diff --git a/apparmor-usr.bin.forgejo b/apparmor-usr.bin.forgejo
index 2799f30..9b3e1a5 100644
--- a/apparmor-usr.bin.forgejo
+++ b/apparmor-usr.bin.forgejo
@@ -73,9 +73,9 @@ profile forgejo /usr/bin/forgejo flags=(attach_disconnected) {
   # Ugly!
   /usr/share/forgejo/.gitconfig rw,
   /usr/share/forgejo/.gitconfig.lock rw,
-  /usr/share/forgejo/.ssh/ rw,
-  /usr/share/forgejo/.ssh/* rw,
-  /usr/share/forgejo/.local/** rw,
+  /var/lib/forgejo/.ssh/ rw,
+  /var/lib/forgejo/.ssh/* rw,
+  /var/lib/forgejo/.local/** rw,
 
   # for writing access log file
   /var/log/forgejo/ rw,
diff --git a/forgejo-src-1.21.10-0.tar.gz b/forgejo-src-1.21.10-0.tar.gz
deleted file mode 100644
index da7a6a2..0000000
--- a/forgejo-src-1.21.10-0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0cc21835404e40355cf7125b479efebb1fecf2cc17d018d4d54521d75943caf5
-size 58820868
diff --git a/forgejo-src-1.21.10-0.tar.gz.asc b/forgejo-src-1.21.10-0.tar.gz.asc
deleted file mode 100644
index 4f17a1b..0000000
--- a/forgejo-src-1.21.10-0.tar.gz.asc
+++ /dev/null
@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iHUEABYIAB0WIQTrEU9ebA3CvN0YNVCkthotxZI3EAUCZg74swAKCRCkthotxZI3
-EBzXAQCmG82PVpACkS5CtOpszxURBNf5TeAeDfzJQWrT9484OQD/Xhuk00rUL+LY
-hsj8u8sFppW1AgEtM1SufLQsUeZIaAI=
-=+By3
------END PGP SIGNATURE-----
diff --git a/forgejo-src-1.21.11-1.tar.gz b/forgejo-src-1.21.11-1.tar.gz
new file mode 100644
index 0000000..73ca260
--- /dev/null
+++ b/forgejo-src-1.21.11-1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d23f948e72ed70e00ad6e765846312b151dcfe2b2fd2e81f4336a8677f3ca2da
+size 58893566
diff --git a/forgejo-src-1.21.11-1.tar.gz.asc b/forgejo-src-1.21.11-1.tar.gz.asc
new file mode 100644
index 0000000..ab38485
--- /dev/null
+++ b/forgejo-src-1.21.11-1.tar.gz.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+
+iHUEABYIAB0WIQTrEU9ebA3CvN0YNVCkthotxZI3EAUCZiJhbwAKCRCkthotxZI3
+ENVQAP0VWzKeGnmwUQ2HoBpWORiN8n5OW3N1t08KnfuzUuvyZwEAs5dVjZzrz9HQ
+54/FA+yGDxunNBVvZLzGoRg5Y37/Ggo=
+=xA2A
+-----END PGP SIGNATURE-----
diff --git a/forgejo.changes b/forgejo.changes
index ce751c7..f0db7ed 100644
--- a/forgejo.changes
+++ b/forgejo.changes
@@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Sat Apr 20 12:39:56 UTC 2024 - Richard Rahl <rrahl0@disroot.org>
+
+- update to 1.21.11-1:
+  * error 500 on tag creation when a workflow exists
+
+- update to 1.21.11-0:
+  * Fixed a privilege escalation through git push options that
+    allows any user to change the visibility of any repository they can see,
+    regardless of their level of access.
+  * Fixed a bug that allows user-supplied, non-sandboxed JavaScript to be run
+    from the same domain as the forge, via
+    /{owner}/{repo}/render/branch/{branch}/{filename} URLs.
+  * Close file in upload function
+  * Prevent registering runners for deleted repositories.
+    Prevents 500 Internal Server Error in admin interface.
+  * More reliable pagination support when migrating from gitbucket
+  * Fix automerge when used with actions
+
+- fix apparmor profile
+
 -------------------------------------------------------------------
 Fri Apr  5 18:39:07 UTC 2024 - Richard Rahl <rrahl0@proton.me>
 
diff --git a/forgejo.spec b/forgejo.spec
index 693eb17..9af96e8 100644
--- a/forgejo.spec
+++ b/forgejo.spec
@@ -16,8 +16,8 @@
 #
 
 
-%define gitea_version 1.21.10
-%define forgejo_version 0
+%define gitea_version 1.21.11
+%define forgejo_version 1
 %if 0%{?suse_version} > 1600
 # TW
 %bcond_without selinux
@@ -180,10 +180,10 @@ semodule -r %{name} 2>/dev/null || :
 %{_bindir}/%{name}
 %{_bindir}/gitea
 %defattr(0660,root,forgejo,770)
-%config(noreplace) %{_sysconfdir}/%{name}/conf/app.ini
-%{_sysconfdir}/%{name}
 %{_localstatedir}/log/%{name}
 %defattr(0660,forgejo,forgejo,750)
+%config(noreplace) %{_sysconfdir}/%{name}/conf/app.ini
+%{_sysconfdir}/%{name}
 %{_datadir}/%{name}
 %{_sharedstatedir}/%{name}
 %{_sysusersdir}/%{name}.conf
diff --git a/get-sources.sh b/get-sources.sh
index 84f70d6..f761fd5 100644
--- a/get-sources.sh
+++ b/get-sources.sh
@@ -20,8 +20,8 @@ echo "++++++++++++++++++++++++++++++++++++++++++++++"
 echo "extracting package-lock.json"
 echo "++++++++++++++++++++++++++++++++++++++++++++++"
 
-tar xf forgejo-src-${VERSION}-0.tar.gz forgejo-src-${VERSION}-0/package-lock.json
-cp forgejo-src-${VERSION}-0/package-lock.json .
+tar xf forgejo-src-${VERSION}-1.tar.gz forgejo-src-${VERSION}-1/package-lock.json
+cp forgejo-src-${VERSION}-1/package-lock.json .
 
 echo "++++++++++++++++++++++++++++++++++++++++++++++"
 echo "Downloading node_modules"
@@ -33,7 +33,7 @@ echo "++++++++++++++++++++++++++++++++++++++++++++++"
 echo "Cleanup Step"
 echo "++++++++++++++++++++++++++++++++++++++++++++++"
 
-rm -r forgejo-src-${VERSION}-0
+rm -r forgejo-src-${VERSION}-1
 rm node_modules.sums
 
 echo "++++++++++++++++++++++++++++++++++++++++++++++"