diff --git a/expat-2.4.6.tar.xz b/expat-2.4.6.tar.xz
deleted file mode 100644
index 95debb0..0000000
--- a/expat-2.4.6.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:de55794b7a9bc214852fdc075beaaecd854efe1361597e6268ee87946951289b
-size 452468
diff --git a/expat-2.4.6.tar.xz.asc b/expat-2.4.6.tar.xz.asc
deleted file mode 100644
index 92b7188..0000000
--- a/expat-2.4.6.tar.xz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmISdL8ACgkQliYqz/vT
-rsaPBhAAlALWvVoxvGj5Sko6xbOBVXfal/c40pbAN4yFVKYW1YBNaswB6cjQDuUI
-VBLqQwtZicNWHxPCLF0bldJFbNiiR3w6cm08e4C+YKHtEH4FRsLDxzWYF1n7nd0t
-Yez7BozXwafD2HDgx86bJOnVhSkn2fAHPKUGLErHLvpFg7aLvIOPtWPJ+9YeGeDa
-B8SrQB7YLu9EpkUmwGUCB5zZremoX8vC3+2N8RR2HLQ0dq1VPaBJrJkinGP8j/W5
-bxi/eADCIt09cD6WEinFdE6M3LBSb1K8aKdnGxpQ8A3bs+XoBy6MTXCmdtnsa07y
-whUEcWvu/npxgNAsZoW3LW2DPn0B8Ym/DW1K4GrtYVhZZGo7/mvazr2+LPo1xhUZ
-x5iT4m+4COk0QwEb8rXVMIQAvlObdk8vR7AzPmetLiRrC1Ht2RQ5NCPGLoAUC/9t
-Lw0X34MJ9xU1tSY7bWJzTa7RCaAjo36amnINsupw83PxOnFreshnIMvCULG9u99Y
-lmF3XiyARjCbzYsJTGChldtQZ1tA4A+4aKO71HM/Ajo8CGBnB3q2W/88ORclOfpe
-WJ0ubUUHp/63l6uZPg4hESdSS2ID6PY9WbrS91rNBSEr8ZOrra5VWbEif2fN+mDC
-sy61OGEXvgNmGK06ygr8o8T32DLc+dh/ST6BMTpUo7PXKcA4/qg=
-=gI+p
------END PGP SIGNATURE-----
diff --git a/expat-2.4.7.tar.xz b/expat-2.4.7.tar.xz
new file mode 100644
index 0000000..21a7923
--- /dev/null
+++ b/expat-2.4.7.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9875621085300591f1e64c18fd3da3a0eeca4a74f884b9abac2758ad1bd07a7d
+size 454136
diff --git a/expat-2.4.7.tar.xz.asc b/expat-2.4.7.tar.xz.asc
new file mode 100644
index 0000000..57ec03b
--- /dev/null
+++ b/expat-2.4.7.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmIihJEACgkQliYqz/vT
+rsZoCw/7BTlrxFlnqgdqXCnDX+Zc+EvBaauFNZ6NZt54vbKiNEIlFgD+cSbpVS3g
+dBJd/uQU38Z35BmNueAuT1C1vuhV0BKYBoz/S/BTMFnPx/fAf9YcZRiE1eMMuwUR
+mnuKTiu/4E+/sizdIAZQnUexn8p0+AfXnK7bXwLf9e7pgVRbkiaKXosC7R6c3KTN
+ZxVBMEfzNWSxYNxImWyxui31uTPydSgIIBdUKs7fvPinImrj2dh2oHX41AHmD+er
+sz4kx9oIuwli9dANIlbKrbVvlRx2bRuex5fXXgDtNtmbfnOiWL6AFsOmO/0RhQQ7
+f96LwJjfiJHIDNVh1Xs/1J8O5N6utQA+Jm+aeHmhfT4QCp0E3ERtZaHhgux09R6R
+lvWIPM3rIKrbExR/E4bPVIf2tR58xRzth8kJm2ep9185Dtw5cpbh11HSR38lqmn/
+ejQ5iQ0t5BgbuC0WewbgaIk7rvk0vUckYdrFZPL9xJwgLQ/H5mS1su7CsW1bAbn2
+RdCUBSjLFHjXmLrW6SOaZNrGoN8HUvqBLw3T7p5qT9kFplWMcBBYWCdva41/Uuzv
+obty1bXHZdO6ZG37OyECGpiQfsKYLQJPBc5ur3CJ5AQkVlugMeN4A0+LpK/Y+yU3
+PIafnxIKpus8KWRhd5guYL6qss8uaBCLj1J0+wSXwnd/GRDGq7k=
+=jzHN
+-----END PGP SIGNATURE-----
diff --git a/expat.changes b/expat.changes
index bbf4e3f..76f0500 100644
--- a/expat.changes
+++ b/expat.changes
@@ -1,3 +1,34 @@
+-------------------------------------------------------------------
+Sat Mar  5 06:34:13 UTC 2022 - David Anes <david.anes@suse.com>
+
+- udpate to 2.4.7 (bsc#1196784, CVE-2022-25236):
+  * Bug fixes:
+    - Relax fix to CVE-2022-25236 (introduced with release 2.4.5)
+      with regard to all valid URI characters (RFC 3986),
+      i.e. the following set (excluding whitespace):
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz
+      0123456789 % -._~ :/?#[]@ !$&'()*+,;=
+  * Other changes:
+    - CMake|Windows: Store Expat version in the DLL
+    - Document consequences of namespace separator choices not just
+      in doc/reference.html but also in header <expat.h>
+    - Document Expat's lack of validation of namespace URIs against
+      RFC 3986, and that the XML 1.0r4 specification doesn't
+      require Expat to validate namespace URIs, and that Expat
+      may do more in that regard in future releases.
+      If you find need for strict RFC 3986 URI validation on
+      application level today, https://uriparser.github.io/ may
+      be of interest.
+    - Fix documentation of XML_EndDoctypeDeclHandler in <expat.h>
+    - Document that a call to XML_FreeContentModel can be done at
+      a later time from outside the element declaration handler
+    - Make hardcoded namespace URIs easier to find in code
+    - Update documentation on use of XML_POOR_ENTOPY on Solaris
+    - tests: Resolve use of macros NAN and INFINITY for GNU G++
+      4.8.2 on Solaris.
+    - Version info bumped from 9:6:8 to 9:7:8;
+      see https://verbump.de/ for what these numbers do
+
 -------------------------------------------------------------------
 Sun Feb 20 19:48:53 UTC 2022 - David Anes <david.anes@suse.com>
 
diff --git a/expat.spec b/expat.spec
index 159742e..55f6eee 100644
--- a/expat.spec
+++ b/expat.spec
@@ -16,9 +16,9 @@
 #
 
 
-%global unversion 2_4_6
+%global unversion 2_4_7
 Name:           expat
-Version:        2.4.6
+Version:        2.4.7
 Release:        0
 Summary:        XML Parser Toolkit
 License:        MIT