diff --git a/Scrapy-2.5.0.tar.gz b/Scrapy-2.5.0.tar.gz
deleted file mode 100644
index 9731ba6..0000000
--- a/Scrapy-2.5.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0a68ed41f7173679f160c4cef2db05288548c21e7164170552adae8b13cefaab
-size 1071824
diff --git a/Scrapy-2.5.1.tar.gz b/Scrapy-2.5.1.tar.gz
new file mode 100644
index 0000000..f3b296d
--- /dev/null
+++ b/Scrapy-2.5.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:13af6032476ab4256158220e530411290b3b934dd602bb6dacacbf6d16141f49
+size 1072669
diff --git a/python-Scrapy.changes b/python-Scrapy.changes
index 056078a..a131980 100644
--- a/python-Scrapy.changes
+++ b/python-Scrapy.changes
@@ -1,3 +1,34 @@
+-------------------------------------------------------------------
+Thu Oct  7 14:35:57 UTC 2021 - Ben Greiner <code@bnavigator.de>
+
+- Update to 2.5.1, Security bug fix
+  * boo#1191446, CVE-2021-41125
+  * If you use HttpAuthMiddleware (i.e. the http_user and
+    http_pass spider attributes) for HTTP authentication,
+    any request exposes your credentials to the request
+    target.
+  * To prevent unintended exposure of authentication
+    credentials to unintended domains, you must now
+    additionally set a new, additional spider attribute,
+    http_auth_domain, and point it to the specific domain to
+    which the authentication credentials must be sent.
+  * If the http_auth_domain spider attribute is not set, the
+    domain of the first request will be considered the HTTP
+    authentication target, and authentication credentials
+    will only be sent in requests targeting that domain.
+  * If you need to send the same HTTP authentication
+    credentials to multiple domains, you can use
+    w3lib.http.basic_auth_header instead to set the value of
+    the Authorization header of your requests.
+  * If you really want your spider to send the same HTTP
+    authentication credentials to any domain, set the
+    http_auth_domain spider attribute to None.
+  * Finally, if you are a user of scrapy-splash, know that
+    this version of Scrapy breaks compatibility with
+    scrapy-splash 0.7.2 and earlier. You will need to upgrade
+    scrapy-splash to a greater version for it to continue to
+    work.
+
 -------------------------------------------------------------------
 Wed Sep  1 04:25:44 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
 
diff --git a/python-Scrapy.spec b/python-Scrapy.spec
index 5ceb1b1..c729b65 100644
--- a/python-Scrapy.spec
+++ b/python-Scrapy.spec
@@ -21,7 +21,7 @@
 # python-uvloop does not support python3.6
 %define skip_python36 1
 Name:           python-Scrapy
-Version:        2.5.0
+Version:        2.5.1
 Release:        0
 Summary:        A high-level Python Screen Scraping framework
 License:        BSD-3-Clause