/libexpat/libexpat/releases/download/R_%{unversion}/expat-%{version}.tar.xz
 Source1:        %{name}faq.html
 Source2:        baselibs.conf
@@ -83,6 +83,8 @@ rm -f examples/*.dsp
 %install
 %make_install
 find %{buildroot} -type f -name "*.la" -delete -print
+# Fix permissions error: spurious-executable-perm
+chmod 0644 examples/elements.c
 
 %check
 make %{?_smp_mflags} check