diff --git a/h2-4.2.0.tar.gz b/h2-4.2.0.tar.gz
deleted file mode 100644
index 61248b4..0000000
--- a/h2-4.2.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c8a52129695e88b1a0578d8d2cc6842bbd79128ac685463b887ee278126ad01f
-size 2150682
diff --git a/h2-4.3.0.tar.gz b/h2-4.3.0.tar.gz
new file mode 100644
index 0000000..323c47d
--- /dev/null
+++ b/h2-4.3.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6c59efe4323fa18b47a632221a1888bd7fde6249819beda254aeca909f221bf1
+size 2152026
diff --git a/python-h2.changes b/python-h2.changes
index 3f8f4f1..c3592d2 100644
--- a/python-h2.changes
+++ b/python-h2.changes
@@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Tue Aug 26 11:28:51 UTC 2025 - Nico Krapp <nico.krapp@suse.com>
+
+- Update to 4.3.0 (fixes CVE-2025-57804, bsc#1248737)
+  * API Changes (Backward Incompatible)
+    - Reject header names and values containing illegal characters, based on
+      RFC 9113, section 8.2.1. The main Python API is compatible, but some
+      previously valid requests/response headers might now be blocked. Use the
+      `validate_inbound_headers` config option if needed. Thanks to Sebastiano
+      Sartor (sebsrt) for the report.
+  * API Changes (Backward Compatible)
+    - h2 events now have tighter type bounds, e.g. `stream_id` is guaranteed to
+      not be `None` for most events now. This simplifies downstream type
+      checking.
+    - Various typing-related improvements.
+  * Bugfixes
+    - Fix error value when opening a new stream on too many open streams.
+
 -------------------------------------------------------------------
 Tue Feb 11 09:03:44 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
 
diff --git a/python-h2.spec b/python-h2.spec
index f8d2d1a..8d27fe9 100644
--- a/python-h2.spec
+++ b/python-h2.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package python-h2
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,11 +16,9 @@
 #
 
 
-%{?!python_module:%define python_module() python3-%{**}}
-%define skip_python2 1
 %{?sle15_python_module_pythons}
 Name:           python-h2
-Version:        4.2.0
+Version:        4.3.0
 Release:        0
 Summary:        HTTP/2 State-Machine based protocol implementation
 License:        MIT