diff --git a/gcc7.patch b/gcc7.patch
new file mode 100644
index 0000000..72dabca
--- /dev/null
+++ b/gcc7.patch
@@ -0,0 +1,64 @@
+When compiling with GCC 7.5, non-trivial initializers are unsupported.
+
+[    9s] shrpx_http_test.cc: In function 'void shrpx::test_shrpx_http_create_altsvc_header_value()':
+[    9s] shrpx_http_test.cc:152:9: sorry, unimplemented: non-trivial designated initializers not supported
+[    9s]          },
+[    9s]          ^
+[    9s] shrpx_http_test.cc:152:9: sorry, unimplemented: non-trivial designated initializers not supported
+[    9s] shrpx_http_test.cc:153:5: error: no matching function for call to 'std::vector<shrpx::AltSvc>::vector(<brace-enclosed initializer list>)'
+[    9s]      };
+[    9s]      ^
+
+Index: nghttp2-1.60.0/src/shrpx_http_test.cc
+===================================================================
+--- nghttp2-1.60.0.orig/src/shrpx_http_test.cc
++++ nghttp2-1.60.0/src/shrpx_http_test.cc
+@@ -143,14 +143,12 @@ void test_shrpx_http_create_affinity_coo
+ void test_shrpx_http_create_altsvc_header_value(void) {
+   {
+     BlockAllocator balloc(1024, 1024);
+-    std::vector<AltSvc> altsvcs{
+-        AltSvc{
+-            .protocol_id = StringRef::from_lit("h3"),
+-            .host = StringRef::from_lit("127.0.0.1"),
+-            .service = StringRef::from_lit("443"),
+-            .params = StringRef::from_lit("ma=3600"),
+-        },
+-    };
++    AltSvc s;
++    s.protocol_id = StringRef::from_lit("h3");
++    s.host = StringRef::from_lit("127.0.0.1");
++    s.service = StringRef::from_lit("443");
++    s.params = StringRef::from_lit("ma=3600");
++    std::vector<AltSvc> altsvcs = {s};
+ 
+     assert_stdstring_equal(
+         R"(h3="127.0.0.1:443"; ma=3600)",
+@@ -159,19 +157,15 @@ void test_shrpx_http_create_altsvc_heade
+ 
+   {
+     BlockAllocator balloc(1024, 1024);
+-    std::vector<AltSvc> altsvcs{
+-        AltSvc{
+-            .protocol_id = StringRef::from_lit("h3"),
+-            .service = StringRef::from_lit("443"),
+-            .params = StringRef::from_lit("ma=3600"),
+-        },
+-        AltSvc{
+-            .protocol_id = StringRef::from_lit("h3%"),
+-            .host = StringRef::from_lit("\"foo\""),
+-            .service = StringRef::from_lit("4433"),
+-        },
+-    };
++    AltSvc s1, s2;
++    s1.protocol_id = StringRef::from_lit("h3");
++    s1.service = StringRef::from_lit("443");
++    s1.params = StringRef::from_lit("ma=3600");
++    s2.protocol_id = StringRef::from_lit("h3%");
++    s2.host = StringRef::from_lit("\"foo\"");
++    s2.service = StringRef::from_lit("4433");
+ 
++    std::vector<AltSvc> altsvcs = {s1, s2};
+     assert_stdstring_equal(
+         R"(h3=":443"; ma=3600, h3%25="\"foo\":4433")",
+         http::create_altsvc_header_value(balloc, altsvcs).str());
diff --git a/nghttp2-1.60.0.tar.xz b/nghttp2-1.60.0.tar.xz
deleted file mode 100644
index 4796597..0000000
--- a/nghttp2-1.60.0.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:625d6c3da1d9ca4fd643a638256431ae68fd1901653b2a61a245eea7b261bf4e
-size 1587004
diff --git a/nghttp2-1.60.0.tar.xz.asc b/nghttp2-1.60.0.tar.xz.asc
deleted file mode 100644
index 72cd9c7..0000000
--- a/nghttp2-1.60.0.tar.xz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEUWtiKRjRXEeKseo6UzmivoLgfewFAmXhkVQACgkQUzmivoLg
-feyFOw//dJLjXBV/aSBczFFe4HrBgQOhRlN+7ub5CnyP/Vl2B9QC8uPuwOfLbg6C
-L7vld8NaXM5nCWWFjphOR7KCSsNTjVxSApplLBVCP9o8Kka7APtBrqRsoxzoni2D
-XnvIo7gaOKFRAM/FzwL9NSEgCCkQo631DegjSN1PPZJdjRtaBQyYNrLRSyVyNv5q
-9q4oBxvJpRMogF+ALiWTHNcVE/UHNE2SoimkJOAxxFDpuk4q+j7Ru90QER9aZJDz
-u/6GPt34tVy5VDslAHWbzTHemsu1ya0c9cpCNrAy06WcmhWT1dNIXdEHCZXfEViC
-mVnCYCw39s3xAjSQWDkSNiVkg5Z/1E3mw+md+0teHRJuYVnwNXjdZ+mZpfW6l4nq
-Qi/Z6jvBccavzAA9H6PazQ7uDvp5wjpk2Ns8bHw0uIk2dVBB8a4mezTG73lU+Q2k
-8ovcflNk/aGbeK+AgkNvUHl44r6SIc1HSirpOR3xgh/qBjDB88PENFEg+rW/NdeO
-nhjzEjvVv66TJv50sdO3GjOtN6bnWnsOHPigSRcXZx21HQWKyImts4TBkEJqfKMf
-zYH6SAAAvIKkdvw8J4egUphKKzB+ByHxPw9na4XnTaefcGQ1PcVG6xGy0Y35uHmW
-bWmKFTylo6V7AdKIoDwDrB/InL30JQ5/T/szn6Nx06odpd/S7H4=
-=zRmy
------END PGP SIGNATURE-----
diff --git a/nghttp2-1.61.0.tar.xz b/nghttp2-1.61.0.tar.xz
new file mode 100644
index 0000000..b7b5edd
--- /dev/null
+++ b/nghttp2-1.61.0.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c0e660175b9dc429f11d25b9507a834fb752eea9135ab420bb7cb7e9dbcc9654
+size 1645808
diff --git a/nghttp2-1.61.0.tar.xz.asc b/nghttp2-1.61.0.tar.xz.asc
new file mode 100644
index 0000000..f8d8632
--- /dev/null
+++ b/nghttp2-1.61.0.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEUWtiKRjRXEeKseo6UzmivoLgfewFAmYOaCgACgkQUzmivoLg
+fewugg//dql7ZuvPpru1qc+A5E2da/spcMnnlcKaWgaXECJCLXysoSi3IhfNOGxr
+6krf8PGagxw5+sUkr2HwLjJm+K5mbrvaDZajrwGpVFPcpg//eD4vcmFRWmEalhwJ
+4kwNMn5gTdMkcWrzpz6nvSBfgB8912rBlUDEuGysGfxWYYLX6PBFqNK6Sn7QYDMw
+8cmpkR8q6AcLXYOT6xtD0O2UYADDFvFtQ9TPBO2mGV/pM202QsC5NT1bvagnDB7u
+OiChGvoUtbjqp9gUXx61V70vOb7v/SbwivjJlkHYj1S8/AhKNcvYhiiEcRUq2vKt
+kQy++35h2r4foybBd89GbEjemJQO/Df6NhFoVoeMy6aeDZ4nTRf8ssM+z9ysNdkA
+JJRRVArzQlKmgzRXRnTP2KyOnUckd4bLN709aJ8ft3Ia/ATJFlHpr8fPsLrqLjSH
+oR14To1YpnVu/f42OOVgifY5xrfxMJYVCnxb5ePWoZrMU77iJi9uGsWGYN6nwoQj
+DxyGJYeTyzC1CKMt/aUcQkxSmhJE9jGXYX9hWu5jVdwNdjFimfkDQQQ1uDEKKOoX
+bl81MoN6k3hoyrmL4lONCFF86y/fQzi4Pnjkec6xxjxNMlNnfw8vzzoBVqf1p0g8
+MEONgarmm/7lr1GXK0VenWZv9ouO4UVd4w1t/vzr7XwvMSNkERw=
+=OlZ3
+-----END PGP SIGNATURE-----
diff --git a/nghttp2.changes b/nghttp2.changes
index 2f6e4db..144270f 100644
--- a/nghttp2.changes
+++ b/nghttp2.changes
@@ -1,3 +1,50 @@
+-------------------------------------------------------------------
+Thu Apr  4 09:47:27 UTC 2024 - pgajdos@suse.com
+
+- version update to 1.61.0
+  * Fixes CVE-2024-28182 [bsc#1221399]
+  * nghttpx: Shutdown h3 stream read with trailer as well by @tatsuhiro-t in #2087
+  * Checkout with submodules by @jonaski in #2093
+  * Respect BUILD_STATIC_LIBS and add option for tests by @jonaski in #2092
+  * build(deps): bump golang.org/x/net from 0.21.0 to 0.22.0 by @dependabot in #2097
+  * Workaround llvm issue on github ubuntu runner by @tatsuhiro-t in #2098
+  * docker: Use copy --link by @tatsuhiro-t in #2099
+  * Nghttpx header idle timeout by @tatsuhiro-t in #2100
+  * nghttpx: Fix frontend-header-timeout does not work in config file by @tatsuhiro-t in #2101
+  * Rewrite hexdump by @tatsuhiro-t in #2102
+  * Switch to distroless/base-nossl by @tatsuhiro-t in #2103
+  * Bump ngtcp2 by @tatsuhiro-t in #2105
+  * nghttpx: Simplify quic connection close handling by @tatsuhiro-t in #2106
+  * build(deps): bump github.com/quic-go/quic-go from 0.41.0 to 0.42.0 by @dependabot in #2107
+  * autotools: Use tar-ustar automake option by @tatsuhiro-t in #2108
+  * Automate release process by @tatsuhiro-t in #2109
+  * autotools: Switch to tar-pax by @tatsuhiro-t in #2110
+  * nghttpx: Drop a UDP datagram from well-known port by @tatsuhiro-t in #2111
+  * nghttpx: Fix port byte order by @tatsuhiro-t in #2112
+  * h2load: Allow host header to be overridden by @tatsuhiro-t in #2113
+  * nghttpx: Rework QUIC stateless reset packet size by @tatsuhiro-t in #2114
+  * nghttpx: More QUIC prohibited ports by @tatsuhiro-t in #2115
+  * Add actions/stale by @tatsuhiro-t in #2116
+  * nghttpx: Discard UDP datagram that is too short to be a valid QUIC packet by @tatsuhiro-t in #2117
+  * nghttp: Support SSLKEYLOGFILE by @tatsuhiro-t in #2119
+  * No rfc7540 priority fix by @tatsuhiro-t in #2120
+  * Further reduce Stateless reset emission by @tatsuhiro-t in #2122
+  * nghttpx: Rework Connection ID construction by @tatsuhiro-t in #2124
+  * Nghttpx faster worker lookup by @tatsuhiro-t in #2125
+  * nghttpx: Split thread into worker_process and thread by @tatsuhiro-t in #2126
+  * bpf: Drop bad QUIC packet by @tatsuhiro-t in #2127
+  * cmake: check SSL_provide_quic_data when ENABLE_HTTP3 is ON by @jimmy-park in #2128
+  * nghttpx: Allocate 3 bits for QUIC configuration in Connection ID by @tatsuhiro-t in #2129
+  * nghttpx: Migrate to ares_getaddrinfo by @tatsuhiro-t in #2132
+  * Bump munit by @tatsuhiro-t in #2131
+  * nghttpx: Fix error message by @tatsuhiro-t in #2133
+  * nghttpd: Fix read stall by @tatsuhiro-t in #2134
+
+-------------------------------------------------------------------
+Wed Apr  3 10:31:13 UTC 2024 - Adam Majer <adam.majer@suse.de>
+
+- gcc7.patch: Fix compilation for SLE-15 (jsc#PED-8206)
+
 -------------------------------------------------------------------
 Mon Mar 18 12:59:00 UTC 2024 - Martin Pluskal <mpluskal@suse.com>
 
diff --git a/nghttp2.spec b/nghttp2.spec
index 713ddae..b3efbc9 100644
--- a/nghttp2.spec
+++ b/nghttp2.spec
@@ -20,7 +20,7 @@
 %global sover   14
 %global flavor @BUILD_FLAVOR@%{nil}
 Name:           nghttp2
-Version:        1.60.0
+Version:        1.61.0
 Release:        0
 Summary:        Implementation of Hypertext Transfer Protocol version 2 in C
 License:        MIT
@@ -30,6 +30,7 @@ Source0:        https://github.com/nghttp2/nghttp2/releases/download/v%{version}
 Source1:        https://github.com/nghttp2/nghttp2/releases/download/v%{version}/nghttp2-%{version}.tar.xz.asc
 Source2:        nghttp2.keyring
 Source3:        baselibs.conf
+Patch1:         gcc7.patch
 BuildRequires:  gcc-c++
 BuildRequires:  libboost_system-devel
 BuildRequires:  libboost_thread-devel
@@ -92,7 +93,7 @@ Documentation for nghttp2, which includes a shared C library,
 HTTP/2 client, server and proxy.
 
 %prep
-%setup -q -n nghttp2-%{version}
+%autosetup -p1 -n nghttp2-%{version}
 
 %build
 %configure \